You get what you pay for



  • I have an old Windows laptop on my network that sits in a closet and
    does background tasks for me (home automation, DHCP, logging, etc.) It
    has never had a lot of free space, but the past several months it's been
    complaining it was low on disk space.  Every couple weeks for a while
    now I've been deleting various things, but it finally ran out of space
    today and I could find nothing on it I didn't want, but I also couldn't
    figure out where all the space was being used at.  GMER solved the
    mystery for me.

    Beginning of the year my McAfee subscription ran out.  Rather than paying for another year, I decided to try one of the many quality free antivirus products out there.  Instead, I selected Comodo.  On installation Comodo creates a Quarantine directory under its installation directory and sets it such that users cannot access it.  Attempts to do so get the error "Access is denied."  Comodo also keeps two copies of its virus database in separate directories under its installation directory.  Using GMER's ability to find hidden files I was able to figure out Comodo's procedure for updating its virus database:

    1. Create a temp directory under the Quarantine directory where users can't see it.

    2. Download a zipped copy of the database (about 127MB) to the temp directory.

    3. Unzip the new virus database (almost 200MB) to the temp directory.

    4. Make a copy of the new virus database in the same directory as the virus database currently in use.

    5. Make a copy of the currently used virus database in the backup directory.

    6. Move the new databases over the old ones

    7. Delete the temp files.

    For those not counting, after step 5 we have five unzipped copies of the virus database plus one zipped copy taking up over a gig in total.  Note that at no point during the above does Comodo actually check if there is enough disk space for the update.  If at any point the update should fail, Comodo simply starts over at step 2.  It deletes a perfectly good downloaded copy of the new virus database and immediately downloads it again (so that's where all my bandwidth was going!) and because the name of the zip file being downloaded contains the database version, when a newer database comes out the old temp files are left in the temp directory (we never got to step 7 remember) and it just downloads the new database next to them.

    I had about 50 different virus database files in the temp directory in various states of completion.  I have over 2GB free now that I uninstalled Comodo.


  • @Pascal said:

    Rather than paying for another year, I decided to try one of the
    many quality free antivirus products out there. Instead, I selected
    Comodo.
    ^- Made me LOL



  • ... you had a McAfee subscription?

    Now you're gonna tell me you decided to switch to Symantec or Trend Micro, aren't you?

    Comodo's firewall was pretty good some time ago, but nowadays they're a crap company. And they're known to sell whitelist entries (as in "we won't detect you") to malware authors.

    From free AVs, Microsoft Security Essentials, Avast or AVG. From commercial ones, Eset or F-Secure. Or Forefront, but only if you're a big company that can't use MSSE.



  • @bannedfromcoding said:

    Comodo's firewall was pretty good some time ago, but nowadays they're a crap company. And they're known to sell whitelist entries (as in "we won't detect you") to malware authors.

    Known? Or, "known?" Got any links about that?



  • @boomzilla said:

    Known? Or, "known?" Got any links about that?

    Point. I've mostly heard that mentioned as a "damn, just like Comodo" in all the anger threads when Avira did similar. I never looked for press releases.



  • @bannedfromcoding said:

    ... you had a McAfee subscription?

    Now you're gonna tell me you decided to switch to Symantec or Trend Micro, aren't you?

    Comodo's firewall was pretty good some time ago, but nowadays they're a crap company. And they're known to sell whitelist entries (as in "we won't detect you") to malware authors.

    From free AVs, Microsoft Security Essentials, Avast or AVG. From commercial ones, Eset or F-Secure. Or Forefront, but only if you're a big company that can't use MSSE.

     

    AVG sucks since version 9. I can't remember why it sucks since I uninstalled it and switched to MSSE just after its release.

     



  • @immibis said:

    @bannedfromcoding said:

    ... you had a McAfee subscription?

    Now you're gonna tell me you decided to switch to Symantec or Trend Micro, aren't you?

    Comodo's firewall was pretty good some time ago, but nowadays they're a crap company. And they're known to sell whitelist entries (as in "we won't detect you") to malware authors.

    From free AVs, Microsoft Security Essentials, Avast or AVG. From commercial ones, Eset or F-Secure. Or Forefront, but only if you're a big company that can't use MSSE.

     

    AVG sucks since version 9. I can't remember why it sucks since I uninstalled it and switched to MSSE just after its release.

     

     

     I think the last version of AVG I used was 6. After that it became too popular and started sucking. I tried MSSE for a while, but it sucked too (at random moments, it would just hog 100% cpu, slow my entire system down, with no way to stop it... it wasn't even performing a scan or anything).

     The only antivirus product that I've ever liked was Symantec's corporate antivirus (I think version 9 or 10). No stupid weird-ass UI (god, that reminds me of Norton 2005's completely ridiculous HTML/Internet Explorer based UI), simply native Windows widgets, background updates without huge-ass notifications, silent quarantining of files, etc.

     Now I simply use no antivirus at all, because all antivirus products are basically malware themselves.

     



  • @pbean said:

    After that it became too popular and started sucking.

