Effectiveness of Antivirus Programs?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Dear Group,

I have a question with may provoke a lot of comments. Please
reply with serious answers only.

Question: Using one of the common antivirus programs to locate and
eliminate malware, what is the probability that an infected OS will
be cleared?

I do know that the result will depend on a lot of variables, such as
Type of antivirus program and its update status,
Type of OS,
Type of infectiion,
Number of infectiions,
etc.

Its not necessary to list all the variables, but an estimate of how
effective
a well accepted commercial antivirus program might be would be very
much appreciated.

Thank you
GR.
 
From: "NoSpam" <[email protected]>

| Dear Group,
|
| I have a question with may provoke a lot of comments. Please
| reply with serious answers only.
|
| Question: Using one of the common antivirus programs to locate and
| eliminate malware, what is the probability that an infected OS will
| be cleared?
|
| I do know that the result will depend on a lot of variables, such as
| Type of antivirus program and its update status,
| Type of OS,
| Type of infectiion,
| Number of infectiions,
| etc.
|
| Its not necessary to list all the variables, but an estimate of how
| effective
| a well accepted commercial antivirus program might be would be very
| much appreciated.
|
| Thank you
| GR.
|


I am NOT sure how to quantify this question in light of generic request "Using one of the
common antivirus programs...".
 
Dear David,

If it helps to get a quantified answer I am referring to Antivir Guard,
running on a Win2k OS with DSL and Zone Alarm.

G.R.
 
Question: Using one of the common antivirus programs to locate and
eliminate malware, what is the probability that an infected OS will
be cleared?
Click to expand...

Less than 50% depending on how many items are part of the compromise.

AV software is reactionary, it's there to keep you from being
compromised as part of an overall solution, not the Only solution.

--
Leythos - (e-mail address removed) (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.futurehardware.in/595578-2.htm all
exposed to children (the link I've include does not directly display his
filth). You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 
Leythos said:
Less than 50% depending on how many items are part of the compromise.

AV software is reactionary, it's there to keep you from being
compromised as part of an overall solution, not the Only solution.
Click to expand...
I have a better question.Will Paris Hilton get anothe DUI after he
untimely incarceration and what will have to poor Nicole richie lol
RH710..P.S.Who really cares
 
NoSpam said:
Question: Using one of the common antivirus programs to locate
and eliminate malware, what is the probability that an infected
OS will be cleared?
Click to expand...

AV software is generally less "attractive" today vs 5 years ago
because

1) new malware is being generated faster than AV software can be
updated to detect it.

2) Many systems are today pretty much always connected to the
internet, and with web sites and dns servers being poisoned or
hijacked and turned into malware delivery platforms the time-frame is
much shorter between new malware creation and infection.

3) Today, when your AV software gives you a message saying it's
detected something, it means that it's most recent malware definition
update has finally given it the ability to detect malware that got
onto your system a few weeks ago. When that malware got onto your
system, it downloaded other stuff that made your system part of a
bot-net, and that other stuff will likely never be detected by your AV
software.

4) Once upon a time, it was good enough to quarantine a piece of
malware. Today, a typical malware infection requires surgical removal
that the AV software can't or won't do. Everybody that rates AV
software looks only at the ability to detect malware. They never look
at the ability to remove it.
 
NoSpam said:
Dear Group,

I have a question with may provoke a lot of comments. Please
reply with serious answers only.

Question: Using one of the common antivirus programs to locate and
eliminate malware, what is the probability that an infected OS will
be cleared?

I do know that the result will depend on a lot of variables, such as
Type of antivirus program and its update status,
Type of OS,
Type of infectiion,
Number of infectiions,
etc.

Its not necessary to list all the variables, but an estimate of how
effective
a well accepted commercial antivirus program might be would be very
much appreciated.
Click to expand...

the number one variable that affects the likelihood of an anti-virus
being able to deal with a particular piece of malware is the age of the
malware compared to the anti-virus... in general, av products tend to
miss around 80% (some significantly less, some more) of new malware,
while less than 20% of old malware...
 
NoSpam aka (e-mail address removed),after much thought,came up with this
jewel:
If it helps to get a quantified answer I am referring to Antivir
Guard, running on a Win2k OS with DSL and Zone Alarm.
Click to expand...

