What Anti-Virus Do You Use

[Cadillac Jim]

Ouch, I thought that the MAC address was encrypted when WEP was used because it's not that difficult to do. However, I don't see cracking my WEP in 10 minutes. The router has intrusion protection and logs, so if someone tried I would find out. This is important to me because I have a feeder road on within range of the house, and, worse, a golf course too.

I would never depend on a free virus checker for my main computer, particularly if it was on broadband or left on all the time.

The only successful intrusions I ever had were back when I used dialup. I would notice a lot of modem activity that wasn't my idea and turn off the modem. A look at the modem logs turned up some IP addresses in Canada and Southern California. Spamhaus identified these IP addresses as spam sites looking for email addresses.

A bad virus checker can slow your browser to a crawl because nearly all web sites nowadays use zillions of small files, and the virus checker wants to scan each one; doing so in such a way as not to compromise speed is an art, and it's not free.

Regis -- you show a lot of knowledge; what do you think of Norton 360?

[lothos]

Ouch, I thought that the MAC address was encrypted when WEP was used because it's not that difficult to do. However, I don't see cracking my WEP in 10 minutes. The router has intrusion protection and logs, so if someone tried I would find out. This is important to me because I have a feeder road on within range of the house, and, worse, a golf course too.

I would never depend on a free virus checker for my main computer, particularly if it was on broadband or left on all the time.

The MAC address can't be encrypted, otherwise your computer wouldn't know when packets are being addressed to it.

When you're cracking WEP there's a passive way to do it that would not show up in your logs. It would take longer than ten minutes though. The active attack against WEP involves injecting some packets onto your network, and I believe it's at a low enough level to possibly not show up on your logs.

There's nothing wrong with free software, the three I named are really good options. A large portion of the internet runs on free software.

[Cadillac Jim]

Uh, oh.

http://www.foxnews.com/story/0,2933,400763,00.html

[Regis]

Regis -- you show a lot of knowledge; what do you think of Norton 360?

By now it should come as no surprise when I say that I don't like anything Symantec puts out. History has proven that Symantec takes good to great programs and craps them up real nice and resells them under their mother name. Two fine examples are Peter Norton's Nortons and Sygate. Nortons360 is an All in One program and that's bad right from the get go. I have yet to see an All in One out perform a stand alone respectively. I haven't used Nortons360 so I talked to my friend that works for the govmnt, analyzing security systems. In layman's terms, he's a sanctioned hacker. His first response was "Symantec sucks!". He went on to say that the N360 tries to do too much, uses too much resources, and he was able to get around it easily. He likes Avast and also AVG 7.5 (he doesn't like version 8). Hope that's helpful info Jim.

[Cadillac Jim]

Regis -- it's very helpful. My first serious anti-virus was IBM Anti-virus for OS/2 and when IBM dropped it they recommended Norton. Norton, instead of giving me their anti-virus for OS/2, gave me their corporate anti-virus v. 7 for Windows, which ran under OS/2 and seemed to meet my needs. I stayed with Symantec although I used McAfee as a Comcast support thing and for a "corporate" anti-virus for a school I taught at for awhile, and used PC Tools on my teaching laptop when the school year ran out.

Norton Internet Security versions (I believe, from memory) 2004 and 2005 were very intrusive with the OS (Windows XP), almost like a rootkit, requiring multiple reboots, cleaning programs from Norton and such to upgrade or remove, and they drove me completely away from WinFAX Pro because they cleaned that off, too, because it is also a Symantec product. The later versions of NIS were better, but I moved on to Norton 360. It seems just fine, and my only complaint is that it asks for user interaction for such no-brainer things like "intrusion detection disabled" which I wonder how that could have been tolerated anyway.

Another issue that may be more-or-less unique to me is that I don't like for my machine to be rebooted while unattended. I have multiple cores running stuff in the background from binaries that our team built ourselves for research that we am doing for publication 24/7, and I don't like to lose several core-hours to a reboot while my machine is unattended. If this is necessary for my machine to be protected from a network intrusion threat that's OK, and welcome. As a routine presumption of non-importance of my machine's "spare cycles" it is unacceptable, as my machine has no spare cycles. NIS did this about one a month, while I find that N360 doesn't do that often.

