You Can’t Depend on Antivirus Software Anymore

[509322]

Until that unique moment where some software - Appguard, HIPS, whatever - (similar to the Norton wave of 2004 and Kaspersky wave of 2009) gets a ground-breaking amount of publicity, we'll make hundreds of threads with thousands of posts criticizing "stupid non-cyber savvy" people. But unfortunately for the world, antivirus sales, like their users are only increasing exponentially. This is an argument that will continue 200 years later. Even with computers in our heads, like @Andy Ful said, the argument of antivirus in our brain vs hips in our brain will exist, but the basic argument will remain.

As more and more people lose money, have their identities stolen, or other bad stuff - things might change over time.

It isn't the user's fault if they don't even know the dangers. It takes society to make cybersecurity a priority. For society to make it a priority usually requires some catastrophic events. After the fall-out, only then, are changes made - and mostly inadequate ones at that.

Some think it is too much to expect ordinary users to make decisions. Typical users aren't stupid. They can learn if there is an adequate effort to teach them.

 

[Handsome Recluse]

As more and more people lose money, have their identities stolen, or other bad stuff - things might change over time.

It isn't the user's fault if they don't even know the dangers. It takes society to make cybersecurity a priority. For society to make it a priority usually requires some catastrophic events. After the fall-out, only then, are changes made - and mostly inadequate ones at that.

Some think it is too much to expect ordinary users to make decisions. Typical users aren't stupid. They can learn if there is an adequate effort to teach them.

That's the problem. Is someone willing to do so? Is security a priority to the more competent people who can teach them? Is there an incentive to make a quality product that you have to teach to be usable when manipulation is just as effective a strategy? This might all be theoretical but we can still see technology changes while everything else stays the same. Tech is a large majority of the improvement we had anyway.

 

[Kubla]

I don't think so. Most typical users are more than capable of learning IT protection concepts at a level well beyond the rudimentary. The real problem is that educating users to a level that will make a difference - one that will truly improve their digital security posture - is considered too difficult, too expensive, too much of a challenge,... and a thousand other objections.

People aren't stupid. But hand them Plug-and-Play inside a complete IT security knowledge vacuum and they will take full advantage of that and - "Oh... it's a miracle" - act stupid.

IT security for the average user is about the same priority as visiting someone they really don't want to visit. They are clueless that what they don't know - what they are averse to doing or learning - can hurt them.

Reading through is forum most here are above average some way above, what seems simple to you is in all likelihood pretty overwhelming to the average user. Hardening their OS, selecting and tweaking their AV, enabling its modules, tweaking their firewall, adding secondary anti-malware software, application behavior software, sandboxing, traffic scanning and monitoring etc... Figuring out which ones will do what they say and how to make them all work together. Then there is choosing a browser, how to tweak it, which extensions to use and and not to use, using a VPN or proxy service how to choose the one that will protect you etc... Looking at the configuration forum there are so many options it can make your head spin.

I think the average user will remain at risk until such a time that there is a real AI solution that does it all no interaction needed just install and forget.

Then again by that time there will be hacker AI so instead of anti-malware vs malware it will be AI vs Hacker AI so they risk may never change..

 

[Deleted member 178]

Many people seems to forgot and unconsciously play the vendors games (because they do good marketing.)

Security softwares aren't supposed to protect you from everything, they are supposed to backup your safe habits.

With safe habits , how many malware will you encounter in your whole life ? 5-10? then those will be easily countered by AVs or any solutions.

Ask yourself: Is it the fault of the police when they failed to protect you when you carelessly venture in a very dangerous gang's area? i dont think so.

 

[Wave]

Reading through is forum most here are above average some way above, what seems simple to you is in all likelihood pretty overwhelming to the average user. Hardening their OS, selecting and tweaking their AV, enabling its modules, tweaking their firewall, adding secondary anti-malware software, application behavior software, sandboxing, traffic scanning and monitoring etc... Figuring out which ones will do what they say and how to make them all work together.

