hate these ads?, log in or register to hide them
Page 5 of 7 FirstFirst ... 234567 LastLast
Results 81 to 100 of 123

Thread: Antivirus is shit, and here's why

  1. #81
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    17,490
    We are half way through switching to symantec.. They are all terrible.

    My requirements are they shut the fuck up unless there is an actual issue at which point they do not let the users fucking click the screen away because fuck I have lost count of the number of times a user has managed to click ignore on a virus and infect a whole fucking filesystem. My other requirement is that it takes as few CPU resources as possible (ok I get it needs some, but not fucking 90%) and gets the fuck out of the way of the servers primary purpose. Also not requiring an admin to click anything to get it to update or scan is a bonus (im looking at you forefront).

    Oh you know, also actually stopping viruses like they are supposed to, but thats just living in a fantasy world.

    I have literally watched endpoint on a desktop machine hog 90% CPU, blocking admin access to anything useful while the virus busily continues to encrypt files.. YOU HAVE 1 JOB ENDPOINT, 1 FUCKING JOB.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  2. #82
    Kerdrak's Avatar
    Join Date
    August 5, 2013
    Location
    Queens, NY
    Posts
    819
    Quote Originally Posted by Lana Torrin View Post
    We are half way through switching to symantec.. They are all terrible.

    My requirements are they shut the fuck up unless there is an actual issue at which point they do not let the users fucking click the screen away because fuck I have lost count of the number of times a user has managed to click ignore on a virus and infect a whole fucking filesystem. My other requirement is that it takes as few CPU resources as possible (ok I get it needs some, but not fucking 90%) and gets the fuck out of the way of the servers primary purpose. Also not requiring an admin to click anything to get it to update or scan is a bonus (im looking at you forefront).

    Oh you know, also actually stopping viruses like they are supposed to, but thats just living in a fantasy world.

    I have literally watched endpoint on a desktop machine hog 90% CPU, blocking admin access to anything useful while the virus busily continues to encrypt files.. YOU HAVE 1 JOB ENDPOINT, 1 FUCKING JOB.
    Used to have ESET32 (years ago), that had this "silent mode" that would simply update/block shit under the hood without any notice.

  3. #83
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    17,490
    Quote Originally Posted by Kerdrak View Post
    Quote Originally Posted by Lana Torrin View Post
    We are half way through switching to symantec.. They are all terrible.

    My requirements are they shut the fuck up unless there is an actual issue at which point they do not let the users fucking click the screen away because fuck I have lost count of the number of times a user has managed to click ignore on a virus and infect a whole fucking filesystem. My other requirement is that it takes as few CPU resources as possible (ok I get it needs some, but not fucking 90%) and gets the fuck out of the way of the servers primary purpose. Also not requiring an admin to click anything to get it to update or scan is a bonus (im looking at you forefront).

    Oh you know, also actually stopping viruses like they are supposed to, but thats just living in a fantasy world.

    I have literally watched endpoint on a desktop machine hog 90% CPU, blocking admin access to anything useful while the virus busily continues to encrypt files.. YOU HAVE 1 JOB ENDPOINT, 1 FUCKING JOB.
    Used to have ESET32 (years ago), that had this "silent mode" that would simply update/block shit under the hood without any notice.
    I have also used eset32 in the past.. Was awesome. I dont remember their administration and reporting tools being too great at the time (was a long time ago) but yeah, the thing just shutup and did was it was supposed to.. I'm guessing they have been bough out by one of the shitter AV providers or something by now.

    Not that I get a say in what we use with us signing a partnershit with Symantec.. Fuck I need to leave this job.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  4. #84

    Join Date
    May 31, 2011
    Posts
    2,962
    Nope. ESET is still there. And independent, it seems.

  5. #85
    rufuske's Avatar
    Join Date
    April 9, 2011
    Posts
    1,348
    MSE (Windows Defender?) and goddamn common sense is the only antivirus you need.

  6. #86
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    7,793
    Quote Originally Posted by rufuske View Post
    and goddamn common sense
    And the lack of this is why AV exists.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  7. #87
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    17,490
    Quote Originally Posted by Nordstern View Post
    Quote Originally Posted by rufuske View Post
    and goddamn common sense
    And the lack of this is why AV exists.
    Did i ever post the story of how one of our clients got infected with cryptolocker?

