Pelles C forum

General => Chit-Chat => Topic started by: EdPellesC99 on August 14, 2011, 05:21:09 PM

Title: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: EdPellesC99 on August 14, 2011, 05:21:09 PM
Quote
Per Ralf at the end of this thread:
http://forum.pellesc.de/index.php?topic=3896.new;topicseen#new (http://forum.pellesc.de/index.php?topic=3896.new;topicseen#new)
McAfee AV is carp, better try AVast! instead, saves you money too.

When I went to Kaspersky, it was because seems to be liked by some (I think many are opinionated, but it is hard to know which are truly better).

   Software (Antivirus) is not great because it costs money necessarily, but also not great necessarily because people are dedicated to making it free.

  One user like me can have issues or likes with Kaspersky, but short of personally installing many and trying to compare....
For instance before I bought, I never understood this universal problem with false positives.... Then I saw what Kaspersky did to me, "protecting me" from trojans by deleting programs that I wrote !


   Kaspersky was driving me nuts calling programs I wrote Trojan infected and deleting them !  I had to disable many features.

  There should be an antivirus program you can "tell" ignore files in THIS folder AND when they run.
So this is a problem I have with my antivirus software operating on My machine.

On the subject of the problems with antivirus operating on the programmer's  client machine see:

http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/

Seems like small developers need users that can TRUST them to the max in spite of 15 alarm bells going off on their computer (hence my recent interest in Code Signing).

I am beginning to think that if ANY antivirus programs are marginally better, it is a neck and neck horse race, where their lead is temporary !

...  Ed






Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: CommonTater on August 14, 2011, 06:05:58 PM
Doesn't Kaspersky have a "White list?" .... that is a list of exempt programs you can add yours to while testing.

:D Of course it might work better if you weren't writing viruses :D

Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Stefan Pendl on August 14, 2011, 06:20:19 PM
I have gone through the AV headache, where a AV software reliable for years allowed my system to get infected.

If you have to disable most of its features, do not use it, you never know what else you break.

After using McAfee, Bitdefender, Avast, Avira, Zonealarm and what else, I am now at M$ Security Essentials.
Sure MSE is the pure minimum, but what else do I need, if I take care of what I do on the web.

The interface is simplistic and it is easy to define exceptions for my development folders.

I don't need bells and whistles, just the minimum of protection against malicious files.
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Vortex on August 14, 2011, 07:45:09 PM
Hi EdPellesC99,

I am an assembly programmer and believe me the situation concerning applications coded with assembly is much more serious because the percentage of "false-positive" alarms tends to be higher. The reason is simple : most of the AV companies are misinterpreting the MS COFF specification and assembly has a very modest market share causing those companies to ignore this language.
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: EdPellesC99 on August 16, 2011, 10:35:42 PM
Tater:
A List that was not a Add One at a Time with several button clicks would be nice.
Here is what Kaspersky support told me:
Quote
Adding this program to the Exclusions for Trusted Applications should help:

Open Kaspersky 2011.
Click on Settings.
Click on the fourth icon, it looks like a box.
Click on Threats and Exclusions on the left.
Click on the second Settings... button on the right.
Click on the Trusted Applications tab.
Click on + Add, then click on the Applications... option.
Select your program(s) one at a time.
Click OK.

Check all check boxes:
   Do not scan opened files.
   Do not monitor application activity.
   Do not inherit restrictions of the parent process (application).
   Do not monitor child application activity.
   Do not scan network traffic.
Click OK.  If more than one program needs to be Excluded, click + Add again and repeat to add it.
Click OK twice.
I am not going through and adding every program I ever wrote individually to a trusted list.

I had to just:
Click on Threats and Exclusions on the left.
Click on the *FIRST* Settings... button on the right. Then Malicious Programs and UNCHECK box for Malicious Tools.

I am given no better way !!!

Question: Is one of the decent antivirus companies Better designed for the small developer? So it is easier to exclude folders of projects in development.... Rather than having to add each .exe built to the exclusion list?
Anyone ever runs across one let me know!


********************************
Hi Vortex,
Quote
I am an assembly programmer and believe me....
   Yes, I can only imagine! Assembly programs are so concise /small.

********************************
Stefan,
Quote
M$ Security Essentials
The interface is simplistic and it is easy to define exceptions for my development folders.
I don't need bells and whistles, just the minimum of protection against malicious files.

Sounds interesting to me, esp if exceptions are easy to put in place.

Kaspersky's Bells and whistles were slowing my computer down (run of ALL scripts of mine that run with shortcut keys, and Tools in Toolbars that run scripts in script engines etc.).
Even double clicking an .exe in windows explorer would give me a hesitation before it ran.
[All of which is why I disabled so much].

