The Anti-Virus Software Myth

UnseenMenace · Aug 29, 2003

Full Article - Overclockers.com

From The Article "The Anti-Virus Software Myth Revisited" - Dribble Snort" - 8/29/03

As you may remember from my first article, I absolutely REFUSE to load any sort of anti-virus protection software.

Why?

It's bloated.
It uses too many system resources.
It is not 100% effective. Virus software is "reactionary" in nature so, by its very design, it CANNOT be 100% effective.
It costs money I could use for strippers and beer.

And now we can add, "Dumb as a stump", to the list.

How was SoBig.F born? It was a multi-part, mime-formatted message packed in with a porn pic released to the newsgroups. Some user, probably using OE as their newsreader, downloaded it, got happy fingers, and executed it.

How many of you got infected in the latest SoBig.F outbreak? I would bet not many because of some inside information I acquired (see below).

In our community, we're usually on top of things like this so we're pretty up-to-date as far as loading security patches is concerned, but I know some of you reading this were compromised.

How many of you "received" a bunch of emails infected with the SoBig.F virus? Personally, I "received" over 1200 emails at my main yahoo account in one day, and a total of about 4000 over a 4-day period. I didn't get infected, and I'm still not using anti-virus software. But I surmise that bunches of people are using virus protection software. How do I know? Because AV Tools made the problem worse, rather than helping, due, entirely, to their stupidity!

NOTE This Information Is Edited :- Reading The Full Article Is Recomended

1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?
2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this
3) Do you use the protections listed in this article ? If not what do you use to protect yourself
4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?
5) Are we the users part of the problem with out attitudes towards virus?
6) Can companys producing email software such as Microsoft do more, Should they ?
6) Is the following good advice as suggested by the article? Do you follow it

Do NOT use programs like Outlook and Outlook Express!

Do NOT open emails from people you do not know!

DO NOT OPEN ANY EXECUTABLE ATTACHMENTS (.pif .src, .exe, etc) from ANYONE!!!

7) Is Anti-Virus software overated and relied on more than common sence?
8) What is your opinion of the Article ?

UnseenMenace · Aug 29, 2003

** Quick Links **
links featured through this thread and others will be presented in a list here for quick future refrence.. feel free to PM UnseenMenace with a usefull link

a) Spam Cop... http://spamcop.net/
b) Email Security Test... http://www.gfi.com/emailsecuritytest/

XWRed1 · Aug 29, 2003

Originally posted by UnseenMenace
1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?

Sylpheed and mutt. I consider the defaults to be safe.

2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this

No. And I feel good.

3) Do you use the protections listed in this article ? If not what do you use to protect yourself

Sort of. My main protection is that I don't use Outlook.

4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?

Yes, why not? I have nothing to fear.

5) Are we the users part of the problem with out attitudes towards virus?

Maybe not us specifically, but it is DEFINATELY a user problem. The whole thing (Sobig.F) is perpetuated by a social engineering trick, not a technical exploit. You have to patch the users, not the system.

6) Can companys producing email software such as Microsoft do more, Should they ?

Not really, and not really.

6) Is the following good advice as suggested by the article? Do you follow it

Good advice for the typical user, I think.

7) Is Anti-Virus software overated and relied on more than common sence?

Most definately. No AV here, no need for it. No infections either.

JigPu · Aug 30, 2003

UnseenMenace said:
1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?
2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this
3) Do you use the protections listed in this article ? If not what do you use to protect yourself
4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?
5) Are we the users part of the problem with out attitudes towards virus?
6) Can companys producing email software such as Microsoft do more, Should they ?
6) Is the following good advice as suggested by the article? Do you follow it
7) Is Anti-Virus software overated and relied on more than common sence?
8) What is your opinion of the Article ?

1. I've never used an 'on computer' mail client, and never will. If I have to physically download an e-mail to my computer wether or not I want to read it, it's not cool. (Thus, I use webmail clients. Stuff stays on the server unless I click it)

2. Nope, never.

3. Yes. It's common sense on a roll

4. I can't stop what users attach to their e-mails, but I don't EVER open anything executable. If they urgently need to give me an executable, they can point me to the web address they got it from.

5. I don't know if we have an additude towards virii, but if we do, then we are most certanly part of the problem. People who are complacent help the problem spread.

6. Not really, no.

7. Anti-virus software is somewhat overrated. By this I mean that in my 5 years of internet access, I have caught 2 virii, with 1 of them debatable as an actual virus. If you use common sense and don't browse 'bad' sites, or haphazardly open e-mails, then your chance of infection is so low, it's not really going to happen.

