Seriously, has anybody seen--or even heard--of a serious virus
(including rootkit or malware) problem in Windows when using
commercial antivirus protection?
Bagel, Sky, and several others have variants that can disable actual
virus checking and/or quarantine measures without letting the user
know they have been disabled. Fixing things that have been corrupted
this way can be very ugly.
I've had at least a dozen viruses over the last 10 years that have
been so difficult to remove or did such damage that I eventually had
to re-image the hard drive.
Remember, virus writers are ALWAYS one step ahead of the anti-virus
writers. Most viruses don't get the resources to be blocked unless
they've infected a significant number of computers already. Once the
culprit has been identified, it may take weeks to figure out effective
countermeasures. Once the countermeasures have been coded, it may
take another 2-3 weeks to get it distributed via the automatic update
systems, since many people don't update as often as they should.
Meanwhile, the virus writers and script kiddies are deriving new
mutations and variations, designed to avoid detection by the new
counter-measures.
One of the claims of the Linux crowd is that such problems are
legion. But talking so some of the people at alt.comp.anti-virus I
get the impression such problems are rare.
It depends on who you are talking to. As one antivirus vendor about
another's product. There are roughly 250,000 new viruses released
every year.
These are the ones that got past kasparsky
http://www.viruslist.com/en/analysis?pubid=204792067
http://www.virusbtn.com/index
Obviously, an antivirus company is coing to do the best they can to
minimize reports of successful attacks to computers protected by their
software, and maximize reports of successful attacks to computers
protected by the software of others.
These days, many companies have taken a more comprehensive stance on
security. For example, Norton 360 provides firewall, execution
protection, anti-virus, anti-spyware, and update control management to
try and keep the bad guys from coming in the front door, and to keep
trojans from letting them in the back door, and to clean up the messes
of any pets that make it inside.
Unfortunately, the biggest trojans - IE and Outlook, cannot be
disabled, and cannot be blocked.
It compares 16 commercial programs, and finds Microsoft at #2,
catching 60% of all viruses (Avanti is #1 at 70%). And we're taking
about all viruses, some of which as so obscure I'm sure you'll never
seen one in the wild...
Since you like this source, here's another good report from them.
http://www.av-comparatives.org/component/poll/17-reinstalled
How often have you reinstalled (or rollback of image) windows due an
infection in the last 12 months?
never 2258 65.8%
1 time 479 13.9%
2 times 227 6.6%
more than 4 times 194 5.6%
3 times 114 3.3%
living with known infection 86 2.5%
4 times 76 2.2%
So roughly 40 percent of all Windows users have had infections so bad
that they had to , or should have, re-imaged their hard drive at least
once a year.
As for the other 65%, they probably didn't use their computers that
much this year ;-)
Either that, or Microsoft rallied about 2000 of their staunch
supporters to select "never".
