Tutorial Anti-Virus & Malware = Myths and Facts

Hello everyone,

Since I joined this great community, I have been engaged in many interesting topic's, heated discussions and most of them I enjoyed very much.
During those conversations I did have the privilege to get to know some of you and what I did notice is that there are some who are technically very skilled and have a wealth of info to share, and there you got those who do not know much and base their skills and opinions upon what the masses publish on the internet.
And then you got those people who are called wannabe experts....

There are some really great guides written on the internet, and there is so much knowledge out there that its perfectly understandable if one does not know which is right & wrong, true or plausible.
Because like it or not there are millions of webpages and blogs out there written by so called wannabe experts.
And in my line of work I come across so many people that based their options upon these information sources.

Does that mean that all those webpages and blogs are totally baseless and wrong?
No not at all, some of them actually do have some valid info.
However most of this info is one sided, incorrect or seemingly altered to fill a blog post.
Note that most of these blogs do not have ANY relation to the industry itself and thus by no means represent its standards.

I am by no means going to pass judgment, and I am not going to claim that I know it all, and neither am I going to portray myself as the ultimate UBER expert.
Because I am not in the position to pass judgment, and neither am I mister know it all.
And I am not going to spend the next 30 minutes writing this HUGE topic with the aim to bullshit you and ruin my reputation. So you might wanna give me a break here as I am going to say some controversial and to some even sensational comments based upon my 15+ years of professional experience in the computer industry.
And based upon that experience I hope you will give me a fair shot in explaining some basic things about security software.

Allow me to explain some according to my knowledge.

1:
This test says that, this report say this.
Who gives the best protection?
Who has the highest detection rate?
Who is the best?
Who has the best removal options?


Testing security software is a integral part of the industry and it serves a basic function which provides security developers with a external baseline and way to test their product outside their own protected environment using various techniques and methodologies.

So these tests are usually a indication for the developers and costumers about what to expect from a product at that particular point in time.
Often if a security developer reviews the report they make macro changes into their product to solve issues and to fine tune their end product.

That being said those tests can cloud your judgment and give you a false indication about a antivirus program, if you do not understand how, what and where.
Some say look program X has 99% detection rate...(Yell JUMP jump HYPER hyper) so program X must be the best out there and all others suck.
People that's BS at best...

Some say I have used this product for years and never did have a virus. Really?
Sure whatever makes you feel comfortable....
Fact is most home users are like sheep, they move in the direction all other sheeps move.
That sounds really disrespectful but its the truth.

Imagine if one person says: Uber Antivirus is the best
Some say: Whatever sure.
If 100000 persons say: Uber Antivirus is the best
Some say: I got to try that.
If 1 million people say: Uber Antivirus is the best.
Then suddenly its the biggest discovery since penicillin.

Imagine 1 million people equals 1 million unique idea's and opinions.
Put them in one room, have them talk for 5 minutes then suddenly you got 1 million people and 1 common idea and opinion.

Does that make a product good or bad? Hell no people.... wake up.
Companies like: ESET, Kaspersky, Symantec, TrendMicro, Mcafee and others spend millions of dollars in research, testing and development... Do you really think they are as bad as some of the tests indicate? Or do you really think that they are as bad as some members claim?

example: Mister X used Sophos and due to a friend he tested Malwarebytes, and guess what?
Malwarebytes found 12 malicious files.
So Mister X comes here on the forum and writes a topic: Sophos sucks & Malwarebytes Rocks.

What Mister X did not tell you is that he ignored basic practices, that he did not follow clear written protocols and that he is using keygens, cracks, torrents and a pirated windows which he downloaded from link: http://iamhackingyou-but-youfailto-realizeit.com and that he did not update his PC and config since the stone age.

There you got one sheep planting a opinion on a huge forum like this one.
Now as you probably guessed Mister X is not the only one breaking every rule...
There are millions across the internet.

And then suddenly Sophos has become the nightmare program of the century.
Truth is that you did not allow Sopshos to protect you in the way they intended.
Or did they do all the above things? I do not think so.
Rules and guide's & protocols are there for a reason.
If you fail to plan you plan to fail its THAT simple.

When push comes to shove it really does not matter if you use Sophos, ESET, Mcafee, Symantec, Bitdefender, Trentmicro, Panda, F-Secure and others, they all will protect you and they all will be capable enough to deal with past, present and even future based dangers.