However, I don't think that AV software should be abandoned altogether. Even though I believe myself to be fairly conservative about my internet activites, I still got 2 virii. Each virus was caught as it was downloaded to my computer and so even if AV is reactionary as Ed says, there's a BIG difference between reacting in time to stop something before anything happens, and reacting once per week after you've infected several others. I'd much rather stop myself from being part of the problem by stopping the 0.001% of virii that slip through my proactive efforts.

8. Good article, but Ed makes it sound like AV has no use in this world. Think about what would happen if there was no AV software and people still behaved on the net and with e-mail the way they do. Virii would be on the rampage, and nobody could do anything. At least the "stoopit" software could stop an infection and protect your computer from a virus' payload as long as you're smart enough to keep the dang definitions up to date!

JigPu

Deathknight · Aug 30, 2003

The downside to opening mail in a web browser is IMHO that its in a web browser (pretty much the least secure program on your pc if you are using IE). There are plenty of poor people out there that have activeX controls enabled on their security settings that can have all sorts of nasty stuff emailed to them if they either use a web browser or have the view as html option turned on in their email program. If you want to be as safe as safe can be then I think the better option would be to run a text only email program like pine.

Audioaficionado · Aug 31, 2003

1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?

Pegasus, yes

2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this?

Never, slept well

3) Do you use the protections listed in this article ? If not what do you use to protect yourself?

Some of them, it's mostly just uncommon common sense

4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?

Only if it's prearranged with the sender. Then I always send an email prior to the one with the attachmet stating the file type and size. I expect no less from others.

5) Are we the users part of the problem with out attitudes towards virus?

Not the savvy users, only the majority of the average willfully ignorant users.

6) Can companys producing email software such as Microsoft do more, Should they ?

They could have but they didn't, now it's too late as the barn is empty now. I don't want any of their draconian technology forced on me since I'm not causing the problems.

7) Is the following good advice as suggested by the article? Do you follow it?

* Do NOT use programs like Outlook and Outlook Express!
* Do NOT open emails from people you do not know!
* DO NOT OPEN ANY EXECUTABLE ATTACHMENTS (.pif .src, .exe, etc) from ANYONE!!!

Yes, yes, it depends on the circumstances

8) Is Anti-Virus software overated and relied on more than common sence?

Some brands are but some are useful as an additional layer of protection, yes they aren't as reliable as good safe practices.

9) What is your opinion of the Article ?

Overall it was good but I still disagree with never accepting attachments and that AVS is useless.

unreal · Aug 31, 2003

1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?
2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this
3) Do you use the protections listed in this article ? If not what do you use to protect yourself
4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?
5) Are we the users part of the problem with out attitudes towards virus?
6) Can companys producing email software such as Microsoft do more, Should they ?
6) Is the following good advice as suggested by the article? Do you follow it
7) Is Anti-Virus software overated and relied on more than common sence?
8) What is your opinion of the Article ? ?

1. pmmail2k pro, changed
2. nope
3. yes, norton 2k3 systemworks
4. nope
5. not to sure about this one..
6. not sure if they should....
7. i dont think so always,, id rather be sure when i dload new software or crack
8. for the advance user this would be true, but not always

UnseenMenace · Aug 31, 2003

Im currently using Kmail which is part of the KDE desktop, the configurations I have kept as standard, however I do believe that its settings are a little over the top as it even does not allow email with HTML tags.
I generally do not use the address book situated in the email client to ensure that I do not contribute to the distribution of virus.
I use all of the precautions listed in the article other than spam cop, I do however use a lot of email forwarding services.
I personally think that the companys producing email software should do more and can do, not in the matter of how they create or market the software but how they configure it... I believe that the default settings of all email clients should not accept executables and scripting and as such anyone who changes these settings must be aware of the implications they have.
I fail to see what use HTML tags and scripting has in a email.. if the point can not be made in text i personally do not think colours, fonts and scripting is going to make much difference...
I do think that users are part of the problem we have the attitudes in general that its not my problem if it does not effect my system... this is wrong, I myself though must admit to being guilty of this.
I do think antivirus software is by large overated.. I do not give my personal email address out on many websites and have an account specific for this purpose, I recieve minimal spam and have never had a virus.. this is in contrast to my daughter whom gets viruses on a regular basis, this suggests that a lot of the problems are related to how we behave and what services we use in general

Stedeman · Aug 31, 2003

I "ONLY" use web based email (I have my eBay mail on yahoo and only get about 3 spams a week if that) I live by the KISS rule. And the only viruses I have gotten have been handed to me via USB drives

Malpine Walis · Aug 31, 2003

UnseenMenace said:
1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?

