Jump to content

Talk:Antivirus software/Archive 2

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Archive 1Archive 2Archive 3

"Issues of concern" - more could be added.

More could be added to the section Issues of concern, with the appropriate "ref" links, such as:

  • One single anti-virus/anti-malware program or suite does not provide 100% protection, as discussed above.
  • Disinfecting the computer of viruses and malware can damage or remove essential files; note this is already mentioned before the contents (with a "ref link), quote: "In one case, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot."
There was another case when Symantec's Norton anti-virus mistakenly identified a Pegasus Mail file as a Trojan. Source.
  • I'm aware that Windows Service Packs may not install properly (or totally refuse to install) if there are viruses/malware already on the computer. Even when the anti-virus software is permanently enabled, dormant infected files can still be disturbed.


If the "ref" links can be found, there's plenty more we could be adding to the antivirus software page, especially the Issues of concern section.

TurboForce (talk) 19:14, 18 April 2010 (UTC)

2 of the "Issues of concern" are mentioned before the contents in the article: 1) the faulty signature issued by Symantec which resulted in essential operating system files being removed and thousands of PCs unable to boot. 2) The avenue of attack opened by having the anti-virus software running at the kernel level of the operating system - both of these have "ref" links and they belong in the "Issues of concern" section. I would like to add to that section the case of Norton anti-virus removing a clean file from Pegasus Mail, having falsely detected it as a Trojan, as I mentioned above. This is another case of anti-virus software damaging essential files and it rightly belongs in the "Issues of concern" section. What do you readers think? TurboForce (talk) 19:34, 20 April 2010 (UTC)
Makes sense to me. - Ahunt (talk) 20:55, 20 April 2010 (UTC)
I've just done a little work on the "Issues of concern" section; please compare the revisions. I think more needs to be done though, but I'm a little unsure now if the avenue of attack opened by having anti-virus software running at kernel level belongs in the "Issues of concern" section, as it's only one sentence, unless we can say a bit more about it. I've finished editing for today. Cheers. TurboForce (talk) 21:56, 20 April 2010 (UTC)
I checked your change and it looks fine to me. There are probably some other parts of this article that could use reorganizing as well. - Ahunt (talk) 22:41, 20 April 2010 (UTC)
Cheers. It made sense to move the part about Norton anti-virus killing the operating system boot files into the "Issues of concern" section. There is another major problem with anti-virus software in Windows: viruses that are running can stop the anti-virus program from actually working! I was only talking about this today with someone experiencing this problem; they have AVG detecting infections, but the viruses are clever enough to stop AVG from actually disinfecting the system. This issue of concern requires you to create a bootable disk on another CLEAN computer and then run a virus cleaner on the infected computer outside of Windows by booting off the disk, for example: Avira AntiVir Rescue bootable CD/DVD disc. Even having anti-virus software installed and running won't stop your Windows installation from being hijacked! This also shows that having just one anti-virus program is not 100% effective, but you can't install and run 2 (or more) anti-virus programs simultaneously without causing system problems. I would like to add this to the article, if I can find the "ref" links. This is not original research, this is what can and DOES happen. TurboForce (talk) 16:17, 21 April 2010 (UTC)
You're right, and this should be added. Viruses that are running indeed (can) have the power to prevent proper disinfection. It's a fact that once a PC has been infected, it can never be (fully) trusted again until a full reinstall is done. But this situation only happens after anti-virus software has already failed: it should have prevented the viruses from running in the first place! And that's the main issue we're talking about here (IMO): once an anti-virus software misses (for whatever reason) a virus, it can be (and often is) impossible to "clean up" after it. The focus of the new text should (IMO) be on the "miss one, lost all" aspect, not on the difficulty-to-clean-up-after-it-misses-one. --DanielPharos (talk) 19:17, 21 April 2010 (UTC)
That makes sense to me - if you have a ref please do add something on that. - Ahunt (talk) 19:41, 21 April 2010 (UTC)
I agree with DanielPharos above. Once infected, trying to remove the infection(s) is very difficult, sometimes impossible and the PC cannot be trusted again until Windows is re-installed. If you have the original installation CD (and it ain't scratched lol), you could also create a DBAN boot disc or floppy on a clean computer, wipe the hard drive clean on the infected PC and re-install Windows and everything again. I've performed that tedious task more times than I can remember! Unfortunately, it's not always possible to wipe the hard drive because the user hasn't backed up files or the recovery software is on a hidden partition etc. Why not go back to using typewriters, at least they don't break as often as computers!! Please add whatever you can to the article — computer virus/malware writers seem to find more ways of wreaking havoc and evading detection. TurboForce (talk) 20:49, 21 April 2010 (UTC)
Forgot to mention: is there any method which everyday users can apply to prevent viruses/malware from simply taking over the operating system e.g. sandboxing, AppArmor etc? Okay, the "issue of concern" here does not focus on anti-virus software itself, but the computer security as a whole. If the operating system is stored in a read-only ROM chip e.g. RISC OS (and I think AmigaOS on the old Amiga computers was stored on ROM??), the operating system cannot be tampered with by software. There's no point "just" having anti-virus software without other security measures in place. Worth a mention? TurboForce (talk) 21:07, 21 April 2010 (UTC)
The best thing I've found so far is: [1]
Even if the OS is bullet-proof (read-only for instance, as you suggest), your personal files can still get infected. Think macro virus. It will be fundamentally possible to disinfect though, since you cannot lose control of your OS. But you can still lose all your data, and spread the virus.
Sandboxing is a good way, until the sandbox is broken. I remember VMWare fixing some exploits related to exactly this. If sandboxing is going to be applied widely, it's going to be "just another" hurdle. They'll find a way to go around it! And again, everything in the sandbox is still at the mercy of the virus-infection. And the sandbox cannot prevent the user from moving an infected file across the sandbox boundary, and bypassing it that way.
Actually, from a fundamental point of view: if you allow the PC to run non-whitelisted, non completely verified software (if such a thing can even exist, is another discussion), you're allowing it to run malware. I don't think there's going to be any 100% solution in this case. --DanielPharos (talk) 21:24, 21 April 2010 (UTC)
Also, check out the news. McAfee did something nasty, like not testing virus definitions at all. :O This one should be easy to source! --DanielPharos (talk) 21:28, 21 April 2010 (UTC)
This discussion/talk page is getting very interesting. I'm glad the anti-virus page/article is being updated to keep up with the times. I know that anti-virus software alone is not the solution for today's computer security and if people want to break into computers and destroy your files etc., they will. I think the anti-virus page/article could include a mention about other computer security measures to help avoid malware, instead of just relying on anti-virus software to do everything. PLEASE include that thing about McAfee not testing virus definitions — that is VERY BAD!! Apologies for excessive typing; I mention this on my own user page. TurboForce (talk) 21:44, 21 April 2010 (UTC)