    So guy got an email to his personal email (I think it was hostmail) with an attachment, normal virus stuff. He was at work at the time and attempted to download it. Antivirus kicked in and killed it before it did anything (and told him it was a virus). User really wanted to see what was in this attachment and was also fucking stupid, so he attempted to download it on another PC, where the AV kicked in and did the same thing. So he went home that night, downloaded it and tried to open it at home, found it wouldn't open (I think his own AV kicked in and blocked it) so he copied the files to a USB key and bought it back to work the next day. Because its now not being downloaded, when he tried to run it FOR A FOURTH TIME it eventually managed to sneak in before the AV could stop it and encrypted a bunch of shit he had access to.

    No amount of protection can save you from a determined user. You just need to limit permissions so that when they fuck up they don't kill everything.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  8. #88
    Movember 2011Movember 2012 Nordstern's Avatar
    Join Date
    April 10, 2011
    Posts
    7,793
    Kaspersky wormed its way back into Firefox and wanted me to accept the use of Kaspersky Secure Connection. I said no, and uninstalled it. Using Windows Defender exclusively now.
    "Holy shit, I ask you to stop being autistic and you debate what autistic is." - spasm
    Quote Originally Posted by Larkonis Trassler View Post
    WTF I hate white people now...

  9. #89
    dominus's Avatar
    Join Date
    October 5, 2012
    Posts
    1,837
    Quote Originally Posted by Lana Torrin View Post
    Quote Originally Posted by Nordstern View Post
    Quote Originally Posted by rufuske View Post
    and goddamn common sense
    And the lack of this is why AV exists.
    Did i ever post the story of how one of our clients got infected with cryptolocker?

    So guy got an email to his personal email (I think it was hostmail) with an attachment, normal virus stuff. He was at work at the time and attempted to download it. Antivirus kicked in and killed it before it did anything (and told him it was a virus). User really wanted to see what was in this attachment and was also fucking stupid, so he attempted to download it on another PC, where the AV kicked in and did the same thing. So he went home that night, downloaded it and tried to open it at home, found it wouldn't open (I think his own AV kicked in and blocked it) so he copied the files to a USB key and bought it back to work the next day. Because its now not being downloaded, when he tried to run it FOR A FOURTH TIME it eventually managed to sneak in before the AV could stop it and encrypted a bunch of shit he had access to.

    No amount of protection can save you from a determined user. You just need to limit permissions so that when they fuck up they don't kill everything.
    Employee of the month, right there

    What was in the title that got him so persistent though? penis enlargement or cheap drugs sent by mail?

  10. #90
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    17,490
    Quote Originally Posted by dominus View Post
    Quote Originally Posted by Lana Torrin View Post
    Quote Originally Posted by Nordstern View Post
    Quote Originally Posted by rufuske View Post
    and goddamn common sense
    And the lack of this is why AV exists.
    Did i ever post the story of how one of our clients got infected with cryptolocker?

    So guy got an email to his personal email (I think it was hostmail) with an attachment, normal virus stuff. He was at work at the time and attempted to download it. Antivirus kicked in and killed it before it did anything (and told him it was a virus). User really wanted to see what was in this attachment and was also fucking stupid, so he attempted to download it on another PC, where the AV kicked in and did the same thing. So he went home that night, downloaded it and tried to open it at home, found it wouldn't open (I think his own AV kicked in and blocked it) so he copied the files to a USB key and bought it back to work the next day. Because its now not being downloaded, when he tried to run it FOR A FOURTH TIME it eventually managed to sneak in before the AV could stop it and encrypted a bunch of shit he had access to.

    No amount of protection can save you from a determined user. You just need to limit permissions so that when they fuck up they don't kill everything.
    Employee of the month, right there

    What was in the title that got him so persistent though? penis enlargement or cheap drugs sent by mail?
    I think it was something boring like a package stopped by customs.. I cant remember.. Because you know, customs automatically know the email address of the person the package is being sent to..

    One of our ops managers managed to open one of the attachments on him phone because it said he had a speeding fine.. Fortunately his phone is not windows so he just went 'wtf is this bro' and wouldn't show it.. and then he worked it out.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  11. #91
    Mallet Head Donor 56k Lagman's Avatar
    Join Date
    May 5, 2011
    Location
    Vancouver, BC
    Posts
    3,930
    Quote Originally Posted by rufuske View Post
    MSE (Windows Defender?) and goddamn common sense is the only antivirus WE need.
    fyp m8 but all the dumbos need a lot of hand holding

    Quote Originally Posted by Duckslayer View Post
    I should be home.now but I keep stopping to post. I'm in need of a mega poo. so much so that I'm tempted to leave slurry across one of these gardens and deal with the wiping later. gonna toss a coin

    phoneposting

  12. #92

    Join Date
    May 31, 2011
    Posts
    2,962
    TBH, these days you don't need to be a "dumbo" to fall for a virus.