    Hipster!



  • I have a friend with Norton. Here's one thing that happened recently.

    [img]http://i.imgur.com/8f3jM.png[/img]


    Yep, you read that right. Norton flagged this process not because it had done anything wrong, but because it allocated more than some arbitrarily determined amount of memory. What the hell is Norton listening to programs' memory usage for. You're supposed to be defending the machine from threats, not from doing fucking work.



  • @pbean said:

    AVG

    I stopped using avg when the "rape all sites I visit" feature was introduced. The one that pre downloaded all links on a page to virus scan, instead of waiting for the user to actually click on a link.



  • @nexekho said:

    You're supposed to be defending [whatever] from threats, not from doing fucking work.
     

    This is at the core of the left-right political disagreement.

     

    If you police everything, nobody can do their work/live like human beings.

    If you police nothing, everything goes to shit beause a lot of people are selfish, careless creatures.

     

     

    LOL HOW'S THAT FOR A THREAD HIJACK, TDWTF

     



  • @nexekho said:

    Yep, you read that right. Norton flagged this process not because it had done anything wrong, but because it allocated more than some arbitrarily determined amount of memory. What the hell is Norton listening to programs' memory usage for. You're supposed to be defending the machine from threats, not from doing fucking work.

    I'm guessing that there are some instances of malware that, um, allocate a lot of memory, and so this is part of an heuristic detection algorithm. Do you wonder why firewalls ask you about programs that use network resources, too? Now, if they don't have a way to whitelist (like firewalls tend to), that's TRWTF. But I'm guessing that's what the "Don't alert for this file" link looking thing does.



  • @dhromed said:

    If you police everything, nobody can do their work/live like human beings.

    The police can.



  • @boomzilla said:

    I'm guessing that there are some instances of malware that, um, allocate a lot of memory, and so this is part of an heuristic detection algorithm.

    I do hope you're kidding/trolling... memory usage has absolutely no bearing on whether a program is malware or not. In fact, I'd picture most malware is pretty small to help avoid drawing attention. It's perfectly common to see Photoshop/Max/UE3/Premiere/etc. allocating 2-3x that. Network activity, yeah, I agree, you can likely pick up on DDOS attacks, spamming and malware spreading en masse, but memory? No. All kinds of levels of memory usage are normal for all kinds of programs, so performing this heuristic is about as effective as flagging every program without any vowels in the name.



  • To be fair to Norton, it is pretty clear in stating that the sai.exe process has triggered a "Performance Alert", and that the alert has a severity level of "Info".

    As long as it doesn't affect performance to generate this notification, I wouldn't mind it popping up in the system tray; just don't distract me from my work to demand action on such a non-threat as this.



  • Avast is VIRUS DATABASE HAS BEEN UPDATED! a nice AV, but CAUTION! A VIRUS HAS BEEN DETECTED! it has some quirks.



  • @nexekho said:

    @boomzilla said:
    I'm guessing that there are some instances of malware that, um, allocate a lot of memory, and so this is part of an heuristic detection algorithm.

    I do hope you're kidding/trolling... memory usage has absolutely no bearing on whether a program is malware or not. In fact, I'd picture most malware is pretty small to help avoid drawing attention. It's perfectly common to see Photoshop/Max/UE3/Premiere/etc. allocating 2-3x that. Network activity, yeah, I agree, you can likely pick up on DDOS attacks, spamming and malware spreading en masse, but memory? No. All kinds of levels of memory usage are normal for all kinds of programs, so performing this heuristic is about as effective as flagging every program without any vowels in the name.

    Are you unfamiliar with the word, "guessing?" It may not have a bearing on malware, but as others mentioned, it's something that can affect the performance of your machine, which is something that malware does (though probably not through using up your RAM). If some program has a memory leak, and is slowly (or quickly) consuming your RAM, it would be nice to know. I'm sure the average user doesn't care (nor should he!) about DDOS. I'd be more worried about malware phoning home with keylogs or whatever.

    You're completely full of shit if you really can't see any value in flagging memory usage for performance reasons. Of course, power users can easily open up task manager and see this sort of thing, but so what?

    Also, I guess you have no clue what a whitelist is. It's like allowing your browser through the firewall. Once and you're done (at least until you update).



  • @boomzilla said:

    You're completely full of shit if you really can't see any value in flagging memory usage for performance reasons. Of course, power users can easily open up task manager and see this sort of thing, but so what?

    What's full of shit about expecting an anti-malware to do its damned job and stop trying to do everything? It's probably a contributing factor to the unbelievable bloat of software in general. Performance analyzer != anti-malware. It's not Norton's job to be tracking process memory usage. It doesn't know what's normal and what's not. The average user, as you refer to, will probably see Norton flagging up a program they're using and panic. Let's have the Check Engine light in your car flash blue if you leave the keys in the ignition. Granted, that's not it's job, but it IS meant to warn you so close enough!