Test results are NOT written in stone and they are just a indication.
Also each program works in their own unique way, some have a kick ass scanner and some have a better removal module..
A Antivirus package cannot be judged just by its detection, one should judge it over the entire spectrum of its capabilities. On top of that basic practices and protocols should be applied or ANY AV will be rendered useless.
(PS did you just click on the above link? you serious? omg... FAIL.)

Most people do not realize that the antivirus industry has various agreements that guarantee a baseline level of protection which has been formally agreed in the industry.
So pick any of the above names and you will be fine.

Also the comparison between Internet Security Solutions Versus Dedicated tools is comparing a donkey versus a duck.
For example how on earth can you compare NIS and Mbam?
Malwarebytes is a dedicated tool, while NIS is a: Jack of all trades, master of none!!
Just realize that there are so many programs out there, and each one does have its own tools and options.
But they are all different and have their own ways, but at the same time they are very much the same.
They all want to protect you and they all try to offer just that.
The hard part is understanding how these programs are going to protect you, and more importantly what you need to do to make sure that a program can perform optimally.

And a test report or a simple review based upon some new malware is not going to do that for you.
 
Last edited:
D

Deleted member 178

You dont need any antivirus for linux. Linux dont have any virus. Only update the system with official updates

in fact you have 48 known malwares but they all need root access so you will be prompted (normally) so if you are not dumb, you should not be infected.
 
  • Like
Reactions: WinXPert
Nov 26, 2014
4
I would agree with you that running two main anti-virus applications is asking for trouble. I tried it many years ago and my system crashed, it became unusable. I had to reformat and install the OS again.

As for the quality of free anti-virus and other security applications; I have been using the free edition of Avast Anti-virus with ZoneAlarm free firewall, SUPERAntiSpyware free edition, Zemana AntiLogger free edition and Malwarebyte Anti-Exploit free edition for a year now, and my PC is malware free. I also use Hitman once every month. I am very pleased with the protection that Avast and ZoneAlarm offer.
 

tallorder

New Member
Jan 15, 2015
267
2: Choose your Antivirus how to?
There are a lot of factors to take into account when you’re trying to select the best antivirus solution for your needs. With the security of your data, digital identity and financial transactions at stake, it’s worthwhile investing some time in assessing each antivirus product.

Furthermore, if you make extensive use of the Internet, email, messaging and other web services, it’s important to consider a solution that includes Internet security software and technologies that can make your online activities much safer.

Criteria to help you get the best virus protection:
Unfortunately, not all antivirus products provide a reliable, usable solution that delivers an adequate level of protection against malware. When measured against the following criteria, even the market’s top 10 antivirus solutions may achieve very different scores:

•Reliability
Even the most thorough antivirus solution can prove to be absolutely useless if it conflicts with other software that’s running in your computer. If these conflicts lead to a malfunction or temporary suspension in the antivirus protection processes, that could leave you vulnerable.
•Usability
If the day-to-day operation of an antivirus solution requires special skills, it may be impractical for many users. Any antivirus product that is awkward to use, asks the user complex questions or needs the user to make difficult decisions, is likely to increase the chances of ‘operator errors’. In some cases, if the antivirus software is too difficult to run, the user may simply disable it.
•Comprehensive protection
An antivirus solution should deliver constant protection for all computer domains, all types of files and all network elements that could be subject to attack by a computer virus or other malware. The program should be able to detect malicious code and also protect all channels or entry points to the computer — including email, the Internet, FTP and more.
•Quality of protection
Antivirus solutions need to be able to operate in an aggressive environment that is constantly changing with new computer viruses, worms and Trojan viruses that can be much more complex than previously known malware, and may include new ways of avoiding the actions of antivirus programs.
Quality of protection partly depends on the following:
Effectiveness of malware detection processes
Frequency and regularity of updates
Ability to remove infections from the computer
Efficiency in delivering computer protection – without significant impact on the computer’s performance


•Free Antivirus or Premium
1: It will never happen to me.
2: I won’t click on anything I don’t recognize.
3: Only uneducated computer users get viruses.
4: I don’t need to pay for antivirus software.
5: Free antivirus is better and cheaper then premium one.

Do any of these statements sound familiar? As we’re all aware, we live in an ever-changing world in regards to technology. Ask yourself, do you keep up with the latest cyber-security threats and viruses? If not, don’t worry, Its my job to stay updated. I personally recommend to use a robust antivirus that will keep your computer protected from the latest viruses and cyber-security threats.
You may be thinking that a free antivirus is a good, cost-effective solution. Unfortunately, it isn’t. Think for a moment, what motivation does a company have for offering a good free antivirus product? Many of the companies that offer free antivirus products also offer a paid version. Which version do you think is the most up-to-date? Which version do you think is the most efficient at keeping your computer safe? The paid version. Many free antivirus software include advertisements. Many times these advertisements are often the cause of infections in the first place! By purchasing a good antivirus upfront you are essentially achieving a baseline protection and system hardening. Lets say you disregard my advice and use a free antivirus; if you become infected, the cost to clean the virus has cost you at least 1 and a half times the amount the paid antivirus would have cost on the front end.