All good points and worth including in the article with refs. "is there any method which everyday users can apply to prevent viruses/malware from simply taking over the operating system" - yeah use Linux instead of Windows. - Ahunt (talk) 21:57, 21 April 2010 (UTC)

@TurboForce: I'm an excessive typer myself, so don't worry about that. :)
The McAfee thing: OK, the not-testing is WP:OR, or better, an educated guess. We should probably wait till the dust settles on this issue before adding it to the article: right now, it's not clear what caused McAfee to release this broken update. Here's a link explaining the issue: [2]
@Ahunt: Using Linux won't help, only reduce: linux malware. And configuring Windows right will make it about as secure as Linux; however, almost nobody does that. But as I said, there no fundamental way to prevent malware from slipping through the cracks. I guess regular backups, and a known-good external disk image are the best way to protect your data and recover quickly. But to protect your current install... AV, firewalls, nothing seems to provide decent safety-coverage these days. Well, except maybe hiding out in Linux-world, as you suggest. :D --DanielPharos (talk) 22:05, 21 April 2010 (UTC)
I have done quite a bit of the writing on the Linux malware, so I know what you mean there - even if you run Linux you can install a virus if you try. It helps that there are no Linux viruses in the wild and that they are much harder to install and run and even then can do less damage. Essentially though Computer viruses = Windows viruses. - Ahunt (talk) 22:13, 21 April 2010 (UTC)
I'm sure Linux and Unix don't get hijacked by viruses or malware as long as the user never allows anything malicious to run at "root" level. Mechanisms in place prevent programs simply doing what they want to Linux and Unix. Most everyday users can use a computer 'normally' on Linux e.g. Ubuntu Linux without ever having "root" access. Try giving a home user a "limited" Windows XP account and watch them lose their temper before the end of the week because they can't use the computer 'normally' e.g. install new programs! I use my Ubuntu Linux computer everyday and I don't need to use "root" access to get my work done. The package manager also makes it safer to install new programs. So yes, the anti-virus page or article could be updated to include information about additional security measures required to avoid infection, instead of relying on "just" the anti-virus/anti-malware software. TurboForce (talk) 22:59, 21 April 2010 (UTC)
Careful guys, you're making bold statements here. Are there really NO Linux viruses in the wild, ever? Are there really no "remote code execution" exploits in Linux, ever? And don't forget about Mac OS, Unix, BSD, Solaris... Also, even though running with a limited user account in Windows can be problematic, it DOES make Windows much more safe. There was a report a few weeks ago that more than 50% of all (Microsoft-code based) exploits over the past year wouldn't have been exploitable if running without admin(root) privileges in Windows 7.
Limiting the power to run arbitrary software indeed will stop some viruses, but exploit-based ones (mainly, remote code execution ones) cannot be prevented this way. Using Data Execution Prevention-like technology will reduce their effectiveness. In Windows, there's Address space layout randomization. I'm sure Linux has similar technologies in place. We could mention those as factors in reducing the attack surface size. And (as TurboForce mentioned) we could add something about sandboxing in Internet Explorer and Java. --DanielPharos (talk) 05:12, 22 April 2010 (UTC)
It's not quite that it "wouldn't have been exploitable". It's that the effects would be mitigated to just the user that encountered the exploit. That's probably cold comfort to the user though, whether it's Windows or Linux, since the most valuable thing on their computer is their data, not their operating system. --HamburgerRadio (talk) 06:02, 22 April 2010 (UTC)
Just for the record I didn't say that there never have been any Linux viruses in the wild ever, just that there are none identified at the present, nor have there been in the past five years, for that matter. Like OS-X and BSD, Linux is a very difficult virus target for reasons explained at Linux malware, making it apparently not worth targeting at present. - Ahunt (talk) 12:34, 22 April 2010 (UTC)

Images

I have restored the images to this article. As explained in the edit summary it would be ideal to have examples of all kinds of anti-virus software in this article to illustrate it, but US copyright law doesn't allow that. Copyrighted images can only be used under "fair use" provisions to illustrate articles on that particular software and all anti-virus is copyrighted except Clam, which is GPL. That means that the only images that can be used in this article are Clam and its deriviatives. The images here widely represent the range of antivirus, on Windows, Linux, command line. If anyone has a solution to the copyright problem then I would support replacing some images with new ones, otherwise the article is duller and poorer with fewer images. Incidentally it is generally accepted on Wikipedia that the use of free open source images is not spamming, since these are the only ones that can be freely used. - Ahunt (talk) 14:17, 8 February 2010 (UTC)