One needs prevention. I would use the above but add a router and a
anti-spyware with real-time scanning to the mix. Plus a hosts file and
turning off unnecessary services. For cleaning I use the steps and
tools outlined on my pages (see below)

max

Vegas is that way ===========================>
--
My Pages:
Virus Removal Instructions:
http://www.freespaces.com/maxwachtel/removal.html
Keeping Windows Clean:
http://www.freespaces.com/maxwachtel/keepingclean.html
Tools: http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.
Always remember - only download files from Trusted Sites.
 
Hi all,

I readily admit that I am not an expert on malware and its detection.
There are however some basic principles of common sense which
were not part of the postings by virus guy and kurt wismer and should
have been. Please correct me if I am wrong, but I do not think I am.

Antivirus software is an effective tool even if new virus definitions take
some days or weeks to be worked out and be distributed. The reason is
that malware only infects a relatively small portion of PCs during the
period
of time it takes to come up with effective antivirus software. After that
time
uninfected PCs will potentially be safe.

Let's do some numerical estimates. Say new malware appears and it takes
two weeks for recognition and countermeasure development and distribution.
If one can believe the numbers being branded about some 100 to as many
as 10 000 PCs might be infected during this time. Compared to the tens of
millions of PCs in operation, this corresponds to a infection rate of as low
as 0.001 to as high as 0.1 %. The remaining 99.999 to 99.9 % of PCs will
be potentially safe if antivirus software is being used.

A significant fraction of the infected machines may be cleaned up after the
new
detection software has been distributed and not all malware installs new
malware
during the unprotected period. It would be interesting to know the
statistics for
that eventuality. Does anybody have such numbers?

I therefore think that antivirus measures are effective and I do wonder
whether
anybody knows of more detailed studies along the lines presented here. The
various antivirus houses must have done such in-house work.

Greetings
GR.
 
NoSpam said:
Hi all,

I readily admit that I am not an expert on malware and its detection.
There are however some basic principles of common sense which
were not part of the postings by virus guy and kurt wismer and should
have been. Please correct me if I am wrong, but I do not think I am.

Antivirus software is an effective tool even if new virus definitions take
some days or weeks to be worked out and be distributed. The reason is
that malware only infects a relatively small portion of PCs during the
period
of time it takes to come up with effective antivirus software. After that
time
uninfected PCs will potentially be safe.

Let's do some numerical estimates. Say new malware appears and it takes
two weeks for recognition and countermeasure development and distribution.
If one can believe the numbers being branded about some 100 to as many
as 10 000 PCs might be infected during this time. Compared to the tens of
millions of PCs in operation, this corresponds to a infection rate of as low
as 0.001 to as high as 0.1 %. The remaining 99.999 to 99.9 % of PCs will
be potentially safe if antivirus software is being used.

A significant fraction of the infected machines may be cleaned up after the
new
detection software has been distributed and not all malware installs new
malware
during the unprotected period. It would be interesting to know the
statistics for
that eventuality. Does anybody have such numbers?

I therefore think that antivirus measures are effective and I do wonder
whether
anybody knows of more detailed studies along the lines presented here. The
various antivirus houses must have done such in-house work.

Greetings
GR.
Click to expand...
I run free AV software (Avast) and Zone Alarm. I've only once ever got a
virus and that was ages ago. I used to get lot's of spam mail but with
new isp and hotmail I don't get any. I monitor all mail with mailwasher,
more because I control multiple accounts rather than spam etc.
The ultimate protection is good backup strategy and safe computing
habits. A virus is only one of a number of events that can cause grief.
Dave Cohen
 
NoSpam said:
Dear Group,

I have a question with may provoke a lot of comments. Please
reply with serious answers only.

Question: Using one of the common antivirus programs to locate and
eliminate malware, what is the probability that an infected OS will
be cleared?

I do know that the result will depend on a lot of variables, such as
Type of antivirus program and its update status,
Type of OS,
Type of infectiion,
Number of infectiions,
etc.

Its not necessary to list all the variables, but an estimate of how
effective
a well accepted commercial antivirus program might be would be very
much appreciated.

Thank you
GR.
Click to expand...

imho for the average person, running ANY virus software that has been
updated on a regular basis is all you can do, and for most people is good
enough.

also, imho, your own personal surfing habits have more to do with your risk
than which software you run. taking simple precautions like actually
reading dialog boxes that pop up before clicking ok, or not trying to
download illegal software will go a long way.

randy
 
imho for the average person, running ANY virus software that has been
updated on a regular basis is all you can do, and for most people is good
enough.
Click to expand...

