Antivirus software is mostly useless, hacker says

[Copernic Reporter]

Interesting discussion with a hacker on Reddit. Microsoft Security Essentials is the most preferred and easiest to bypass (according to this guy).

Some screens: http://i.imgur.com/yxMDx.jpg

Highlights:

(R - Reddit / H - Hacker)

R: What anti virus software free/paid for presents to you the biggest obstacles?

H: Kaspersky was the most challenging at first, Kaspersky is paranoid as f...k! But it has an exploit in KIS, KAV and PURE, allowing to start malicious code in the memory context of a trusted system process unnoticed. Kaspersky won't interfere if it thinks it's the system process doing changes to the system.

R: What advice can you give to us "average" folk on how to stay secure online?

H: If the attachment is ending in .exe and pretending to be something else, it's malware for sure. If it's a .pdf it can only infect you if you haven't patched your Adobe Reader (Is now done automaticly). Cybercriminals use 0day exploits only on valueable targets like Iranian power plants or companies with intellectual properties and ****ing lot of cash.

- Facebook friends don't share funny cat pictures on randomly generated domain names.

- If your AV says it's clean or even if Virustotal gives you 0/43 it can still be malware, been there, seen that. Srsly, don't trust your AV.

- Use HBCI or similiar for online banking, it costs 30$ and is military grade cryptography (private key signing), only open source cryptography on signed hardware is 100% secure.

- Windows updates, yes, do them. If you have a pirated copy, just buy that **** or use linux.

- If you are super paranoid, buy a netbook and use a LiveCD or similiar on it whenever you put your CC information in.

- Banking on mobile phone, it's stupid, but atm 'not that dangerous as it seems', because 99% of cybercriminals can't code and there is no (serious) android or iOS malware yet on the market.

R: Does this mean Linux or MAC OSx are impermeable to malware? If so, why? If not, what's the best way Linux or MAC users see if they've been infected?

H: No, but Linux is not targeted, because it is not economical.

R: What do you use to spread?

H: Automatically backdooring warez and uploading it to one click hoster and Usenet. It's funny that even governmental agencies use warez, I found FAA.gov credentials. My momma always said, "A botnet is like a box of chocolates. You never know what you're gonna get."

R: why?

H: It first started as a challenge to circumvent AntiVirus systems, but then I realised all AV suck at detection and it's easy to make money with it.

R: how about making a better AV detection system and profiting off that?

H: AV is a completely wrong approach to security. If you need AV to feel secure you already failed.

R: First, thanks for the AMA, really interesting. Could you write some "perfect protection" AV software yourself? I bet you could make a ****ton of cash even if it is a one time sale per person. Is there hacker-folk interest in putting AV companies out of business by giving away or selling cheap, far superior, protection? Would it be more fun to screw over big companies who sell snake oil?

H: Most "hacker-folk" kinda work at AV companies already. There is already a company going the "elimate it at the root" approach: http://www.triumfant.com . But it's not that easy, the big companies have the moneys, Symantec has the colorful commercials, McAfee has the governmental contracts for voting machines AV (Mr. McAfee has btw the same lifestyle as your average Russian Spam King: 66 years old, huge house in a tropical country, 17 year old girlfriend, lots of unregistered weapons lol). It's not about the product itself, it's about power and influence. Read about the "HBGary federal accident" or watch the Defcon 19 video with "Aaron Van Barr (totally not Aaron Barr, because he wasn't allowed to be there :p)". Changing the security industry is like changing the copyright system.

R: you're the reason we can't have nice things.

H: People who can just about start Facebook and put in their credit cards are the reason such things exist. Antivirus companies selling snakeoil and lull consumers into absolute security are another one.

Read more:

http://www.reddit.co...t_operator_ama/

[Deathknight74]

Very interesting article.

[Daedroth]

Interesting article, but from reading the 'hackers' responses, I can tell they are pretty young.

