Normally, Microsoft's SCEP is able to remove infected mails in Thunderbird without any difficulties. However, in rare situations it could repeatedly reported infections but failed to remove infected emails.
Added to the difficulty, the reported infected CANNOT be found anywhere in Thunderbird mailbox folder!!?
After some tests, studies and investigation, the cause is found! The infected mail is actually HIDDEN in Thunderbird, marked as available space, waiting for a "COMPACT" to release the space.
SOLUTION: Start your Thunderbird, right click on the infected mail folder, select "Compact". Once the mail folder is being compacted, the infected mail is removed and SCEP reported no more infection!!
I suspect similar problems also happens to users of Microsoft Security Essential and the built-in Windows Defender in Windows 8. It really sounds ridiculous that Microsoft antivirus will treat a deleted, hidden mail as a "production" mail.
TOOLS: You may want to verify if the "COMPACT" of the mail folder is effective. I found grepWin a good tool to use (http://stefanstools.sourceforge.net/grepWin.html). Another helpful tool is Notepad++ (http://notepad-plus-plus.org/), which actually can open, read and search Thunderbird mailbox files.
Showing posts with label Internet Security. Show all posts
Showing posts with label Internet Security. Show all posts
Monday, February 24, 2014
Wednesday, August 22, 2012
SOLVED - Cannot Browse or Ping to Microsoft.com
A friend's XP laptop has this very strange behavior:
Of course, just the point #1 above already made me feel for sure this is VIRUS INFECTION. But, it didn't leave any trace of malicious codes or signature. So, an important setting has been modified.
After hours of work, this is what I found, which solved my problem: DNS Client service. Stop it.
*You may also find the Automatic Updates service not working properly. Try Restart this service.
Now, you should have your Microsoft.com back, as well as other security websites. Time to do your Windows Update, download an antivirus software, get it updates, etc.
Notes: For security-serious users, there's only one thing they will do for a compromised computer, FORMAT AND REINSTALL.
What is DNS Client - http://technet.microsoft.com/en-us/library/cc735833(v=ws.10).aspx
The DNS Client service is the client component that resolves and caches Domain Name System (DNS) domain names. When the DNS Client service receives a request to resolve a DNS name that it does not contain in its cache, it queries an assigned DNS server for an IP address for the name. If the DNS Client service receives the requested address, it stores the name and address in its cache to resolve future requests without having to query the DNS server. All computers that use DNS to resolve domain names (including DNS servers and domain controllers) use the DNS Client service for this purpose.
- all other websites work properly, EXCEPT Microsoft.com and other antivirus vendor sites such as Trend Micro, Symantec, etc. Other websites like yahoo.com works perfectly fine
- PING Microsoft.com cannot resolve, saying "Ping request could not find host microsoft.com..."; but, NSLOOK Microsoft.com resolves IP address
- using virus removal tools, virus scan FOUND NOTHING
- HOSTS file checked ok
- TCP/IP settings good
- tried repaired WINSOCK, no help
Of course, just the point #1 above already made me feel for sure this is VIRUS INFECTION. But, it didn't leave any trace of malicious codes or signature. So, an important setting has been modified.
After hours of work, this is what I found, which solved my problem: DNS Client service. Stop it.
- Right click on My Computer, select Manage
- Under Services and Applications, click on Services
- On the list, look for the service DNS Client; right click on it and choose Stop
*You may also find the Automatic Updates service not working properly. Try Restart this service.
Now, you should have your Microsoft.com back, as well as other security websites. Time to do your Windows Update, download an antivirus software, get it updates, etc.
Notes: For security-serious users, there's only one thing they will do for a compromised computer, FORMAT AND REINSTALL.
What is DNS Client - http://technet.microsoft.com/en-us/library/cc735833(v=ws.10).aspx
The DNS Client service is the client component that resolves and caches Domain Name System (DNS) domain names. When the DNS Client service receives a request to resolve a DNS name that it does not contain in its cache, it queries an assigned DNS server for an IP address for the name. If the DNS Client service receives the requested address, it stores the name and address in its cache to resolve future requests without having to query the DNS server. All computers that use DNS to resolve domain names (including DNS servers and domain controllers) use the DNS Client service for this purpose.
Monday, March 19, 2012
TIPS - How to Clean Virus from an Infected PC
Sadly, even with an antivirus software installed, virus infection is possible and even commonplace among Windows PCs. This could be caused by an out-dated antivirus software, detection engine, pattern file, or even a weakness of the antivirus software itself.
If your PC is unfortunately being infected, here's an outline of steps to clean your system.
First, remember that in most cases it will be a waste of time trying to use your already installed antivirus software to clean the virus. The very fact that it can't stop your computer from infection reveals its ineffectiveness against the virus.