I agree. I don't know anyone else in person who can do any of this, they just use a normal AV like AVG and let it run in the background... These sorts of things are only really done by people who are already interested in security/has skills with computing IMO.

 

[Winter Soldier]

Microsoft placed Windows in every computer and every computer in every home, making the IT very popular.
But managing an operating system and, above all, the security of an OS is not as opening the fridge's door.
If a user does not have the awareness of his own gaps in the security context, then sooner or later he will be an infected user.

 

[Andy Ful]

It may be, that half of computer users cannot use Windows Explorer to make a file shortcut from 'Program Files' folder. Most users feel uncomfortable with file/folder structure on the disk, and simply use the Desktop for everything. Many have problems with seeing, that have copied the file shortcut, instead of the file itself.
This is the problem of computer popularity explosion. Computers are in every home and in every workplace, but most grown up people have only a rudimentary knowledge about the computer systems and security. Usually in workplaces, people finish only the short training or complete one month computer course, about computer maintenance, Word and Excel. Finally, most grown up people simply have no time to learn about computers. They want to rest and recreate at home.

 

[Winter Soldier]

It may be, that half of computer users cannot use Windows Explorer to make a file shortcut from 'Program Files' folder. Most users feel uncomfortable with file/folder structure on the disk, and simply use the Desktop for everything. Many have problems with seeing, that have copied the file shortcut, instead of the file itself.
This is the problem of computer popularity explosion. Computers are in every home and in every workplace, but most grown up people have only a rudimentary knowledge about the computer systems and security. Usually in workplaces, people finish only the short training or complete one month computer course, about computer maintenance, Word and Excel. Finally, most grown up people simply have no time to learn about computers. They want to rest and recreate at home.

Indeed, the problem is not antivirus yes/no/advanced/basic...but skills yes/no.

 

[509322]

Reading through is forum most here are above average some way above, what seems simple to you is in all likelihood pretty overwhelming to the average user. Hardening their OS, selecting and tweaking their AV, enabling its modules, tweaking their firewall, adding secondary anti-malware software, application behavior software, sandboxing, traffic scanning and monitoring etc... Figuring out which ones will do what they say and how to make them all work together. Then there is choosing a browser, how to tweak it, which extensions to use and and not to use, using a VPN or proxy service how to choose the one that will protect you etc... Looking at the configuration forum there are so many options it can make your head spin.

I think the average user will remain at risk until such a time that there is a real AI solution that does it all no interaction needed just install and forget.

Then again by that time there will be hacker AI so instead of anti-malware vs malware it will be AI vs Hacker AI so they risk may never change..

I agree. I don't know anyone else in person who can do any of this, they just use a normal AV like AVG and let it run in the background... These sorts of things are only really done by people who are already interested in security/has skills with computing IMO.

It may be, that half of computer users cannot use Windows Explorer to make a file shortcut from 'Program Files' folder. Most users feel uncomfortable with file/folder structure on the disk, and simply use the Desktop for everything. Many have problems with seeing, that have copied the file shortcut, instead of the file itself.
This is the problem of computer popularity explosion. Computers are in every home and in every workplace, but most grown up people have only a rudimentary knowledge about the computer systems and security. Usually in workplaces, people finish only the short training or complete one month computer course, about computer maintenance, Word and Excel. Finally, most grown up people simply have no time to learn about computers. They want to rest and recreate at home.

Average users are capable of learning. What knowledge is required to greatly improve their own security is actually quite basic. For example, learn how to use Windows, how to clean install the OS, how to inspect a file, System\User Space, the important basics of malware, etc. Most importantly, what not to do. This is low-level stuff. A person doesn't need to know anything about programming languages to protect themselves.

If a person can study for a driving exam and pass it, then they can certainly learn about the fundamentals of IT security.