Hello, thanks for explaining, and I agree that the fair-use thing is a good reason for using an image of Clam. However, I don't believe it's a reason to use four images when all each one illustrates is the same programme running on a different platform. The images may be free, but I believe they are being overused in this case, leading to the appearance of the article favouring this particular AV, and it is this appearance that concerns me. I propose that we have just one image to show what an AV prog looks like - it is the AV we're illustrating after all, rather than the operating systems on which it runs. Miremare 18:34, 8 February 2010 (UTC)
When I found the article a while ago it had no images and looked very dull and unappealing to the casual reader. The addition of the images was intended to create some interest and to break up the otherwise dense text. Clam got used because of copyright laws, as explained. I'd be in favour of cutting it down to one GUI image and one command line image - most Windows users will have never seen anti-virus running from the command line and the images are different enough in appearance, I think, to retain some interest in the article. - Ahunt (talk) 19:02, 8 February 2010 (UTC)
Well, that's kind of another thing that would concern me... you're right that most readers would have never seen a command line antivirus, which leads me to wonder whether it's important enough to include an image of one, especially given that there's no mention of command line AV programmes for the image to illustrate. Miremare 19:21, 8 February 2010 (UTC)
My thought is that Wikipedia is here to educate - there probably should be a section on interface types. As you may well know the majority of anti-virus is run as server daemons. - Ahunt (talk) 19:34, 8 February 2010 (UTC)
I have to say I disagree with your assessment. US copyright laws and Wikipedia policy do not in any way forbid screenshots of copyrighted software. You automatically hold the copyright to any images (including screenshots) you take, excluding any copyrighted content in the screenshot (such as a photograph, but not a image of software, since that falls under fair use). This can be demonstrated by looking at almost any article on software already on Wikipedia, for example: Microsoft Windows, Mac OS X, Google Chrome, AutoCAD, Adobe Photoshop, and notably Symantec Endpoint Protection, McAfee VirusScan, AVG and Malwarebytes. I have taken the liberty of including pictures of these antivirus programs in the article, since they're already on wikipedia and (in my humble opinion) these products represent a far more accurate picture of the average AV product than ClamAV (which I've never heard of) running on Ubuntu (which isn't generally hard hit by viruses). If you still have a concern about the copyright of these images, you should take it up on the discussion pages of the images, and see about having them removed to ensure Wikipedia remains compliant with copyright law. dimo414 (talk) 08:40, 7 March 2010 (UTC)
It would also be nice if someone took the time to position the pictures or rephrase the content such that these pictures are a more valuable addition to the article. Both the previous and current versions feel like the pictures are just thrown in to make the page prettier (which they do) but it would be nice if they correlated with the content better.dimo414 (talk) 08:59, 7 March 2010 (UTC)
Read the licencing carefully for those images that you have inserted you will find that they are all copyrighted and can only be used on the pages that fair use can be legally justified under US Copyright laws, which means articles specifically about that software, which is why Microsoft Windows screenshots can be used in Microsoft Windows articles, etc. You will notice that none of them are licenced for fair use for this page, nor can they be as this is a general page that does not specifically deal with those applications. This all means that they will be removed by the fair use image bot in the near future, unless you want to remove them yourself first. As mentioned before, the use of Clam images is because they are the only free images that are available and therefore the only ones that can be used on this page. If you don't like them then the article will have to go with no images. Incidentally just because you haven't heard of Clam doesn't mean it isn't common - I don't know anyone these days that pays for commercial anti-virus software. Around here everyone I know runs Clam and other freeware. - Ahunt (talk) 12:40, 7 March 2010 (UTC)
Since there is no reason to remove existing free images I have restored these. - Ahunt (talk) 13:43, 7 March 2010 (UTC)
There's no reason why there shouldn't be a fair-use image of one of the market leading programs such as McAfee or Norton, as these really do illustrate the article's subject in the best most recognisable way. We just need to add a fair-use rationale for this page to the chosen image. More than one wouldn't really work for fair-use, but in the interests of balance, I don't think there should be more than one of Clam either. We shouldn't be allowing the free status of certain applications to prejudice the article. Miremare 17:12, 7 March 2010 (UTC)
I just put them all back in because the non-fair use copyrighted images will get deleted from the article soon and that will leave it bare. I said above I would be in favour of "one GUI image and one command line image" for Clam. As far as justifying one copyrighted image as fair use on this page, you can try it and see if those who assess fair use will buy it, but since the article isn't about that specific product I have my doubts whether it would survive. I agree that getting away with more than one is very unlikely. - Ahunt (talk) 14:06, 8 March 2010 (UTC)
Fair use does not equate only to "articles specifically about that software". Showing screenshots of antivirus software in an article on AV absolutely falls under fair use. Examples of generic subject articles with non-free content under fair use include Personal computer and Spreadsheet. In any case however, even if public consensus is that the page is better off without proprietary content, we do not need vast numbers of pictures of ClamAV. This is software that is neither popular nor representative - my metric is that personally, I've never heard of it, and that the vast number of AV users are running Windows, which at present Clam does not support, despite the implication of such support that the Windows XP image implies. While I have no objection to ClamAV, there is no need for dozens of pictures of different AV products in this article, and I do not feel that pictures of Clam benefit the article at all. I would like to see all of them removed, however as an attempt at compromise, I have left one image in the article. Just because an image could be put in an article is not a good enough reason to do so, nor is anticipation of future edits. dimo414 (talk) 09:25, 16 April 2010 (UTC)
That is fine, I see you have licenced the copyrighted images for this article under "fair use". I'll leave it to some image-savvy admin to review that to see if it is acceptable or not in this application. Clam is actually widely used by Unix, Linux and BSD desktop users and also is very widely used on servers. Most of the Windows users I know use ClamWin, the Windows GUI version of it. The only image note I would add is that I think the command line image should be reinstated - the article is not overly flooded with images, especially now that there are just three of them and most Windows desktop users will have never seen a command line scanner, even though that is what is most commonly used on servers. - Ahunt (talk) 12:57, 16 April 2010 (UTC)
Okay it has been a week since I proposed adding back in the image of the command line scanner above, so as per WP:SILENCE we have a consensus to do that. - Ahunt (talk) 14:30, 23 April 2010 (UTC)

