How AV industry can't take a joke - The end of Placebo AV

Fuzzfas

Level 3
Thread author
Verified
Well-known
Jan 8, 2013
109
Old Wilders members might remember Placebo Antivirus, reviewed also by Dedoimedo:

http://www.dedoimedo.com/computers/placebo-av.html

It was a great joke, as well as useful for security junkies that want to feel an AV icon on systray. I was sad today to discover that it has been killed... It has zero performance impact and zero false positives. It was giving the warming feeling of the resident AV and it was free. Such a waste... RIP.

This is what's left of the poor Placebo AV at the author's website:

image.png
 

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Oh damn haha that's funny

I guess some inexperienced users might not know that it's a fake AV and install it for protection?
 
  • Like
Reactions: shukla44

Fuzzfas

Level 3
Thread author
Verified
Well-known
Jan 8, 2013
109
Oh damn haha that's funny

I guess some inexperienced users might not know that it's a fake AV and install it for protection?


For anyone capable of modest understanding of english language, the author had a very extensive description. If anything, the text was very offending to the AV vendors, a real offense to their own products. So PlaceboAV had to die. It was bad for business. I actually used to run it for some months that i was without AV. It was wonderful for security junkies trying to detox from antivirus use, because you could go and press the update button and feel better.

I wish i had kept the executable. I can't find it anymore, even in google.

AV is rubbish
I'll probably lose my special Security Club hat for saying so, of course. We all know the reeived wisdom that must be handed down to users for their own protection, and it must not be questioned or the poor souls might get confused.

Thou shalt run anti-virus. Thou shalt install a personal firewall. Thou shalt not visit dodgy sites. Thou shalt be a good boy and eat all thy definitions updates or thou shall not grow up to become strong and healthy. That'll be another $30 please.
There's only one minor problem: it's a crock. Personal firewalls are pointless for many users (another rant for another time there, I think); avoiding ‘dodgy sites’ won't protect you from the mountain of compromised ‘legit’ servers or advertising networks, and as for AV... it's well past time for a backlash.

Sure, it looks good on the surface. All AV packages claim to detect 99.9% of ‘in the wild’ viruses. But when I happen across a new web exploit infection source and submit it to the multi-AV-checker services, typically less than half the AV engines notice anything wrong. And those that do pick it up often identify it wildly wrongly.

This is not atypical, judging by other malware handlers' reports. And it's not atypical judging by the machines I end up having to drag in and fix. I've got the neighbour's PC here, loaded up with anti-spyware and anti-virus scanners. They're even up-to-date — good boy! — but he's still infected, with a keylogger rootkit, a banking-focused password stealer BHO and a rogue-AV promo.

Anti-virus, you have lost. You sit there filling up our system trays with your little icons and flashing bubbles, constantly seeking attention with your false positives and pleas for updates and money. Your ugly self-advertising user interfaces make us feel physically sick. You cripple our machines' performance and stability with your hundred processes and services loading at bootup and klunging up the system hooks. It takes a lot to bring a modern, powerful PC to its knees with swapping and bluescreens, but you manage it.

Yet despite all this, you still don't protect us. Oh, sure, AV is still effective against old-school viruses and the more widespread mail worms. But come on, what idiot still gets infected by those? No, the bulk of today's infections — including my neighbour's — are driven by web browser-based exploits and related fake-software downloads, against which today's AV tools are woefully ineffective.

The payloads involved are enormous in quantity and range, and are mutated constantly. Against this, signature-based AV has no chance to keep up. Woollier signatures and heuristic-based detection increases the chances of detection a little, but at the cost of so many false positives the user can't trust it any more. Or worse, they do trust it and end up deleting a bunch of random files that happened to be compressed using an application compressor (packer=virus, according to stupid AV). Oh, and Windows Explorer.

Oh sure, you might get an alert from your AV when visiting an exploit, because it peeks into your internet cache folder and manages to recognise part of the payload, or an intermediate downloader file, or the original exploit itself. “I've removed a virus for you!” it says, “aren't I super! It's ‘Delf’, or ‘Agent’, or ‘Small’, or one of the other names we give to specimens we don't really know what they are but they're probably not good”.

By that point it's far too late; either your browser wasn't vulnerable, and the AV has valiantly protected you from nothing at all, or the suspect code has already been run, downloading a whole bunch of other bad stuff. Even if it did miraculously catch all of those (and the odds aren't looking good), how could you possibly know for sure you were still clean? There are some very hard-to-spot rootkits out there that your average PC-using clod hasn't the faintest hope of detecting.

(That's the point at which flattening the OS and restoring from a clean image comes in handy. You did image the system disc, didn't you? You did partition the system disc separately from data, so you don't lose all your documents, right? Oh, your machine came from the idiot manufacturer with a default single partition, and a recovery CD that writes the whole partition? Oh bad luck there mister.)

One day, per-program permissions will be the norm at an OS level, and we'll have the benefits of proper sandboxing without the usability and stability problems of today's primitive behaviour-blocking AVs. Until then...

The interim solution
Today's AV is a dead loss. But you can't simply not install any, or everyone will complain. That's where PlaceboAV comes in! It's the fantasic anti-virus solution that's super-fast and absolutely reliable... because it does nothing at all.



Yes, new from DOXdesk, PlaceboAV is just as effective as leading anti-virus software — that is, completely ineffective — whilst having no negative impact on system performance, and never bugging you with extraneous errors.

Get the full performance out of your computer, in total peace of mind because there's a little icon in your system tray so you must be safe. And if you're worried that your protection isn't up to date, open the program window, and simply click the Update button for all the latest definitions!





(NB. Since there are no definitions, the Update function does not actually bother to contact the definitions server, and just pretends to load updates. This is more efficient on network bandwidth. And also there is no definitions server.)

Download PlaceboAV now! An unbelievable feature-set packed into just 56KB of executable*! Lordy, it's a miracle! And it's free!

And! As Well! Purchase PlaceboAV Plus Pro now! It's got all the great features of PlaceboAV Free edition, plus you can pay $30 a year for it! Awesome!

DOXdesk is not responsible for any viruses you get whilst using PlaceboAV under the impression it is actually doing something. Well, we probably are responsible, but we're not going to do anything about it and you'll not get a penny out of us. Go away now.
 
Last edited:

ExoGen CyberSecurity

Level 3
Verified
Well-known
Sep 17, 2016
113
This reminds me of EP_X0FF and what he said:

The current antimalware companies trend is to provide sophisticated fake service giving a false sense of security (through fake products and delirium publications) and since last time they started using their users database as a part of mass media campaigns. There is no big difference between malware and antimalware in general. They all - potentially unwanted applications.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top