********************************
Now on an out and in-going firewall, I like ZoneAlarm. Anyone know of any better
From what I have read, nothing is better as an outgoing connect monitor/blocker.
When I was hit by XP Repair, ZoneAlarm was Popin up telling me about a program trying to call out to the internet,
so at least I preventing the program(s) from providing feedback !

.... Ed
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: CommonTater on August 16, 2011, 11:20:43 PM
You might like to give this a try...  It's not a real time scanner, it runs when you tell it to run...

http://www.emsisoft.com/en/software/eek/

Whitelisting is easy... when it reports a program just click "Add to Whitelist" and it'll leave it alone.

Also ... something to consider if your stuff is going into any kind of distribution... if it's triggering AV, you're not going to get much of a user base... So it's actually good to have it happen before it leaves the fold...
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Stefan Pendl on August 16, 2011, 11:29:23 PM
Microsoft Security Essentials is free and offers to easily exclude folders, extensions and processes.

I always follow the policy to have only one AV tool, I see no advantage in installing a anti-Spam, anti-virus and anti-spy-ware program of different brands to protect my system.
Doing so has always lead to worse than using one brand for all.

I don't like to have hundreds of options to turn on or off, the thing must do the job.

Windows offers its own firewall, a monthly malicious software tool and an AV, all for free, what else do you need?
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Bitbeisser on August 17, 2011, 07:15:04 PM
Microsoft Security Essentials is free and offers to easily exclude folders, extensions and processes.

I always follow the policy to have only one AV tool, I see no advantage in installing a anti-Spam, anti-virus and anti-spy-ware program of different brands to protect my system.
Doing so has always lead to worse than using one brand for all.

I don't like to have hundreds of options to turn on or off, the thing must do the job.

Windows offers its own firewall, a monthly malicious software tool and an AV, all for free, what else do you need?
Something that works? ???

MSE does in IMPE not work that well, and is rather giving a wrong impression of security. Likewise relying on Windows firewall alone will get you in the hot seat pretty quick in most cases.
You should have a proper perimeter firewall in front of your internal LAN, if something can reach your system, any software firewall on the host machines turn very quickly into a "wet towel", they all can be bypassed.
And it is certainly right that someone should not overdo it with having multiple programs performing the same task. That can rather be counter-productive.

But then there is no "silver bullet", a "one size fits all" these days anymore. Working with these kinds of threats on a professional basis, I know that each program has it's strength and it's weaknesses. Out of experience, I recommend private users always a combination of either AVast! or AVG as primary, active antivirus program as well as installing both MalwareBytes Anti-Malware and Spybot Search&Destroy as interactive scanning tools. The later two have different ways to work and one will usually find at least traces of stuff the other one misses. A matter of updates cycles as well...

Ralf
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Stefan Pendl on August 17, 2011, 07:41:23 PM
MSE does in IMPE not work that well, and is rather giving a wrong impression of security.
Sure I could install Norton, but then I have to work against the public competition of hackers to break it ;)

A hardware firewall would be nice, but it is not really practical, if you connect to the net as a one man show using an USB stick of a mobile phone company :(

I will see how things work out, till the next escalation, I will just do my daily backups of my data.
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Bitbeisser on August 18, 2011, 10:49:21 PM
MSE does in IMPE not work that well, and is rather giving a wrong impression of security.
Sure I could install Norton,
"Vom Regen in die Traufe..."...  ;)

I would stay away from Norton as well as McAfee, they don't do **** either. I mentioned a few products that work far better for far less money...

Ralf
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Stefan Pendl on August 18, 2011, 10:58:55 PM
"Vom Regen in die Traufe..."...  ;)

I would stay away from Norton as well as McAfee, they don't do **** either.

So world as changed quite much, the leaders are now loosers and the newcomers overtake.
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Bitbeisser on August 18, 2011, 11:25:00 PM
"Vom Regen in die Traufe..."...  ;)

I would stay away from Norton as well as McAfee, they don't do **** either.

So world as changed quite much, the leaders are now loosers and the newcomers overtake.
Einfach ausgedrueckt: "Die Grossen sind zu satt geworden..."

Ralf
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: EdPellesC99 on August 26, 2011, 05:08:07 PM
SPYBOT -Just say NO ! Software is disgusting !

Quote
as well as installing both MalwareBytes Anti-Malware and Spybot Search&Destroy as interactive scanning tools. The later two

Wow! these days stay the heck away from Spybot. You should see a warning balloon over that idiot's site in a Google Search.
While I was trying to save myself recently, I downloaded the free version.
There were warnings that if you uninstalled the robots, the software would not work. I thought what is he talking about?

So I let it install, and it wanted to Restart. In the pre-windows state I saw the console window open and close again and again (many times FAST, and I was panickstricken).

I stopped it, and saw a message saying something like 25 of 750 objects installed.