Rootkits

There is currently no mention of rootkits in the anti-virus page. I've also done a search on the page using <CTRL> and <F> and found no mention of "rootkit" or "rootkits". Given the VERY serious nature of rootkits and their ability to stealth and evade detection, it's probably worth mentioning rootkits. Anti-virus software now scans for rootkits, so let's keep the anti-virus page up to date with the times. It could also be another "issue of concern" because rootkits may not be detected, especially rootkits which hide in firmware (see the rootkit page, which explains all this in detail). TurboForce (talk) 21:29, 25 April 2010 (UTC)

If you have a ref then let's add some text! - Ahunt (talk) 01:13, 26 April 2010 (UTC)
I've added a small paragraph about rootkits. TurboForce (talk) 10:51, 26 April 2010 (UTC)
Looks good - I just added a slightly longer explanation of what they are, taken from the main article. - Ahunt (talk) 20:10, 26 April 2010 (UTC)
Thank you Ahunt. I see you corrected a mistake I made when I typed that paragraph. I was a bit rushed at the time. It shows how Wikipedia is meant to work i.e. many people work together improving pages, spotting errors and fixing them etc. I wish my web browser included a grammar checker, as it flags spelling errors!
I'm considering adding a bit more to the rootkit section, as it doesn't mention that rootkits can hide in firmware and thus become undetectable by any anti-malware software; this could actually be an "issue of concern" and maybe belongs in the "issue of concern" section? Nearly forgot, here's a .pdf file about rootkits and firmware (found on the rootkit page): [3]. TurboForce (talk) 20:44, 26 April 2010 (UTC)
Yes indeed that is what makes Wikipedia work so well - collaboration! Sure that sounds good to add, just to elaborate on the subject some more. - Ahunt (talk) 20:47, 26 April 2010 (UTC)
I agree with you about collaboration :) and yes I need to elaborate on the subject of rootkits, however the rootkit page itself goes into enough depth, so there's no point me adding too much on the anti-virus page. I would be able to edit pages better if this editing background was a different colour and the user could choose a colour, such as light grey to make it less tiring on the eyes!! TurboForce (talk) 21:27, 26 April 2010 (UTC)
What some people do is write the section or article on a text editor or even word processor and then copy it into the article. That way you can work in an environment of your own choosing. - Ahunt (talk) 00:26, 27 April 2010 (UTC)
I've added a paragraph about rootkits to the “issues of concern” section and it's disturbing to read! Perhaps we could add an external link which educates users on how to avoid virus/malware/rootkit infection on their computers. I would like to thank DanielPharos for the link about rootkits, in the previous section above i.e. “The best thing I've found so far is: [4]”.
Credits also to Ahunt for your corrections and suggestions. I like your website Ahunt – Adam Hunt. :) I'm now typing my edits in the OpenOffice.org Writer with a 10% grey background and size 18 font, using Ubuntu 9.10 (64-bit) of course. Much easier on my eyes – thank you for your suggestion about using an external editor (why didn't I think of something so obvious?). :) TurboForce (talk) 13:48, 27 April 2010 (UTC)
I am glad that was helpful! That is the advantage of collaboration on Wikipedia - no matter how good any one editor is, a bunch of good editors working together are even better! - Ahunt (talk) 15:42, 27 April 2010 (UTC)

Points missing.

In response to this small paragraph under the "Effectiveness" section:

Independent testing on all the major virus scanners consistently shows that none provide 100% virus detection. The best ones provided as high as 99.6% detection, while the lowest provide only 81.8% in tests conducted in February 2010. All virus scanners produce false positive results as well, identifying benign files as malware.


Maybe we could add that it's possible to install extra anti-malware software that can safely co-exist with anti-virus software (with "ref" links). For example, in Windows Vista and higher, Windows Defender runs by default and it happily runs alongside anti-virus software. (It's a lame anti-malware product as I've never seen it identify anything malicious on a Windows computer that's riddled with malware!)

One important point missing in the anti-virus software page is the fact that you can disinfect Windows from an anti-virus boot disk (created on a clean computer), which deals with the malware outside of Windows so the infections can be removed when dormant. That said, I've always found it best to wipe a hard drive clean with DBAN, which also eradicates the malware files or use the "recovery" software included by the computer manufacturer which erases the hard drive and malware, then re-installs Windows with the manufacturer's junk.

Don't forget that Windows users are the target of over 2 million pieces of known malware! TurboForce (talk) 11:55, 20 June 2010 (UTC)

Don't most anti-virus products nowadays include a malware scanner, or the same manufacturer has one that can be integrated? Actually, I think the term "anti-virus" is kinda outdated, since the largest threat today usually is from trojan horses, not virusses. --DanielPharos (talk) 13:29, 20 June 2010 (UTC)
Sadly, no single product or suite of security programs in one package from the same manufacturer will stop Windows becoming infested with tons malware. I've seen that happen too many times, regardless of security/anti-virus/anti-malware from one manufacturer that's installed, running in real time AND updated, Windows still manages to get infected. Even visiting the wrong website can be disastrous! Unless the user runs in a restricted account, but then finds he/she can't even change (or look at) the time and date, can't install critical updates and so on. My point is that NO single product or no suite of different products bundled together by a single manufacturer is enough to protect Windows. Provided that different makers' anti-malware programs can co-exist and run at the same time without conflicts, you gain some extra protection at the expense of a slower computer. Many times I've had e-mails 'sent' to me with just a link - that's obviously malicious, then I contact the sender and tell them they have viruses and they are surprised and tell me they have anti-virus software! TurboForce (talk) 21:42, 20 June 2010 (UTC)
You seem to be missing my point. Anti-virus software (for strict definitions of anti-virus) is obviously not enough, but most anti-virus software nowadays includes an anti-malware part. Most so-called anti-virus software today is actually anti-malware software already. Which makes what you want to add ("it's possible to install extra anti-malware software that can safely co-exist with anti-virus software") largely irrelevant, since nobody is running anti-virus without anti-malware anymore. --DanielPharos (talk) 14:05, 21 June 2010 (UTC)
I'm not missing your point. Yes anti-virus and anti-malware come in the same package. My point is that for improved protection, a Windows user needs another anti-malware package FROM A DIFFERENT SOFTWARE MAKER such as Malwarebytes' Anti-Malware which can co-exist with the anti-virus suite they already have installed. Windows Defender is another example of an anti-malware program designed to co-exist with almost any other anti-virus program, albeit that Windows Defender is a useless tool and a resource hog! Sometimes the anti-virus program maker may advise against using other products, so worth checking first. Even with extra protection installed, I've still had to disinfect Windows! Any program can do what it wishes and Windows doesn't complain. Windows won't complain if something randomly edits the registry or deletes files from the \Windows folder! What a stupid mess and it's made worse because many users think their computer is invincible just because anti-virus software is installed!! TurboForce (talk) 17:18, 21 June 2010 (UTC)
I'll ignore all the irrelevant ranting...
Ah, so what you and I want to say is that by overlapping multiple packages, you'll get better coverage. You (usually) can't install multiple anti-virus programs, since they'll conflict. So you'll end up with 1 anti-malware suite, and N anti-malware-no-anti-virus programs. --DanielPharos (talk) 19:48, 21 June 2010 (UTC)
Thankfully, I don't have to face this daily nonsense of worrying about where and when the next Windows malware will wreak havoc, as I don't use Windows. You don't seem to accept that programs can co-exist with anti-virus software, such as ThreatFire and many others. This is 2010 and like I said earlier in this discussion page, no single anti-virus program or package from one vendor will provide complete protection, so ideally a user needs another anti-malware program that can SAFELY co-exist with anti-virus software and yes I know it's dangerous to install more than 1 anti-virus program as they will cause major problems. As I keep saying, Windows still gets infected when anti-virus software is present!! TurboForce (talk) 23:16, 21 June 2010 (UTC)
Again, missing my point. Well, it's a nitpick anyway, so let's just forget about it, OK?
Ontopic: Scanning with multiple anti-malware programs usually indeed finds more malware than using just a single program, so I guess this point can be added to the article (properly sourced, of course!). --DanielPharos (talk) 09:15, 22 June 2010 (UTC)
Spot on! Multiple anti-malware programs will find more malware than just one. Many of these anti-malware programs can safely run alongside traditional anti-virus software. Windows Defender is enabled by default in Windows Vista and higher, even when anti-virus software has been installed. In fact, some don't need to run permanently in the background, but must be run by the user to scan the hard drive(s) and removable media for malware occasionally as part of the regular Windows maintenance routine.
Don't forget a point I mentioned earlier about removing viruses/malware from a bootable disk e.g. a bootable anti-virus CD disc, which runs outside of Windows and removes infections when they're dormant. Avira AntiVir Rescue System is an example. The user downloads an .iso file on a clean computer and creates a bootable CD from this .iso file using CD writing software, then boots the infected computer from this disc and it runs outside of Windows (the disc is Linux-based) to remove the infections from Windows.
Finally, I forgot to mention until now that anti-virus vendors have specialist tools to remove stubborn infections. You can download a tool from an anti-virus vendor's website to remove certain infections better with one of these specialist tools compared to using an anti-virus program to clean up the mess.
All of these points are missing from the anti-virus software page as I write this. TurboForce (talk) 11:40, 22 June 2010 (UTC)

All good points - if you can cite refs then by all means feel free to add them. - Ahunt (talk) 13:37, 22 June 2010 (UTC)

That's the tedious part and I seem to be alone with my efforts. TurboForce (talk) 23:03, 24 June 2010 (UTC)
No my intention to make you feel lonely doing this. I am keeping an eye out for refs! - Ahunt (talk) 23:07, 24 June 2010 (UTC)
Thanks. It's finding them ref links (to prove statements are valid) that's so tedious. It's all well and good providing the "correct" information, but useless if there are no refs.
To be added to the anti-virus software page: 1) Having another anti-malware product that can safely co-exist with an anti-virus program improves the chances of catching malware. 2) A bootable anti-virus disc can be created on a CLEAN computer, then used to disinfect an infected Windows computer. 3) Stand alone tools exist to remove certain types of malware e.g. Trend Micro Rootkit buster, VundoFix and tools available from anti-virus vendors that remove specific infections. TurboForce (talk) 16:49, 25 June 2010 (UTC)
QUICK QUESTION READERS: In example 3 above, would them external links serve as suitable ref links? I will come back to this sometime later cos it's summer here in the UK and I'm making the most of it! :) TurboForce (talk) 12:29, 26 June 2010 (UTC)

System disinfection

The page doesn't talk much about disinfecting the viruses. When you have to clean a typical Windows installation heavily contaminated with malware (literally!), you are "disinfecting" it. I don't know if the word "disinfect" is outdated when we talk about today's anti-virus products in action?

Thank you Ahunt for "tidying up" my ref links. It's an arduous job finding the ref links in the first place and I don't know how to make the ref links at the bottom of the page show the proper date, title etc.

One thing I've not added to the page as yet is an explanation of anti-virus boot discs which boot and operate outside of Windows, running Linux, to clean up (disinfect?) the entire Windows drive. This method is more thorough and the viruses can be removed when dormant. This avoids the possibility of viruses stopping the anti-virus program.
TurboForce (talk) 17:24, 13 July 2010 (UTC)

