This is the
talk page for discussing improvements to the
Antivirus software article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
Archives: 1 |
This article is rated B-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||
|
This article is written in American English, which has its own spelling conventions (color, defense, traveled) and some terms that are used in it may be different or absent from other varieties of English. According to the relevant style guide, this should not be changed without broad consensus. |
Daily pageviews of this article
A graph should have been displayed here but
graphs are temporarily disabled. Until they are enabled again, visit the interactive graph at
pageviews.wmcloud.org |
The contents of the Malware scanner page were merged into Antivirus software on 27 October 2010. For the contribution history and old versions of the redirected page, please see its history; for the discussion at that location, see its talk page. |
The issue of zero-day virus needs to be more thouroly discussed in this article. Sections of the zero-day virus article is just a condensed version of sections from this article. If zero-day virus was merged with this article, it would receive more exposure. TechOutsider' ( talk) 21:09, 6 April 2009 (UTC)
This article seems to have a lot of information that applies specifically to viruses, not virus scanners. Should we migrate some of this? Qbeep ( talk) 02:05, 10 April 2009 (UTC)
"Powerful macros in word processors such as Microsoft Word presented a further risk. Virus writers started using the macros to write viruses that attached themselves to documents; this meant that computers could now also be at risk from infection by documents (with hidden attached macros) as programs. Later email programs, in particular Microsoft Outlook Express and Outlook, became able to execute program code from within a message's text by simply reading the message, or even previewing its content. Virus checkers now had to check many more types of files. As broadband always-on connections became the norm and more and more viruses were released, it became essential to update virus checkers more and more frequently; even then, a new virus could spread widely before it was detected, identified, a checker update released, and virus checkers round the world updated."
The inherent risk associated with having an antivirus product running as a privileged user isn't unique to virus scanners, has no commonly-used exploits that I've ever heard of, and seems to take up a lot of space in this article. Maybe we should run a fine-toothed comb over sources (and seek counter-sources?) Qbeep ( talk) 00:53, 11 April 2009 (UTC)
{{ inuse}}
I don't know where to stick my comment on this discussion board. I have had Norton security for over 9 years. I have NEVER had an automatic renewal and have never been asked to have it either. I went to the link #22 and it went to the Norton website. I did look under the section, 'updates and renewals' and didn't see anything about automatic renewals. I could have missed it, of course. Maybe the sentence should read that automatic renewals are available...
Mylittlezach (
talk) 23:54, 16 February 2011 (UTC)
Is it just me, or does this section seem more like an advertisment? FSBDavy ( talk) 17:29, 31 May 2009 (UTC)
Oh well done the Needs Citation spammer. That is SO irritating, especially when it is next to plain and simple facts such the statement on Word macro viruses emerging. I was there. They did. What's to cite? Posted by an alarming normal user - not a Wiki head so please don't flame me for having the temerity to suggest the page is now hard to read and commenting on it in this unsophisticated style. ...That posting needs citation at the end of every paragraph is annoying is a simple fact also. I use Wiki a lot as a reader and other pages don't suffer from this.
I take it that reaction was due to the potential for AV manufacturers to interfere with and bias the page. Fine. All I am saying is it's gone a bit far / crudely applied to every para whether a company is mentioned or not.
—Preceding unsigned comment added by 84.92.230.173 ( talk) 08:44, 14 June 2009 (UTC)
I can NOT emphasize this enough. There seems to be a terrible bias among some editors that some sort of random speculative 'I heard it somewhere' pseudo information is to be tagged with a 'needs a cite' tag. Wrong. It should be removed, aggressively, unless it can be sourced. This is true of all information, but it is particularly true of negative information about living persons.
–Jimmy Wales [1]
(Unindent) Okay I am done now. The article still needs some work by a subject matter expert, but in reply to User:84.92.230.173 who started this thread, you can note that the tags are all gone now! - Ahunt ( talk) 18:53, 29 November 2009 (UTC)
Hi HamburgerRadio ( talk), I understand it very well that Wikipedia uses nofollow tags, and its external links do not alter search engine rankings. However, I thought that referring to http://personalfirewall.comodo.com/download_firewall.html will help users to get the information that Comodo offers through its Antivirus Software. Please let me know your take on this context. Lakshmi VB Narsimhan 07:08, 4 August 2009 (UTC)--
I have restored the images to this article. As explained in the edit summary it would be ideal to have examples of all kinds of anti-virus software in this article to illustrate it, but US copyright law doesn't allow that. Copyrighted images can only be used under "fair use" provisions to illustrate articles on that particular software and all anti-virus is copyrighted except Clam, which is GPL. That means that the only images that can be used in this article are Clam and its deriviatives. The images here widely represent the range of antivirus, on Windows, Linux, command line. If anyone has a solution to the copyright problem then I would support replacing some images with new ones, otherwise the article is duller and poorer with fewer images. Incidentally it is generally accepted on Wikipedia that the use of free open source images is not spamming, since these are the only ones that can be freely used. - Ahunt ( talk) 14:17, 8 February 2010 (UTC)
Countless times I've seen Windows computers infected with malware, despite having anti-virus software installed, running permanently in the background AND fully updated.
No matter what anti-virus package is installed and watching the computer at all times, Windows can - and does - get infected, when it shouldn't. No single anti-virus package is 100% effective. With suitable "ref" links, I think this needs to be added to the section "Issues of concern".
