NO

Author Topic: Antivirus Pain for the Developer and for his User (Yes a Rant)  (Read 14571 times)

EdPellesC99

  • Guest
Quote
Per Ralf at the end of this thread:
http://forum.pellesc.de/index.php?topic=3896.new;topicseen#new
McAfee AV is carp, better try AVast! instead, saves you money too.

When I went to Kaspersky, it was because seems to be liked by some (I think many are opinionated, but it is hard to know which are truly better).

   Software (Antivirus) is not great because it costs money necessarily, but also not great necessarily because people are dedicated to making it free.

  One user like me can have issues or likes with Kaspersky, but short of personally installing many and trying to compare....
For instance before I bought, I never understood this universal problem with false positives.... Then I saw what Kaspersky did to me, "protecting me" from trojans by deleting programs that I wrote !


   Kaspersky was driving me nuts calling programs I wrote Trojan infected and deleting them !  I had to disable many features.

  There should be an antivirus program you can "tell" ignore files in THIS folder AND when they run.
So this is a problem I have with my antivirus software operating on My machine.

On the subject of the problems with antivirus operating on the programmer's  client machine see:

http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/

Seems like small developers need users that can TRUST them to the max in spite of 15 alarm bells going off on their computer (hence my recent interest in Code Signing).

I am beginning to think that if ANY antivirus programs are marginally better, it is a neck and neck horse race, where their lead is temporary !

...  Ed







CommonTater

  • Guest
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #1 on: August 14, 2011, 06:05:58 PM »
Doesn't Kaspersky have a "White list?" .... that is a list of exempt programs you can add yours to while testing.

:D Of course it might work better if you weren't writing viruses :D


Offline Stefan Pendl

  • Global Moderator
  • Member
  • *****
  • Posts: 582
    • Homepage
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #2 on: August 14, 2011, 06:20:19 PM »
I have gone through the AV headache, where a AV software reliable for years allowed my system to get infected.

If you have to disable most of its features, do not use it, you never know what else you break.

After using McAfee, Bitdefender, Avast, Avira, Zonealarm and what else, I am now at M$ Security Essentials.
Sure MSE is the pure minimum, but what else do I need, if I take care of what I do on the web.

The interface is simplistic and it is easy to define exceptions for my development folders.

I don't need bells and whistles, just the minimum of protection against malicious files.
---
Stefan

Proud member of the UltraDefrag Development Team

Offline Vortex

  • Member
  • *
  • Posts: 865
    • http://www.vortex.masmcode.com
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #3 on: August 14, 2011, 07:45:09 PM »
Hi EdPellesC99,

I am an assembly programmer and believe me the situation concerning applications coded with assembly is much more serious because the percentage of "false-positive" alarms tends to be higher. The reason is simple : most of the AV companies are misinterpreting the MS COFF specification and assembly has a very modest market share causing those companies to ignore this language.
Code it... That's all...

EdPellesC99

  • Guest
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #4 on: August 16, 2011, 10:35:42 PM »
Tater:
A List that was not a Add One at a Time with several button clicks would be nice.
Here is what Kaspersky support told me:
Quote
Adding this program to the Exclusions for Trusted Applications should help:

Open Kaspersky 2011.
Click on Settings.
Click on the fourth icon, it looks like a box.
Click on Threats and Exclusions on the left.
Click on the second Settings... button on the right.
Click on the Trusted Applications tab.
Click on + Add, then click on the Applications... option.
Select your program(s) one at a time.
Click OK.

Check all check boxes:
   Do not scan opened files.
   Do not monitor application activity.
   Do not inherit restrictions of the parent process (application).
   Do not monitor child application activity.
   Do not scan network traffic.
Click OK.  If more than one program needs to be Excluded, click + Add again and repeat to add it.
Click OK twice.
I am not going through and adding every program I ever wrote individually to a trusted list.

I had to just:
Click on Threats and Exclusions on the left.
Click on the *FIRST* Settings... button on the right. Then Malicious Programs and UNCHECK box for Malicious Tools.

I am given no better way !!!

Question: Is one of the decent antivirus companies Better designed for the small developer? So it is easier to exclude folders of projects in development.... Rather than having to add each .exe built to the exclusion list?
Anyone ever runs across one let me know!


********************************

Hi Vortex,
Quote
I am an assembly programmer and believe me....
   Yes, I can only imagine! Assembly programs are so concise /small.

********************************

Stefan,
Quote
M$ Security Essentials
The interface is simplistic and it is easy to define exceptions for my development folders.
I don't need bells and whistles, just the minimum of protection against malicious files.

Sounds interesting to me, esp if exceptions are easy to put in place.

Kaspersky's Bells and whistles were slowing my computer down (run of ALL scripts of mine that run with shortcut keys, and Tools in Toolbars that run scripts in script engines etc.).
Even double clicking an .exe in windows explorer would give me a hesitation before it ran.
[All of which is why I disabled so much].