Those are all good points and well worth including I think! No problem on the formatting refs. If you like you can insert web refs in this format:
<ref name="UniqueNameOfRef"> {{cite web|url = http://www.something.com|title = Title of Article|accessdate = 14 July 2010|last = Name|first = Name|authorlink = |year = 2010|month = July}}</ref>
...which will save me doing it! - Ahunt (talk) 19:17, 13 July 2010 (UTC)
Blimey, that looks complicated. I'll try next time, but will probably botch it up lol. :P TurboForce (talk) 21:04, 13 July 2010 (UTC)
No problem - I will watch and help out. It is quite simple - just replace the items to the right of the "=" signs and all will be well. - Ahunt (talk) 21:16, 13 July 2010 (UTC)
What "+" signs, where?? I'm in the process of creating new content for the page. TurboForce (talk) 21:23, 13 July 2010 (UTC)
I've edited the page now. I can see why ref links need to be correctly formatted, but finding ref links can be a big job in itself. For example, I added 3 sections to the Criticism of Microsoft Windows page — sections 1.4, 1.5 and 1.6. Being a controversial page, it needed perfect ref links to prove every statement, which I already knew were true. :D
As you can see, ref links 8 - 20 on that page are not formatted correctly, but the content is there. I will focus on finding ref links, but until I can format them properly, I'm afraid someone will have to do that for me, sorry. :-( —Preceding unsigned comment added by TurboForce (talkcontribs) 22:12, 13 July 2010 (UTC)
No sweat - "bare refs" (ie just links) are accpetable to leave there, they just look nicer and are easier to read when formatted! - Ahunt (talk) 23:15, 13 July 2010 (UTC)

Stuxnet worm

If you've seen the news lately, you've probably learned about the Stuxnet worm. I'm wondering how you would "disinfect" this worm from the industrial devices it exploits, which are using... (drumroll please) Microsoft Windows! In fact, incorrect removal can cause even more problems!! Siemens: Stuxnet Worm Hit Industrial Systems (Skip the ad on that ref page.)

What do you readers think about this and how it relates to anti-virus software? TurboForce (talk) 23:05, 29 September 2010 (UTC)

Some background here on that particular malware: Stuxnet worm attacks industrial targets, could be aimed at Iran and Iranian power plant infected by Stuxnet, allegedly undamaged. I think we ought to include something on this here in this article, but I am not clear what that should be. - Ahunt (talk) 00:56, 30 September 2010 (UTC)
I think we could add that this malware directly affects hardware it can't actually run on. I mean, it's designed to reprogram PLCs! Even after the virus is removed completely, the "effect" of the virus might still be there. Anti-virus software cannot fix that (or even detect that). --DanielPharos (talk) 09:39, 30 September 2010 (UTC)
Disinfecting is "easy": Since this is a rootkit-worm with auto-update-like features (if I'm not mistaken), you'll have to format the PC (standard practice after any infection) to get rid of it. And the article you quote says how to remove it from the PLCs: "Symantec advises companies that have been infected to thoroughly audit the code on their PLCs or restore the system from a secure backup, in order to be safe." So nothing special there. --DanielPharos (talk) 09:39, 30 September 2010 (UTC)
I think the anti-virus software page could cover the Stuxnet worm as an example of malware that can attack an industrial PLC. This would mean the main page would cover all computing areas affected by malware in the 21st century. I think malware was a likely factor in the Spanair Flight 5022 accident. We're not just talking about malware on personal computers anymore, sadly. TurboForce (talk) 10:28, 30 September 2010 (UTC)
That seems like a good way to proceed. - Ahunt (talk) 11:47, 30 September 2010 (UTC)
I am also wondering if this ref shouldn't be used as well in adding something on the Spanair Flight 5022 crash. It really is a threat story and not an effective anti-virus story. - Ahunt (talk) 11:55, 30 September 2010 (UTC)
I think it proves that anti-virus software is necessary for more than just personal computers. I don't know what operating system was in use on the computer system on Spanair Flight 5022? TurboForce (talk) 22:42, 30 September 2010 (UTC)
Since it picked up a Trojan it does kind of beg the question, doesn't it! I can't believe that McDonnell Douglas would have run an airliner on Windows! Final approach = BSOD. It would be interesting to see what Boeing and Airbus are using today, not sure where to source that, though. I am certain like the International Space Station they use their isolation from the internet rather than anti-virus as protection, though. - Ahunt (talk) 23:39, 30 September 2010 (UTC)
Very interesting discussion. :) It's alarming that malware can find its way into anything that runs a program and nearly always on something running Windows! Looks like Microsoft's insecure design and having their fingers in too many pies has resulted in all this chaos. I hate to think what damage will ensue from the next big malware infection or a critical mistake in an anti-virus program! TurboForce (talk) 00:48, 1 October 2010 (UTC)
I agree, good points all around. What shall we include in this article from all this? - Ahunt (talk) 12:06, 1 October 2010 (UTC)
I think the page could include information on how anti-virus software is necessary on ANYTHING that runs Microsoft Windows, not just a standard desktop computer (or laptop or netbook) in a home or office. If Microsoft has a total monopoly, this malware havoc will have the power to destroy things and we—the consumers—will end up paying for this mess. I also suggest that we mention that anti-virus software is not the only defence against malware, but using Windows with great care, a good example: use a non-administrator account at all times, if possible (this is standard on Ubuntu Linux for instance, since the Ubuntu "root" account is locked by default). This will at least limit the damage caused by malware. When I've added this paragraph and checked it, I will be adding another link to my user page about the perils of vendor lock-in. TurboForce (talk) 14:34, 1 October 2010 (UTC)
Could the stuxnet worm have been avoided by using anti-virus software? How do you check industrial and embedded systems for malware compared to a personal computer? TurboForce (talk) 22:35, 2 October 2010 (UTC)

That is a very good question. It would be worth including if we had a reference on that subject area. The articles indicate that this was a zero-day threat, so that seems to imply that it could have been defended against if anti-virus had been present and had definitions or heuristics that could have caught it. It sounds like it was spread via USB sticks and that seems to imply that the devices are not internet connected or otherwise networked. Back in the early 1990s we had a worm spread through a series of non-networked military PCs via a floppy disc that contained an infected game, so anytime outside devices can be connected there is a risk. I wish we had better refs on this. - Ahunt (talk) 22:45, 2 October 2010 (UTC)