  • @nexekho said:

    What's full of shit about expecting an anti-malware to do its damned job and stop trying to do everything? It's probably a contributing factor to the unbelievable bloat of software in general. Performance analyzer != anti-malware. It's not Norton's job to be tracking process memory usage. It doesn't know what's normal and what's not. The average user, as you refer to, will probably see Norton flagging up a program they're using and panic.

    LOL! Welcome to a software provider giving a shit and trying to provide a better product. Not to mention compete with other providers. Good luck with eliminating bloat and feature creep! It's true that anti-malware software isn't exactly performance analyzer, but there seems to be significant overlap. Ultimately, that may be what people want out of it, anyways (or one thing, at least).

    All the TV commercials these days about cleaning compulters and speeding them up tells me that there's a market out there...and no wonder. But I'm sure there are products out there with leaner feature sets who'd love to have your business.



  • @nexekho said:

    Let's have the Check Engine light in your car flash blue if you leave the keys in the ignition.

    Wait, so that's not normal then..? >.>



  • @boomzilla said:

    All the TV commercials these days about cleaning compulters and speeding them up tells me that there's a market out there...and no wonder.
    We'd be millionaires if we could come up with our own way to prey upon the fears of the desperate and gullible.



  • @boomzilla said:

    LOL! Welcome to a software provider giving a shit and trying to provide a better product.

    Better is a matter of opinion. The more you throw pointless junk in the user's face, the more likely they are to ignore what matters. An antimalware should shut up and be quiet unless there's risk of infiltration, it can't function (such as lack of updates) or it was specifically asked for something. I can't believe you're defending an antimalware that has its own browser toolbar. Gets its hooks into EVERYTHING.

    @boomzilla said:

    significant overlap

    Between security and performance?

    @boomzilla said:

    But I'm sure there are products out there with leaner feature sets who'd love to have your business.

    ESET do.



    Norton is largely bought by the computer illiterate. It is very well marketed to this audience. My brother installed some screen recording software the other day and forgot to untick the FREE! Norton Security Scan which of course flagged up a few tracking cookies and nothing else, but screamed murder about how the apocalypse was coming and he must buy Norton right now! It must make a fuss as often as possible to make these people think it's saving their life every ten seconds when in fact it's doing pretty much sod all.



  • @nexekho said:

    @boomzilla said:
    LOL! Welcome to a software provider giving a shit and trying to provide a better product.

    Better is a matter of opinion. The more you throw pointless junk in the user's face, the more likely they are to ignore what matters. An antimalware should shut up and be quiet unless there's risk of infiltration, it can't function (such as lack of updates) or it was specifically asked for something. I can't believe you're defending an antimalware that has its own browser toolbar. Gets its hooks into EVERYTHING.

    Yep...that's why I said trying. And who knows, maybe they're succeeding with others.

    @nexekho said:

    @boomzilla said:
    significant overlap

    Between security and performance?

    Indirectly. I was really getting at overlap between malware and performance.



  • @Pascal said:

    I decided to try one of the
    many quality free antivirus products out there.  Instead, I selected
    Comodo. 
    I used Comodo for a while and liked it just fine.  Until  the release of Windows Vista.  6 months later, Comodo still couldn't make a version of their product that worked properly with Vista.  So I switched to BitDefender.  I used it for 2 years and it was OK.  Then my subscription ran out.  Instead of just letting me pay for another 2 years I had to "upgrade" to the latest version, which turned out to be a completely unusable piece of shit.  I'm starting to see a pattern here.

    I contacted BirDefender to complain about their shitty product and demand a refund.  When they refused, I tried to dispute the charge on my creit card and discovered an added bonus -- BitDefender, located in Florida, USA, used a credit card processor located in The Netherlands and not subject to U.S. credit card laws   I don't remember the name of the company now, but at the time I Googoled their named and found lots of complaints against them.

    For the past year or so I've been using AVG and it seems to be OK.   In other words, the best thing I can say about it is that it sucks less than some of the others.



  • @MiffTheFox said:

    Avast is VIRUS DATABASE HAS BEEN UPDATED! a nice AV, but CAUTION! A VIRUS HAS BEEN DETECTED! it has some quirks.

    I actually used Avast! as an alarm clock for a while, it worked well.



  • @nexekho said:

    Norton is largely bought by the computer illiterate. It is very well marketed to this audience. My brother installed some screen recording software the other day and forgot to untick the FREE! Norton Security Scan which of course flagged up a few tracking cookies and nothing else, but screamed murder about how the apocalypse was coming and he must buy Norton right now!

    That's actually very scary, in the "you've been infected by a fake antivirus" sense.



  • OP: Microsoft Security Essentials. 

    @dhromed said:

    @nexekho said:

    You're supposed to be defending [whatever] from threats, not from doing fucking work.
     

    This is at the core of the left-right political disagreement.

    If you police everything, nobody can do their work/live like human beings.

    If you police nothing, everything goes to shit beause a lot of people are selfish, careless creatures.

    LOL HOW'S THAT FOR A THREAD HIJACK, TDWTF

    i have a better threadjack: I love you troll

    ED: spread love, always.  Love, BTK


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.