Netscape 4.7. I don’t think it has much in the way of settings to change. Even if it does, I haven’t bothered to go looking for them.

2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this

I don’t maintain an address book so it is not likely that a virus could get out of my system, if I ever had one to get out.

3) Do you use the protections listed in this article ? If not what do you use to protect yourself

Yes, yes and I would not know as I have never received an executable attachment from anyone I would trust that much. Most of my email is from spammers and hits the trash unviewed.

4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?

See above.

5) Are we the users part of the problem with out attitudes towards virus?

Most people are part of the problem because most people just want stuff to work and they don’t take the time to understand what is going on inside their computers. In fact, the number of corporations that got hit despite having IT people who are supposed to prevent this type of stuff shows how easy it is to get complacent.

6) Can companys producing email software such as Microsoft do more, Should they ?

Can they? Yes. Should they? That depends on what we expect of them. If the more they are going to do involves amending a EULA so that our privacy continues to erode then no. If the more they are going to do is fix the problems they have created in the first place, that would be nice. Like that is ever going to happen.

6) Is the following good advice as suggested by the article? Do you follow it

Yes but not because someone ever told me to. In fact the only virus I have ever received was from a download from AOL (they claim that stuff is supposed to be scanned by the latest and greatest software – in a pigs ear it is).

7) Is Anti-Virus software overated and relied on more than common sence?

Well, I scan everything I download just on principal. However, I think the question is not is it overrated but do some people assume that it is something it is not. A fair number of people think of AV software they way they think of condoms. If they have it, they are protected. Of course this is just not the case. If you don’t update it periodically, then you are not protected the way you think you are.

Of course common sense provides a measure of protection in itself and does not need to be updated weekly. However, if common sense was so common we would not see widespread virus outbreaks every month or so.

8) What is your opinion of the Article ?

It points out the fact that it is possible to run virus free without AV software. As long as one is reasonably cautious with one’s computer that is. However, there is still a place for AV software for most people.

BaldHeadedDork · Aug 31, 2003

I'm going to jump to the last question.

8) What is your opinion of the Article ?

No personal offense to the author, but this piece left a bad taste in my mouth.

The advise is 100% correct. And for the great majority of people who will post here, it is a case of preaching to the choir. Will everyone here who didn't know not to open an executable attachment please raise your hand? Thank you.

Maybe I'm wrong, but I presume articles like this are written for people who don't already know how to protect themselves from virii. From that perspective, the tone of this article was really obnoxious. Like too many tech articles, it reads like the writer was trying to demonstrate how smart he was instead of concentrating on helping the reader understand.

And the "stippers and beer" line in the lead only belongs in a general circulation article if you are trying to amuse fourteen year-old boys.

BHD

funnyperson1 · Aug 31, 2003

1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?

I used outlook but then I started using Eudora and now I use Thunderbird (part of the mozilla project). I think that Eudora and Thunderbird are safe at default settings mostly because people don't target them as much for virii.

2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this

I don't believe so. I feel good.

3) Do you use the protections listed in this article ? If not what do you use to protect yourself

Yes, I used to use AVG and now I use Symantec Corporate Edition which was given to me by my school.

4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?

If I have prior knowledge from another medium that it will be sent to me, and my AV is running, yes. If I was not notified I don't touch it.

5) Are we the users part of the problem with out attitudes towards virus?

Yes, people are stupid. Case in point the blaster virus, it has been out for 3 weeks yet people are still getting this thing because they don't patch their computers.

6) Can companys producing email software such as Microsoft do more, Should they ?

They may be able to, but I doubt it.

6) Is the following good advice as suggested by the article? Do you follow it

I am careful about virii and as a result I am very rarely infected.

However I think that Antivirus has a purpose and at the very least you should run a free one like AVG. For example I was simply chatting on AIM and Symantec popped up a window saying the real time scanner found a virus Nebiwo. In the last 3 days, thats happened 3 times and everytime I quarantined it. If it wasn't for Symantec I would have had 4 instances of this virus on my computer without doing anything wrong.

Richard · Aug 31, 2003

I concur BHD. I had the same type of feeling.

repo man11 · Aug 31, 2003

One more vote for being turned off by the superior attitude.

