AV is rubbish
I'll probably lose my special Security Club hat for saying so, of course. We all know the reeived wisdom that must be handed down to users for their own protection, and it must not be questioned or the poor souls might get confused.
Thou shalt run anti-virus. Thou shalt install a personal firewall. Thou shalt not visit dodgy sites. Thou shalt be a good boy and eat all thy definitions updates or thou shall not grow up to become strong and healthy. That'll be another $30 please.
There's only one minor problem: it's a crock. Personal firewalls are pointless for many users (another rant for another time there, I think); avoiding ‘dodgy sites’ won't protect you from the mountain of compromised ‘legit’ servers or advertising networks, and as for AV... it's well past time for a backlash.
Sure, it looks good on the surface. All AV packages
claim to detect 99.9% of ‘in the wild’ viruses. But when I happen across a new web exploit infection source and submit it to the multi-AV-checker services, typically less than half the AV engines notice anything wrong. And those that do pick it up often identify it wildly wrongly.
This is not atypical, judging by other malware handlers' reports. And it's not atypical judging by the machines I end up having to drag in and fix. I've got the neighbour's PC here, loaded up with anti-spyware and anti-virus scanners. They're even up-to-date — good boy! — but he's still infected, with a keylogger rootkit, a banking-focused password stealer BHO and a rogue-AV promo.
Anti-virus, you have lost. You sit there filling up our system trays with your little icons and flashing bubbles, constantly seeking attention with your false positives and pleas for updates and money. Your ugly self-advertising user interfaces make us feel physically sick. You cripple our machines' performance and stability with your hundred processes and services loading at bootup and klunging up the system hooks. It takes a lot to bring a modern, powerful PC to its knees with swapping and bluescreens, but you manage it.
Yet despite all this, you still don't protect us. Oh, sure, AV is still effective against old-school viruses and the more widespread mail worms. But come on, what idiot still gets infected by
those? No, the bulk of today's infections — including my neighbour's — are driven by web browser-based exploits and related fake-software downloads, against which today's AV tools are woefully ineffective.
The payloads involved are enormous in quantity and range, and are mutated constantly. Against this, signature-based AV has no chance to keep up. Woollier signatures and heuristic-based detection increases the chances of detection a little, but at the cost of so many false positives the user can't trust it any more. Or worse, they
do trust it and end up deleting a bunch of random files that happened to be compressed using an application compressor (packer=virus, according to stupid AV). Oh, and
Windows Explorer.
Oh sure, you might get an alert from your AV when visiting an exploit, because it peeks into your internet cache folder and manages to recognise
part of the payload, or an intermediate downloader file, or the original exploit itself. “I've removed a virus for you!” it says, “aren't I super! It's ‘Delf’, or ‘Agent’, or ‘Small’, or one of the other names we give to specimens we don't really know what they are but they're probably not good”.
By that point it's far too late; either your browser wasn't vulnerable, and the AV has valiantly protected you from nothing at all, or the suspect code has already been run, downloading a whole bunch of other bad stuff. Even if it
did miraculously catch
all of those (and the odds aren't looking good), how could you possibly know for sure you were still clean? There are some very hard-to-spot rootkits out there that your average PC-using clod hasn't the faintest hope of detecting.
(That's the point at which flattening the OS and restoring from a clean image comes in handy. You did image the system disc, didn't you? You did partition the system disc separately from data, so you don't lose all your documents, right? Oh, your machine came from the idiot manufacturer with a default single partition, and a recovery CD that writes the whole partition? Oh bad luck there mister.)
One day, per-program permissions will be the norm at an OS level, and we'll have the benefits of proper sandboxing without the usability and stability problems of today's primitive behaviour-blocking AVs. Until then...
The interim solution
Today's AV is a dead loss. But you can't simply not install any, or everyone will complain. That's where
PlaceboAV comes in! It's the fantasic anti-virus solution that's super-fast and absolutely reliable... because it does nothing at all.
Yes,
new from DOXdesk, PlaceboAV is just as effective as leading anti-virus software — that is, completely ineffective — whilst having no negative impact on system performance, and never bugging you with extraneous errors.
Get the full performance out of your computer, in total peace of mind because there's a little icon in your system tray so you must be safe. And if you're worried that your protection isn't up to date, open the program window, and simply click the Update button for all the latest definitions!
(NB. Since there are no definitions, the Update function does not actually bother to contact the definitions server, and just pretends to load updates. This is more efficient on network bandwidth. And also there is no definitions server.)
Download PlaceboAV now! An unbelievable feature-set packed into just 56KB of executable*! Lordy, it's a miracle! And it's
free!
And! As Well! Purchase
PlaceboAV Plus Pro now! It's got all the great features of PlaceboAV Free edition, plus you can pay $30 a year for it! Awesome!
DOXdesk is not responsible for any viruses you get whilst using PlaceboAV under the impression it is actually doing something. Well, we probably are
responsible, but we're not going to do anything about it and you'll not get a penny out of us. Go away now.