If you find any good refs, this would be interesting to research. I remember when I was learning computing at one particular place, we were prohibited from using our own disks (floppy disks back then!) for that same reason i.e. to avoid viruses. Anti-virus software is supposed to scan removable media, but as we all know, viruses can sneak past anti-virus software and other anti-malware software and then it's game over! Perhaps the page could mention the dangers of infected removable media. Anti-virus software should scan removable media like USB pendrives, CD ROMs etc. when they are inserted. If ref links can be found, this is all very useful. Cheers. TurboForce (talk) 10:07, 3 October 2010 (UTC)
I think talking about the Stuxnet worm focuses more on computer security rather than anti-virus software. I've added a sentence to the page to make it clear to readers that the page does not discuss security implemented by software measures. It's not just bad software you have to be careful with... also fake hardware that could be dangerous!. Cheers. TurboForce (talk) 15:44, 13 October 2010 (UTC)

Merge MALWARE SCANNER article into ANTIVIRUS SOFTWARE article

Support: It was proposed some time ago to merge Malware scanner into Antivirus software. I want to support that because the scanner article is only a few lines that can be given a small section with the main article. It seems pointless to have a separate article. 71.229.185.179 (talk) 18:20, 27 October 2010 (UTC)

Makes sense to me - they are the same subject. - Ahunt (talk) 18:36, 27 October 2010 (UTC)
Since that tag has been a round for a long time with no objections and since the article has no useful or referenced content o have redirected it to this article, - Ahunt (talk) 18:39, 27 October 2010 (UTC)

How to avoid virus/malware infection.

Maybe we could include an external link on how to avoid infecting the computer in the first place? Having anti-virus software alone will not provide total protection, unfortunately!

The anti-virus software page could also be linked to the Computer virus page on Wikipedia?

What do others think? TurboForce (talk) 17:25, 28 April 2010 (UTC)

Those sounds like good ideas to me - if you can find the refs go ahead! The one thing you will want to be aware of though is that as per WP:NOTMANUAL we can't write a "how to" manual. - Ahunt (talk) 17:52, 28 April 2010 (UTC)
That's why a good external link on how to avoid malware infection would be a good idea. The external link can provide the “how to” manual style or at least give good tips. Prevention is better than cure, especially with rootkits!! TurboForce (talk) 18:13, 28 April 2010 (UTC)
Part 1 of 2 is done: the anti-virus software page now links to the Computer Virus page. Please could someone help me with the second part of my work i.e. to find a good external link which educates users on how to avoid malware. TurboForce (talk) 20:56, 28 April 2010 (UTC)
I'll have a look around. - Ahunt (talk) 21:13, 28 April 2010 (UTC)
A Google search turns up hundreds of articles. How about any of these:
- Ahunt (talk) 21:30, 28 April 2010 (UTC)
I've just had a look at them. The first and last links look good. The second one is from Microsoft and encourages the use of Microsoft's own products! Ideally an external link educating users on avoiding malware will be platform independent. I've been very busy the past 24 hours, but I will come back to this. Cheers for looking and helping. :) TurboForce (talk) 23:09, 30 April 2010 (UTC) ← It's actually after midnight here lol. Ignore any typos. Thanks.
I did think that the middle one, by Microsoft, was a bit ironic as it is their "defective by design" Windows operating system that causes the entire virus industry to flourish in the first place, but Google suggested it near the top of the list and in reading though it I thought it had some merit! - Ahunt (talk) 01:50, 1 May 2010 (UTC)
Ahunt, you said it perfectly about "defective by design"! Well done. :D I'm glad I don't have worry about malware and constant computer maintenance tasks like defragmenting (yes I've edited that page too lol) as I don't use Windows very often - quite rare now that I ever need to use Windows.
I have found a link from Intel's website about avoiding viruses:
Would that be a good one to include in the "External links" section? TurboForce (talk) 12:00, 1 May 2010 (UTC)
The Intel link looks pretty authoritative! - Ahunt (talk) 13:33, 1 May 2010 (UTC)
Well, WP:EL gives some ground rules, but there may be some judgment calls too. The pcsourcepoint.blogspot.com for instance, there's no information on why they're authoritative or even a name.
If you click on the credit line at the bottom of the intel.com article, it appears to be written by an outside writer with no indication of why they're authoritative. --HamburgerRadio (talk) 03:23, 2 May 2010 (UTC)

I agree that the blogspot article may not be the best choice, but in the case of the Intel.com article I believe that fact that Intel published it is an endorsement of its content. - Ahunt (talk) 11:05, 2 May 2010 (UTC)

What would be acceptable as an external link which can educate users on how to avoid computer viruses? Unfortunately, people assume their anti-virus program will take care of everything and it's safe to take risks. TurboForce (talk) 11:23, 2 May 2010 (UTC)
McAfee, Microsoft, and Symantec have all recently put out reports saying that web browsing is the top source of infections, especially plugins like PDF viewers.[5] The Intel article says nothing about patching plugins or even about installing security patches at all. Say what you will about their software; McAfee, Microsoft, and Symantec at least do research and put out original content. --HamburgerRadio (talk) 17:24, 2 May 2010 (UTC)
I'm still looking for a suitable external link. TurboForce (talk) 21:57, 2 May 2010 (UTC)
Is this one any good?: Tips for Avoiding Malware Infections Possible external link. TurboForce (talk) 21:46, 3 May 2010 (UTC)
Just my opinion: while there may cases where a blog is the best source, there doesn't seem to be anything unique here. All of it would be better cited to something closer to a reliable source, ie. peer-reviewed paper, technical publication, journalist consulting with experts. --HamburgerRadio (talk) 18:07, 8 August 2010 (UTC)
This link How to Avoid Viruses is a joke. It mentions "Can erase your hard drive" as the worst consequence of a virus infection, and doesn't mention the single most important anti-virus measure (Restricted account) at all. Forget it! —Preceding unsigned comment added by Intrr (talkcontribs) 02:57, 14 November 2010 (UTC)
You will note that that link is not currently used in the article. - Ahunt (talk) 13:03, 14 November 2010 (UTC)

Antivirus security issues?