I see a lot of residential systems that have been compromised, in every
case they have had AV software on their machines, all different vendors
products.

There are two common points to be seen:

1) Old definition files- this can be ones that were not updated for
years and ones that didn't have 1 hour ago's update. These machines
appeared to have AV and appeared to be safe.

2) Exploits of software (IM, Outlook, Etc...) that are not detected and
then disable the AV software or are not seen as malware.

There is little that can be done to protect a machine with AV software
based on the above.

The real protection comes from stripping the crap before you/it can
reach it/you. I've used AV software for decades and in all of my
computing experience, since the 70's, I've never had a virus on a single
computer I own. In my case I remove all content that could be a threat
before it reaches my systems, same for our customers, and they've been
malware free for years also.

--
Leythos - (e-mail address removed) (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.futurehardware.in/595578-2.htm all
exposed to children (the link I've include does not directly display his
filth). You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 
Dear Cohen, Randy and Leythos,

I appreciate all you comments. I did use safe surfing habits and I do not
down/
load free software. Accidents do happen and the more you drive the more
likely
is an accident.

I believe one of my infections, I had several, came from following a link
sent to
me by e-mail from a trustworthy fried. I understand that looking at a
malicious
website by following a link given in an e-mail, can infect your PC.

The difficulty in identifying and therefore removing infections can be
demonstrated
by the following example which occured to me:

In the Win2000 operating system is a legitimate file called
svchost.exe. It is located in the C:\WINNT\System32 folder and must be
there.
There is also a very malicious file with the same name which was eventually
found in another directory. It was much larger and it is a keyfunction
recorder and telephone dialer. I used several antiviral programs to scan
for malware, but only one of them identified this file.I think that comes
from the use of a legitimate file name for amlware.

Thank you

GR.
 
I appreciate all you comments. I did use safe surfing habits and I do not
down/ load free software. Accidents do happen and the more you drive the
more likely is an accident.
Click to expand...

Actually, and don't take this wrong, accidents "don't happen" they are
created by many factors, but there are no accidents.

For websites with malicious content, using a firewall with filtering,
using a less susceptible browser, proper protection of your computer,
not running as a local admin, etc... All of those are BASIC precautions
and could eliminate the need for AV software on the local computer.

As an example, at most of the clients we have, the AV software on the
workstations has not found a virus or malware in more than a year, and
that might be a red-flag, but we remove all of that crap at the firewall
and before they get the email, they also don't have access to
drives/USB, so the threat entry points are almost eliminated. (Yes, we
sweep with multiple scanners to validate the AV results).

So, AV software, for most, is a little late, but it does help block the
older stuff that is well known. It's still not effective on a machine
when the owner of the machine doesn't take the time to learn as much
about it as they do about their IPod.

--
Leythos - (e-mail address removed) (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.futurehardware.in/595578-2.htm all
exposed to children (the link I've include does not directly display his
filth). You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 
I see a lot of residential systems that have been compromised, in every
case they have had AV software on their machines, all different vendors
products.

There are two common points to be seen:

1) Old definition files- this can be ones that were not updated for
years and ones that didn't have 1 hour ago's update. These machines
appeared to have AV and appeared to be safe.

2) Exploits of software (IM, Outlook, Etc...) that are not detected and
then disable the AV software or are not seen as malware.

There is little that can be done to protect a machine with AV software
based on the above.

The real protection comes from stripping the crap before you/it can
reach it/you. I've used AV software for decades and in all of my
computing experience, since the 70's, I've never had a virus on a single
computer I own. In my case I remove all content that could be a threat
before it reaches my systems, same for our customers, and they've been
malware free for years also.

--
Leythos - (e-mail address removed) (remove 999 to email me)

Learn more about PCBUTTS1 and his antics and ethic and his perversion
with Porn and Filth. Just take a look at some of the FILTH he's created
and put on his website: http://www.futurehardware.in/595578-2.htm all
exposed to children (the link I've include does not directly display his
filth). You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
Click to expand...

Good point Leythos. I also have never been compromised. I have been using
computers for 21 years.
 
Back
Top