At 05:32 PM 12/18/2008, Moose wrote:
><snip>
>The surprise for me was top rating for Norton Security. They say it was
>rewritten from the ground up for the new version and is both much better
>than before, but better than any others they tested in this round.
I saw reviews on how Nortion AV was new and improved, so I made
the mistake of buying and installing it. After numerous problems
I immediately uninstalled it, which requires more than the just the
uninstall button, you have to download a special utility to really
wipe it off the machine. I went back to Eset.
Norton AV really sticks its fingers deep into the system, which can
cause a lot of problems. (get Norton_Removal_Tool.exe)
But it is great if you are a large corp and need keylogger level
control over people's computers. But it cuts computer speed
in half if you are doing file intensive work, such as compiling
and linking 1500 code files.
I really don't feel all that safe with AV anyway. Having read the book
"Rootkits: Subverting the Windows Kernel" and having downloaded
and played with various hook sniffers, I'm convinced that there is
only so much one can really do.
See http://antirootkit.com/software/index.htm and
http://www.rootkit.com/index.php
I played with RKU, DarkSpy, Gmer, IceSword and others, trying to track
a problem when XP SP3 install fail said ntoskrnl.exe was modified.
Turns out it was an older version of some ATI graphics drivers.
The virus that is going to do the real damage is not one that
will become a spam-bot, but the one that is stealthy, uses
minimal resources, but sends your sensitive data off to someone
who then robs your bank account.
Most of the AV software is signature based, which means people
have to know it exists first, but the better viruses will stay hidden.
Monitoring the system for suspicious behavior is very difficult, unless
you don't do anything on the internet. The Rootkit book only scratches
the surface. To really do AV correctly, the AV needs to be hardware
based, not software based.
I suspect the best AV is still the user. When trust fails, any system
becomes very inefficient. And it seems that trust is becoming a rare
commodity these days. And who says that someone inside that AV
company is not also doing some subversive things? Afterall you have
given them permission to stick their fingers just as deep into your
computer. It is very easy to stealth some small amount of info in that
symantec update.
Anyway, most the virus's I deal with are vendor drivers and the
windows registry.
WayneS - paranoia strikes deep
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|