Skip to main content

Why do we need Anti-Virus/Anti-Malware on our PCs Anyway?

Ok, before everyone starts jumping on me for this, I'm talking about the need for our individual PCs to be processing this sort of stuff.


Recent Issues - Scanning
I've been finding myself increasingly turning McAfee's services off in order to do simple tasks without massive interference.

It's a well known and demonstrated fact that applications which use a lot of small files, like the new version of the Notes client (the Eclipse version) do not run happily with Anti-Virus.

Why? Because everytime they pick up a file to execute it, the Anti-Virus app "snatches it off them for a look". In the days of large applications, the anti-virus would simply scan a massive EXE file once and then move on. That's no longer the case.

Last Friday, I was trying to download some things from the IBM site using their "Download Director" facility. McAfee seized the Java applet and took so long to scan it that it kept timing out. In the end, the only way I could download the file was to turn off my Anti-Virus.

Recent Issues - Malware Detection
Then of course, there is malware detection. I've been becoming quite irritated with the otherwise good (and FREE) McAfee Site Advisor software because whenever I went to look at my own blogs (and any other blogs hosted by Google Blogger, it would block the site and tell me that the site was a Phishing site. If I looked the site up in Site Advisor, it would tell me that the site was clean.

I spent about a week and a half trying to get responses out of McAfee about the problem. Eventually I got a response that said;

After some investigation, we have discovered that this error was related to a bug in the SiteAdvisor program, which has now been fixed.

Anyone who sees this error should uninstall SiteAdvisor, and then reinstall it via the following link:
http://sadownload.mcafee.com/products/SA/IE/upgrade/0/saSetup64.exe

Please write back to me if this error is still occurring after these instructions have been followed.


I'm pretty annoyed about this. Who else has been getting this problem and is it "trashing" my internet reputation? I hope not.

Anyway, this again points to a problem on my PC - actually, I think it's very widespread because I've got the problem on both my home and work PCs.

Recent Issues - Anti-Spam
My anti-spam issues with Symantec were pretty bad (and I reported them on this blog a couple of years ago) but they've all disappeared since then. Since I moved the Anti-Spam off our servers and onto a hosted servivce.

Solutions
I think that there are two good solutions to this problem;

1. Border Management
2. Safety Scans

Border Management
There are about five ways in which executables or malformed data can enter your PC.

  1. Drives - Floppy, CD/DVD and USB
  2. Internet
  3. Wired Network Connections (Generally trusted)
  4. Wireless Network Connections (Not necessarily trusted)
  5. Other Means (Developed, Parallel Laplink etc) - Unlikely.

All computers should have a firewall which is secure enough to actually lock off floppy drives, network connections and other direct ports.

For the trusted connections, there should be a simple check on boot to determine if the connection is still the same. If the network is the same (as one previously authenticated), then the connection to the resource should be opened. If not, perhaps a scan might be initiated, or a key might be required to be entered by the user.

In the case of rewritable media, like CD-RW or USB Sticks, the user should be offered either an opportunity to scan the entire device once or to open a "realtime scan/protected" connection.

In this way, the onboard firewall could protect the PC without having to constantly scan files as they are opened. The impact on the PC's performance would be minimal.

All other scanning services, such as scanning of network file shares, scanning of internet connections etc, should be done by dedicated hardware to remove the need for individual PCs to do the work.

Safety Scans
These can be done after hours. all PCs and File Servers probably should have some sort of anti-virus and anti-malware task running on them by default after hours.

The Waiting Game
Well. It all sounds good in theory... now I just have to sit back and wait until someone develops the technology. IMHO, it's a good market opportunity for the right company.

Comments

Philip Storry said…
Welcome to the wonderful world of crap scanning engines.

Symantec and McAfee, COME ON DOWN! You're our WINNERS!

In my experience, their scanning engines are slow, bloated, and just plain ineffective sometimes.

The sad thing about this is that good scanning engines have been around for years. There are a number of tricks that can speed up scanning massively - including using smaller signatures, using targeted scanning, and using checksums.
But the "big two" just don't seem to want to learn from these engines.

In a particulary ironic regression, McAfee used to use checksums to speed up scanning. (Remember the DOS days of validate.exe?)

However, these days it seems that McAfee and others put more effort into making their applications look like they're doing something - with animations, swish dialogue boxes, and constant nannying.

The integration of antivirus as just one function in a suite seems to have made the situation worse, especially as these suites are tailored towards the consumer market. Now reminders that the software is working (via intrusive popups telling you that they're updating, scanning etc.) seem to be thought of as positive by the developers, as they let uneducated users know that their purchase is "worthwhile".

Sadly, it's due to that kind of market pressure that you won't see the kind of security suite you (and I!) would like to use.

:-(
Anonymous said…
On Windows, set the virus scanner to only check on write for the directory containing the bazillion little java files used by Notes/Ecllipse.

You'll see a huge improvement in loading Notes standard client.

Popular posts from this blog

How to Change Your Notification Options for New Lotus Notes Mail in version 8.x

Don't worry, I'm not patronizing you (my readers), I just decided to re-document this for one of our internal users and thought you might want to be able to use it in your own user documentation. WHAT IS THIS DOCUMENT ABOUT? Some people who don't get a lot of mail, like to be notified when such an event occurs. Notification can be; via a sound via a pop-up box via the system tray (where the computer clock is) The pop up box looks like this; Other people, who like myself, get too much mail would rather not be notified. The aim of this document is to tell you how (and where) to turn these options on and off. CHANGING YOUR SETTINGS To change your settings from the Notes 8.x client; On the Menu, click File , then Preferences... On the left hand side , click on the little plus sign to the left of Mail to expand the options. Click on the option marked Sending and Receiving . In the middle section, under receiving, you can control your notifications. If you untick the box mark...

How to Create a Bootable DVD Using Nero Burning ROM 9

I often need to create bootable CDs and DVDs but it's weird because I frequently end up buring myself a new coaster instead. It's not that the process is difficult, just that nero has a few too many options and I forget which ones to choose and end up picking the wrong one. I figured that the best way to avoid this mistake in future would be to write the steps down. Procedure Insert CD or DVD into your DVD Burner. Start Nero Burning ROM 9 Choose DVD-ROM (Boot) or CD-ROM (Boot) depending on what you're creating You'll be prompted for a disk image source. Choose a Nero Source - you'll usually find them somewhere like this... C:\Program Files\Nero\Nero9\Nero Burning Rom\DOSBootImage.ima Leave the Boot Locale as English - unless you really need a different keyboard layout Tick the box marked [X] Enable Expert Settings Choose Hard Drive Emulation and leave any other settings as they are. Click the button marked New Add any files you want but don't try to add operati...

How to Create an Auto-Response Mail Message in Lotus Notes 8.5.3+

Why would you do this? Suppose that you have an externally accessible generic email address for your company; support@mycompany.com or info@mycompany.com. You might expose this to the web and allow people to send messages to you. Setting up an auto-response email will tell the senders that their message reached its destination and that it will be dealt with accordingly.  It's also good practice to include links to FAQs or other useful information. Why 8.5.3 The techniques we'll be using here work in older versions of Notes but some of the options seem to have moved around in 8.5.3.  I figured it was a good time to show you where they've moved to. The Procedure Start Domino Designer and open the Mail file to be modified.  A really quick way to do this is to right-click on the application tab and choose "Open in Designer". In the Left hand panel of designer, expand Code and then double-click Agents.  A new window should appear. Click the action ...