[SirEvan]

I kinda disagree. Sure, hackers who know their stuff can get around AV, but I've seen others, as well as experienced myself, when Nod32 catches a virus in an email attachment, thus saving me from ever having to see it in my system. Am I 100% protected? of course not, but just like condoms, and everything else...you can never be 100% safe from anything. I think a reputable (kaspersky/nod32) antivirus app, along with a decent firewall, and a HUGE dose of common sense and logic are your best tools for staying safe from malware/viruses.

[Tomoko]

I stopped using antivirus programs a decade ago, just a waste of resources. Never had a virus anyway or any other malware, I don't know how people even get this stuff on their systems. Common sense is the best antivirus.

[veternan]

MSE forever and I have VM to test my suspicious files there...But The most sophisticated technology I have is MYSELF :shiftyninja: :shifty:

[Xahid]

Common sense is best protection for sure, but some time, things happened with or without your acknowledgement, This is where you need AV. which can scan your trustworthy objects too.

[cork1958]

I stopped using antivirus programs a decade ago, just a waste of resources. Never had a virus anyway or any other malware, I don't know how people even get this stuff on their systems. Common sense is the best antivirus.

Yeah,

Like you'd know if you were infected or not if you don't have anything to scan with! Always love it when people say I've never been infected with anything then admit to being dumb enough not to even have any protection!

Whether they're worthless or not, something is better than nothing and if you're worried about resources on todays computers, you shouldn't even own a computer anyway!

[Deathknight74]

So from what I gather from the article is that if you really need protection you should use Linux and not depend on your anti-virus or anti malware software. Am I right?

[James123]

Downloading the source for a bot, modifying it slightly so Anti-viruses don't flag it and then distributing it via usenet/email makes you a "hacker" these days :pinch:? He seems no more knowledgeable than the average script kiddie.

[OOOOOOOO]

I was using anti-virus on my Mac before I re-installed to run Mountain Lion. And I must admit, everything he's saying is what I've already figured ... I simply don't need Anti-virus. I don't download illegal software, I only download from the Mac App Store or in rare cases, apps such as Skype from the official source. I don't click on ANY links on Facebook. I don't open myself to any scamming because my bank account is locked with a hardware pin device that I need to use to purchase items and use internet banking, and without that device linked to the PIN on my card, it's not possible to do anything with the account. Which can be annoying but is very secure.

So yeah ... I always install AV on friends and family machines because I know they're not going to be as sensible. But when you know enough about what you're doing and you use all legit stuff via secure servers/sources, you really can't fail. Or at least if things did go wrong, they'd be a one in a billion chance.

[neo1911]

Boasting about having common sense instead of using antivirus is like boasting about having sex without using a condom. (you never know the stranger you slept with had AIDS or not and same applies to the world of cybersecurity.)

[ShMaunder]

I still use them on Windows - though I am still using XP. When I used windows full time, I used to get a malware pop up being denied about once every 2 months. So I do feel somewhat protected - though better protection is using a sandbox.

[+primortal Subscriber²]

On the flip side of the coin. Maybe this hacker is thinking that if reader would believe's the fact that A/V software is useless and decide to stop using A/V thus making the hackers life easier to infect devices....

[Belazor]

I was using anti-virus on my Mac before I re-installed to run Mountain Lion. And I must admit, everything he's saying is what I've already figured ... I simply don't need Anti-virus. I don't download illegal software, I only download from the Mac App Store or in rare cases, apps such as Skype from the official source. I don't click on ANY links on Facebook. I don't open myself to any scamming because my bank account is locked with a hardware pin device that I need to use to purchase items and use internet banking, and without that device linked to the PIN on my card, it's not possible to do anything with the account. Which can be annoying but is very secure.

But that wouldn't stop random ad banners from infecting you via some 0day exploit or some other plugin vulnerability.

The site doesn't have to be dodgy in and of itself, but they might not whitelist advertisers as opposed to blacklisting bad ones - or their ad company may not be performing this kind of scrutiny with their advertising clients.

I believe an MMA site called BloodyElbow had an issue in the past, at least one of my friends were able to narrow that site down to one of the most likely candidates. That doesn't mean they are a malicious site, if they were in fact the source then they just had some bad luck with a banner - not their direct fault.

But my point is, you'd call a site trustworthy even if they don't scrutinise every ad banner, and the banners could potentially still infect you.

