The End of Protection

New drives for notebooks roll off of factory lines
Image via Wikipedia

I use and believe in the value of anti-virus software to protect my PC against malware. However, it appears that the full level of protection will soon come to an end, if it hasn’t already.

My home computer of choice is a laptop. It’s not by any means a highly performant, always-on, always-connected server. When I need to use it, I power it up, do what I need to do, then power it down. Mostly I use the web browser – it doesn’t need a whole heap of grunt.

More people are turning to these as their preferred computers. Laptops now outsell desktops. Netbooks are expected to sell like hotcakes.

Unfortunately, the following facts don’t seem to paint a pretty picture for me:

  • During the week, I use the computer for at most a couple of hours per day.
  • The virus scanner takes a couple of hours to run.
  • By default, the scanner does a complete computer scan every day (a practice recommended elsewhere).
  • Over time, I will have more disk to scan (e.g. you can buy about twice the size hard disk for the same money each year).
  • Over time, I will have more files to scan (e.g. browser caches will contain more since more objects appear on each web page every year and HTML5 techniques involve storing data locally).

It has gotten to the point where I turn off the computer prior to the virus scan finishing. The virus scan effectively never completes, so at no point can it assure me that the computer is free of malware.

I can see some solutions to this. None of them are ideal.

Firstly, I will have to give up on daily scans. If it never gets to finish anyway, then why should I pay the price for the massive slow-down that I get from constant scanning?

I could also set the browser to delete all files in the cache when I exit (or at least delete them on a regular basis). However, I suspect most browsers lack this feature today.

Finally, I could use a Mac or a Linux PC instead. Since there is less malware for those platforms, scanning should be much faster.

Reblog this post [with Zemanta]

Beware spyware

Two days ago, we realised our home laptop was infected with spyware. Whenever we did a Google web search, the results page titles would all be reasonable, but the actual websites returned were rubbish. The results would take you to pages full of advertising, rather than useful content. Clearly, something was very wrong.

We are running an up-to-date copy of the McAfee scanner, but it hadn’t picked up anything, and a full scan resulted in a verdict of all clear. Sorry, McAfee, you fail.

Yesterday, I downloaded Microsoft’s Windows Defender – software that is designed specifically to find this sort of thing. It didn’t find anything.

I also tried downloading Symantec’s Norton AntiBot (free for 15 day trial). It was worth the money I paid, i.e. nothing. AntiBot couldn’t find the spyware. At this point, three big guns – McAfee, Microsoft and Symantec – had completely failed.

The only other symptom with our infection was that, under Firefox, when the Google search results page was being returned, “Connecting to 1.2.3.0 …” was briefly shown in the browser. Doing a search for that returned some results with titles suggesting that people at the CyberTechHelp forums had similar problems on their PCs.

The helpful support guys there recommended the free Malwarebytes’ Anti-Malware software to fix it. A scan quickly found something named Trojan.Agent hiding in a fake sound driver in the c:\windows\ directory, which it then removed. Everything was back to normal!

You should never know if your anti-virus tool is any good. Ideally, you should never find yourself infected, so never find out if your tool has a weakness. Unfortunately, we did find our PC infected, so we did learn that our anti-virus tool was no good. The lesson for me is that the free tools can be superior to the big name, expensive tools. I won’t be renewing my McAfee subscription.