Not sure why you are being downvoted, as anyone who deals with computers will be well aware that anti-virus software exists mostly as security theater. It can be useful against certain types of viruses, especially those who are widespread, but it is a very dangerous thing in and of itself because it states that the user's system is "protected," causing most people to gain a false sense of security and drop their guard.
Not only that, calling this "karma" and identifying with the popular notion of "karma" which has no basis in any philosophy but irrational, illogical thinking, is quite ironic. If you do something good to someone, something good will not happen to you. That's the popular notion of "karma" and it's wrong. It's wrong from the traditional notion and it's wrong from the philosophical concept. But too many people want to live in the delusion of this pseudo-bullshit-karma world.
Yes, but it's my understanding that the Hindi concept is much deeper than that. I don't presume to be an expert on this topic (Hindi karma), however. Philosophical karma is a different thing and very simple.
What is attached to popular karma is an over-optimistic, unrealistic viewpoint of rewards based on action. The world doesn't work that way, but a lot of people, especially in the western world think it does and think this is a valid concept. It's not. It's a sequitur.
That is all that I was stating. I do not wish to attach anything more to the concept than has already been attached.
I waited to respond to stay away from the people here who hate religion, as well as get sufficiently off the front page as not to derail the general antivirus discussion.
Karma is simply that: action. Physical actions are just like how we accept Newton's Laws of motion as science (in Cartesian, non-relatavistic, non-high-gravity). It can be tested to a high degree of certainty, and therefore requires heavy proof to overcome.
However the distinction with karma is application of Newton's laws to also human behavior. That includes equal and opposite reactions to emotions, thoughts, and efforts. Those who followed Hinduism accepted this idea as Karma. Wiccans know this as the Wiccan Rede and the threefold rule. LaVeyan Satanism's "Rules of the Earth" have some sembelance of 'do no harm to innocents'. Even Jews discuss this very topic with the positive form in Leviticus 19:18, whilst not discussing the basis for it (it's usual for Abrahamic religions to give commandments).
I think every religion has developed a wording of the same principal of Karma, but with slightly different wordings due to language and culture.
Most seem to get the idea of inertia. People tend to go the direction they were already headed towards, even if it is ruin. I've seen this time and again with people. It doesn't matter if you tell them: something with as much force has to get in their way. And most people get reciprocity, or "you get what you put out". Seems awfully similar to "For Every Action, there is an equal and opposite Reaction".
What people attach to it does matter: having shared meanings for sequences of letters/sounds is how language works, and the sequence of letters "karma" has meaning in modern English which is different to its Hindi meaning.
I do not think anti-viruses are pure security theater. They will not protect against zero day attacks, however, once a specific virus hits enough people, anti-viruses will be updated, preventing large scale infection. In order to avoid this, attackers need an attack vector that would allow them to change the virus binary at will. These definitely exist, but A/V does stop a non trivial amount of infections.
There is software out there that specifically targets zero day attacks. It would be a conflict of interest for me to mention specifics, but a trivial matter for those interested to find out.
On the one hand, he must be facetious. Viruses existed long before Windows as an operating system was even conceptualized. Therefore it is ridiculous to claim that anti-virus software exists because of Windows alone.
On the other hand, it is true that anti-virus software became a lot more popular as Windows gained market-share. The reason is simple: as we all know, for a long time Microsoft did not take security very seriously. They essentially followed what seems to be Adobe's current philosophy, which is "release first, secure later." Remember that it was only relatively recently that they started to rigorously plug holes on a very short turnaround (mostly weekly if not shorter). So it is not difficult to conceive of a perspective where anti-virus software existed (and still does) mostly to overcome some of the shortcomings of the OS.
I wouldn't call if facetious because today, the only reason any AV exists is because other software failed to sanitize itself against rogue agents. Viruses aren't some mystery or magic, you have to actively engage with a server that sends one to you (be it by actively engaging with the server, or having a vulnerable point of entry and a bad firewall), and either through vulnerabilities in the applications interacting over IP stacks, or through user ignorance in explicitly running a virus manually (and with enough escalated system privilege to do damage).