Once infected, you need to run another anti-virus/anti-malware program OUTSIDE of Windows (example AntiVir Rescue System boot disc) to disinfect the system. A lot of malware, viruses etc. are so clever that you can't remove them when Windows is running and the malware itself is running, although you can try booting into safe mode. Perhaps this also needs adding to the section "Issues of concern" - that sometimes you can only disinfect the system by running the anti-virus/anti-malware tool from a boot disc (created on another computer that's clean of malware) or disinfecting Windows in safe mode.
I'm glad I use Ubuntu 99% of the time. :)
TurboForce ( talk) 23:28, 30 March 2010 (UTC)
- Wikid ( talk) 16:44, 2 Feb 2012 (UTC-5)
I did find a useful ref with one idea why this might be so and have added a new section at Antivirus_software#New_viruses. - Ahunt ( talk) 19:25, 14 April 2010 (UTC)
More could be added to the section Issues of concern, with the appropriate "ref" links, such as:
If the "ref" links can be found, there's plenty more we could be adding to the antivirus software page, especially the Issues of concern section.
TurboForce ( talk) 19:14, 18 April 2010 (UTC)
All good points and worth including in the article with refs. "is there any method which everyday users can apply to prevent viruses/malware from simply taking over the operating system" - yeah use Linux instead of Windows. - Ahunt ( talk) 21:57, 21 April 2010 (UTC)
There is currently no mention of rootkits in the anti-virus page. I've also done a search on the page using <CTRL> and <F> and found no mention of "rootkit" or "rootkits". Given the VERY serious nature of rootkits and their ability to stealth and evade detection, it's probably worth mentioning rootkits. Anti-virus software now scans for rootkits, so let's keep the anti-virus page up to date with the times. It could also be another "issue of concern" because rootkits may not be detected, especially rootkits which hide in firmware (see the rootkit page, which explains all this in detail). TurboForce ( talk) 21:29, 25 April 2010 (UTC)
Maybe we could include an external link on how to avoid infecting the computer in the first place? Having anti-virus software alone will not provide total protection, unfortunately!
The anti-virus software page could also be linked to the Computer virus page on Wikipedia?
What do others think? TurboForce ( talk) 17:25, 28 April 2010 (UTC)
I agree that the blogspot article may not be the best choice, but in the case of the Intel.com article I believe that fact that Intel published it is an endorsement of its content. - Ahunt ( talk) 11:05, 2 May 2010 (UTC)
In response to this small paragraph under the "Effectiveness" section:
Independent testing on all the major virus scanners consistently shows that none provide 100% virus detection. The best ones provided as high as 99.6% detection, while the lowest provide only 81.8% in tests conducted in February 2010. All virus scanners produce false positive results as well, identifying benign files as malware.
Maybe we could add that it's possible to install extra anti-malware software that can safely co-exist with anti-virus software (with "ref" links). For example, in Windows Vista and higher,
Windows Defender runs by default and it happily runs alongside anti-virus software. (It's a lame anti-malware product as I've never seen it identify anything malicious on a Windows computer that's riddled with malware!)
One important point missing in the anti-virus software page is the fact that you can disinfect Windows from an anti-virus boot disk (created on a clean computer), which deals with the malware outside of Windows so the infections can be removed when dormant. That said, I've always found it best to wipe a hard drive clean with DBAN, which also eradicates the malware files or use the "recovery" software included by the computer manufacturer which erases the hard drive and malware, then re-installs Windows with the manufacturer's junk.
Don't forget that Windows users are the target of over 2 million pieces of known malware! TurboForce ( talk) 11:55, 20 June 2010 (UTC)
All good points - if you can cite refs then by all means feel free to add them. - Ahunt ( talk) 13:37, 22 June 2010 (UTC)
The page doesn't talk much about disinfecting the viruses. When you have to clean a typical Windows installation heavily contaminated with malware (literally!), you are "disinfecting" it. I don't know if the word "disinfect" is outdated when we talk about today's anti-virus products in action?
Thank you Ahunt for "tidying up" my ref links. It's an arduous job finding the ref links in the first place and I don't know how to make the ref links at the bottom of the page show the proper date, title etc.
One thing I've not added to the page as yet is an explanation of anti-virus boot discs which boot and operate outside of Windows, running Linux, to clean up (disinfect?) the entire Windows drive. This method is more thorough and the viruses can be removed when dormant. This avoids the possibility of viruses stopping the anti-virus program.
TurboForce (
talk) 17:24, 13 July 2010 (UTC)
If you've seen the news lately, you've probably learned about the Stuxnet worm. I'm wondering how you would "disinfect" this worm from the industrial devices it exploits, which are using... (drumroll please) Microsoft Windows! In fact, incorrect removal can cause even more problems!! Siemens: Stuxnet Worm Hit Industrial Systems (Skip the ad on that ref page.)
What do you readers think about this and how it relates to anti-virus software? TurboForce ( talk) 23:05, 29 September 2010 (UTC)
That is a very good question. It would be worth including if we had a reference on that subject area. The articles indicate that this was a zero-day threat, so that seems to imply that it could have been defended against if anti-virus had been present and had definitions or heuristics that could have caught it. It sounds like it was spread via USB sticks and that seems to imply that the devices are not internet connected or otherwise networked. Back in the early 1990s we had a worm spread through a series of non-networked military PCs via a floppy disc that contained an infected game, so anytime outside devices can be connected there is a risk. I wish we had better refs on this. - Ahunt ( talk) 22:45, 2 October 2010 (UTC)
Why do we have a link to "Linux malware", but nowhere does the main page say that Linux does or doesn't need anti-virus software running in the background? I don't have anti-virus software in Linux, but in Windows XP SP2 and later, the "Security Center" will warn you if anti-virus software is not installed.