********************************

Now on an out and in-going firewall, I like ZoneAlarm. Anyone know of any better
From what I have read, nothing is better as an outgoing connect monitor/blocker.
When I was hit by XP Repair, ZoneAlarm was Popin up telling me about a program trying to call out to the internet,
so at least I preventing the program(s) from providing feedback !

.... Ed

CommonTater

  • Guest
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #5 on: August 16, 2011, 11:20:43 PM »
You might like to give this a try...  It's not a real time scanner, it runs when you tell it to run...

http://www.emsisoft.com/en/software/eek/

Whitelisting is easy... when it reports a program just click "Add to Whitelist" and it'll leave it alone.

Also ... something to consider if your stuff is going into any kind of distribution... if it's triggering AV, you're not going to get much of a user base... So it's actually good to have it happen before it leaves the fold...

Offline Stefan Pendl

  • Global Moderator
  • Member
  • *****
  • Posts: 582
    • Homepage
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #6 on: August 16, 2011, 11:29:23 PM »
Microsoft Security Essentials is free and offers to easily exclude folders, extensions and processes.

I always follow the policy to have only one AV tool, I see no advantage in installing a anti-Spam, anti-virus and anti-spy-ware program of different brands to protect my system.
Doing so has always lead to worse than using one brand for all.

I don't like to have hundreds of options to turn on or off, the thing must do the job.

Windows offers its own firewall, a monthly malicious software tool and an AV, all for free, what else do you need?
---
Stefan

Proud member of the UltraDefrag Development Team

Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 772
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #7 on: August 17, 2011, 07:15:04 PM »
Microsoft Security Essentials is free and offers to easily exclude folders, extensions and processes.

I always follow the policy to have only one AV tool, I see no advantage in installing a anti-Spam, anti-virus and anti-spy-ware program of different brands to protect my system.
Doing so has always lead to worse than using one brand for all.

I don't like to have hundreds of options to turn on or off, the thing must do the job.

Windows offers its own firewall, a monthly malicious software tool and an AV, all for free, what else do you need?
Something that works? ???

MSE does in IMPE not work that well, and is rather giving a wrong impression of security. Likewise relying on Windows firewall alone will get you in the hot seat pretty quick in most cases.
You should have a proper perimeter firewall in front of your internal LAN, if something can reach your system, any software firewall on the host machines turn very quickly into a "wet towel", they all can be bypassed.
And it is certainly right that someone should not overdo it with having multiple programs performing the same task. That can rather be counter-productive.

But then there is no "silver bullet", a "one size fits all" these days anymore. Working with these kinds of threats on a professional basis, I know that each program has it's strength and it's weaknesses. Out of experience, I recommend private users always a combination of either AVast! or AVG as primary, active antivirus program as well as installing both MalwareBytes Anti-Malware and Spybot Search&Destroy as interactive scanning tools. The later two have different ways to work and one will usually find at least traces of stuff the other one misses. A matter of updates cycles as well...

Ralf

Offline Stefan Pendl

  • Global Moderator
  • Member
  • *****
  • Posts: 582
    • Homepage
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #8 on: August 17, 2011, 07:41:23 PM »
MSE does in IMPE not work that well, and is rather giving a wrong impression of security.
Sure I could install Norton, but then I have to work against the public competition of hackers to break it ;)

A hardware firewall would be nice, but it is not really practical, if you connect to the net as a one man show using an USB stick of a mobile phone company :(

I will see how things work out, till the next escalation, I will just do my daily backups of my data.
---
Stefan

Proud member of the UltraDefrag Development Team

Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 772
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #9 on: August 18, 2011, 10:49:21 PM »
MSE does in IMPE not work that well, and is rather giving a wrong impression of security.
Sure I could install Norton,
"Vom Regen in die Traufe..."...  ;)

I would stay away from Norton as well as McAfee, they don't do **** either. I mentioned a few products that work far better for far less money...

Ralf

Offline Stefan Pendl

  • Global Moderator
  • Member
  • *****
  • Posts: 582
    • Homepage
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #10 on: August 18, 2011, 10:58:55 PM »
"Vom Regen in die Traufe..."...  ;)

I would stay away from Norton as well as McAfee, they don't do **** either.

So world as changed quite much, the leaders are now loosers and the newcomers overtake.
---
Stefan

Proud member of the UltraDefrag Development Team

Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 772
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #11 on: August 18, 2011, 11:25:00 PM »
"Vom Regen in die Traufe..."...  ;)

I would stay away from Norton as well as McAfee, they don't do **** either.

So world as changed quite much, the leaders are now loosers and the newcomers overtake.
Einfach ausgedrueckt: "Die Grossen sind zu satt geworden..."

Ralf

EdPellesC99

  • Guest
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #12 on: August 26, 2011, 05:08:07 PM »
SPYBOT -Just say NO ! Software is disgusting !

Quote
as well as installing both MalwareBytes Anti-Malware and Spybot Search&Destroy as interactive scanning tools. The later two

Wow! these days stay the heck away from Spybot. You should see a warning balloon over that idiot's site in a Google Search.
While I was trying to save myself recently, I downloaded the free version.
There were warnings that if you uninstalled the robots, the software would not work. I thought what is he talking about?