It is easier to whitelist than blacklist. It is stupidly easy to embed a cipher in a binary, encrypt the actual payload, and have the execution context decode it back into its viral form. If you do that, you can tweak a knob, get an entirely different looking binary, and keep shipping out the same virus over and over.
While I understand that Windows' past does make it a convenient target for such remarks, most "viruses" now are not really viruses, but malware that either exploit holes in (mostly) third-party software, or goes after a human factor. Stricter security practices from Vista onwards (UAC, low-privileged user accounts by default, etc.) make Windows no easier target than Mac or *x, if social engineering involved. No anti-malware product will help if user is tricked into voluntary entering their credentials or credit card details.
The mass adoption (and with it, the mass misunderstanding/misconfiguration) of Windows makes it a much easier target than UNIX based platforms like OSX, GNU/Linux, FreeBSD, etc.
That along with the horrible architecture of Windows systems that just about invites malware. Vista failed miserably in both architecture and privileges and in an attempt to fix that in Windows 7, the privilege of accounts is nullified as it was in XP.
Speaking of XP, it's still the target of most malware and probably will be for some time as most Windows computers still run it (as opposed to 7/Vista/8).
"That along with the horrible architecture of Windows systems that just about invites malware. Vista failed miserably in both architecture and privileges and in an attempt to fix that in Windows 7, the privilege of accounts is nullified as it was in XP."
The fact that third-party software tops malware charts and absence of Blaster, Sobig, Nimda, etc. kind of pandemics doesn't back up your claim.
If a site gets you to download an executable, it's now 3 mouse clicks to get it to run on an average desktop setup (As opposed to 0 in the Win2K days and 1 in the early XP days).
In Unixes, it's still "open an xterm and chmod a+x executable". There's still a huge difference.
Fair enough. This is being more or less mitigated by "file reputation" system though. It's pretty effective preventing user from accidentally running a suspicious file. This, and browser that sets the flag "downloaded from internet" on executable and ZIP files.
If I had to think of anti-virus I would trust the most it would be this.
The computer would reboot in to a maintenance mode where it would boot in to a check mode. Hopefully off the network or some other source that couldn't be altered by a virus/malware.
The check mode would checksum all executable content and update its database, reporting all changed and added files. It could also check for known out of date executable files. All files would be checked against a A/V database too. If nothing fails the computer reboots back to the OS, else it is halted until repaired.
This still has two risks I can see, one is the BIOS is altered and subverted there. The other is non-executable content runs transient programs that do not survive reboot.
I think that concept would work better as sighning executables rather than stopping the world and validating against a data base. Create a private key from the user's password (which of course cannot be derived from information stored on the computer). When an unsighned binary tries runing, require the user to provide their password to sighn it.
I actually have the same question. I just switched to a MacBook a few months ago and never felt the need to install an antivirus (I've always had Avira on my old Windows 7 PC, but primarily for scanning flash drives). But actually, even in my old PC, I never really had major problems with viruses. I've always thought you can only get them by irresponsibly downloading and installing untrusted software, and websites.
This isn't because OSX is inherently more secure but because of the fact that virus/malware makers target Windows more than any other OS because it's the most widely deployed desktop OS. And yes, occasionally having AV software on a Mac will help a lot. But it's usually some fucked up program installing some stupid kext or similar non-kext kext that fucks up your OSX system.
With dynamic languages like JS and ActionScript, their approach is to fingerprint 10 different strains of the same threat. Then the 11th strain can be generated in a few seconds with new obfuscation.
So the A/V only starts working if/when eventually a native code payload reaches the target.
no, it really dosent. native code can do the exact same sort of tricks.
a pretty standard tool in detection evasions bag of tricks is to write a custom virtual machine that generates code on the fly, which makes static, signature based analysis of payloads totally useless.
the vm is eaiser to modify than the entire codebase, you have to update only one small bit of code, rather than everything. The vm is written with this in mind, and is trival to automaticly obfuscate/transform.
And yet, when I was working on an antivirus, back in 1989 (yes, that's 1989), we already had these viruses, and we were detecting them without problems - it wasn't just a static signature, granted, and back then we wrote a recognizer for each polymorphic virus (a quick first stage would have been served by a regular language back then, but we didn't use them for speed reasons; the whole program was assembly!)