Obviously I am not talking about some annoying little Trojan, I am talking about a real virus.
How many people come here on the forum asking for malware removal even tho they have a free antivirus running?
Remember the example about Mister X?
Also did you know that most free antivirus gather surfing habits? anonymous statistic's and other information about your pc? Keep in mind there is no such thing as free.
I am not saying that Free antivirus should be avoided, no I am saying free antivirus is MUCH better then NO protection at all.

Here let me give some more examples.
Paid-for security software
  • Paid-for software provides an high grade all-round antivirus, antispyware and firewall solution accessed through a single interface.
  • Individual components are automatically updated at the same time so you get protection against the latest threats.
  • Most security suites come with multi-user licenses so you can install the same protection on two or more computers in your home.
  • Many include useful extras, such as performance management or backup and recovery tools that can help you restore your computer in the event of a disaster.
  • Paid-for security suites provide expert customer and technical support.
  • Higher detection and removal capabilities.
  • Sophisticated intrusion detection and identity protection.
  • Emergency updates and vulnerability updates.
  • Advanced dedicated removal tools and patches.
  • Compatible with virtually any software including custom software.
Paid-for security software cons
  • Security suites can be expensive – usually around 30-50 Euro, and you’ll also face ongoing costs usually in the form of an annual subscription in order to receive updates after the initial period of protection is over (usually a year).
  • You may not always need all the options a security suite provides and, therefore, you may be doubling up in some areas or paying for protection you won’t use.
Free security software pros
  • It’s possible to reasonable protect your computer by using separate free antivirus, antispyware, antispam and firewall programs in tandem.
  • You choose only the tools you need. If you already use a built-in firewall and antispyware program, then you may only need to install an antivirus program rather than pay for an entire security suite.
  • Free antivirus software means you can try different tools to find one that suits without worrying about wasting money.
Free security software cons
  • Free antivirus software provides only a minimum level of protection and lacks the extra features of paid-for software.
  • You’ll have to keep each individual program updated to ensure you’re protected against most of the latest threats.
  • Most free security software programs are trial versions of paid-for packages and may have time limits for how long you can use them.
  • Free antivirus software is typically single-user so you’ll need to download, install and manage a separate version on all your computers.
  • You’ll get limited technical support. Most free antivirus programs only have online support.
  • Less advanced removal capabilities.
  • Less advanced detection capabilities.
  • Less advanced vulnerability protection.
  • Less sophisticated overall protection.
  • More false positives and more data corruption due less advanced removal options (leaving remnants)
  • Free antivirus software conflicts more and has less usability and compatibility, next to performance issues.
Just a few differences out of the top of my head.
I am sure that some exceptions can be made and that I missed one or 2 things.
But lets say this paid antivirus does cost money and they are not cheap, but if take into account what you get in return across the whole spectrum then its a rather small investment which buys you the 3 most important things for a company:
  • Solid security & performance.
  • Continuity & Data loss protection.
  • Compatibility & Flexibility.

So to get back at what I was saying within the industry it is a cold HARD fact that free antivirus regardless their claims and testing results just do not have the level of sophistication and protection that a premium package does.
And there is not a soul on the planet that can convince me otherwise because facts are facts.
So many magazines and blogs write great articles and most of them are theoretical correct, but in the real world things are VERY different.

* Do note that: Avast, Malwarebytes, Avira, AVG, Bitdefender and Comodo as free versions are pretty darn good, they have the same scanning modules as their premium versions BUT their performance and overall protection is no where near their premium packages.
Otherwise why would they offer you a premium package if the free one is just as good.
Or do you really think you only pay to have access to technical and costumer support?


•Conclusion
Your technical expertise and knowhow are perhaps the biggest factors in choosing the best software for your needs.
And last but not least the specific configuration your pc has and its present state is a HUGE factor.

That said again a VB test report is not going to make that choice for you. In fact based upon the detection percentages and reviews it might even push you towards a WRONG antivirus brand.
End of part 2


That really is , in a nutshell, the greater part of my problems today:
Your technical expertise and knowhow are perhaps the biggest factors in choosing the best software for your needs.
And last but not least the specific configuration your pc has and its present state is a HUGE factor."