    At the end of last year, here in Germany we had a very sophisticated email attack going on, aimed at HR responsible people. In our company, that included that actual HR department and also various shop managers. Both the email text/appearance and the attached (malware-laden, ofc) Word document were very well written/designed. No sloppy spelling, no obvious personal references stemming from mass harvesting (i.e. "Dear hel.oween").

    It was easy for me to spot, as multiple emails from supposedly different candidates had the image of the same person (copied from a web site, ofc) where caught by our spam filter and waited for release. But in all honesty, even a cautious HR drone wouldn't stand a chance to identify this as malware. That required the usage of some text/hex viewer with which one inspects the attached Word document and some VBA programming knowledge to spot the included scripts by doing so. I've uploaded a sample to virustotal.com, but none of the scanners there flagged the file at first as a real threat. I seem to remember that some obscure scanning engine did throw some kind of a generic scripting warning.

  13. #93
    Mallet Head Donor 56k Lagman's Avatar
    Join Date
    May 5, 2011
    Location
    Vancouver, BC
    Posts
    3,930
    Sure but that's where things like GPOs and firewalls come into place to stop fooled people into following a link of enabling macros on an attachment

    Quote Originally Posted by Duckslayer View Post
    I should be home.now but I keep stopping to post. I'm in need of a mega poo. so much so that I'm tempted to leave slurry across one of these gardens and deal with the wiping later. gonna toss a coin

    phoneposting

  14. #94
    root's Avatar
    Join Date
    April 26, 2011
    Location
    The Camel Empire
    Posts
    2,790
    The Rapier is my love boat
    ~lowsec smallscale pvp 'n stuff~

  15. #95
    Mallet Head Donor 56k Lagman's Avatar
    Join Date
    May 5, 2011
    Location
    Vancouver, BC
    Posts
    3,930
    someone emailed that around in work too. It has some valid points

    Quote Originally Posted by Robert O'Callahan
    (You can't tell users to turn off AV software because if anything bad were to happen that the AV software might have prevented, you'll catch the blame.)
    This is so fucking true though, it's nearly never about getting the problem fixed but more so about keeping the end user happy, the two things are not mutual

    Quote Originally Posted by Duckslayer View Post
    I should be home.now but I keep stopping to post. I'm in need of a mega poo. so much so that I'm tempted to leave slurry across one of these gardens and deal with the wiping later. gonna toss a coin

    phoneposting

  16. #96

    Join Date
    May 30, 2011
    Location
    asleep
    Posts
    5,667
    We get a lot of usb sticks from infected machines through the doors which need cleaning here at college. the number of genlnk-A viruses we strip each day is pretty impressive. Educating users to some degree doe work but in the end we've had to create a blacklist of users on each domain who simply cannot be trusted with USB devices and hard-block them.

    Sophos's Application filtering is pretty handy as well, preventing the wee kiddies from running all manner of naughty web filter circumvention programs.
    Please don't teach me what to do with my pc.

  17. #97
    Lana Torrin's Avatar
    Join Date
    April 13, 2011
    Location
    Bonding around
    Posts
    17,490
    Yeah but universities are the front line in the virus war.. In a normal company most people actually want to do the right thing most of the time, so education can work well.

    That is unless you work in the companies than my company services.. Then you hate IT because management never tell you anything and keep randomly changing stuff.
    Quote Originally Posted by lubica
    And her name was Limul Azgoden, a lowly peasant girl.

  18. #98
    Mallet Head Donor 56k Lagman's Avatar
    Join Date
    May 5, 2011
    Location
    Vancouver, BC
    Posts
    3,930
    I work in IT too

    Quote Originally Posted by Duckslayer View Post
    I should be home.now but I keep stopping to post. I'm in need of a mega poo. so much so that I'm tempted to leave slurry across one of these gardens and deal with the wiping later. gonna toss a coin

    phoneposting

  19. #99

    Join Date
    November 5, 2011
    Posts
    8,077
    You guys should get a tour in Korean internet and general cyber security. You'd get an aneurysm so big you'd be dead by the end of the week, it's that bad.


  20. #100
    Tyrehl's Avatar
    Join Date
    April 9, 2011
    Location
    [STUGH] Rote Kapelle
    Posts
    3,611
    We use mcaffee enterprise AV at work, I want to disable it and reenable Windows Defender I suspect that I may be liable but hey our IT is so lazy that they may never notice/care
    <Devec> hello captain Tyrehl
    <Devec> sailor of the persian seas
    Quote Originally Posted by Paradox
    I swear you are some sort of biological weapon developed in the early '90's for the Yugoslav wars but they lost track of you at some point and now you're waging a psychological war on Western Europe without a clue what you're doing.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •