Tuesday, January 6, 2015

"Tests" of Security Software

Again it is a customer question that triggers new information on this blog; Thank you Frank C.

The customer asked what I think about the results of a test of Security Software in Consumer Reports' June 2014 issue.

I am not subscribed to Consumer Reports and the contents of their publication is not available online. Luckily the customer had attached a pdf file of the article. Without permission from CR I can not publish it here.

Needless to say that Microsoft Security Essentials/Windows Defender ended up on one of the last places in the rankings. That is very relevant to me because all my home customers use either one of these anti virus programs.

Here is my reply, almost verbatim from the email.
Thank you for the question. A few points in no special order as a reply.

Who actually ran these tests?
And who financed them?
Consumer Reports certainly does not have a proper test lab; that takes years to develop and a big lot of money to finance and run.

I have seen dozens and dozens of "tests" that were paid for by manufacturers of "security software".
And guess what, the result was always that their specific product ended up on top of the list.

Microsoft Security Essentials and Windows Defender on Windows 8 are not "security" programs, they are classic anti virus programs. Anti virus programs protect against getting virus infected files on your computer. And in my limited experience of 12 years and ca. 6000 distinct home customers these two programs do an excellent job at that.

To compare the two MS programs 1:1 against security suites is ridiculously wrong and done to dupe the un-informed into wrong conclusions.
Security suites try to supervise every click and input in web pages.
An endeavor that brings additional computing burdens but is doomed to fail because most errors are or are a result of an EBKAC (Error Between Keyboard And Chair).
Please see an irreverent remark below.

Most security suites are a very noticeable additional work load even for well equipped computers.

Just today I had been called to "slow" computer. After removing the PuPs the machine was still sluggish. After removing an older version of Norton Internet Security (about 4 years old)  the computer suddenly worked just fine. It was a BIG perceivable difference; I have seen that many, many times. This effect is not specific to Norton, it applies to many brands of security suites; in my experience especially (but not limited) to AVG, Avast, Norton, McAfee and Trend Micro.

Many of these "tests" do not talk about the curse of free security suites, that is false positives. Erroneously marking a benign program as malicious leaves the non-geek home user clueless and helpless.

Avast especially has last year broken quite a few computers with insufficiently tested updates.

only one of the programs in the CR test can even detect Poweliks, the worst and best hidden virus currently around.

AFAIK the only AV program that currently detects Poweliks is MS's Security Essentials/Defender! Although I use third party tools to remove it completely and terminally.

Re. EBKAC errors:IMHO no software in the world can protect irresponsible people from themselves.

We need to pay attention to the details and we need to heed #6 of my 10 commandments for safe computing.

Frank, please do not take the last paragraph personally; it only reflects general observations that I make all too often.
Please let me know in the comments what you think; thank you in advance

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.

Monday, January 5, 2015

2015-01-05 WTKM Talking Points (January 5th 2015)

Warning: New CryptoWall ransomware variant; spread through advertising networks.
When you see advertisements on the internet your computer
already needs to be cleaned!

Is you Adobe software up-to-date? Per 2014-12-31 current versions are:
Reader 11.0.10
Flashplayer (for both IE and plugin versions)
Windows 8 will have to upgraded to 8.1 by Jan. 12, 2016 (See MS blog here>).

Still more malicious PowerPoint files. Be careful; no patch yet.

Adobe's Digital Editions 4 desktop ebook reader secretly sends encrypted data back to headquarters – data that details a user's reading habits.

To stay safe use: My “typical” customer uses:
Anti virus program     (MSE/Defender)
Secure DNS server     (router vs. computer & only if set up correctly)
Firewall                     (not with HIPS (Host Intrusion Prevention System)
Sandbox                      ???
EBKAC errors are the most common ones and no program protects against that!

Yearly maintenance suggestions:
  1. Backup the whole system as it is via image backup on an external disk drive
    - Vista: Backup data (evtl. free 3rd party program)
    - Wind 7/8 Excellent built-in backup tools (non-MS instructions Win7, Win8)
  2. Check physical HDD health (SMART, HD-Tune, PassMark DiskCheckup)
  3. Check logical HDD health (admin command prompt, chkdsk c: /f)
  4. Check for updates (MS sites for Vista /Win7, Win8)
    - Operating system and all Microsoft software
    - ALL regularly used programs (web browser, mail program, PDF reader, Adobe Flash, - Shockwave, - Air, Java, office software, games, media player a.s.o.)
  5. Check ALL your passwords (read this article!)
    - Use password software (Roboform, KeePass, LastPass)
  6. Verify your system is clean (ESET online scanner, Malwarebytes & my instructions)
  7. If you have a wireless router make sure that WPS is turned off! (background)
  8. Really clean out debris files most thoroughly (see these instructions)
  9. Defragment the HDD (Win8: "Optimize";  Vista/Win7Win8)
A big Thank You 
to WTKM listeners,
to all my customers,
for having me on the air!
HAPPY NEW YEAR to everybody!

As usual I welcome suggestions and comments right here in the blog.

Click here for a categorized Table Of Contents.