Because of the limitations of this computer, I am unable to run ..this..with ..that..due to slowing the machine, lack of knowledge as to how to configure a protection program... such as using Emsisoft AV to behavior monitor, and not run constantly, where it would conflict with McAfee on here....

I look carefully at suggestions put up on MT: who put them up, on what computer configuration, works with ...? what else, or doesn't work with...?, and more: Do I want to use that advice or suggestion or not? I may not. Sometimes I just realize I still lack the ability still to use some parts of a program, and not all of it.

I do wish that there was an area of MT similar to Malware Removal, where my computer could be worked with and configured, not because it is infected, so it (hopefully) WON'T be infected!! Right now, I am choosing as carefully as possible, to not crash this system, and doing trial and error downloads and removals if it doesn't work well (with this computer)- or with my ability to utilize the program. I would be MORE than tickled to pay for such help, but then, look at all the learning I might miss!:D, as well as learning to be responsible for my own mess!:confused:
 
  • Like
Reactions: frogboy

T3chnopsycho

Level 1
Jun 11, 2015
20
Very insightful post (gonna read the one from Umbra you mentioned as well).

Especially the part about running multiple Anti Virus Programs simultaneously was new to me. I always went along the thought of "The more the better". Guess I'll have to keep that in mind from now on.

Thanks a lot for the interesting post!

T3chnopsycho
 
Sep 26, 2015
4
3 Can I run multiple Antivirus programs?
In most cases, it is not possible to run two antivirus programs simultaneously on a single computer.
Even though users may be tempted to try to implement what they might regard as ‘dual protection’
There are good reasons why trying to operate two different antivirus products will normally cause difficulties sooner or later.
Giving the antivirus scanner access to critical data is a MUST and having multiple programs injecting their code into your kernel is going to cause trouble.
For effective antivirus detection that protects against computer viruses, worms, Trojan viruses and more the antivirus software has to be allowed to penetrate to a suitable level within the computer... deep into the system kernel.
This is because the antivirus product needs to intercept system events, deep within the computer.
The intercepted data is then passed to the antivirus engine for analysis so the antivirus scanner can scan intercepted files, network packets and other critical data.

If there are two antivirus programs running on a single computer, they will each try to install interceptors into the same part of the system kernel. This is likely to result in conflicts between the antivirus monitors probably with one of the following consequences:
One of the two antivirus programs will fail to intercept system events.
One of the two antivirus programs might activate self-defense modus and consider the rival antivirus as corrupt or hostile.
Each antivirus program’s attempts to install parallel interceptors will cause the entire computer system to crash or they disable rival interceptors.
Registry corruption, Data loss, Service interruption, firmware corruption up to even permanent root damage.

These are HARD facts.

There is a exception to the rule: Malwarebytes can act as a passive On-Demand scanner and thus achieve a dual protection status, while respecting the integrity of the active main antivirus solution.

I have seen MANY members claiming that they are actually mixing different programs, but within the industry I can tell you I would lose my job right on the spot if I would try to run 2 antivirus programs (In Resident Active Modus) on our systems.

So let me make this VERY clear: You can run Malwarebytes in passive mode next to your active internet security package, however this is not recommended.
If you would run both in active mode you will see a wide range of problems going to come your way, as I explained above.

That being said the difference between Internet Security and a standalone tool are HUGE.
But they can mix if you use a proper configuration again this is not recommended unless you know what you are doing.
So bottom line:Your Internet Security = ACTIVE and Malwarebytes (Or similar tool) = PASSIVE.
This way you can mix between the rules and get away with it.
But realize that your Internet Security can do it all, so there is no need for another program.
But if you do insist then you accept the risk that it might backfire.
However tools like Mbam (Passive mode) and other standalone programs like Mcafee stinger can serve as a second line of passive protection (On-Demand)

In regards to running Multiple Internet Security programs say: Mcafee + Norton 360 + Kaspersky.
Doing this is so stupid and so dumb... you might as well throw your pc in the water.
You will not gain anything, and you will render your pc useless.

If I am taking the Industry as a standard (Which I do) then if anyone is claiming otherwise is going against what real experts say.
Or do you really think that the System administrator and security specialist of a huge company can get away with data loss when they find out that they mixed all kinds of security software?