My feeling is that very common defenses against network threats tend to draw the most attention from the hackers. That means that Windows clients with Norton and McAfee need to be the most responsive to new threats because significant Day One intrusion threats happen most often to these environments. If I was running a TRS-80 or Amiga I wouldn't even need an anti-virus program, but with Linux and Windows I need to have a Windows firewall and Apache running with a world-class antivirus program.

I've just now looked at the Avast web sit and I see nothing on platform requirements -- in particular Vista 64-bit. I'm running Vista 64-bit and must remain with a 64-bit platform on this machine. If forced form Vista 64-bit, this machine will run on Linux 64-bit and my Windows machine will be another computer, probably again on Vista 64-bit. If I move on from Norton 360 on my current machine, my new protection must protect me on Vista 64-bit.

Postscript: Regis, stay with us. Whatever your daily driver is, I would hope that Caddyinfo is your home and your friends. There are a lot of good cars in this world but there is only one Regis, and only one Caddyinfo. Also, as you know, you can pick up a 1990's Northstar fixer-upper cheap and turn it into one whale of a daily driver in a few weeks for peanuts, should you see fit to do so.

[lothos]

Uh, oh.

http://www.foxnews.com/story/0,2933,400763,00.html

Defcon has been going on for a while, this is the 16th year. It's a good time, I've been to three of them. 99, 2000 and last year. Computer security really is my area of expertise.

[Regis]

Regis -- it's very helpful.

Postscript: Regis, stay with us. Whatever your daily driver is, I would hope that Caddyinfo is your home and your friends. There are a lot of good cars in this world but there is only one Regis, and only one Caddyinfo. Also, as you know, you can pick up a 1990's Northstar fixer-upper cheap and turn it into one whale of a daily driver in a few weeks for peanuts, should you see fit to do so.

Thanks for the kind words Jim. I'm sure I'll continue to pop in now and then. It's become a habit. I personally think it's great that there is a wide diversification of AVs used by members here. As we have read many people seem to be happy with what they are currently using. I have my favorites and others have theirs. If all of us were to use the same program that would make it much easier for hackers to get their rocks off. I'm looking forward to the day when Macs assume 50% market share. It'll give the hackers incentive to develop programs specifically tailored for them. It'll be entertaining at the very least. As far as Defcon, well you have to take that with a grain of salt. You won't see the real top tier hackers and crackers there. And for good obvious reasons. I'm sure the 16yr old Afghan wasn't on that invite list nor the multiple teams from China. You won't see the Czech hacker either. We have a good friend that develops high level programs for nano technology. So his systems were under constant attack. He created a virtual environment with multiple sub-environments. He would monitor the progress of each hacker, where they would go, behavior, how often they would visit, and assess how smart they were. Only one hacker realized what he/she was really in but couldn't get around it. Pretty cool.

[Cadillac Jim]

The system programmer is in charge, of course, if only he realizes it and his host security is his to lose. The system controls what is allowed in, and the trades between functional power and security is his to make. However, if the system programmer doesn't think like a hacker, he can be like a 13th century Frenchman with an epee trying to fight a 21st century sniper with a Tango 51. You must engage to win. I think most security problems get out there because the system/browser/whatever allows a port and never focuses on the viewpoint of a digital ferret on the outside. Look at Apache -- it's quite old, it's open source, it's freely available for download and for little or nothing you can put a cheap machine running a free Linux with Apache on your network and hack away in the privacy of your own home -- or national digital war laboratory -- to your heart's content, but Apache doesn't have a security problem.

[jackc]

Go to Control Center, up on top click on View, select Extended Mode, now click on the large Scheduler box located towards middle right, at the bottom click on Scheduled Tasks, Scheduled Tasks box will open, click on "Test plan in basic mode" once to highlight, click Edit Schedule at the bottom, uncheck the dialog box and click OK at bottom, repeat for "Update plan in Basic mode", both should come up as "task is disabled" if done correctly under Next Start column. Hope this helps.

Thanks Regis. I found my way there and made the changes. Life is better now!

[lothos]

As far as Defcon, well you have to take that with a grain of salt. You won't see the real top tier hackers and crackers there. And for good obvious reasons. I'm sure the 16yr old Afghan wasn't on that invite list nor the multiple teams from China. You won't see the Czech hacker either.