I've never had a virus infect my system. I was behind on patches, so I have to credit the fact that I didn't get Lovesan to the McAfee firewall I run. During that period my computer was connected to Kazaa 24/7.

I've never noticed a significant performance hit from McAfee. And $15.00 for a year of anti virus updates won't even get me one lap dance around here.

I still use Outlook Express. I've had no compelling reason to get another mail program. I use Netscape for my spam account.

I'm not nearly as paranoid about attachments as most who have posted. But there have been a few that I have deleted out of uncertainty. And my ISP has been catching some infected mail lately.

I have never sent anyone an infected email.

No, anti virus software isn't perfect. For every measure, there is always a countermeasure.

I know that locking my car won't stop a serious thief. But I still do it anyway.

repo man11 · Sep 2, 2003

It is enough to make you wonder.

My ISP's filter has caught about 40 infected emails today. That is after catching about 7 to 8 in the last year since they instituted a virus filter.

Yes, my email address is in my profile.

Anyone else experience anything like this?

Audioaficionado · Sep 2, 2003

Half of my 100 or so daily emails are infected I suspect. They have all the subject header titles we've been warned about and most are from spoofed addys I don't know. One is supposed to be from Microsoft demanding I install the patch sent as an attachment LOL. I get several of these a day. I just selectively download what I want and delete the rest off the server.

Charter doesn't do any spam or other filtering like AOL and many others do. They give you a 24/7 broadband connection and figure that it's up to you to protect yourself.

I do and so far, so good.

I also agree that the author's attitude wasn't to my liking. But it still did have good advice none-the-less.

Angry_Games · Sep 2, 2003

ill add my comments (heh, who cares!). I'm a firm believer in Anti-Virus software, but not because of email...I'll explain a bit.

1. I've used Outlook ever since Office XP came out. I've always hated Outlook Express, and all versions of Outlook. I tried Eudora and just didn't like it. On the few occasions I have Mandrake Linux up, I use the KDE mail client (im a total Linux loser/noob lol)

Standard settings are very unsafe if you don't have an anti-virus.

2. nope, I've never been infected with a virus. Ever.

3. I follow a lot of the protections. Not opening dumb file extensions that I know are dangerous being the main one, and not allowing a preview pane and not allowing script actions to be run are some others.

4. I have to allow some extensions to come in that are dangerous. Attachments, no matter what they are, are never opened from ppl I do not know.

Ones from customers that might send me a file to help their support always get scanned with Norton's before opening (I trust me, but I don't trust anyone else) if Norton's doesn't catch it on the way in (which, btw, it has never failed me yet, but I don't fall asleep at the switch either and become complacent).

5. yep. Users are like cows the the slaughter for the most part (not us, but general users who only do email/web surfing or those in offices that trade dumb forwarded emails lol), and will hear all about how you aren't supposed to open certain things, or that you are supposed to not only have anti-virus software, but you have to keep it updated...then turn right around and open up exactly what they were told not to.

Users being 'afraid' of their PC is a huge factor. "its to complicated" to remember little easy things like DONT FRIGGIN OPEN ATTACHMENTS OR EMAIL FROM PEOPLE YOU DONT KNOW.

6. I have long thought for years that Microsoft should bear the brunt of this responsibility for making it so simple and easy to create such viruses and worms...and for not thouroughly testing their OS's for true vulnerabilities and holes and overflow buffer attacks etc. How many Linux/Unix viruses are there? hrmmm, I cannot answer, as I am not a linux guy, but I dont see Linux users scrambling for fixes over viruses. I'm sure you could write one for linux, but seems more trouble than it is worth when there's good old MS just begging to be exploited.

7. any advice that is truthful and helpful and can teach someone something is good advice.

8. I dont think AV is overrated...I do think its a crutch that gives ppl a false sense of protection. I can't count the number of times that customers have exclaimed in complete surprise that they couldn't possibly have a virus because they have Nortons or McAffee or something else. 90% of the time they do have AV, but it has never been updated (or hasn't been updated for who knows how long) and the other 10% swear up and down they do have an AV, but absolutely do NOT (and where do they think they have it or who told them they do is what I really wonder).

AV software can be a lifesaver if used properly, updated regularly, and you use a little common sense. Relying on it without question though is dangerous.