That's why I keep saying Internet Security and Antimalware protection is a serious business and should be regarded as such.
For you on your home pc it really does not matter if you have to reinstall windows 15 times a year, what you got to lose? a few songs a few movies some banking details...
Let add a price tag to it. Say 100 dollar every time in data loss.
If I would do such a thing at my work, 1 hour of system & network downtime costs over 250k per server.
I would love to see how my boss is going to react when this happens due to my fault.

But if you want to mix programs... go for it, but do accept the risks.

I hope this explains why I sometimes come across like a bastard, but I did not intent to make you feel bad. You may not like my guide and you may not agree to what I wrote, but that does not make it any less true.
Virtually everyone who works within the industry will agree to what I wrote here.
Sure you doubt that right?
Well ask around on the forum, and ask yourself why this topic has been made a sticky?
Or ask a senior staff member to validate this topic.
Again my aim is not you feel bad, but my aim is to make you think and learn.
I am just trying to educate those who do not know or think they know.

PS: Umbra Polaris did write a seriously great topic I suggest that if you did spend the time to read my topic, that you honor his topic with some time as well, because the info is SPOT ON.

So if you got questions or comments please post a reply.
Cheers



sorry I am a complete technophobe I cant even work out how to post a comment. I just wanted to say thanks very much for the info I don't know anything about different antivirus products and both my laptops have run out so ive been looking for free ones because im skint as hell at mo, I realised when I tried to install one that they want access to everything and can pass info on but its all very confusing especially when you have a brain like mine which switches to sleep mode when im needing it to learn this stuff. thanks for all your advise and for writing it in a manner even I can understand, tinax
 
Last edited:
  • Like
Reactions: Andytay70

Orion

Level 2
Apr 8, 2016
83
’t need to pay for antivirus software.
  • Free antivirus software provides only a minimum level of protection and lacks the extra features of paid-for software.

Which free AV are you talking about? Most popular free AV's have just as much as protection as paid and sometimes even better.Like someone is going to hack me if i don't run some other firewall except windows and spy on my family pics ;)

I am sure malware writers have better things to do.Big example here: Comodo IS,Avast!
 
  • Like
Reactions: Handsome Recluse

Orion

Level 2
Apr 8, 2016
83
you are right malware writers have better things to do what if they decide to do those better things through your system

1/3 made me reply....First off I would ask you to kindly tune it down fellow indian.

You just missed the entire point the malware writers won't bother to hack a normal joe user they aren't the NSA or CIA.Of course if you are in a IT enviroment it works differently because then you maybe the target.

Speaking about doing it through a normal joe's system they need to get past all the other protection modules in win8 and ahead assuming you use the latest windows as most users do.They can't run bitcoin miners and other stuff unless the user and the security programs allow them to.But again if you have a up-to date system clears off any rare chances of this happening^^^

I don't understand the myths with free av programs especially with indians who keep thinking free is not as good as paid.

You want to hack my system and spy on me.Goodluck I have nothing so precious on it!
 
Last edited:

ravi prakash saini

Level 13
Verified
Apr 22, 2015
636
1/3 made me reply....First off I would ask you to kindly tune it down indian.

You just missed the entire point the malware writers won't bother to hack a normal joe user they aren't the NSA or CIA.Of course if you are in a IT enviroment it works differently because then you maybe the target.

Speaking about doing it through a normal joe's system they need to get past all the other protection modules in Windows 8 and ahead assuming you use the latest windows.

I don't understand the myths with free av programs especially with indians who keep thinking free is not as good as paid.
Zombie (computer science) - Wikipedia
 

Orion

Level 2
Apr 8, 2016
83
In computer science, a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse programIn computer science

So you are completely taking the words off wiki? Why am I not impressed? In order for the hacker to gain access to the system there is has to be some malicious program on your system for the attacker to continue infecting other systems.

Same with wannacry and how it initially started,once a computer is infected with the malware possibly from mail attachments it auto infects other systems.Its literally not profitable for regular malware writers to infect or spy on regular user's computers.There was a time when rootkits used to get bank account details but that time is gone.Also consider other situations with win8.1 or 10.

Also did I mention I am indian too and I have spent time into infosec since my teens.
 

Orion

Level 2
Apr 8, 2016
83
Also to add malware writers do target home users too atleast the regular malware does but when it comes to bigger outbreaks home users are barely the target.

Malware writers know spying won't get them anything so they steal and lock files to get money out.Do people really think that wannacry writers were dumb enough not to download the entire eternalblue package and start spying on the SMB's.Thats not how it works! They used SMB vulnerability to auto infect other systems on the same network.

They could have just done it from eternalblue package without spreading via mails initially but then the Agencies could track them so that's why I guess they didn't go that way.
 
Top