God only knows what that idiot was doing, as he benefited from my OS not being up and functional.

I recovered to a restore point.

That software author should be tarred feathered thrown off the internet, and railroaded out of town (though not necessarily in that author).

=======================================================================================
Ralf,
  Glad to see you stick up for Avast, good to know you have a strong feeling based on everything you have seen that it is in the lead.
  I will remember that.

Stefan,
  I did download MSE, so I have it ready to go if I want to chuck Kapersky.
In my last period of pain I got nailed with a fake McAffee site re-direct, as I was trying to download a McAffee Copy without the benefit of an operating AntiVirus ! (They say it is common, guess the hackers infect a site hoping that if a user is downloading antivirus, maybe he has none running at the moment). So at that point, I went to the store and bought Kapersky to have it before I got on the net.

===========================================================
On firewalls besides ZoneAlarm, I found Sygate.
Here is some quick info from Reviews on cnet
http://download.cnet.com/Sygate-Personal-Firewall/3000-2092_4-10332265.html#rateit (http://download.cnet.com/Sygate-Personal-Firewall/3000-2092_4-10332265.html#rateit)

ros: Excellent features that are easy to understand for the amateur. This doesn't mean it is a bad or average firewall. To the contrary. I have used Zone Alarm, Tiny, McAfee, AVG, Panda, Norton, etc. and Sygate has been my favorite by far for many years.

Cons: I have heard that Sygate have sold their products to a bigger software company. What else is new in today's horrible ecomony that is masquerading as a socialist system in the USA, when in reality it is a bunch of greedy fascist crooks stealing.

Summary: The best things about Sygate IMHO, is that it keeps a record of all the connections made inbound and outbound to your computer. Not only that, it names the program, the IP address, and best of all, if you suspect someone trying to hack your computer, it will traceroute the offending computer's IP. Many times a hacker will use someone elses IP address, if not many other's IP addresses. This tool helps you to find the original culprit as it weeds through all the connections.

Read more: Sygate Personal Firewall 5.6 - Free software downloads and software reviews - CNET Download.com http://download.cnet.com/Sygate-Personal-Firewall/3000-2092_4-10332265.html#rateit#ixzz1VUM4JGfQ
 (http://download.cnet.com/Sygate-Personal-Firewall/3000-2092_4-10332265.html#rateit#ixzz1VUM4JGfQ)

Agree w Ralf for sure about Norton.

Hard to believe the one-time best got so bloated and funky as it matured.
...Ed


Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Bitbeisser on August 26, 2011, 09:52:35 PM
Wow! these days stay the heck away from Spybot. You should see a warning balloon over that idiot's site in a Google Search.
While I was trying to save myself recently, I downloaded the free version.
There's practically only a "free" version. He is just asking for "Donations", which is completely voluntary. You must be talking about a totally different software...
I am referring to Spybot Search&Destroy from www.safer-networking.org, witht he current (non-beta) version being v1.62...
Quote
There were warnings that if you uninstalled the robots, the software would not work. I thought what is he talking about?
Sorry, but did you actually read that message correctly? Do you realize that he refers to things like Yahoo/Bing bar and similar crap that some people even WANT to have on their computers? Otherwise, there's absolutely nothing wring with that message....
Quote
So I let it install, and it wanted to Restart. In the pre-windows state I saw the console window open and close again and again (many times FAST, and I was panickstricken).
Sorry, it does not want to reboot, possibly when you install the non-interactive TeaTimer part, which checks for registry entry changes and that needs to reboot in order to activate early in the boot process. In order to use the interactive scanning, this is in no way required. I haven't installed that part in a long time, but I can't remember that this was opening a DOS window more than once during install...
Quote
God only knows what that idiot was doing, as he benefited from my OS not being up and functional.
Sorry, but I think you might refer to the wrong person here...  >:(
Quote
That software author should be tarred feathered thrown off the internet, and railroaded out of town (though not necessarily in that author).
It might be a good idea that you make yourself knowledgeable about what you are talking before making such bold statements...
Quote
Ralf,
  Glad to see you stick up for Avast, good to know you have a strong feeling based on everything you have seen that it is in the lead.
I am working in IT services, having to deal with this each and every day at work, for more than 14 years now here in the USA alone. What I recommend/suggest is simply the result of the everyday practical experience at work....

Ralf
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: EdPellesC99 on August 27, 2011, 06:50:01 AM
I stand for what I said about "spybotsd160.exe" which is what I installed.
The idiot was running batch file after batch file, and said that it had only installed 50 out of 750 objects when I held the power off button to shut down.

Perhaps you have not installed one of his later versions. Install the above and see if you like it.
I used to use earlier versions of his, and they were fine. Apparently he is not too happy about people never donating.

Nothing I read said anything about a tool bar, it said Robots.