Do we need a section about anti-virus software and Linux? TurboForce ( talk) 21:14, 22 October 2010 (UTC)
I think that, nowadays (2013), virus for Linux are not anymore that rare (e.g. Android). Farqad ( talk) 19:01, 13 January 2013 (UTC)
Support: It was proposed some time ago to merge Malware scanner into Antivirus software. I want to support that because the scanner article is only a few lines that can be given a small section with the main article. It seems pointless to have a separate article. 71.229.185.179 ( talk) 18:20, 27 October 2010 (UTC)
Anti-virus programs can cause conflicts with other programs. For example, Microsoft reports that anti-virus programs are known to cause conflicts with [[Microsoft Office]].<ref>{{cite web|url=http://support.microsoft.com/kb/835404|title=An out-of-date antivirus program may cause errors when you try to open an Office document or to start Outlook|date=2010-11-27|accessdate=2011-2-16}}</ref>
This article described Office notifying a user of an infected file. Calling a successfull prevention (note: but not cleaning the file) of a malware infection "a conflict" is a bit of a stretch by any measure... I'm not sure if this text is salvagable? -- DanielPharos ( talk) 20:40, 16 February 2011 (UTC)
“ | This article describes an error message that you receive in Microsoft Office that states that an antivirus program is preventing you from opening a file. You may receive this error message for the following reasons:
|
” |
I've just noticed that many of the article's sources are primary. For example, a mention of the AVG Rescue CD has a source from AVG Technologies. This is an example of primary sourcing. A better approach would be to introduce secondary sources to the article. They are preferred because they second-hand accounts and they have no stake in what's being said. In other words, some of the references being used here are similar to refspam and having secondary sources talk about these items in with independent, reliable sources would improve the quality of the article. I'll place the template on the article and I can help with improving the refs. Dawnseeker2000 22:27, 24 February 2011 (UTC)
I have always made it habit to only add material to articles if the subject matter has been covered by a third party. And for this article I just happened to have a snow day and so I had tons of time. I had noticed that a user had added a few primary sources and it caught my eye. Well, it turns out that the IP was registered to Symantec and at least one of the additions that the user made wasn't entirely correct. I thought it was interesting that someone closely related to the Antivirus software industry would introduce a tidbit that wasn't exactly correct. Anyway, that's what the short story on what I did the other day. That kind of work isn't very glamorous, but I have always thought that articles aren't worth much if the reference section is lacking. Dawnseeker2000 16:07, 26 February 2011 (UTC)
The link to Anti-spyware coalition is defunct. Perhaps it might be removed. Teacherstudent27 ( talk) 06:18, 2 September 2011 (UTC)
I'm VERY annoyed that FleetCommand has ruined my recent edits because he/she doesn't like The Register ref links being proof.
What that user has basically done is ruin perfectly valid edits. It's like writing on a piece of paper and then someone comes along, rips it to shreds and throws it on a fire. WHY did YOU not bother to find ref links for it BEFORE you decided to wipe my edits, which took me somewhat longer than the few seconds required for you to undo/revert my edits? As for The Register links not being good enough - I've used The Register for ref links on other Wikipedia pages I've edited and nobody else has a problem with them.
I'm VERY annoyed by this and I get the impression you're lazy because you didn't go to the same trouble I did in finding them ref links and editing the page with great care and perfection. I better stop typing as I could say some things which will offend!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! TurboForce ( talk) 00:13, 23 October 2011 (UTC)
I added to the "history" and "identification" sections text which cite the same reference:
http://www.research.ibm.com/antivirus/SciPapers/VB2000DC.htm An Undetectable Computer Virus (academic paper)
I'm not familiar with this task so it appears as number 10 and 16. Please, anybody help to correct it.
Also, please find the article which describes this result and find a way to include it in a way it fits best.
Please, do not revert my edits, but correct and adapt them. Academic work hosted on www[.]research[.]ibm[.]com should be viewed as a reliable source. — Preceding unsigned comment added by 79.119.11.171 ( talk) 11:32, 16 February 2012 (UTC)
Who really created the first antivirus?- 170.185.129.17 ( talk) 15:39, 21 August 2012 (UTC)
But, the section Antivirus_software#History should be quite correct. Farqad ( talk) 19:28, 13 January 2013 (UTC)
Data mining techniques for malware detection are one of the latest approach in AntiVirus software. These algorithms use file features, that are extracted from binary programs, to classify an executables as malicious or benign. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
I think this should be added to the article. Farqad ( talk) 19:33, 13 January 2013 (UTC)
References
What about add a section on the comparison of AV products?
An old discussion has been whether or not AntiVirus products are useless and just waste of money. In November 2012 Imperva, a fairly discussed security firm, published a study in which they state that less than 5% of antivirus solutions were able to initially detect previously non-cataloged viruses. [1] [2] This study has been deeply criticized not only by almost every AntiVirus firm but also by many other security companies. [3] [4] [5] The main criticism was on the sample size of the study. In fact, the test has used less only 84 samples out of the millions of existing Windows malware. Another main criticism was that the study compared only detection in VirusTotal reports rather than in the actual products and, as the same VirusTotal stated: "At VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being...". [6] This is mainly because the engines that AntiVirus firms provide to VirusTotal are not exactly the same configuration as are in the real-world product. [7] Moreover, VirusTotal does not try to execute the files with actual products being installed. This means that any run-time heuristics, behavioral monitoring, and memory scanning are out of the game. And thus the detection results are meager when compared to full products. Another aspect that has been criticized has been the "relevance" of the samples. In fact, the sample set should only include things that have been verified to have infected customers. Extrapolating current AntiVirus protection by way of testing samples that pose no danger simply makes no sense.