The inherent risk associated with having an antivirus product running as a privileged user isn't unique to virus scanners, has no commonly-used exploits that I've ever heard of, and seems to take up a lot of space in this article. Maybe we should run a fine-toothed comb over sources (and seek counter-sources?) Qbeep (talk) 00:53, 11 April 2009 (UTC)

You are right, if this isn't an issue and essentially doesn't exist then it should be trimmed out. As you indicate, the key would be what the refs say, if it isn't supported there then it shouldn't be in the article. Feel free to get out the scissors! I will also have a run through the article, perhaps later on today and see what I can do to tighten it up. - Ahunt (talk) 13:21, 11 April 2009 (UTC)
Okay I see you are reworking the article at Talk:Antivirus software/project, so will hang off doing anything to it until you post your changes to the main article. Incidentally creating a new page like that is probably not the best way to rework an article. If you want to take it somewhere and work on it you can create a "sandbox" page in your own user space (like I did here to work on templates). I have also copied articles into a text editor offline and worked on them there. The danger even then is that other editors may change the base article while you are working on a copy elsewhere, meaning if you copy your new version over the existing one it will eliminate all changes made since you made your copy. It may be best if you want to work on an article uninterrupted for a while to just tag it with {{inuse}} instead. That produces the box below: - Ahunt (talk) 14:50, 11 April 2009 (UTC)

{{inuse}}

Too late - it has been mostly re-written! ;) - Ahunt (talk) 21:50, 14 April 2009 (UTC)


I don't know where to stick my comment on this discussion board. I have had Norton security for over 9 years. I have NEVER had an automatic renewal and have never been asked to have it either. I went to the link #22 and it went to the Norton website. I did look under the section, 'updates and renewals' and didn't see anything about automatic renewals. I could have missed it, of course. Maybe the sentence should read that automatic renewals are available...Mylittlezach (talk) 23:54, 16 February 2011 (UTC)

Office conflict

Anti-virus programs can cause conflicts with other programs. For example, Microsoft reports that anti-virus programs are known to cause conflicts with [[Microsoft Office]].<ref>{{cite web|url=http://support.microsoft.com/kb/835404|title=An out-of-date antivirus program may cause errors when you try to open an Office document or to start Outlook|date=2010-11-27|accessdate=2011-2-16}}</ref>

This article described Office notifying a user of an infected file. Calling a successfull prevention (note: but not cleaning the file) of a malware infection "a conflict" is a bit of a stretch by any measure... I'm not sure if this text is salvagable? --DanielPharos (talk) 20:40, 16 February 2011 (UTC)


@DanielPharos I quote from that ref page in the "SUMMARY" section:


Bold emphasis added to the relevant text. It proves that active anti-virus software running in the background increases the chances of failures. The TrueCrypt troubleshooting page reports in several places that anti-virus software causes problems, which they clearly point out is not a bug in TrueCrypt (click here to read it all). TurboForce (talk) 00:05, 17 February 2011 (UTC)
And the very next line: "To resolve the first two problems, you have to update your antivirus program". So it's an outdated (or old, the article isn't clear) anti-virus program that's being buggy and causing this, not a 'real' conflict. You do realise what you just highlighted is classic Microsoft-talk for "we know of certain badly written programs of vendors, who shall remain nameless, that were fixed in later versions"?
TrueCrypt: Now that are true conflicts. I suggest using that ref instead. --DanielPharos (talk) 08:17, 17 February 2011 (UTC)

Primary sources

I've just noticed that many of the article's sources are primary. For example, a mention of the AVG Rescue CD has a source from AVG Technologies. This is an example of primary sourcing. A better approach would be to introduce secondary sources to the article. They are preferred because they second-hand accounts and they have no stake in what's being said. In other words, some of the references being used here are similar to refspam and having secondary sources talk about these items in with independent, reliable sources would improve the quality of the article. I'll place the template on the article and I can help with improving the refs. Dawnseeker2000 22:27, 24 February 2011 (UTC)

No objections to that, as long as you have the refs then have fun! - Ahunt (talk) 23:53, 24 February 2011 (UTC)
Looks like hours of work are still not good enough. Even the correct ref links are said to be wrong, not just on this page. Is there any point editing pages on Wikipedia? TurboForce (talk) 23:32, 25 February 2011 (UTC)
Everyone has different opinions of the usefulness of refs. User:Dawnseeker2000 has replaced many primary refs with third party ones, which is a lot of work. Personally I would have added the third party refs and left the primary ones in there, but that is just my opinion. - Ahunt (talk) 00:23, 26 February 2011 (UTC)
I've always believed it was right to include a ref link that just proves what is being said is true? What's this about "primary" and "third party"? I'm totally bamboozled here! So the mention of AVG rescue CD links to a page to prove it really exists and the article is telling the truth. Why is that wrong? TurboForce (talk) 12:07, 26 February 2011 (UTC)
It isn't wrong to use those link, just that third party refs are preferred. As it explains at WP:RS: "Articles should be based on reliable, third-party, published sources with a reputation for fact-checking and accuracy. This means that we only publish the opinions of reliable authors, and not the opinions of Wikipedians who have read and interpreted primary source material for themselves." - Ahunt (talk) 14:42, 26 February 2011 (UTC)

I have always made it habit to only add material to articles if the subject matter has been covered by a third party. And for this article I just happened to have a snow day and so I had tons of time. I had noticed that a user had added a few primary sources and it caught my eye. Well, it turns out that the IP was registered to Symantec and at least one of the additions that the user made wasn't entirely correct. I thought it was interesting that someone closely related to the Antivirus software industry would introduce a tidbit that wasn't exactly correct. Anyway, that's what the short story on what I did the other day. That kind of work isn't very glamorous, but I have always thought that articles aren't worth much if the reference section is lacking. Dawnseeker2000 16:07, 26 February 2011 (UTC)

The link to Anti-spyware coalition is defunct. Perhaps it might be removed.Teacherstudent27 (talk) 06:18, 2 September 2011 (UTC)

If you are referring to the link to Anti-Spyware Coalition in the nav box at the bottom, it still links to that article. - Ahunt (talk) 12:11, 2 September 2011 (UTC)