People need to get past the whole "What AV is best ?" thingy and instead go online to learn a little bit. Hell, even thoroughly reading the News posted here one can learn valuable things. There's a ton of free IT security online education, but like I said, "What AV is best ?" is first and foremost on just about everyone's minds.

Read any security soft EULA. YOU, the user, are fully responsible for your system security. All decision-making is your responsibility. You get infected, it's YOUR fault. The soft itself is only provided as a tool - and a highly imperfect one at that.

I know the various arguments. "We can't teach them and we can't learn." Instead of teaching people - so that they have the knowledge to exercise good judgment and teach them discipline so they can exercise restraint - they are handed prophylactics, antivirus and Windows Updates - and those are intended to solve all their problems. Well, it just ain't sufficient.

 

[Deleted member 178]

Average users are capable of learning. What knowledge is required to greatly improve their own security is actually quite basic. For example, learn how to use Windows, how to clean install the OS, how to inspect a file, System\User Space, the important basics of malware, etc. Most importantly, what not to do. This is low-level stuff. A person doesn't need to know anything about programming languages to protect themselves..

Exactly, when i started learning computer it was Win98, first thing i did is looking every features and options (traits that last even now, i can't help digging the settings of every softwares i use) , i spent hours, days, years, decades to understand my OS, what is its purpose, what it does, what it doesn't, what it shouldn't do. I read help files, tutorials, expert articles then tried what i learned, made enormous ridiculous mistakes, like modifying the MBR , deleting critical system files, etc...
All my knowledge and skill comes from only one pattern: learn, try, fail, try again...And you know what ? i have no clues on programming or coding (even if i learned assembly a little bit in school).

Having a decent knowledge in IT is accessible to everybody ,you just need the Will to study.

 

[509322]

Exactly, when i started learning computer it was Win98, first thing i did is looking every features and options (traits that last even now, i can't help digging the settings of every softwares i use) , i spent hours, days, years, decades to understand my OS, what is its purpose, what it does, what it doesn't, what it shouldn't do. I read help files, tutorials, expert articles then tried what i learned, made enormous ridiculous mistakes, like modifying the MBR , deleting critical system files, etc...
All my knowledge and skill comes from only one pattern: learn, try, fail, try again...And you know what ? i have no clues on programming or coding (even if i learned assembly a little bit in school).

Having a decent knowledge in IT is accessible to everybody ,you just need the Will to study.

Education cannot solve all problems of course. There is always "human nature" that manages to mess-up just about anything that can be messed-up. Be that as it may, a user that knows the important basics is surely more apt to be safer in the digital world than one who is completely ignorant of such matters.

Lack of knowledge and human nature will always manage to smash security softs. Despite the industry's best efforts, it cannot protect users from themselves - at least not anything approaching 100 %.

 

[509322]

I think the average user will remain at risk until such a time that there is a real AI solution that does it all no interaction needed just install and forget.

Then again by that time there will be hacker AI so instead of anti-malware vs malware it will be AI vs Hacker AI so they risk may never change..

Malc0ders will eventually manage to bypass Ai too.

 

[Winter Soldier]

Malc0ders will eventually manage to bypass Ai too.

@Lockdown, do you think it is a lost war, or some hope, or at least a balanced hope?

 

[Andy Ful]

Average users are capable of learning. What knowledge is required to greatly improve their own security is actually quite basic. For example, learn how to use Windows, how to clean install the OS, how to inspect a file, System\User Space, the important basics of malware, etc. Most importantly, what not to do. This is low-level stuff. A person doesn't need to know anything about programming languages to protect themselves.

If a person can study for a driving exam and pass it, then they can certainly learn about the fundamentals of IT security.

People need to get past the whole "What AV is best ?" thingy and instead go online to learn a little bit. Hell, even thoroughly reading the News posted here one can learn valuable things. There's a ton of free IT security online education, but like I said, "What AV is best ?" is first and foremost on just about everyone's minds.