For this, and other reasons, the Anti-Malware Testing Standards Organization (AMTSO) provides guidelines to the testing of anti-malware and related products. [8] Farqad ( talk) 19:33, 13 January 2013 (UTC)
References
{{
cite web}}
: Check |url=
value (
help)
{{
cite web}}
: Check |url=
value (
help)
People who are searching for "antivirus software" most likely suspect a virus or other malware; they are really looking for practically-useful guidance—such as the (1) need to fix vulnerabilities in browser plugins / avoid insecure browsers that lead to infection, (2) examples of good (preferably free) antivirus software, and (3) virus removal (as well as backup & recovery strategies). Viewed from this perspective, this article is pretty useless—the major part of the article is "issues of concern": potential disadvantages of antivirus software. I have added hatnotes to useful articles on these three topics, because most people will otherwise give up on such an article before reading to the "See also" at the end. There have been huge recent pageview peaks. Ditto for the computer virus article. The Template:Malware Navbox at the bottom of the page, with links to related articles, might best be updated and recreated as a long and narrow sidebar template at the side of the page, like Template:HTML—to help people quickly find what they're really looking for. LittleBen ( talk) 02:58, 22 January 2013 (UTC)
Remember that Wikipedia does not provide "how to" information. The article cannot teach users, e.g. "use this web browser", "use brand X anti-virus software" and "to remove malware, you must do this and that". TurboForce ( talk) 21:22, 31 January 2013 (UTC)
I see there's a new threat which anti-virus software is currently unable to detect: BadUSB. Is it worth a mention in "firmware issues"? MetalFusion81 ( talk) 16:28, 11 October 2014 (UTC)
The signature-based detection section didn't read right--it lacked an explanation of how a digital signature could also be a malware signature. Ideally, there would be a malware signature page, or the info would at least be included in the malware or the digital signature pages. Since it's not, I added a reference link to a signature generation article. The article is old (2006) so someone will probably eventually add a reference to a newer article. When they do, I hope they'll leave in my current reference, because it was the clearest explanation I could find on the topic. Katharine908 ( talk) 15:52, 1 June 2015 (UTC)
It would probably be nice to put something in this article about the origin of virus definitions, as in if each company makes their own or there are shared databases or if companies share databases between themselves.
Thanks.
-- 86.27.232.103 ( talk) 14:46, 7 June 2015 (UTC)
One item that seems to be missing from the early history is the free Mac OS application Disinfectant, written by John Norstad of Northwestern University. The early Macs did endure a few mostly harmless viruses along with a few malicious ones that were never widely distributed. Disinfectant stamped them all out (and included an Easter egg animation of a large Pythonesque foot doing just that).
This out-of-date page at the University of Northern Arizona website has a brief description of how the last release of Disinfectant was installed, along with another INIT (boot-loaded app) called Gatekeeper.
If I can get a screen capture of Disinfectant and some documentation of its history I will add both to the article. — ℜob C. alias ALAROB 04:13, 8 January 2016 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Antivirus software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
http://sciencelinks.jp/j-east/article/200505/000020050505A0076928.phpWhen you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
An editor has reviewed this edit and fixed any errors that were found.
Cheers.— InternetArchiveBot ( Report bug) 18:32, 15 October 2016 (UTC)
The result of the move request was: NO CONSENSUS. While there's not generally an agreement here that the article should not be moved, this proposal did not gain consensus. Ivanvector ( Talk/ Edits) 13:54, 3 January 2017 (UTC)
Antivirus software →
Antivirus –
WP:COMMONNAME.
SST
flyer 03:33, 27 December 2016 (UTC)
On the subject of antivirus testing, this is an aggregator of AMTSO-certified lab test scores. — Preceding unsigned comment added by MrDennis ( talk • contribs) 10:33, 15 March 2017 (UTC)
Hello fellow Wikipedians,
I have just modified 8 external links on Antivirus software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
http://www.staysafeonline.org/blog/small-and-medium-size-businesses-are-vulnerableWhen you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 10:44, 7 July 2017 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Antivirus software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 14:48, 3 September 2017 (UTC)
first implementation of firewall needs to be included in history -- Johnny Bin ( talk) 00:15, 7 June 2018 (UTC)
"Although methodologies may differ, some notable independent quality testing agencies include AV-Comparatives, ICSA Labs, West Coast Labs, Virus Bulletin, AV-TEST and other members of the Anti-Malware Testing Standards Organization."
OK, they are notable. But are they trustworthy? -- MisterSanderson ( talk) 19:45, 9 April 2019 (UTC)
"Additionally anti-virus software is 'years behind security-conscious client-side applications like browsers or document readers', according to Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy."
