Results 1 to 5 of 5
  1. #1
    New Lounger
    Join Date
    May 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    where art thou antivirus?

    Could Fred or someone else knowledgeable, please explain to me why the very best paid antivirus programs are not able to block maleware such as LM or Windows Daily Adviser once the link has been clicked? Unless our antivirus software improves, this form of social engineering will always find considerable success
    with the young, elderly, and naive.

    Sam

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    If one clicks on a malicious link then it's more or less a done deal. It's much easier to prevent an infection than to clean one up after the fact. Also, with malicious sites and Other such click and install social engineering, one really never knows what will be delivered to you unless it has already been specifically identified. So one could be installing something new, or one for which an AV/AM application is out of it's depth, and there are many.

    You are your computers greatest security asset, or it's worst nightmare. This is one very good reason that we advocate doing image based backups along with other forms of backup regimens.
    Last edited by CLiNT; 2012-05-25 at 09:06.

  3. #3
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    The best answers are:

    Advanced predictive heuristics, which could block the redirect or the actual click if the AV program knows in advance where not to let you go. Many browsers have add-ons which try to identify and rate the safety of links before letting you actually go to a web page. But to monitor and filter direct transfers from within programs has not proven easy. And most firewalls and AV Programs are not very good at this. Efforts to improve are ongoing.

    The best answer is user education about social engineering. You do not have to click on every warning which pops up at you. Even unfamiliar popups from the system Tray icon for your antivirus should not be taken as genuine. Know how your security apps normally notify you, and be VERY skeptical of anything different. Again, firewall technology is advancing all the time, but it always will encounter new threats for which specific rogue behaviors have yet to be identified and defined. You can't run heuristics without rules.

    CLiNT is right -- you are the biggest threat to your computer's security. You need to remain vigilant. Good AV and firewalls help, as does a well-sandboxed browser (Chrome, IE 9 or higher, etc.), but you are your own best defense -- and your own weakest link.
    Last edited by bobprimak; 2012-05-25 at 13:19.
    -- Bob Primak --

  4. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I have often said the most vulnerable part of the multi-layered security scheme is the person typing on the keyboard. Yes Bob, the best answer would be user education, but how do we accomplish that, that is the key question. We can write until our fingers fall off in these forums, but if our readers don't actually read the answers we provide then what good is it. And how do we reach those that are not members of our or other forums? These are the difficult questions to answer.

    I guess we have to just keep harping away and perhaps we will get through to some of these people.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  5. #5
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    There are some AVs that use heuristics and those can sometimes do better. There are also security suites that add another layer, sometimes know as OS firewall, that will require another confirmation before it allows anything to install. If you click twice, it will install though, so the user is, indeed. as it has been said, the weakest link.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •