Thursday, May 20, 2010

Another Anti-virus Rant

This post is going to be an easy read because I don't have any time to update the blog at the moment - so just look at the pictures.

Most people who've spent any time with me on the computer know that I hate anti-virus products because I think that they spend too much time slowing down the system without any guarantee of actually fixing the problem.

Here's an example which just happened about five minutes ago.

I received an email containing an obviously bad file. It passed neatly through our external scanning system which consists of SEVERAL different anti-virus and anti-spam filters.

I knew it would be a virus, so I saved it to my hard drive.

You can see that it has a Microsoft Word icon but that it ends in .EXE.

If you accept the windows default to hide extensions for known file types, you'll never see the EXE and you might even be fooled into thinking that _doc is the same as .doc.


I right clicked on the file and chose scan from the context menu.

As mentioned before, I've got too issues with anti-virus software.

The first is that they waste time. It took ages to scan this ONE file because the engine had to scan memory AND 65 other files (which it should be scanning as part of it's normal procedures - not as part of my ad-hoc request).

The second issue is that they tend to miss viruses.

You can see that this one didn't find the virus.

Even worse, I updated the anti-virus signatures only seconds before initiating the scan. This is something that most users won't do.

I chased the virus up on other sites and found a note to say that McAfee knew about it (though they didn't call it by the same name). A quick search on the internet found this at a different anti-virus site...

They've known about the virus (or a variant of it) at least since March 2009. That's right, more than a year ago.

I found information on the virus going back to 2005.

Since we pay our license fees and since we do our updates, why aren't we entitled to detection?

Why do we have these anti-viral CPU and RAM hogs anyway?


Anonymous said...

feel better now?


Gavin Bollard said...

Strangely, yes I do feel better now.

I'd have been a lot more irritated if someone had actually been infected.

Tony Hollingsworth said...

Seems in this instance it was a virus (based on your research) but I remember receiving many word documents as self-extracting zip files which would have the .EXE extension but would simply extract to the .DOC

There are also a number of cloud-based/hosted email security solutions you could consider.

IBM also provide their "Protector" solution:

Khelben said...

Serously, McAfees anti-virus solution isn't one of the best ones around. I would guess that even the free AVG anti-virus is a lot better.

Check this out:

Thankfully you don't even need to pay for anti-viruses these days or ever better if you run Linux, don't even download them... :)