This isn't sufficiently clear! Is it saying that document readers and web-browsers are more secure than ani-virus themselves?-- MisterSanderson ( talk) 19:51, 9 April 2019 (UTC)
This is the
talk page for discussing improvements to the
Antivirus software article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google ( books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
Archives: 1 |
This article is rated B-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||
|
This article is written in American English, which has its own spelling conventions (color, defense, traveled) and some terms that are used in it may be different or absent from other varieties of English. According to the relevant style guide, this should not be changed without broad consensus. |
Daily pageviews of this article
A graph should have been displayed here but
graphs are temporarily disabled. Until they are enabled again, visit the interactive graph at
pageviews.wmcloud.org |
The contents of the Malware scanner page were merged into Antivirus software on 27 October 2010. For the contribution history and old versions of the redirected page, please see its history; for the discussion at that location, see its talk page. |
The issue of zero-day virus needs to be more thouroly discussed in this article. Sections of the zero-day virus article is just a condensed version of sections from this article. If zero-day virus was merged with this article, it would receive more exposure. TechOutsider' ( talk) 21:09, 6 April 2009 (UTC)
This article seems to have a lot of information that applies specifically to viruses, not virus scanners. Should we migrate some of this? Qbeep ( talk) 02:05, 10 April 2009 (UTC)
"Powerful macros in word processors such as Microsoft Word presented a further risk. Virus writers started using the macros to write viruses that attached themselves to documents; this meant that computers could now also be at risk from infection by documents (with hidden attached macros) as programs. Later email programs, in particular Microsoft Outlook Express and Outlook, became able to execute program code from within a message's text by simply reading the message, or even previewing its content. Virus checkers now had to check many more types of files. As broadband always-on connections became the norm and more and more viruses were released, it became essential to update virus checkers more and more frequently; even then, a new virus could spread widely before it was detected, identified, a checker update released, and virus checkers round the world updated."
The inherent risk associated with having an antivirus product running as a privileged user isn't unique to virus scanners, has no commonly-used exploits that I've ever heard of, and seems to take up a lot of space in this article. Maybe we should run a fine-toothed comb over sources (and seek counter-sources?) Qbeep ( talk) 00:53, 11 April 2009 (UTC)
{{ inuse}}
I don't know where to stick my comment on this discussion board. I have had Norton security for over 9 years. I have NEVER had an automatic renewal and have never been asked to have it either. I went to the link #22 and it went to the Norton website. I did look under the section, 'updates and renewals' and didn't see anything about automatic renewals. I could have missed it, of course. Maybe the sentence should read that automatic renewals are available...
Mylittlezach (
talk) 23:54, 16 February 2011 (UTC)
Is it just me, or does this section seem more like an advertisment? FSBDavy ( talk) 17:29, 31 May 2009 (UTC)
Oh well done the Needs Citation spammer. That is SO irritating, especially when it is next to plain and simple facts such the statement on Word macro viruses emerging. I was there. They did. What's to cite? Posted by an alarming normal user - not a Wiki head so please don't flame me for having the temerity to suggest the page is now hard to read and commenting on it in this unsophisticated style. ...That posting needs citation at the end of every paragraph is annoying is a simple fact also. I use Wiki a lot as a reader and other pages don't suffer from this.
I take it that reaction was due to the potential for AV manufacturers to interfere with and bias the page. Fine. All I am saying is it's gone a bit far / crudely applied to every para whether a company is mentioned or not.
—Preceding unsigned comment added by 84.92.230.173 ( talk) 08:44, 14 June 2009 (UTC)
I can NOT emphasize this enough. There seems to be a terrible bias among some editors that some sort of random speculative 'I heard it somewhere' pseudo information is to be tagged with a 'needs a cite' tag. Wrong. It should be removed, aggressively, unless it can be sourced. This is true of all information, but it is particularly true of negative information about living persons.
–Jimmy Wales [1]
(Unindent) Okay I am done now. The article still needs some work by a subject matter expert, but in reply to User:84.92.230.173 who started this thread, you can note that the tags are all gone now! - Ahunt ( talk) 18:53, 29 November 2009 (UTC)
Hi HamburgerRadio ( talk), I understand it very well that Wikipedia uses nofollow tags, and its external links do not alter search engine rankings. However, I thought that referring to http://personalfirewall.comodo.com/download_firewall.html will help users to get the information that Comodo offers through its Antivirus Software. Please let me know your take on this context. Lakshmi VB Narsimhan 07:08, 4 August 2009 (UTC)--
I have restored the images to this article. As explained in the edit summary it would be ideal to have examples of all kinds of anti-virus software in this article to illustrate it, but US copyright law doesn't allow that. Copyrighted images can only be used under "fair use" provisions to illustrate articles on that particular software and all anti-virus is copyrighted except Clam, which is GPL. That means that the only images that can be used in this article are Clam and its deriviatives. The images here widely represent the range of antivirus, on Windows, Linux, command line. If anyone has a solution to the copyright problem then I would support replacing some images with new ones, otherwise the article is duller and poorer with fewer images. Incidentally it is generally accepted on Wikipedia that the use of free open source images is not spamming, since these are the only ones that can be freely used. - Ahunt ( talk) 14:17, 8 February 2010 (UTC)
Countless times I've seen Windows computers infected with malware, despite having anti-virus software installed, running permanently in the background AND fully updated.
No matter what anti-virus package is installed and watching the computer at all times, Windows can - and does - get infected, when it shouldn't. No single anti-virus package is 100% effective. With suitable "ref" links, I think this needs to be added to the section "Issues of concern".
Once infected, you need to run another anti-virus/anti-malware program OUTSIDE of Windows (example AntiVir Rescue System boot disc) to disinfect the system. A lot of malware, viruses etc. are so clever that you can't remove them when Windows is running and the malware itself is running, although you can try booting into safe mode. Perhaps this also needs adding to the section "Issues of concern" - that sometimes you can only disinfect the system by running the anti-virus/anti-malware tool from a boot disc (created on another computer that's clean of malware) or disinfecting Windows in safe mode.