So I let it install, and it wanted to Restart. In the pre-windows state I saw the console window open and close again and again (many times FAST, and I was panickstricken).

I stopped it, and saw a message saying something like 25 of 750 objects installed.

God only knows what that idiot was doing, as he benefited from my OS not being up and functional.

I recovered to a restore point.

That software author should be tarred feathered thrown off the internet, and railroaded out of town (though not necessarily in that author).

=======================================================================================
Ralf,
  Glad to see you stick up for Avast, good to know you have a strong feeling based on everything you have seen that it is in the lead.
  I will remember that.

Stefan,
  I did download MSE, so I have it ready to go if I want to chuck Kapersky.
In my last period of pain I got nailed with a fake McAffee site re-direct, as I was trying to download a McAffee Copy without the benefit of an operating AntiVirus ! (They say it is common, guess the hackers infect a site hoping that if a user is downloading antivirus, maybe he has none running at the moment). So at that point, I went to the store and bought Kapersky to have it before I got on the net.

===========================================================
On firewalls besides ZoneAlarm, I found Sygate.
Here is some quick info from Reviews on cnet
http://download.cnet.com/Sygate-Personal-Firewall/3000-2092_4-10332265.html#rateit

ros: Excellent features that are easy to understand for the amateur. This doesn't mean it is a bad or average firewall. To the contrary. I have used Zone Alarm, Tiny, McAfee, AVG, Panda, Norton, etc. and Sygate has been my favorite by far for many years.

Cons: I have heard that Sygate have sold their products to a bigger software company. What else is new in today's horrible ecomony that is masquerading as a socialist system in the USA, when in reality it is a bunch of greedy fascist crooks stealing.

Summary: The best things about Sygate IMHO, is that it keeps a record of all the connections made inbound and outbound to your computer. Not only that, it names the program, the IP address, and best of all, if you suspect someone trying to hack your computer, it will traceroute the offending computer's IP. Many times a hacker will use someone elses IP address, if not many other's IP addresses. This tool helps you to find the original culprit as it weeds through all the connections.

Read more: Sygate Personal Firewall 5.6 - Free software downloads and software reviews - CNET Download.com http://download.cnet.com/Sygate-Personal-Firewall/3000-2092_4-10332265.html#rateit#ixzz1VUM4JGfQ


Agree w Ralf for sure about Norton.

Hard to believe the one-time best got so bloated and funky as it matured.
...Ed



Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 772
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #13 on: August 26, 2011, 09:52:35 PM »
Wow! these days stay the heck away from Spybot. You should see a warning balloon over that idiot's site in a Google Search.
While I was trying to save myself recently, I downloaded the free version.
There's practically only a "free" version. He is just asking for "Donations", which is completely voluntary. You must be talking about a totally different software...
I am referring to Spybot Search&Destroy from www.safer-networking.org, witht he current (non-beta) version being v1.62...
Quote
There were warnings that if you uninstalled the robots, the software would not work. I thought what is he talking about?
Sorry, but did you actually read that message correctly? Do you realize that he refers to things like Yahoo/Bing bar and similar crap that some people even WANT to have on their computers? Otherwise, there's absolutely nothing wring with that message....
Quote
So I let it install, and it wanted to Restart. In the pre-windows state I saw the console window open and close again and again (many times FAST, and I was panickstricken).
Sorry, it does not want to reboot, possibly when you install the non-interactive TeaTimer part, which checks for registry entry changes and that needs to reboot in order to activate early in the boot process. In order to use the interactive scanning, this is in no way required. I haven't installed that part in a long time, but I can't remember that this was opening a DOS window more than once during install...
Quote
God only knows what that idiot was doing, as he benefited from my OS not being up and functional.
Sorry, but I think you might refer to the wrong person here...  >:(
Quote
That software author should be tarred feathered thrown off the internet, and railroaded out of town (though not necessarily in that author).
It might be a good idea that you make yourself knowledgeable about what you are talking before making such bold statements...
Quote
Ralf,
  Glad to see you stick up for Avast, good to know you have a strong feeling based on everything you have seen that it is in the lead.
I am working in IT services, having to deal with this each and every day at work, for more than 14 years now here in the USA alone. What I recommend/suggest is simply the result of the everyday practical experience at work....

Ralf

EdPellesC99

  • Guest
Re: Antivirus Pain for the Developer and for his User (Yes a Rant)
« Reply #14 on: August 27, 2011, 06:50:01 AM »
I stand for what I said about "spybotsd160.exe" which is what I installed.
The idiot was running batch file after batch file, and said that it had only installed 50 out of 750 objects when I held the power off button to shut down.

Perhaps you have not installed one of his later versions. Install the above and see if you like it.
I used to use earlier versions of his, and they were fine. Apparently he is not too happy about people never donating.

Nothing I read said anything about a tool bar, it said Robots.

Only because I had installed earlier versions did I think the guy could be trusted.

No more trust.

If you think so highly of Search and Destroy, I suggest you install the above version, and see if you still think so highly of him.
I reported him to Malware Busters.