9. Article is good for ppl who are savvy enough to understand exactly what it means. For the average Joe, an AV program and a hammer to the forehead every few days to remind him to

A: update your damn AV regularly fool

and

B: dont be opening attachments especially from strangers...and if its from someone you know, dont be a fool, learn what is and isnt safe to open

and while that is happening, hopefully some IT guy will come along and disable it...but for home users...who knows =/

Travis

fiji · Sep 3, 2003

1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?
2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this
3) Do you use the protections listed in this article ? If not what do you use to protect yourself
4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?
5) Are we the users part of the problem with out attitudes towards virus?
6) Can companys producing email software such as Microsoft do more, Should they ?
6) Is the following good advice as suggested by the article? Do you follow it
7) Is Anti-Virus software overated and relied on more than common sence?
8) What is your opinion of the Article ? ?

1.) kmail, and yes-- i dont use my email much though
2.) no, its hasnt
3.) for the most part
4.) yes--
5.) deffinetley, people just put their faith in AV's-- and dont learn about prevention (sounds like im preaching in some VD class eheeh

)
6.) yea i follow most of it
7.) deffinetley, i dont use anti-viruses ever yet i never get any viruses-- just because i only download from trusted places
8.) i couldnt agree more with it, gj

nealric · Sep 16, 2003

1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?
2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this
3) Do you use the protections listed in this article ? If not what do you use to protect yourself
4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?
5) Are we the users part of the problem with out attitudes towards virus?
6) Can companys producing email software such as Microsoft do more, Should they ?
6) Is the following good advice as suggested by the article? Do you follow it

1.good old outlook express
2. Nope
3. common sense
4. only if the person who sent them told me in advace
5. Nope, ignorance is the main problem
6. sure they can, probably

I pretty much have to use AV software because of my schools LAN- its infested with several viruses.

Ploaf · Sep 21, 2003

UnseenMenace said:
1) What mail client do you use... do you consider its standard settings to be safe or have you changed them ?
2) Has your email client ever mailed a virus to someone in your address book ? - How did you feel about this
3) Do you use the protections listed in this article ? If not what do you use to protect yourself
4) Do you allow executables such as .exe, .com, .bat, .src, .pif, .js, .vbs to be sent to you via email ?
5) Are we the users part of the problem with out attitudes towards virus?
6) Can companys producing email software such as Microsoft do more, Should they ?
6) Is the following good advice as suggested by the article? Do you follow it

7) Is Anti-Virus software overated and relied on more than common sence?
8) What is your opinion of the Article ?

1) The Bat! Standard settings are quite good and filters and layout are perfect for me, much more so than outlook.
2) No. The email client has not and should not do that. It allows html viewing but it doesn't use ie to view and non-html can be off. no active x controls either.
3) Some- I do use an av product because I use ie and because I idle in irc chats and get files sent to me all the time(not warez) and I do scan these files before opening them. I open email from anybody that I feel like opening email from without fear because I don't use outlook and with text as the default for reading the email I don't worry about loading targeting images from spammers. I do accept attachments and scan them before execution. I have only been infected when doing so intentionally just to practive removal.
4) Yes
5) MS can change defaults on the email client and I believe that they have done so more recently as I ran into an attachments problem on a customer that I upgraded. The fix, which was only done to shut her up, was to return to allowing her to open certain attachments from oe. They cater to the lowest common denominator with their email programs and many of these people cannot be bothered to save attachments and inspect them before opening.
6) I think the advice in the article can protect you, but I think it inhibits the ability to fully exploit your email functionality and can make your life more difficult than it needs to be. I allow most of those things and do not get infected, simply due to the fact that I don't use oe and I pay attention to what I'm opening. That way I don't have to spend an hour to tell someone who is completely computer illiterate how to send me files via another route when all they know if email.
7) common sense goes a very long way. I really didn't use av software until about a year ago, and I'm glad I started using it. I was never infected and occasional ran online scans from sarc.com. I tried NAV and discovered that it sucks and switched to nod32 which really doesn't seem bloated and it gets the job done while allowing me to use internet exploder.
8) The article is good. If everyone followed the advice in the article we'd see fewer worldwide virus outbreaks, but then if fewer people were downloading pr0n/warez/mp3's from usenet and other filesharing mechanisms you'd see fewer worldwide virus outbreaks as well. Many of these viruses use social engineering, like the email warning to users from microsoft about the latest virus that is a virus itself and most definitely not from microsoft.

The Anti-Virus Software Myth

UnseenModerator

UnseenModerator

Senior Member

Inactive Pokémon Moderator

Member

Sparkomatic Moderator

Registered

UnseenModerator

The Half Asleep Member

Disabled

Member

Senior Member

Senior Member

Member

Member

Sparkomatic Moderator

Member

Member

Member

Senior Member

Similar threads