Skip to main content

Another Anti-virus Rant

This post is going to be an easy read because I don't have any time to update the blog at the moment - so just look at the pictures.

Most people who've spent any time with me on the computer know that I hate anti-virus products because I think that they spend too much time slowing down the system without any guarantee of actually fixing the problem.

Here's an example which just happened about five minutes ago.

I received an email containing an obviously bad file. It passed neatly through our external scanning system which consists of SEVERAL different anti-virus and anti-spam filters.

I knew it would be a virus, so I saved it to my hard drive.


You can see that it has a Microsoft Word icon but that it ends in .EXE.

If you accept the windows default to hide extensions for known file types, you'll never see the EXE and you might even be fooled into thinking that _doc is the same as .doc.

So...

I right clicked on the file and chose scan from the context menu.

As mentioned before, I've got too issues with anti-virus software.

The first is that they waste time. It took ages to scan this ONE file because the engine had to scan memory AND 65 other files (which it should be scanning as part of it's normal procedures - not as part of my ad-hoc request).

The second issue is that they tend to miss viruses.

You can see that this one didn't find the virus.

Even worse, I updated the anti-virus signatures only seconds before initiating the scan. This is something that most users won't do.

I chased the virus up on other sites and found a note to say that McAfee knew about it (though they didn't call it by the same name). A quick search on the internet found this at a different anti-virus site...


They've known about the virus (or a variant of it) at least since March 2009. That's right, more than a year ago.

I found information on the virus going back to 2005.

Since we pay our license fees and since we do our updates, why aren't we entitled to detection?

Why do we have these anti-viral CPU and RAM hogs anyway?

Comments

Anonymous said…
feel better now?

/Graham
Gavin Bollard said…
Strangely, yes I do feel better now.

I'd have been a lot more irritated if someone had actually been infected.
Seems in this instance it was a virus (based on your research) but I remember receiving many word documents as self-extracting zip files which would have the .EXE extension but would simply extract to the .DOC

There are also a number of cloud-based/hosted email security solutions you could consider.

IBM also provide their "Protector" solution: http://www-01.ibm.com/software/lotus/products/protector/mailsecurity/
Khelben said…
Serously, McAfees anti-virus solution isn't one of the best ones around. I would guess that even the free AVG anti-virus is a lot better.

Check this out: http://download.cnet.com/windows/antivirus-software/?tag=mncol%3Bsort&rpp=10&sort=downloadCount+asc

Thankfully you don't even need to pay for anti-viruses these days or ever better if you run Linux, don't even download them... :)

Popular posts from this blog

How to Change Your Notification Options for New Lotus Notes Mail in version 8.x

Don't worry, I'm not patronizing you (my readers), I just decided to re-document this for one of our internal users and thought you might want to be able to use it in your own user documentation. WHAT IS THIS DOCUMENT ABOUT? Some people who don't get a lot of mail, like to be notified when such an event occurs. Notification can be; via a sound via a pop-up box via the system tray (where the computer clock is) The pop up box looks like this; Other people, who like myself, get too much mail would rather not be notified. The aim of this document is to tell you how (and where) to turn these options on and off. CHANGING YOUR SETTINGS To change your settings from the Notes 8.x client; On the Menu, click File , then Preferences... On the left hand side , click on the little plus sign to the left of Mail to expand the options. Click on the option marked Sending and Receiving . In the middle section, under receiving, you can control your notifications. If you untick the box mark...

How to Create a Bootable DVD Using Nero Burning ROM 9

I often need to create bootable CDs and DVDs but it's weird because I frequently end up buring myself a new coaster instead. It's not that the process is difficult, just that nero has a few too many options and I forget which ones to choose and end up picking the wrong one. I figured that the best way to avoid this mistake in future would be to write the steps down. Procedure Insert CD or DVD into your DVD Burner. Start Nero Burning ROM 9 Choose DVD-ROM (Boot) or CD-ROM (Boot) depending on what you're creating You'll be prompted for a disk image source. Choose a Nero Source - you'll usually find them somewhere like this... C:\Program Files\Nero\Nero9\Nero Burning Rom\DOSBootImage.ima Leave the Boot Locale as English - unless you really need a different keyboard layout Tick the box marked [X] Enable Expert Settings Choose Hard Drive Emulation and leave any other settings as they are. Click the button marked New Add any files you want but don't try to add operati...

How to Create an Auto-Response Mail Message in Lotus Notes 8.5.3+

Why would you do this? Suppose that you have an externally accessible generic email address for your company; support@mycompany.com or info@mycompany.com. You might expose this to the web and allow people to send messages to you. Setting up an auto-response email will tell the senders that their message reached its destination and that it will be dealt with accordingly.  It's also good practice to include links to FAQs or other useful information. Why 8.5.3 The techniques we'll be using here work in older versions of Notes but some of the options seem to have moved around in 8.5.3.  I figured it was a good time to show you where they've moved to. The Procedure Start Domino Designer and open the Mail file to be modified.  A really quick way to do this is to right-click on the application tab and choose "Open in Designer". In the Left hand panel of designer, expand Code and then double-click Agents.  A new window should appear. Click the action ...