There isn't an invite list, anyone that wants to pay for airfare to Vegas and the $100 entrance fee can go. Last year there were 6,000 people in attendance. Sure, you've got your wannabees with blue spiked hair, and hacker groupies, but a lot of the top hackers DO go. There is currently a vulnerability in the DNS system that affects just about everything, and the guy that discovered it is at Defcon right now.

Jims_97_ETC: Apache is open source, and you seem to trust it. Apache, just like everything else, has had it's security vulnerabilities over the years. Why do you refuse to use a free antivirus? My buddy has tested just about every antivirus against 16,000 different viruses and Kaspersky came out as being one of the better ones.

EDIT: I'm not trying to talk you into using a free antivirus, you're obviously free to use whatever you'd like, but why discount it just because it's free? A lot of free software is just as good, or better, than the commercial software.

[Ranger]

As far as Defcon, well you have to take that with a grain of salt. You won't see the real top tier hackers and crackers there. And for good obvious reasons. I'm sure the 16yr old Afghan wasn't on that invite list nor the multiple teams from China. You won't see the Czech hacker either.

There isn't an invite list, anyone that wants to pay for airfare to Vegas and the $100 entrance fee can go. Last year there were 6,000 people in attendance. Sure, you've got your wannabees with blue spiked hair, and hacker groupies, but a lot of the top hackers DO go. There is currently a vulnerability in the DNS system that affects just about everything, and the guy that discovered it is at Defcon right now.

Jims_97_ETC: Apache is open source, and you seem to trust it. Apache, just like everything else, has had it's security vulnerabilities over the years. Why do you refuse to use a free antivirus? My buddy has tested just about every antivirus against 16,000 different viruses and Kaspersky came out as being one of the better ones.

EDIT: I'm not trying to talk you into using a free antivirus, you're obviously free to use whatever you'd like, but why discount it just because it's free? A lot of free software is just as good, or better, than the commercial software.

Which free ones does he like? Wish I could figure out why Avast seems to stop things occasionally. Only seems to happen on Firefox. The old AVG never had any problems.

[lothos]

Which free ones does he like? Wish I could figure out why Avast seems to stop things occasionally. Only seems to happen on Firefox. The old AVG never had any problems.

His results aren't online anymore, I emailed him and hopefully he'll get back to me today.

[Marika]

I use Norton AV along side with 8 Signs firewall. I'm not exactly crazy about Norton but 8 signs is great.

[Cadillac Jim]

I have one Linux machine in the DMZ and I use f-prot on it. F-prot for Linux is free for home individual users. I don't think it uses real-time checking of files as they are downloaded or accessed by applications. I run a scan every time I reboot the machine, which isn't often and is usually more than a few months. I only down the machine when there is a power failure or to upgrade the OS. Even the kernel can sometimes be upgraded without a reboot, as I have observed to my amazement lately. On my laptop I used the free version of PC Tools Anti-Spyware with Antivirus until I found that my Norton 360 license covered three machines. I rehabilitated a friend's laptop and it was too old to run Norton Antivirus (too little RAM to complete a scan) so I put PC Tools on it too. But for a machine that is on broadband 24/7 you really need the best protection out there.

My Linux machine in the DMZ was cracked once because I allowed SSH access and root didn't have a strong enough password; I'll never make that mistake again. I shelled over to an active root login and recaptured the password, and found a set of hacking tools on the home folder for root. The server log typically showed 6,000 or more hacking attempts *a day* on that machine; I haven't checked the logs lately. I don't have a web page on that machine anymore so there is no real vulnerability to exploit in Apache.

For my main machine, I have the Verizon FIOS modem/router that looks a lot like the Cisco-licensed firewall that I have seen in Linksys and Belkin routers, the Norton firewall that is part of Norton 360, the remnant of Windows firewall that is coordinated with the Norton firewall, and the different levels of access permissions in Vista. And, NAV monitors the TCP/IP data stream in both directions and also the email incoming and outgoing files. I've never had a problem.

Some years ago (about 1990) my wife brought home a floppy disk from work with some files she needed. My virus checker, McAfee viruscan for OS/2, detected the Brain boot track virus and cleaned it off. I called the IS person at her office and he said that yes, all their computers had Brain, but it didn't do any harm so just ignore it. They didn't have a virus checker. I've caught a few others, too, including a few times at work.

[Regis]

As far as Defcon, well you have to take that with a grain of salt. You won't see the real top tier hackers and crackers there. And for good obvious reasons. I'm sure the 16yr old Afghan wasn't on that invite list nor the multiple teams from China. You won't see the Czech hacker either.

