[pchelpers] Re: AVG no longer free
- From: "Ekhart GEORGI (last name last)" <Ekhart.GEORGI@xxxxxxxxxxx>
- To: pchelpers@xxxxxxxxxxxxx
- Date: Sat, 03 May 2008 15:33:27 +0300
Hi John
> Spywareblaster is a form of real time protection. Any spyware in the
> system won't work if it is up to date.
> That makes it easy to remove.
> I wonder how well the same principle would work for a virus?
Antivirus programs work essentially the same way (but see * below)
except that good ones also use heuristic analysis
(http://en.wikipedia.org/wiki/Heuristic_analysis), which means that some
can detect malware that is not yet in their database but similar to
malware that is there and can detect other stuff that acts suspiciously.
(* Instead of preventing installation through lists of baddies in the
Windows registry like SpywareBlaster does, which requires no CPU or RAM,
AVs have their own lists and first intercept all activity on the
computer, which means that many but not all AVs slow down computers.)
>> If your antivirus doesn't have real-time protection (often called
>> "guard" or "shield"), it won't prevent any infection by any malware,
>> even by all the malware it knows about. Basically, an AV without RT is
>> less than worthless because it gives people a false sense of security.
>
> So does real time protection. There are bound to be infections that can
> get past it.
No to the first, yes to the second claim. You're essentially saying that
a burglar alarm that is turned on is as misleading as one that's turned
on because it may make people start leaving doors and windows open. The
opposite is of course true. If people have AV with real-time protection,
they are much better protected than without it, so everyone should
definitely have AV with RT protection as well as a firewall and
antispyware with RT protection.
It's true that an attachment or a program you download could be new
malware that your AV and AS don't know about yet and for which they will
not get an update for many hours or days. So it's best to not install
any program except from a reputable site and best to not open any
attachment unless you know the sender *and* unless the sender has
announced it because it could be attached automatically by an honest
person's infected machine and it could be a new infection that your AV
or AS doesn't know about yet. (It's even better to not open an
attachment or install a new program immediately but to wait a day or so
until you get a new update for your AV and AS.) But if your AV and AS
don't have RT protection, your a sitting duck for the tens of thousands
of old malware that they know about and could protect you against if had RT.
>> On the contrary, you need real-time protection even more on a broadband
>> connection. Firewalls and the other things you list do not prevent
>> infections due to people running infected email attachments and infected
>> programs they download, which is how most people get infected. And yes,
>> most infections are due to stupidity. If people didn't open attachments
>> or install programs that aren't from a trustworthy source, they would
>> probably never get infected even without antivirus and without antispyware.
>
> So maybe we need utilities to guard against that then?
> Does Thunderbird mail question whether a user wants to open or save an
> attachment? I thought it did.
By default it does ask, but almost all people turn that question off or
click past it automatically without reading it anymore, so the only
fairly reliable protection for most people is AV and AS with RT
protection. Even better is to *in addition* not open any attachment
unless one knows the sender and unless the sender announced the
attachment and not install any programs except from reliable sources.
In addition, i would advise everyone to install ProcessGuard
http://www.diamondcs.com.au/processguard/ because it makes your computer
much safer in several in addition to preventing malware from disabling
your firewall and AV and AS.
--
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi
List archives at //www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.
Other related posts:
