Tutorial Anti-Virus & Malware = Myths and Facts

Hello everyone,

Since I joined this great community, I have been engaged in many interesting topic's, heated discussions and most of them I enjoyed very much.
During those conversations I did have the privilege to get to know some of you and what I did notice is that there are some who are technically very skilled and have a wealth of info to share, and there you got those who do not know much and base their skills and opinions upon what the masses publish on the internet.
And then you got those people who are called wannabe experts....

There are some really great guides written on the internet, and there is so much knowledge out there that its perfectly understandable if one does not know which is right & wrong, true or plausible.
Because like it or not there are millions of webpages and blogs out there written by so called wannabe experts.
And in my line of work I come across so many people that based their options upon these information sources.

Does that mean that all those webpages and blogs are totally baseless and wrong?
No not at all, some of them actually do have some valid info.
However most of this info is one sided, incorrect or seemingly altered to fill a blog post.
Note that most of these blogs do not have ANY relation to the industry itself and thus by no means represent its standards.

I am by no means going to pass judgment, and I am not going to claim that I know it all, and neither am I going to portray myself as the ultimate UBER expert.
Because I am not in the position to pass judgment, and neither am I mister know it all.
And I am not going to spend the next 30 minutes writing this HUGE topic with the aim to bullshit you and ruin my reputation. So you might wanna give me a break here as I am going to say some controversial and to some even sensational comments based upon my 15+ years of professional experience in the computer industry.
And based upon that experience I hope you will give me a fair shot in explaining some basic things about security software.

Allow me to explain some according to my knowledge.

1:
This test says that, this report say this.
Who gives the best protection?
Who has the highest detection rate?
Who is the best?
Who has the best removal options?


Testing security software is a integral part of the industry and it serves a basic function which provides security developers with a external baseline and way to test their product outside their own protected environment using various techniques and methodologies.

So these tests are usually a indication for the developers and costumers about what to expect from a product at that particular point in time.
Often if a security developer reviews the report they make macro changes into their product to solve issues and to fine tune their end product.

That being said those tests can cloud your judgment and give you a false indication about a antivirus program, if you do not understand how, what and where.
Some say look program X has 99% detection rate...(Yell JUMP jump HYPER hyper) so program X must be the best out there and all others suck.
People that's BS at best...

Some say I have used this product for years and never did have a virus. Really?
Sure whatever makes you feel comfortable....
Fact is most home users are like sheep, they move in the direction all other sheeps move.
That sounds really disrespectful but its the truth.

Imagine if one person says: Uber Antivirus is the best
Some say: Whatever sure.
If 100000 persons say: Uber Antivirus is the best
Some say: I got to try that.
If 1 million people say: Uber Antivirus is the best.
Then suddenly its the biggest discovery since penicillin.

Imagine 1 million people equals 1 million unique idea's and opinions.
Put them in one room, have them talk for 5 minutes then suddenly you got 1 million people and 1 common idea and opinion.

Does that make a product good or bad? Hell no people.... wake up.
Companies like: ESET, Kaspersky, Symantec, TrendMicro, Mcafee and others spend millions of dollars in research, testing and development... Do you really think they are as bad as some of the tests indicate? Or do you really think that they are as bad as some members claim?

example: Mister X used Sophos and due to a friend he tested Malwarebytes, and guess what?
Malwarebytes found 12 malicious files.
So Mister X comes here on the forum and writes a topic: Sophos sucks & Malwarebytes Rocks.

What Mister X did not tell you is that he ignored basic practices, that he did not follow clear written protocols and that he is using keygens, cracks, torrents and a pirated windows which he downloaded from link: http://iamhackingyou-but-youfailto-realizeit.com and that he did not update his PC and config since the stone age.

There you got one sheep planting a opinion on a huge forum like this one.
Now as you probably guessed Mister X is not the only one breaking every rule...
There are millions across the internet.

And then suddenly Sophos has become the nightmare program of the century.
Truth is that you did not allow Sopshos to protect you in the way they intended.
Or did they do all the above things? I do not think so.
Rules and guide's & protocols are there for a reason.
If you fail to plan you plan to fail its THAT simple.

When push comes to shove it really does not matter if you use Sophos, ESET, Mcafee, Symantec, Bitdefender, Trentmicro, Panda, F-Secure and others, they all will protect you and they all will be capable enough to deal with past, present and even future based dangers.

Test results are NOT written in stone and they are just a indication.
Also each program works in their own unique way, some have a kick ass scanner and some have a better removal module..
A Antivirus package cannot be judged just by its detection, one should judge it over the entire spectrum of its capabilities. On top of that basic practices and protocols should be applied or ANY AV will be rendered useless.
(PS did you just click on the above link? you serious? omg... FAIL.)

Most people do not realize that the antivirus industry has various agreements that guarantee a baseline level of protection which has been formally agreed in the industry.
So pick any of the above names and you will be fine.

Also the comparison between Internet Security Solutions Versus Dedicated tools is comparing a donkey versus a duck.
For example how on earth can you compare NIS and Mbam?
Malwarebytes is a dedicated tool, while NIS is a: Jack of all trades, master of none!!
Just realize that there are so many programs out there, and each one does have its own tools and options.
But they are all different and have their own ways, but at the same time they are very much the same.
They all want to protect you and they all try to offer just that.
The hard part is understanding how these programs are going to protect you, and more importantly what you need to do to make sure that a program can perform optimally.

