OT: Poll - which antivirus software?

detected.

Any many programs will not work unless run as an adminstrator :-(

Linux.

The phrase "root-kit" originated in the UNIX world where there is a normally a "super-user" called "root" who has the permissions to do everything.

The meaning of the term has morphed a bit when applied to windoze.

They don't play games then?

up with security in mind and, in some, it is added as an afterthought.

Because of its wide use, debatable security & poor software, Windows is an easy target for malware writers.

Well, we have 5 computers at home (XP & Vista) and none of then run any AV software. Never had a problem, ever.

At work we have what I assume is an expensive corporate license for McAfee Enterprise. You guessed it, the only computer virus I have ever experienced was from an internal e-mail at work. Of course, we were able to lock the stable doors once McAfee released an update, but the damage was done by then. I did learn to treat internal e-mail with the same suspicion as external stuff.

MBQ

Only if you class setting the "hidden" bit on a folder as root-kit technology... Set windows to Show Hidden Files and the virus vault folder and contents will become visible. This is not the case with a true root kit.

Strange. I always have "show hidden files" on but the AVG directory did not show until I run a root-kit detector/remover.

Works for me:

K:\>dir $avg* Volume in drive K is W2K SYSTEM Volume Serial Number is ECDA-848C

Directory of K:\

File Not Found

K:\>dir $avg* /ah Volume in drive K is W2K SYSTEM Volume Serial Number is ECDA-848C

Directory of K:\

11/08/2008 11:10 $AVG8.VAULT$ 0 File(s) 0 bytes 1 Dir(s) 2,020,597,760 bytes free

I sure as hell hope you don't do any online banking then !

What a strange thing to say

How would you know ?

Yes, been doing so for some years. No problems there.

MBQ

Well, no one's ever moaned that any of our PCs has been hijacked for sending spam, for example. I've never had any on-line bank accounts, eBay, paypal accounts, etc., compromised. Maybe *something* has happened, but it's never caused me any problems.

On balance, I think "never had a problem" sums it up neatly and accurately.

All it takes is a little care and common sense.

MBQ

Not likely they would either. Spam would generally be relayed using a "From" address which is either made up or another harvested email address. So you would not be seeing the bounces.

A computer may have been unwittingly participating in a DDoS attack - again something that would not be causing *you* a problem (save a loss of outgoing bandwidth)

It may be there was a time this was true, but but I am not convinced now.

Adblock plugins for Firefox are good but not always 100% effective, and there have been enough cases of poisoned ads being served on otherwise safe and normal web sites for this to be an attack vector it is very hard to defend against without AV software. Obviously if you visit web sites based on search engine results you expose yourself to the same or greater risk.

Email based threats are easier to protect against if one chooses software with care and configures it to disable HTML rendering etc - although that does not defend against someone targeting you specifically.

That is not to say AV software is required in all cases. If a machine has no internet access and is just used with locally installed apps, the risks have probably decreased with time, since people don't tend to pass floppy disks about in the way that was once common.

OK, hadn't though of that. Still don't think it's happening, though.

Not something we've ever noticed (loss of bandwidth).

All of ours do, but everything, including the router, is ppowered down when not in use for more than a few minutes, if that makes any difference.

MBQ

It reduces the window of opportunity, but not by that much. It is important to keep in mind that since you have a hardware firewall in the router (or at least NAT to make unsolicited inbound connections difficult), and quite probably a software one as well (assuming you are on XP SP2 or higher) that "Blaster" style infections that can get in simply by being connected to the net at the wrong moment are very unlikely these days. The most likely attack vector will result from use of the machine (email, web, instant messaging etc). Once a machine is compromised it will often login to a IRC channel or some other control mechanism at boot up, and be ready to take orders. If it has a key logger or other similar malware, then they will often "phone home" at certain triggers - like when they have collected enough info to upload.

Running one of the free antispyware scanners[1] from time to time would certainly help identify a good number of possible invaders. As does keeping an eye on the things being launched at startup, the services installed, and a watchful eye on any open internet connections[2]

[1] Lavasoft AdAware, Malwarebytes AntiMalware, Spybot Search & Destroy for example [2] "netstat -a" in a command prompt, or TCPMon from sysinternals.

None at all.

Oh, I do that from time to time, just don't class those as AV software. It's part of what I term veing careful.

MBQ

Never heard of that one - so just tried it and I have about 30 open UDP and TCP connections, including one which says "... unknown.hwng.net:nntp ESTABLISHED"

hwng seems to be something called High Winds Network Group which means nothing to me... does the above sound right?

No, that is you sending that mssge!

Highwinds is your news server by your headers.