I'm glad I use Ubuntu 99% of the time. :)
TurboForce ( talk) 23:28, 30 March 2010 (UTC)
- Wikid ( talk) 16:44, 2 Feb 2012 (UTC-5)
I did find a useful ref with one idea why this might be so and have added a new section at Antivirus_software#New_viruses. - Ahunt ( talk) 19:25, 14 April 2010 (UTC)
More could be added to the section Issues of concern, with the appropriate "ref" links, such as:
If the "ref" links can be found, there's plenty more we could be adding to the antivirus software page, especially the Issues of concern section.
TurboForce ( talk) 19:14, 18 April 2010 (UTC)
All good points and worth including in the article with refs. "is there any method which everyday users can apply to prevent viruses/malware from simply taking over the operating system" - yeah use Linux instead of Windows. - Ahunt ( talk) 21:57, 21 April 2010 (UTC)
There is currently no mention of rootkits in the anti-virus page. I've also done a search on the page using <CTRL> and <F> and found no mention of "rootkit" or "rootkits". Given the VERY serious nature of rootkits and their ability to stealth and evade detection, it's probably worth mentioning rootkits. Anti-virus software now scans for rootkits, so let's keep the anti-virus page up to date with the times. It could also be another "issue of concern" because rootkits may not be detected, especially rootkits which hide in firmware (see the rootkit page, which explains all this in detail). TurboForce ( talk) 21:29, 25 April 2010 (UTC)
Maybe we could include an external link on how to avoid infecting the computer in the first place? Having anti-virus software alone will not provide total protection, unfortunately!
The anti-virus software page could also be linked to the Computer virus page on Wikipedia?
What do others think? TurboForce ( talk) 17:25, 28 April 2010 (UTC)
I agree that the blogspot article may not be the best choice, but in the case of the Intel.com article I believe that fact that Intel published it is an endorsement of its content. - Ahunt ( talk) 11:05, 2 May 2010 (UTC)
In response to this small paragraph under the "Effectiveness" section:
Independent testing on all the major virus scanners consistently shows that none provide 100% virus detection. The best ones provided as high as 99.6% detection, while the lowest provide only 81.8% in tests conducted in February 2010. All virus scanners produce false positive results as well, identifying benign files as malware.
Maybe we could add that it's possible to install extra anti-malware software that can safely co-exist with anti-virus software (with "ref" links). For example, in Windows Vista and higher,
Windows Defender runs by default and it happily runs alongside anti-virus software. (It's a lame anti-malware product as I've never seen it identify anything malicious on a Windows computer that's riddled with malware!)
One important point missing in the anti-virus software page is the fact that you can disinfect Windows from an anti-virus boot disk (created on a clean computer), which deals with the malware outside of Windows so the infections can be removed when dormant. That said, I've always found it best to wipe a hard drive clean with DBAN, which also eradicates the malware files or use the "recovery" software included by the computer manufacturer which erases the hard drive and malware, then re-installs Windows with the manufacturer's junk.
Don't forget that Windows users are the target of over 2 million pieces of known malware! TurboForce ( talk) 11:55, 20 June 2010 (UTC)
All good points - if you can cite refs then by all means feel free to add them. - Ahunt ( talk) 13:37, 22 June 2010 (UTC)
The page doesn't talk much about disinfecting the viruses. When you have to clean a typical Windows installation heavily contaminated with malware (literally!), you are "disinfecting" it. I don't know if the word "disinfect" is outdated when we talk about today's anti-virus products in action?
Thank you Ahunt for "tidying up" my ref links. It's an arduous job finding the ref links in the first place and I don't know how to make the ref links at the bottom of the page show the proper date, title etc.
One thing I've not added to the page as yet is an explanation of anti-virus boot discs which boot and operate outside of Windows, running Linux, to clean up (disinfect?) the entire Windows drive. This method is more thorough and the viruses can be removed when dormant. This avoids the possibility of viruses stopping the anti-virus program.
TurboForce (
talk) 17:24, 13 July 2010 (UTC)
If you've seen the news lately, you've probably learned about the Stuxnet worm. I'm wondering how you would "disinfect" this worm from the industrial devices it exploits, which are using... (drumroll please) Microsoft Windows! In fact, incorrect removal can cause even more problems!! Siemens: Stuxnet Worm Hit Industrial Systems (Skip the ad on that ref page.)
What do you readers think about this and how it relates to anti-virus software? TurboForce ( talk) 23:05, 29 September 2010 (UTC)
That is a very good question. It would be worth including if we had a reference on that subject area. The articles indicate that this was a zero-day threat, so that seems to imply that it could have been defended against if anti-virus had been present and had definitions or heuristics that could have caught it. It sounds like it was spread via USB sticks and that seems to imply that the devices are not internet connected or otherwise networked. Back in the early 1990s we had a worm spread through a series of non-networked military PCs via a floppy disc that contained an infected game, so anytime outside devices can be connected there is a risk. I wish we had better refs on this. - Ahunt ( talk) 22:45, 2 October 2010 (UTC)
Why do we have a link to "Linux malware", but nowhere does the main page say that Linux does or doesn't need anti-virus software running in the background? I don't have anti-virus software in Linux, but in Windows XP SP2 and later, the "Security Center" will warn you if anti-virus software is not installed.
