We need a real breakthrough in the war on computer viruses. As I have said before that the anti-virus programs only catch about 1/2 of Virus's. Using two anti-virus programs may raise the detection level to 75%, but there is still a huge gap there. I am not talking about the problem where it takes a few hours from the time that the virus starts spreading to when the anti-virus programs are able to detect the virus. That in itself is a huge problem and the anti-virus programs are starting to combat that problem by also having a dictionary of allowed/safe programs. If one that is not listed tries to run it pops up and tells you about it and asks if you want to run the program. I am talking about actual long term infections. I have observed this for a few years now.
My first obvious case was a computer that was downloading porn on its own. When nothing could detect the problem I replaced the hard drive. When I copied their old desktop items to the new hard drive guess what? The porn download virus came with it. The anti-virus program did not detect a thing. Then there was the storm spam virus. I chased it to a computer and replaced the hard drive. The virus infected emails stopped but after 6 months none out of three anti-virus programs could detect the virus on the old hard drive. I offered to mail it to them if they wanted to analyze it. I got no response; I don't think they really care.
The only solution is still to replace the infected hard drive and be very careful as to what you copy off the old hard drive. Copy only their documents and pictures from the old drive. Anything else could be an undetectable virus.
What am I seeing these days? How about a computer that one day insists a file size is 0 bytes when it is really several KB? Or the next day it does not update the date of the file when you make changes to it? How about a computer that does all kinds of strange things on the network on strange ports all day long? In both cases 3 anti-virus programs find nothing at all! It is so frustrating!
We need a super weapon that can go the very core of the hard drive and analyze everything to see if it is a trusted program and flag it if it is not. Yes I know about ‘Hijack This’, I have an 11 page log on one of the problematic computers. It does not help. The virus writers know about HJT and I am sure they have a way around it.
I found a recent article that reflects some of my disappointments;
http://www.theregister.co.uk/2010/04/13/winxp_anti_malware_tests/
I wonder if part of the problem is what happened during the election several years ago. All of the news Medias reported the wrong results because they were all using the same incorrect sources. Where do the anti-virus people get their viruses to detect? Do they all use the same sources? Do they only use email viruses? Something is really amiss here with so many viruses going totally undetected.
Then there is also the instability problem (Kaspersky IS 2010 crashing/locking up computers - see my other posts). There is also their effectiveness in removing the viruses – for Instance AVG saying the ‘virus vault is full, no more room for viruses’. Sometimes it is just easier to replace the hard drive and start over. Then copy their files off the old hard drive.
Signed – One Very Frustrated Virus Fighter.
No comments:
Post a Comment