[OOOOOOOO]

Boasting about having common sense instead of using antivirus is like boasting about having sex without using a condom. (you never know the stranger you slept with had AIDS or not and same applies to the world of cybersecurity.)

That's absolute rubbish. Having common sense is like having sex with a girl you've been married to for years. She may go places you don't know but you can be more sure that she's not screwing around ... so you don't wear a condom.

Going to warez sites, bit torrent, and other places like that, or opening EXE files which say they're music files is the equivalent of screwing a hooker unprotected. That's the difference.

[TEX4S]

I have to agree with 90% of what hes saying.

Yes, MSE sucks- I have always said its a joke

Maybe AV is pointless to him, but it sure does block a lot of malware from lesser hackers.

[neo1911]

That's absolute rubbish. Having common sense is like having sex with a girl you've been married to for years. She may go places you don't know but you can be more sure that she's not screwing around ... so you don't wear a condom.

Going to warez sites, bit torrent, and other places like that, or opening EXE files which say they're music files is the equivalent of screwing a hooker unprotected. That's the difference.

Please try to read it again. I said strangers and not girlfriends. And stranger refers to the random usb drive or a website site you happen to be on by mistake or on purpose.

[ViperAFK]

I must say I am losing faith in MSE lately, after seeing multiple viruses just disable it like nothing on some computer's I've cleaned.

I cleaned a rogue program and a rootkit off my grandfather's PC yesterday (The malware was S.M.A.R.T. Check, Tells you your drive is failing and tried to get you to pay for it. It also tries to simulate data loss by setting all your files and shortcuts to hidden. It totally disabled MSE and I ended up having to re-install it after I removed all the malware) MSE is a nice program, and from the av tests I've seen it has fine detection rates, but it seems to have really poor protection vs viruses disabling/removing it which is making me consider recommending other av's over it.

It also seems like a/v's in general aren't too great at detecting the "new wave" of malware these days (mostly rogue programs/trojans/rootkits). So many times, I've seen various a/v programs not block/detect these at all. Apps like malwarebytes have much more reliable detection/removal of these types of infections.

[Detection]

Not using an AV and claiming common sense is hypocritical.

Sure, avoid warez sites, email attachments, and other obvious things, but what happens if you visit a trusted site that was infected/hijacked ?

Common sense is to have an AV 'AND' avoid known sources for getting infected, the excuse of claiming it to be a waste of resources expired when your P133 was binned. Seriously, with 4-16GB RAM and Dual-Oct core CPUs, how can it waste resources ?

[TEX4S]

webroot Secure Anywhere 2012 Gentlemen

[Seahorsepip Veteran]

I must say I am losing faith in MSE lately, after seeing multiple viruses just disable it like nothing on some computer's I've cleaned.

I cleaned a rogue program and a rootkit off my grandfather's PC yesterday (The malware was S.M.A.R.T. Check, Tells you your drive is failing and tried to get you to pay for it. It also tries to simulate data loss by setting all your files and shortcuts to hidden. It totally disabled MSE and I ended up having to re-install it after I removed all the malware) MSE is a nice program, and from the av tests I've seen it has fine detection rates, but it seems to have really poor protection vs viruses disabling/removing it which is making me consider recommending other av's over it.

It also seems like a/v's in general aren't too great at detecting the "new wave" of malware these days (mostly rogue programs/trojans/rootkits). So many times, I've seen various a/v programs not block/detect these at all. Apps like malwarebytes have much more reliable detection/removal of these types of infections.

That data loss malware sounds funny lol, gonna try infect some friends of mine rofl

[Noir Angel]

Antivirus software is far from useless. Granted it's only one knife in the drawer against cyber crime, but I'd much rather have it than not.

[Matthew_Thepc]

While I do agree that common sense is one of the best methods for protecting against malware, it's beyond me why someone would go about without AV...let's say something gets past your common sense? or if someone else uses your computer for "urgent" business and ends up going to a site with even the simplest of malware? IMO, better safe than sorry :)

[Very Strange Person]

I don't know how people even get this stuff on their systems.

Dodgy porn sites and adverts on the net.