On windows I have been recommending people to use Microsoft Security Essentials, which is free. I understand Microsoft cannot bundle MSE because of that being a monopoly but I really wish they could, With MSE being pre-installed as opposed to Norton and McAfee trials being pre-installed and asking for money after 3 months.
They've renamed it to Windows Defender (confusing, since this was a different product in earlier versions) but the interface is virtually identical to Security Essentials.
Cool. All the free anti-virus I was aware of has a premium version that is not free and the free version always bugs the user about upgrading. I'd rather not advise such software.
Newbie questions (I have searched the Internet a bit, did not find information to answer these):
I understand that anti-viruses (AVs) maintain signatures of viruses (which as I understand are byte patterns present in that virus not present in non-infected software code). They also look for executables modifying others.
Questions:
1. If AVs have to match byte patterns for a very large number of known viruses (millions??), would this not make scanning each executable very slow? This seems to be O[e*v] operation where e is the number of executables and v is the number of viruses. Since it does not seen as slow intuitively, what is going on?
2. I presume AVs would also track check-sums of known executables so that these can be safe guarded against new viruses for which signatures are not yet available. Is this right?
First I don't really have an idea about security software. But to your first question:
The algorithm that is used is probably a variation of the Aho-Corasick algorithm.
This is a string matching algorithm that can match k patterns in O(kn+m).
This is basically linear and doable.
Two your second question I can only point to a flaw in some virus scanner a couple years ago where it detected a false positive in an essential Windows file, removed the file and left Windows in an unbootable state. I do hope that there was some learned lesson.
Given that these A/V products are only marginally effective, does anyone have any suggestions for what might be the best bang for the buck in terms of protection a Win7 machine? My preference would be just not to run windows, but it's my mom's system, and she needs certain windows based accounting packages...
Dozens of antivirus programs exist, with varying prices and different levels of effectiveness. Comodo Antivirus offers total PC protection for free, not some stripped down version of a paid product. You can easily scan any drive or file, get in-depth reports on viral activity and detect suspicious files, with our user-friendly interface.
Comodo Antivirus has been built with intelligence: it recognizes typical viral behavior. Antivirus, upon detecting a suspicious file that could be a virus, will immediately place that file in "Antivirus Jail": the file is blocked, awaiting trial. If it's a viral invader, delete it. Comodo Antivirus also includes a mechanism for user to submit any files look suspicious to the Safe List and get immediate feedback on possibly viral files from our security experts and other PC-users. http://antivirus.comodo.com/
57 comments
[ 4.9 ms ] story [ 113 ms ] threadNo worries, downvoting, upvoting, I couldn't give a shit one way or the other. It's just a silly number.
What you or others may attach to it doesn't matter.
What is attached to popular karma is an over-optimistic, unrealistic viewpoint of rewards based on action. The world doesn't work that way, but a lot of people, especially in the western world think it does and think this is a valid concept. It's not. It's a sequitur.
That is all that I was stating. I do not wish to attach anything more to the concept than has already been attached.
Karma is simply that: action. Physical actions are just like how we accept Newton's Laws of motion as science (in Cartesian, non-relatavistic, non-high-gravity). It can be tested to a high degree of certainty, and therefore requires heavy proof to overcome.
However the distinction with karma is application of Newton's laws to also human behavior. That includes equal and opposite reactions to emotions, thoughts, and efforts. Those who followed Hinduism accepted this idea as Karma. Wiccans know this as the Wiccan Rede and the threefold rule. LaVeyan Satanism's "Rules of the Earth" have some sembelance of 'do no harm to innocents'. Even Jews discuss this very topic with the positive form in Leviticus 19:18, whilst not discussing the basis for it (it's usual for Abrahamic religions to give commandments).
I think every religion has developed a wording of the same principal of Karma, but with slightly different wordings due to language and culture.
Most seem to get the idea of inertia. People tend to go the direction they were already headed towards, even if it is ruin. I've seen this time and again with people. It doesn't matter if you tell them: something with as much force has to get in their way. And most people get reciprocity, or "you get what you put out". Seems awfully similar to "For Every Action, there is an equal and opposite Reaction".