There isn't an invite list, anyone that wants to pay for airfare to Vegas and the $100 entrance fee can go. Last year there were 6,000 people in attendance. Sure, you've got your wannabees with blue spiked hair, and hacker groupies, but a lot of the top hackers DO go. There is currently a vulnerability in the DNS system that affects just about everything, and the guy that discovered it is at Defcon right now.

This is exactly the point I was making. Airfare to Vegas and a $100 entrance fee? Exactly my point. lothos has a lot to share and I'm trying not to step too much on his toes while at the same time trying not to seem too politically correct. If I were a hacker extarodordinare then I would certainly avoid "honey pots" like Defcon. That would just be plain stupid. Sorry.

Ranger, check out AVG 7.5. It's light years ahead of the older AVG Antivirus programs.

[Ranger]

I thought 7.5 was the one I had and they said that they would no longer support it and I had to upgrade to 8.0. That's when all the trouble started. Or was it 7.5 upgraded to 7.5? I don't remember. All I know is that when I did, my computer was ungodly slow and I HAD to find something else.

[Regis]

I thought 7.5 was the one I had and they said that they would no longer support it and I had to upgrade to 8.0. That's when all the trouble started. Or was it 7.5 upgraded to 7.5? I don't remember. All I know is that when I did, my computer was ungodly slow and I HAD to find something else.

Ranger, the computer that I'm typing this message to you on is running AVG 7.5. I manually updated it (successfully) this past Tuesday and just 3 minutes ago today (8/9/08 at 11:15pm). Apparently AVG hasn't discontinued the updates for 7.5.

EDIT: AVG 8.0 uses a lot more resources than 7.5. Not surprising that your computer is running slower.

[Ranger]

Now I find out. I know it said that it would no longer be supported. I wonder if I can still download it again. All I could find was 8.0

EDIT:

Found it. Maybe I'll go back to AVG then.

[Regis]

Now I find out. I know it said that it would no longer be supported. I wonder if I can still download it again. All I could find was 8.0

Edit. Found it. Maybe I'll go back to AVG then.

If you'd like I can just send you the program. Let me know. =)

[Ranger]

I liked it when I had it and didn't seem to have any problems like I have now. What I found was "updates" for 7.5, but not the free version itself. How would you send it and how would I down load it? Remember I am on dial up and not nearly as computer literate as you guys. Much of this thread is Greek to me.

EDIT:

Leaving work. Will check back when I get home.

[Regis]

I liked it when I had it and didn't seem to have any problems like I have now. What I found was "updates" for 7.5, but not the free version itself. How would you send it and how would I down load it? Remember I am on dial up and not nearly as computer literate as you guys. Much of this thread is Greek to me.

EDIT:

Leaving work. Will check back when I get home.

LOL Well you have a point there Larry. And I would certainly call you Sir, instead of Larry, if I knew your last name. I have a suspicion that you are deserving of that title. I'll send you the program via snail mail if you'd like. Just let me know. The file is 21mb... more exactly 21.7mb. Let me know. We can also go through BBF if that would make you more comfortable.

[Ranger]

No problem Regis. I appreciate it. If they are still supporting it and providing updates I'd love it. I'll PM you my address. Thank You.

[Cadillac Jim]

I have a file splitter on my web site that lets you decide how big the pieces are, and it includes a Windows script to reassemble the file and clean up.

<a href="http://jameskbeard.com/jameskbeard/Files.html#splitter" target="_blank">http://jameskbeard.com/jameskbeard/Files.html#splitter

</a>

Or, go to jameskbeard.com, click on "Files for download" and then pick number 4, "File Splitter with Automatic Reassembly." One of its features is breaking up large files into chunks of, say 5 MB, so that they can ge sent over email channels that won't accept over 10 MB. Be sure and get each message as it is sent so that you don't overflow your server's storage limit and bounce a chunk.

[Ranger]

I wouldn't even attempt that Jim. Like I said. I'm not that computer literate. I'll just wait for Regis to send it and then load it again and hope I get updates for it. What do I do with Avast? Just shut it off and leave it for future use if needed or uninstall it?

[WarrenJ]

Another alternative to Norton and McAfee:

http://blogs.discovermagazine.com/badastro...uter-be-healed/

Regards,

Warren