Read any security soft EULA. YOU, the user, are fully responsible for your system security. All decision-making is your responsibility. You get infected, it's YOUR fault. The soft itself is only provided as a tool - and a highly imperfect one at that.

I know the various arguments. "We can't teach them and we can't learn." Instead of teaching people - so that they have the knowledge to exercise good judgment and teach them discipline so they can exercise restraint - they are handed prophylactics, antivirus and Windows Updates - and those are intended to solve all their problems. Well, it just ain't sufficient.

We all agree that education is the key point. The problem is, how many iformation most people can and want to ingest. If you work from 8 to 17, and are about 18 at home, there is a little time left and many things to do with family. The knowledge you get from school, about computers, is really outdated, and after some time not very useful. There is an apparent problem with too quickly evolving knowledge domain. It is seen even with TV sets, how many adult people can find, and configure favorite channels? They are not dumb, but simply not so interested.

 

[509322]

We all agree that education is the key point. The problem is, how many iformation most people can and want to ingest. If you work from 8 to 17, and are about 18 at home, there is a little time left and many things to do with family. The knowledge you get from school, about computers, is really outdated, and after some time not very useful. There is an apparent problem with too quickly evolving knowledge domain. It is seen even with TV sets, how many adult people can find, and configure favorite channels? They are not dumb, but simply not so interested.

IT security is not a typical user priority.

The internet and all the problems of malware have been around - for what ? - at least 3.5 decades. IT security should be taught in primary and secondary schools. It should be required.

Society has to take the lead in educating users from an early age. Until then, it will be SNAFU. And that probably won't happen until some catastrophic event happens - and even then the response will probably be half-measures. Those that end-up losing the most money, will be the ones to push for change. If corporations suffer massive losses, markets teeter, exchanges have to shut-down temporarily, NORAD gets borked and can't operate, planes fall out of the sky - it's that sort of thing that leads to the start of change. Unfortunate, but true.

 

[DJ Panda]

In my Personal Finance class the teacher had us look on some sites that talked about phishing and computer security. OnGuardOnline | Consumer Information The information is pretty basic but I really enjoyed it!
(Didn't really look over it to much though.)

 

[_CyberGhosT_]

The internet and all the problems of malware have been around - for what ? - at least 3.5 decades. IT security should be taught in primary and secondary schools. It should be required.

100% agree with you.
Not doing so perpetuates ignorance

 

[shmu26]

if users were harder to infect, malware devs and distributors would just find more insidious ways to do it. They would take it up to the next level.

 

[Wave]

I agree with @Lockdown but no one I know in person who work full time or even who go to college will want to waste their time learning about security, malware, etc... Or even computing at all. Why? Because they don't have an interest in. We know about it because we all have an interest in it, you learn more when you are interested. If you don't care then yeah you'll probably be stupid online and get infected regardless of AV and think that it'll always protect you but that's just reality

It's easy for us to say that everyone has time to learn and is capable of it but in reality we are not inexperienced beginner users with their thinking so we know what we are doing because we invest time in learning from interest, they don't... and that's normal

 

[509322]

I agree with @Lockdown but no one I know in person who work full time or even who go to college will want to waste their time learning about security, malware, etc... Or even computing at all. Why? Because they don't have an interest in. We know about it because we all have an interest in it, you learn more when you are interested. If you don't care then yeah you'll probably be stupid online and get infected regardless of AV and think that it'll always protect you but that's just reality

It's easy for us to say that everyone has time to learn and is capable of it but in reality we are not inexperienced beginner users with their thinking so we know what we are doing because we invest time in learning from interest, they don't... and that's normal

Well then, my reply is this: You get what you get, and can't complain or bemoan the fact that your PC got infected, your bank account wiped-out, and actually expected any security soft to save you.

People have to learn language and basic mathematics right ? Most have no interest in those either. The solution is to start teaching the topic early. If you wait until university, it's too little, too late. By that point the person has probably picked-up all the bad habits that they need.