Norton 360

[veloman]

My laptop came with this at a 'special price'  and it could be installed on a number of computers so I had it. It has worked well and I don't think it has slowed the machine down;  something I heard it was prone to do.

Anyway - it is due up for renewal; I know there is quite a bit of free stuff out there,  so is Norton worth having ? Cheers (about £30 to renew) 

[limpid]

No. Like all AV/anti-malware products it can longer prevent virus or malware except for the most simple script kiddie variants. It's only purpose is to act as a agent for Symantec's early detection network so that your compromise can help them sell their product to businesses.

 

If you are worried about viruses and malware, don't use windows. If you must use windows, Microsoft Security Essentials adequately botches the system in a way that will probably protect you.

[The_Rev]

I'm not as anti Windows as our dear admin is, in fact I quite like it.  I'll be **** if I am ever going to pay for an anti virus though. There are plenty of decent free ones, Avast, AVG and Microsoft Security Essentials are the most popular.

[coda]

I have limited computer knowledge. I dislike the pressure salespeople put on you in shops. Buying a laptop I was told I needed to pay £30 for McAfee as AVG is no good for internet banking. I declined but others were paying it.

[limpid]

There are sites on the web which will allow you to buy a piece of malware to target any (windows) system. The price goes up depending on which security systems it needs to compromise with the most expensive being for when the purchaser has no idea what systems they need to compromise and so need something that will compromise anything.

 

Most malware toolkits are self encrypting and so signature checking doesn't work any more. Most intrusion is completely transparent to the end user (eg. by using iframe insertion / substitution into the web pages they are targeting). Zero day exploits are used to compromise security software more than for any other purpose. On average businesses take 9 months to notice intrusion events. Most home users never do; if they're lucky they don't use the websites the malware they are infected with is targeting.

 

Meanwhile Symantic will openly tell you in meetings that they have created a multi-billion dollar business on the basis that Windows is not fit for purpose. They'll also tell you that they are happy to give their malware tools to home users for free because they make their money selling to inadequately knowledgeable business executives who need to tick a box called "anti-virus" on an audit.

 

I do have references for all these claims but (unsurprisingly) they are covered by NDAs, CHRs or are CinC.

 

Some people like Windows. I can't in good conscience let people talk about it without pointing out there are alternatives which do not suffer from these problems (and it's unlikely that they ever will) because they had security built in from the start (MacOS, Linux, *BSD). Better still, some of them are free.

[The_Rev]

But can I play BioShock Infinite on my Mac or Linux machine?  

[limpid]

But can I play BioShock Infinite on my Mac or Linux machine?  

I have no idea. Is that the only thing you do on Windows?

[The_Rev]

No, but it's one of the main things I do with a computer and not being able to play games is a dealbreaker.   Maybe I'm a luddite, but it is quite noticeable that the only people who ever seem to recommend Linux are people who work with computers all week.  I've no doubt that it can be better for you if you can make it work, but I don't really have the time or desire to learn a new OS which seems hugely daunting to a complete novice like myself. Yes, it might be free but the barrier to entry is still too high.  

[limpid]

Have you always used your current version of Windows? There's less difference between win7 and KDE than between XP and Win7. Seeing as the win7 interface was copied almost in toto from KDE.

 

I concede the point about gaming, but that's down to the software publishers. Most of them develop on Linux in house it's just perceived that there aren't enough Linux users to justify a release. Steam are starting to change this. Blizzard have announced some Linux native clients too.

[limpid]

[Chindie]

Would it not be the case that, if more people did use Linux, that Linux would become just as tasty a target for viruses and malware?

[limpid]

Would it not be the case that, if more people did use Linux, that Linux would become just as tasty a target for viruses and malware?

No. Linux and MacOS have vulnerabilities, but both are written in such a way that it is unlikely that vulnerabilities would yield administrative access.

 

Google, Facebook and the BBC run on Linux. The Chinese govt are developing their own version.. Do you think the malware authors haven't been targeting them all for years?

 

Social engineering attacks will work on all platforms because people are stupid.

[Chindie]

Not being a software engineer or particularly technically minded in programming, I can only talk as a layman, but I'm sure that, where Linux to surplant Windows worldwide, it would get broken in numerous ways fairly quickly just because the opportunity would be larger.

 

I don't think it needs to be something as grand a prize as breaking Google, or Facebook, or the Beeb. Just having loads of Joe Publics out there would kick start a far larger community to gun for Linux (low hanging fruit and all that), and as unlikely as it might be for a serious breach to occur, I think it would happen.

 

My two penneth anyway.

[limpid]

Not being a software engineer or particularly technically minded in programming, I can only talk as a layman, but I'm sure that, where Linux to surplant Windows worldwide, it would get broken in numerous ways fairly quickly just because the opportunity would be larger.

I agree. However an exploit in Linux is much less likely to lead to malware getting administrative privileges. More exploits might be found but it is much less likely they can lead to anything bad happening.

[darrenm]

There are loads of infected Linux machines out there, but they're mostly compromised as the Apache user due to people not correctly setting permissions or not doing updates on Joomla, Wordpress etc.

 

When they're compromised, the attackers are generally stuck there as they can't get any further into the system than the Apache user has access to, therefore the system is usually used as a spambot.

 

In answer to Chindie, Linux is already a massive target because it already runs much of the Internet. No knowledgeable sysadmin ever points a Windows machine directly at the Internet, even Microsoft front their IIS web servers with F5 load balancers. If it was on all home machines too (which isn't far away, Android is Linux, Chromebooks are Linux) not a lot would change, its security is intrinsic due to the code being publicly available that means peer review weeds out any easy exploit before publish. Even if something escapes this process, zero-day exploits will always have someone patching the code and sending out a fix within minutes, if not hours of something being discovered.

[Tegis]

 

Social engineering attacks will work on all platforms because people are stupid.

 

 

This! It's much easier to trick humans than exploiting code and machines.

 

*Click this file to see Jessica Alba naked*

*Root/admin rights needed*

 

User: mmkay (fap) and clicks yes to everything.

[leviramsey]

tbf, anybody who was using sendmail (the buffer overflow of the month club) back in the day knows that open source is not a panacea...

[limpid]

tbf, anybody who was using sendmail (the buffer overflow of the month club) back in the day knows that open source is not a panacea...

True enough, but you are referring to something from the distant past which wouldn't have affected more than a handful of desktop users. I don't think any Linux distro defaults to sendmail now even though the bugs are fixed and sendmail can run as a non-privileged user

 

Also from the distant past, lpd was trivial to exploit too. Again, that's now in much better shape although most distros use something better and supply a compatibility layer.