On the other hand, it is true that anti-virus software became a lot more popular as Windows gained market-share. The reason is simple: as we all know, for a long time Microsoft did not take security very seriously. They essentially followed what seems to be Adobe's current philosophy, which is "release first, secure later." Remember that it was only relatively recently that they started to rigorously plug holes on a very short turnaround (mostly weekly if not shorter). So it is not difficult to conceive of a perspective where anti-virus software existed (and still does) mostly to overcome some of the shortcomings of the OS.
It is easier to whitelist than blacklist. It is stupidly easy to embed a cipher in a binary, encrypt the actual payload, and have the execution context decode it back into its viral form. If you do that, you can tweak a knob, get an entirely different looking binary, and keep shipping out the same virus over and over.
That along with the horrible architecture of Windows systems that just about invites malware. Vista failed miserably in both architecture and privileges and in an attempt to fix that in Windows 7, the privilege of accounts is nullified as it was in XP.
Speaking of XP, it's still the target of most malware and probably will be for some time as most Windows computers still run it (as opposed to 7/Vista/8).
The fact that third-party software tops malware charts and absence of Blaster, Sobig, Nimda, etc. kind of pandemics doesn't back up your claim.
In Unixes, it's still "open an xterm and chmod a+x executable". There's still a huge difference.
The remainder of the article provides similar enlightenment.
https://www.pcworld.com/article/2013580/researcher-finds-cri...
Aside: this reminded me of PG's article "The Suit is Back": http://www.paulgraham.com/submarine.html That, at least, is well worth a read.
So I guess Imperva might be a company to watch - at least we now know they have a good PR firm :)
The computer would reboot in to a maintenance mode where it would boot in to a check mode. Hopefully off the network or some other source that couldn't be altered by a virus/malware.
The check mode would checksum all executable content and update its database, reporting all changed and added files. It could also check for known out of date executable files. All files would be checked against a A/V database too. If nothing fails the computer reboots back to the OS, else it is halted until repaired.
This still has two risks I can see, one is the BIOS is altered and subverted there. The other is non-executable content runs transient programs that do not survive reboot.
Go back to Windows, I say!
With dynamic languages like JS and ActionScript, their approach is to fingerprint 10 different strains of the same threat. Then the 11th strain can be generated in a few seconds with new obfuscation.
So the A/V only starts working if/when eventually a native code payload reaches the target.
a pretty standard tool in detection evasions bag of tricks is to write a custom virtual machine that generates code on the fly, which makes static, signature based analysis of payloads totally useless.
They can and they have in Windows 8: http://www.lifehacker.com.au/2012/11/ask-lh-does-microsoft-s...
They've renamed it to Windows Defender (confusing, since this was a different product in earlier versions) but the interface is virtually identical to Security Essentials.
What is that better software?
Some people might have weird definitions of "better", so it might also be handy to say why that software is better.
I understand that anti-viruses (AVs) maintain signatures of viruses (which as I understand are byte patterns present in that virus not present in non-infected software code). They also look for executables modifying others.
Questions:
1. If AVs have to match byte patterns for a very large number of known viruses (millions??), would this not make scanning each executable very slow? This seems to be O[e*v] operation where e is the number of executables and v is the number of viruses. Since it does not seen as slow intuitively, what is going on?
2. I presume AVs would also track check-sums of known executables so that these can be safe guarded against new viruses for which signatures are not yet available. Is this right?
The algorithm that is used is probably a variation of the Aho-Corasick algorithm. This is a string matching algorithm that can match k patterns in O(kn+m).
This is basically linear and doable.
Two your second question I can only point to a flaw in some virus scanner a couple years ago where it detected a false positive in an essential Windows file, removed the file and left Windows in an unbootable state. I do hope that there was some learned lesson.
Comodo Antivirus has been built with intelligence: it recognizes typical viral behavior. Antivirus, upon detecting a suspicious file that could be a virus, will immediately place that file in "Antivirus Jail": the file is blocked, awaiting trial. If it's a viral invader, delete it. Comodo Antivirus also includes a mechanism for user to submit any files look suspicious to the Safe List and get immediate feedback on possibly viral files from our security experts and other PC-users. http://antivirus.comodo.com/