And a test report or a simple review based upon some new malware is not going to do that for you.
 
Last edited:

Orion

Level 2
Apr 8, 2016
83
in fact you have 48 known malwares but they all need root access so you will be prompted (normally) so if you are not dumb, you should not be infected.

Windows is the market share leader and has the majority user base due it's robust nature and flexibility with apps and games.If Mac or Linux were to become the leader which would in turn mean that users migrated to them that means even the malware writers would.They are not dumb and they know their code.
 

Syafiq

Level 11
Verified
May 8, 2017
539
is sophos better than avast?
No, I think avast is better than sophos in terms of protection and performance. Sophos is purely signature-based av(except the BETA premium version that had HitmanPro.Alert included), when avast has a Behavior Blocker and Hardened mode to increase your protection :)
 
D

Deleted member 65228

is sophos better than avast?
Try them both out at separate times and see which one you have more of a liking for. Both Avast and Sophos are good options but it depends on your personal needs and what option you go for. :)

I wouldn't say that one is "better" than the other. I think that in this scenario, it just depends on your needs and which one will suit you best based on this.
 
  • Like
Reactions: XhenEd
D

Deleted member 65228

You just missed the entire point the malware writers won't bother to hack a normal joe user they aren't the NSA or CIA.Of course if you are in a IT enviroment it works differently because then you maybe the target.
Normal average users are a very big target aside from businesses. There are thousands, and thousands more of script kiddies who want to cause damage through the use of malicious software/web-based attacks for the sake of it or as an attempt to make money; their practice is on average home users. You don't have to be working for the NSA or CIA to be a target; normal home users aren't usually "picked", but just end up getting infected through general malicious spam e-mails, malicious links they find through being click-happy, use of of shady download sites... And so on.

Even the well-trained and experienced malware authors will happily target home users sometimes. Threats like Zeus, Carberp, Kronos, WannaCry, BadRabbit, Petya, NotPetya, and many others were not only aimed at businesses. The likelihood is that in scenarios like Zeus, the source code is sold to many others who will then pursue usage of it (targeting home users, businesses, or both simultaneously).

When it comes down to a malware author trying to make money, ideally they will want to aim for a business. However, the intention is not always specifically to make money.

About crypto-currency mining and other alike, there has been an outbreak of web-based miners, which is easier for an attacker to deploy and have it remain active for a long amount of time. :confused:

Phishing is quite popular as well. Not so much on the software side through fake PayPal "money givers" and similar, but web-based.

You definitely have a point in my eyes my friend! Zombie systems are those infected with a botnet, which can be a really serious problem sometimes. Botnets infections are typically used by the attacker to attack services through DDoS attacks (using up the network resources of the infected system to target a service resulting in the services' network resources being used up -> now the service is unavailable and goes down, and becomes more vulnerable to other types of attack).

There was recently security news about a new botnet found by a vendor (maybe Qihoo) which has already infected roughly over 2 million systems. You can find more information here:
The Reaper Botnet Has Already Infected a Million Networks
Massive botnet quietly harvesting 2 million vulnerable IoT devices, report says

It seems to be some sort of "successor" to the Mirai botnet, which caused a lot of stress back in 2016. :(
 
D

Deleted member 65228

Consumers/home users' datas are useless to hackers, however your machine is precious to them, it will be part of a botnet when needed.
I agree! :)

I don't think that an attacker would care to spy on an average home user, unless it was a scenario like with the CCleaner breach where the data is checked to identify targets who may be able to be used to gain valuable information.

Banking malware might still target home users because individuals can have even hundreds of thousands of pounds saved up in accounts the credentials were stolen to, but maybe this would not be common. Either way, if banking malware successfully infects a lot of people, the offender will still be able to use the credentials to take money themselves or sell the credentials to others. :(

It seems that when it comes to banking malware, more focus is on ATM machines nowadays.

I think what you said about botnets is really important, because botnets provide a really big danger to us all in some shape or form. A successful botnet may have hundreds of thousands (or potentially in rare circumstances, millions) of zombie systems. If any of us are infected with a botnet, our own network resources can be abused to take down the very services we love using... :confused:

Even if our own systems are not infected by botnet malware, other systems used to perform operations owned by individuals who are unaware that their system/s have been infected may still have an effect on us.

For example, if a large botnet operation were to happen where hundreds of thousands of systems started a DDoS attack on a service like Netflix, the one day someone has a day off after working hard for a month with small rest may be the same day they are prevented from catching up with Netflix! (as an example)
 

Daljeet

Level 6
Jun 14, 2017
265
Consumers/home users' data are useless to hackers, however, your machine is precious to them, it will be part of a botnet when needed.
My opinion is it's easy to hack home user and use their Id for bad things is not new these days. And with this information hackers can target more and more peoples.
Even if our own systems are not infected by botnet malware, other systems used to perform operations owned by individuals who are unaware that their system/s have been infected may still have an effect on us.
Hackers now targeting educational institute's and banks in my country I know a college which is infected with ransomware and surprisingly their financial department computers are affected with ransomware and the whole college is at cruises. Who knows who done this dirty job and their important data was without any backup. Especially college and universities computers are more vulnerable and security for some educational institutes is joke but now they are taking it very seriously after wanna cry.
 
Top