Do we need a section about anti-virus software and Linux? TurboForce ( talk) 21:14, 22 October 2010 (UTC)
I think that, nowadays (2013), virus for Linux are not anymore that rare (e.g. Android). Farqad ( talk) 19:01, 13 January 2013 (UTC)
Support: It was proposed some time ago to merge Malware scanner into Antivirus software. I want to support that because the scanner article is only a few lines that can be given a small section with the main article. It seems pointless to have a separate article. 71.229.185.179 ( talk) 18:20, 27 October 2010 (UTC)
Anti-virus programs can cause conflicts with other programs. For example, Microsoft reports that anti-virus programs are known to cause conflicts with [[Microsoft Office]].<ref>{{cite web|url=http://support.microsoft.com/kb/835404|title=An out-of-date antivirus program may cause errors when you try to open an Office document or to start Outlook|date=2010-11-27|accessdate=2011-2-16}}</ref>
This article described Office notifying a user of an infected file. Calling a successfull prevention (note: but not cleaning the file) of a malware infection "a conflict" is a bit of a stretch by any measure... I'm not sure if this text is salvagable? -- DanielPharos ( talk) 20:40, 16 February 2011 (UTC)
“ | This article describes an error message that you receive in Microsoft Office that states that an antivirus program is preventing you from opening a file. You may receive this error message for the following reasons:
|
” |
I've just noticed that many of the article's sources are primary. For example, a mention of the AVG Rescue CD has a source from AVG Technologies. This is an example of primary sourcing. A better approach would be to introduce secondary sources to the article. They are preferred because they second-hand accounts and they have no stake in what's being said. In other words, some of the references being used here are similar to refspam and having secondary sources talk about these items in with independent, reliable sources would improve the quality of the article. I'll place the template on the article and I can help with improving the refs. Dawnseeker2000 22:27, 24 February 2011 (UTC)
I have always made it habit to only add material to articles if the subject matter has been covered by a third party. And for this article I just happened to have a snow day and so I had tons of time. I had noticed that a user had added a few primary sources and it caught my eye. Well, it turns out that the IP was registered to Symantec and at least one of the additions that the user made wasn't entirely correct. I thought it was interesting that someone closely related to the Antivirus software industry would introduce a tidbit that wasn't exactly correct. Anyway, that's what the short story on what I did the other day. That kind of work isn't very glamorous, but I have always thought that articles aren't worth much if the reference section is lacking. Dawnseeker2000 16:07, 26 February 2011 (UTC)
The link to Anti-spyware coalition is defunct. Perhaps it might be removed. Teacherstudent27 ( talk) 06:18, 2 September 2011 (UTC)
I'm VERY annoyed that FleetCommand has ruined my recent edits because he/she doesn't like The Register ref links being proof.
What that user has basically done is ruin perfectly valid edits. It's like writing on a piece of paper and then someone comes along, rips it to shreds and throws it on a fire. WHY did YOU not bother to find ref links for it BEFORE you decided to wipe my edits, which took me somewhat longer than the few seconds required for you to undo/revert my edits? As for The Register links not being good enough - I've used The Register for ref links on other Wikipedia pages I've edited and nobody else has a problem with them.
I'm VERY annoyed by this and I get the impression you're lazy because you didn't go to the same trouble I did in finding them ref links and editing the page with great care and perfection. I better stop typing as I could say some things which will offend!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! TurboForce ( talk) 00:13, 23 October 2011 (UTC)
I added to the "history" and "identification" sections text which cite the same reference:
http://www.research.ibm.com/antivirus/SciPapers/VB2000DC.htm An Undetectable Computer Virus (academic paper)
I'm not familiar with this task so it appears as number 10 and 16. Please, anybody help to correct it.
Also, please find the article which describes this result and find a way to include it in a way it fits best.
Please, do not revert my edits, but correct and adapt them. Academic work hosted on www[.]research[.]ibm[.]com should be viewed as a reliable source. — Preceding unsigned comment added by 79.119.11.171 ( talk) 11:32, 16 February 2012 (UTC)
Who really created the first antivirus?- 170.185.129.17 ( talk) 15:39, 21 August 2012 (UTC)
But, the section Antivirus_software#History should be quite correct. Farqad ( talk) 19:28, 13 January 2013 (UTC)
Data mining techniques for malware detection are one of the latest approach in AntiVirus software. These algorithms use file features, that are extracted from binary programs, to classify an executables as malicious or benign. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
I think this should be added to the article. Farqad ( talk) 19:33, 13 January 2013 (UTC)
References
What about add a section on the comparison of AV products?
An old discussion has been whether or not AntiVirus products are useless and just waste of money. In November 2012 Imperva, a fairly discussed security firm, published a study in which they state that less than 5% of antivirus solutions were able to initially detect previously non-cataloged viruses. [1] [2] This study has been deeply criticized not only by almost every AntiVirus firm but also by many other security companies. [3] [4] [5] The main criticism was on the sample size of the study. In fact, the test has used less only 84 samples out of the millions of existing Windows malware. Another main criticism was that the study compared only detection in VirusTotal reports rather than in the actual products and, as the same VirusTotal stated: "At VirusTotal we are tired of repeating that the service was not designed as a tool to perform antivirus comparative analyses, but as a tool that checks suspicious samples with several antivirus solutions and helps antivirus labs by forwarding them the malware they fail to detect. Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology, the most obvious being...". [6] This is mainly because the engines that AntiVirus firms provide to VirusTotal are not exactly the same configuration as are in the real-world product. [7] Moreover, VirusTotal does not try to execute the files with actual products being installed. This means that any run-time heuristics, behavioral monitoring, and memory scanning are out of the game. And thus the detection results are meager when compared to full products. Another aspect that has been criticized has been the "relevance" of the samples. In fact, the sample set should only include things that have been verified to have infected customers. Extrapolating current AntiVirus protection by way of testing samples that pose no danger simply makes no sense.
