Posted by Monte Robertson on Mon, Jun 07, 2010 @ 05:24 PM
I remember NOD32 Antivirus Software version 1.x. It was a very basic interface yet still a great piece of Antivirus Security Software. As the world changes it is important to note that change is change, sometimes it is good, sometimes, not so much.
ESET has begun phasing out NOD32 Antivirus version 2.7. Version 2.7 had an extremely light footprint (14MB) and a blazing fast scanner. NOD32 2.7 was great for computers without many resources. This is the majority of the older (>3 years) computers, and these days any current computer with less than 1GB of RAM installed.
The reason it was lightweight is because ESET had not yet bent to the pressures of moving from the early adopters to the main stream antivirus software buyers. That is code for "there were not a lot of bells and whistles in the program". This is the curse of all Antivirus Software, trying to "keep up with the Jones' by adding bells and whistles, thus going for bigger main stream bucks.
Antivirus software should be small, no frills and just WORK in the background. We don't want gadgets, we want protection!
But we, the reviewing public, Gartner, PC-x and other powerful industry reviewers keep insisting on features and fancy GUI interfaces, just because we can. That ends up working against the productivity of the Antivirus engine. It is no wonder Antivirus Software is under scrutiny. But I digress...
Current NOD32 Antivirus 2.7 customers are invited to upgrade to ESET NOD32 Antivirus 4.2 for free. ESET NOD32 Antivirus 4.2 offers the most current proactive protection technology, is easier to use and has more advanced options for power users (think bells & whistles).
NOD32 Antivirus 2.7 customers will continue to be protected with signature updates until February 1, 2012, but are advised to upgrade to the latest version as soon as possible. Engine updates will likely stop well before the end of life date of 2/1/2012.
NOD32 version 2.7 end of life timeline:
2/1/2010 - NOD32 Antivirus 2.7 software was removed from the ESET website.
ESET no longer sells NOD32 Antivirus 2.7.
February 1, 2012 - Virus signature database updates for NOD32 Antivirus 2.7 will be discontinued. ESET will no longer provide technical support for NOD32 Antivirus 2.7.
So long old friend, you will be sorely missed.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Apr 22, 2010 @ 12:16 PM
Yesterday was a bad day for the good people at McAfee because one of the antivirus software signatures released removed a valid Windows file. This caused the affected machine to fail and get stuck in a re-boot loop.
If you are not familiar with how Antivirus signatures work, here is a quick lesson. When malicious software is found on the Internet it is analyzed for an identifiable code structure. This is its signature. That signature is then incorporated into a unique list of known bad programs that the Antivirus software program uses as its detection base.
The key phrase for today's world there is "when malicious software is found" because it must be found to have a signature. There is a technology called "heuristics" where algorithms and other techniques are used to determine if code is good or bad and take action based on that decision. This is the beginnings of proactive protection, but, if you guess wrong, bad things can happen.
So how do allegedly good programs get on this list? Fair question. Because threats have changed over the years antivirus software companies not only have to detect and remove viral programs, or fractional code, we are also requiring them to remove spyware and malware, or fully functional code. Our operating systems and applications are fully functional code. This part of the detection and removal process is where things like this happen.
This type of problem with signatures is yet another Achilles heel for reactive based solutions. The threats are changing so fast that antivirus software companies are struggling to keep up. We really need a change to how we protect the average computer. We need to move from a reactive position to a proactive one which is a huge paradigm shift for this industry. Many smaller antivirus software companies will not survive this imminent move in technology.
It is not an easy job we are asking antivirus manufactures to do. Mistakes will happen; no antivirus company is immune from this fact. Be supportive and not react too quickly. Encourage others to be part of the solution and stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Thu, Apr 15, 2010 @ 11:43 AM
Reportedly, about 17 million Chinese computers do not have Antivirus software. This is about 4% of their computers which is about the same percentage that do not have Antivirus protection in the USA year over year. Now that sounds like a need ready to be filled! But is it really?
Is there a real problem with this many computers (I would estimate somewhere north of 30 Million computers worldwide), not using Antivirus software?
Not using Antivirus software is considered reckless Internet behavior by some. It could also be considered minimally risky by others. Consider the user's ability, which applications, updates, settings and solutions are installed, where the machine goes and what it does on the Internet, all contributing to the risk levels when forming your opinion. It is not a simple matter. Let's take a quick look back to help us see the future.
About 20 years ago viruses spread from computer to computer via file sharing from 5 1/2" floppy disks. We love to share. It is in our nature. The web is the greatest sharing medium in history. The virus writers knew this then and know it still, 20 years later.
Antivirus software was created to make computing safer and easier, but, security is never easy or convenient. Even with the best Antivirus software many still get infected. So to state the obvious, it sounds like we might have been going about this wrong for all these years!
Signature based Antivirus software, being reactive in nature, is finally coming under fire for not being able to keep up with the threats. One might think after 20 years of antivirus software we wouldn't continue to have these problems. The threats change and then, so does the response. Maybe we don't want a vaccine to prevent infection in the first place? In a matter of seconds once a machine is infected it can be too late. That fact does not bode well for the reactive approach.
Why do we expect different results when we use the same thinking and technology as we always have? That question goes out to all the mirrors in the world.
There are well respected security experts now saying signatures are "dead, dead". So what are we to do, toss out all our security software? No, absolutely not. Some protection is far better than none. So how do we move from being reactive to proactive? That is the umpteen billion dollar question.
There is a quiet paradigm shift happening whos time has come. Dr. Peter Tippett had a Whitelisting solution (proactive), in the 1980's but no one wanted it. What people wanted (and mostly still do), is to see the bugs and then kill them (reactive). So he had to turn it into a reactive solution in order to survive. Nice try Doctor but apparently things had to get really bad before we would embrace such a technology.
We may finally be moving from reactive to proactive protection with Application Whitelisting aka Application Control. We see glimmers of it in Windows 7 (called Applocker), but functionally it is only available in the Enterprise and Ultimate versions which not many people have. It is going to be awhile before this goes main stream for whatever reason. Until then, Bit9 is the thought leader for the business sector.
We manage lots of machines that do not have Antivirus Software, are locked down tight, are processing personal information and are PCI compliant. Have for a couple years now.
With the right user knowledge, environment and settings, patch levels, other security solutions and precautionary steps, Antivirus software might not be necessary in certain settings. All that is much easier to say than it is to achieve. In other words, don't try this at home.
Nothing is going to change overnight. But we can all start somewhere, sometime, hopefully soon. The most important thing is that we start, you know, being proactive.
Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070