Is anti virus software worth it?

[TheAnimus]

i'm confused on this one. you say you were exploited because your patch cycle wasn't frequent enough, yet you rely on a monthly patch set from microsoft? are bugs in windows only discovered the day before the scheduled patches appear? i was under the impression most publicised windows security vulnerabilities are denied by microsoft until a patch is already written for the next monthly set, at which point how is this a more secure option?

Ironically due to laws i disagree with they force the common sense attitude that a security researcher shouldn't release their proof of concept stuff or be too specific until a patch has been deployed.

There is NO point giving anyone but the team making the patches the technical information until its been patched. MS do this, normally with co-operation, and if the poor sod's in the US law suites.

The thing is, they keep it all secret until the patch its deployed... most of the time, some exceptions major exceptions to this are bugs with IE (but don't get me started one IE).

The point is I (as i'm sure u do) have better things to do (like rant on forums) than keep staring at my email bulletens waiting to find that theres a patch, and have to apply it right then and there, because the proof of concept script will be been used by 13 year olds with malice.

[TheAnimus]

aidanjt no one knew it was there? I garente there will be bugs in the code i'm writing now (its a form of siginal generation for diganositic purposes) but the thing is no one will know they are there.

When i crack things, i use a debugger + symbol files + interpreted asm. Having the source code dosen't help, when i did loads of php work, i never once read the code. Even when making my own modules, i never analysed someone elses code for bugs, that bores me (like it does most people). So without wishing to be rude, but until you've cracked something, don't lecture to me about open source been better.

irresponsobile for issueing a howto? Jinkies i guess ur saying people who used to say "i'll smurf you" or "i'll nuke you" were freedom fighters?

This is way of topic, and on the topic of virus scanners, think this
run as a lower power users, so that ur in a sandbox. Every good OS can do this, Linux isn't as good as BSD for this (just read BSD's propagander). My favouate is sophos because i don't have to worry about my farthers machine been infected i can control it all remotely very easily.

Standards, go hand in hand with secuirty and anti-virus do they now? (sorry this is going off topic, i do kinda feal bad, but i've got a desire to make aidanjt see the light). .net and C# are ECMA approved standards. Is java? Is python?

Aidanjt i think you should start reading sites other than just ./ and el reg. Because ur missing some major points here, namely that because there aren't many viruses for something dosen't make it safer, talking about remote entry as if its the only method of attack. If you want to continue this feal free to email me. But i think we've gone OT enough, and i've posted like 4 times now since i said i wouldn't

[aidanjt]

I think the main point of this thread is.. 'Is Anti-Virus nessecery?' And the answer is this.. if the computer is running Windows, yes, if its running Linux, no.

Security from unauthorised remote connections is somewhat different and we could spend a lifetime discussing the ins and outs and still get nowhere. But I think the evidence speaks for itself in terms of security of the various platforms.

[TheAnimus]

That awnser is wrong.

If its a server, which no one has local access to, then no.
If its a machine which has a user that won't be installing anything, or running as admin, then no.
If its a computer running an OS were the person lurks round as a super user all the time, installing/opening all kinds of files and surfing then net. Then yes (regardless of OS).

oh and one OT point i forgot to say, i know the NT kernel inside out, because microsoft give you symbol files, and the excelent windbg for free. When you start re-directing interupt 2e you get up close n personal with the kernel. A cli is as much of an ice breaker as sex is.

[aidanjt]

So Windows servers bricked up behind a wall with only a power cord and network cable running into it is safe from viruses huh?.. Clearly history proves you wrong in that point.
Does a userlevel program require administrator access to make the machine vunrable?.. no it does not, read up on Windows kernel architectural dependence on userspace accessable components..
The real risk of using POSIX systems as root isn't viruses, its goofing something up by accident or running buggy exploitable client software, and if you do it anyway you deserve your system to melt.

Clearly your study of the NT kernel isn't all that good or you're rubbish at reading assembly.. Any idiot can notice that physical RAM usage is poor, over dependence of virtual memory is extreame, when in windows I have 1Gb of RAM, and 1Gb swap file, (staticly set, because if i don't the swapfile becomes horribely fragmented over time), most of the time with a bunch of programs open Windows uses 1/4 of my ram, and 1/2 of my page file, in linux with X.org running and KDE (bloatiest DE known to man) . I get 440,000Mb of my RAM used. Of which, 48Mb allocated to buffers, 246Mb cached, and 0Mb of 1Gb swap used!
In terms of performance ISO C++ code runs much faster on POSIX systems than it does on Windows, this is a well established fact, one which I've tested myself with a few various types of simple mathmatical calculations running in a large loop.
And I've previously commented on Windows process handling so i wont reitterate myself.

So please just stop trying to champion NT kernel because you're up against a brick wall call facts. We depend on Windows because we've allowed ourselves to. It doesn't mean its the best.

This is the last time we'll talk about Windows vs. Linux.. And I think AV discussion is pretty much covered now.

[TheAnimus]

I really don't get how you fail to understand that a server bricked up behind a wall, with only power + network is safe from virus, all you need is IT PATCHED.

There has been no exploit for remote entry where a proof has been out before the patch. (some DoS ones, but no compramising ones).

How does a virus scanner help then?! It needs to have its patterns updated, for my AI project i wrote a malicous code detector that used the type of purpose of the tool to determine a threat level. No definations needed, once trained. Even that (which was somewhat overzelous) would need updating so why not just patch it?

Now i never said C++ code would run faster, it runs faster on linux than it will on BSD (even thou BSD has a better threading model).

Your memory example is a bit poor because you fail to understand a key feature of the windows platform the modular design, the PE after all is just a (stolen from POSIX mabye you'd say?) standard image with some fancy headers, now this design whilst great on high speed systems can lead to memory useage expanding, and data repition. Its much more secure, and customizeable.

I think your bloating is more to the applications than the kernel, page files should be written when the HDD is idle, thats good. That means when you need more ram you don't sudenly have to wait for stuff to be paged? You see, i don't wish to be rude but i'm guessing your at 6th form or somewere on the start of your comptuer science learning cerve. Because your complaints about security, then you talk about memory performance useage which is an ample topic for a PHD thesis! Jinkies.

[Moby-Dick]

Yet again I find myself closing a thread thats gone way off topic.

Neither of you are going to give way , just accept it before you start getting personal.