For this, and other reasons, the Anti-Malware Testing Standards Organization (AMTSO) provides guidelines to the testing of anti-malware and related products. [8] Farqad ( talk) 19:33, 13 January 2013 (UTC)
References
{{
cite web}}
: Check |url=
value (
help)
{{
cite web}}
: Check |url=
value (
help)
People who are searching for "antivirus software" most likely suspect a virus or other malware; they are really looking for practically-useful guidance—such as the (1) need to fix vulnerabilities in browser plugins / avoid insecure browsers that lead to infection, (2) examples of good (preferably free) antivirus software, and (3) virus removal (as well as backup & recovery strategies). Viewed from this perspective, this article is pretty useless—the major part of the article is "issues of concern": potential disadvantages of antivirus software. I have added hatnotes to useful articles on these three topics, because most people will otherwise give up on such an article before reading to the "See also" at the end. There have been huge recent pageview peaks. Ditto for the computer virus article. The Template:Malware Navbox at the bottom of the page, with links to related articles, might best be updated and recreated as a long and narrow sidebar template at the side of the page, like Template:HTML—to help people quickly find what they're really looking for. LittleBen ( talk) 02:58, 22 January 2013 (UTC)
Remember that Wikipedia does not provide "how to" information. The article cannot teach users, e.g. "use this web browser", "use brand X anti-virus software" and "to remove malware, you must do this and that". TurboForce ( talk) 21:22, 31 January 2013 (UTC)
I see there's a new threat which anti-virus software is currently unable to detect: BadUSB. Is it worth a mention in "firmware issues"? MetalFusion81 ( talk) 16:28, 11 October 2014 (UTC)
The signature-based detection section didn't read right--it lacked an explanation of how a digital signature could also be a malware signature. Ideally, there would be a malware signature page, or the info would at least be included in the malware or the digital signature pages. Since it's not, I added a reference link to a signature generation article. The article is old (2006) so someone will probably eventually add a reference to a newer article. When they do, I hope they'll leave in my current reference, because it was the clearest explanation I could find on the topic. Katharine908 ( talk) 15:52, 1 June 2015 (UTC)
It would probably be nice to put something in this article about the origin of virus definitions, as in if each company makes their own or there are shared databases or if companies share databases between themselves.
Thanks.
-- 86.27.232.103 ( talk) 14:46, 7 June 2015 (UTC)
One item that seems to be missing from the early history is the free Mac OS application Disinfectant, written by John Norstad of Northwestern University. The early Macs did endure a few mostly harmless viruses along with a few malicious ones that were never widely distributed. Disinfectant stamped them all out (and included an Easter egg animation of a large Pythonesque foot doing just that).
This out-of-date page at the University of Northern Arizona website has a brief description of how the last release of Disinfectant was installed, along with another INIT (boot-loaded app) called Gatekeeper.
If I can get a screen capture of Disinfectant and some documentation of its history I will add both to the article. — ℜob C. alias ALAROB 04:13, 8 January 2016 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Antivirus software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
http://sciencelinks.jp/j-east/article/200505/000020050505A0076928.phpWhen you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{
Sourcecheck}}
).
An editor has reviewed this edit and fixed any errors that were found.
Cheers.— InternetArchiveBot ( Report bug) 18:32, 15 October 2016 (UTC)
The result of the move request was: NO CONSENSUS. While there's not generally an agreement here that the article should not be moved, this proposal did not gain consensus. Ivanvector ( Talk/ Edits) 13:54, 3 January 2017 (UTC)
Antivirus software →
Antivirus –
WP:COMMONNAME.
SST
flyer 03:33, 27 December 2016 (UTC)
On the subject of antivirus testing, this is an aggregator of AMTSO-certified lab test scores. — Preceding unsigned comment added by MrDennis ( talk • contribs) 10:33, 15 March 2017 (UTC)
Hello fellow Wikipedians,
I have just modified 8 external links on Antivirus software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
{{
dead link}}
tag to
http://www.staysafeonline.org/blog/small-and-medium-size-businesses-are-vulnerableWhen you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 10:44, 7 July 2017 (UTC)
Hello fellow Wikipedians,
I have just modified 2 external links on Antivirus software. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 18 January 2022).
Cheers.— InternetArchiveBot ( Report bug) 14:48, 3 September 2017 (UTC)
first implementation of firewall needs to be included in history -- Johnny Bin ( talk) 00:15, 7 June 2018 (UTC)
"Although methodologies may differ, some notable independent quality testing agencies include AV-Comparatives, ICSA Labs, West Coast Labs, Virus Bulletin, AV-TEST and other members of the Anti-Malware Testing Standards Organization."
OK, they are notable. But are they trustworthy? -- MisterSanderson ( talk) 19:45, 9 April 2019 (UTC)
"Additionally anti-virus software is 'years behind security-conscious client-side applications like browsers or document readers', according to Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy."
This isn't sufficiently clear! Is it saying that document readers and web-browsers are more secure than ani-virus themselves?-- MisterSanderson ( talk) 19:51, 9 April 2019 (UTC)