Only because I had installed earlier versions did I think the guy could be trusted.

No more trust.

If you think so highly of Search and Destroy, I suggest you install the above version, and see if you still think so highly of him.
I reported him to Malware Busters.
Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Bitbeisser on August 27, 2011, 07:03:11 PM
I stand for what I said about "spybotsd160.exe" which is what I installed.
The idiot was running batch file after batch file, and said that it had only installed 50 out of 750 objects when I held the power off button to shut down.

Perhaps you have not installed one of his later versions. Install the above and see if you like it.
I used to use earlier versions of his, and they were fine. Apparently he is not too happy about people never donating.
I am using all versions that came out since he published his very first one. The current one (which is around for at least half a year now) is 1.62 and there aren't any batch file or such. I did an install to verify that nothing has changed just before I posted my last reply....
Quote
Nothing I read said anything about a tool bar, it said Robots.
Read again., it's said "advertising robots" and that's what those toolbars in fact are.
Same goes for some of those "flight deal" sites (which names me currently escape) or even some online gaming sites...
Quote
If you think so highly of Search and Destroy, I suggest you install the above version, and see if you still think so highly of him.
See above. Don't know what you installed,  but it all doesn't seem we are talking about the same program. Maybe you downloaded and installed a fake, but certainly not the official version available through www.safer-networking.org.

Spybot Search&Destroy is for the last 10 years a highly reputable anti-malware software, and what you claim doesn't fit with anything that is reported anywhere else...

Ralf

Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: EdPellesC99 on August 27, 2011, 08:31:51 PM
I don't know what happened. But it won't happen to me again.

MalwareBytes is for me.

Things are a bit blurry to me as I have trekked along way putting things back together in the last month.

I installed SpyBot right before I replaced the drive with a new formatted one.

To me Advertizing Robots included is NOT the same as freeware.

I never use anyone's tool bar.

A new thing is forced search engine switch. I installed the latest "freeware DAP", and it forced (tricked) me into setting SpeedBit to the default search engine.

Saw what it did, uninstalled it.

Yet it was there in many different ways. It took me a lot of google searches on "Get rid of SpeedBit Search" to FINALLY get rid of all the different ways it was re-setting my search engine, right after I reset the default to Google.

THEN I installed an earlier version, BEFORE they turned to the dark side.

This vicious freeware is NOT freeware like it used to be.



Title: Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
Post by: Bitbeisser on August 27, 2011, 10:03:39 PM
I don't know what happened. But it won't happen to me again.
Trust me, I would not recommend it when there would be a shadow of a doubt for me that this program wouldn't be 'kosher'.
As already mentioned, I am dealing with these kind of things for a living and I can not afford to recommend anything to customers that would even remotely cause a hassle as you described. This rather sounds to me that your system either was still "possessed" by some malware, with quite few known to prevent or divert from installing anti-malware software. Or that you in your frustration misinterpret and/or drawing wrong conclusions on what is/was happening.
Quote
MalwareBytes is for me.
There's nothing wrong with MalwareBytes AntiMalware. It's just my professional experience that there is not a single program out there that will catch/eliminate everything.
In fact, as I think I already stated, I am using both programs in parallel/tandem, as they have different ways how they operate. Using both in combination (the interactive scan, not as resident programs!) has almost always found at least remnants of malware that the other has missed.
In the past I used to do this with a combination of SBS&D and Ad-Aware, but since the later came out with their 2007 version , which has become a bloated and ineffective behemoth, I don't use it anymore and replaced it in my toolkit with MB-AW...

There's a lot of stuff out there where folks are trying to make a quick buck preying on the people fear and inexperience with malware these days. Too many of those applications are not even remotely worth installing. Like all the crap that for example Best Buy's "Freak Squad" installs on their customer's PCs, just because they get a commission on each copy they install "for free" (or not).
Quote
I installed SpyBot right before I replaced the drive with a new formatted one.

To me Advertizing Robots included is NOT the same as freeware.
What exactly are you are talking about here? Included in Spybot S&D?  ???
Quote
I never use anyone's tool bar.
I did not say that, it was just a quick example of what kind of software that Sbybot message is referring to...
Quote
A new thing is forced search engine switch. I installed the latest "freeware DAP", and it forced (tricked) me into setting SpeedBit to the default search engine.

Saw what it did, uninstalled it.

Yet it was there in many different ways. It took me a lot of google searches on "Get rid of SpeedBit Search" to FINALLY get rid of all the different ways it was re-setting my search engine, right after I reset the default to Google.

THEN I installed an earlier version, BEFORE they turned to the dark side.

This vicious freeware is NOT freeware like it used to be.
Too many people don't pay attention to what they are doing. Or don't realize what they are possibly getting into when they are offered something "for free", specially when installing actually something else...

Ralf