A fast and simple approach, use Windows system restore. If you haven't disable this Windows built-in feature, probably you'll be able to restore your system files and state to an earlier time, probably a time when your system is not yet compromised.
Next, you should boot your PC in Safe Mode. Reset your computer, before entering Windows and the Windows Logo appears, press F8. Choose Safe Mode. You will not want to use "Safe Mode with Network", if ever possible. Holding Shift key when Windows startup will also bypass startup programs, which is a good way to stop malicious programs from loading at startup.
Once you can successfully enter Windows, go to Start, Run, type msconfig, press ENTER. Go to the Startup tab, uncheck any programs that are suspicious. If you are not sure, find another clean PC to search for more information about these programs, then decide which ones should be loaded and which ones shouldn't.
Now, you need to do a full scan of your computer. A very good tool I like to use is Trend Micro's sysclean. On a clean PC, download these files to a folder, extract zip files and put all files in one folder.
Sysclean with Engine: http://downloadcenter.trendmicro.com/index.php?regs=APAC&clk=latest&clkval=353&lang_loc=3
Pattern File: http://downloadcenter.trendmicro.com/index.php?clk=tab_pattern&clkval=33®s=APAC&lang_loc=3
You need to copy these files to the hard disk of the infected PC and start a full scan. DO NOT USE A THUMB DRIVE WITHOUT A WRITE LOCK. Any USB thumb drive or flash memory (without lock) you have may have already been infected. Make sure that you're using a clean or new flash memory (like a SD Card with a write lock, this will protect your memory card from infection) to copy files. Another way, burn the files to a CD-R.
Copy all the needed files in one folder, run the sysclean program on the infected PC.
After full scan, reboot your computer.
Scan all your memory cards, USB thumb drives, external HDD, etc., that may have a chance to be infected because they've been plug into the infected PC. To do so, I like to keep a Linux PC or laptop to do the work. Format them before use.
What antivirus software is most effective and should be installed?
I don't believe there's any antivirus solution which is 100% effective. What you can try, is to install your favorite antivirus with the cloud-based antivirus software - clamav. Clamav has a solid user-cloud, which keeps it very efficient in responding to new virues and security threats. In most cases, it won't conflict with other brands' antivirus. Moreover, it's very light weight, won't significantly slow down your PC. The current version works even without the cloud, when no network connection.
What are some good practices to avoid virus infection and network attacks?
Most effective - your awareness! So many times, a system was infected not because of the antivirus solution ineffective, but the user is too careless, too lazy to check any message that pops up and prompt and warn the user. They are simply being ignored by the user!!
Some other good practices - same old stories - regular Windows updates, apply any service packs available. Do not visit, download, nor install any software from websites that you do not really know. Understand and evaluate the risks before you install any software.
Windows XP platforms are too vulunerable to virues to be used. Migrate your system to Windows 7 or higher. Another effective measure is to stop the Autorun feature, when thumb drives are pluggin.
Do not stop your Windows firewall just for your own convenience, but simply make your system easier for hackers and virus attacks.
Set strong passwords to your user and administrator accounts.
If you're using a router to share Internet, you should make sure that the router is probably set, especially when Wifi in enabled. Stop using WEP. Use WPA or WPA-2, with keys not easily cracked. Most routers will prompt you for security concerns when the key is not strong, don't just ignore it.
Final words, precaution is always better than cure. When a system is infected and compromised, often it's hard to assess the damage. Recovery is never 100%. Any serious IT professionals will tell you, there is no other option, but reformat, reinstall everything...
If your PC is unfortunately being infected, here's an outline of steps to clean your system.
First, remember that in most cases it will be a waste of time trying to use your already installed antivirus software to clean the virus. The very fact that it can't stop your computer from infection reveals its ineffectiveness against the virus.
A fast and simple approach, use Windows system restore. If you haven't disable this Windows built-in feature, probably you'll be able to restore your system files and state to an earlier time, probably a time when your system is not yet compromised.
Next, you should boot your PC in Safe Mode. Reset your computer, before entering Windows and the Windows Logo appears, press F8. Choose Safe Mode. You will not want to use "Safe Mode with Network", if ever possible. Holding Shift key when Windows startup will also bypass startup programs, which is a good way to stop malicious programs from loading at startup.
Once you can successfully enter Windows, go to Start, Run, type msconfig, press ENTER. Go to the Startup tab, uncheck any programs that are suspicious. If you are not sure, find another clean PC to search for more information about these programs, then decide which ones should be loaded and which ones shouldn't.
Now, you need to do a full scan of your computer. A very good tool I like to use is Trend Micro's sysclean. On a clean PC, download these files to a folder, extract zip files and put all files in one folder.
Sysclean with Engine: http://downloadcenter.trendmicro.com/index.php?regs=APAC&clk=latest&clkval=353&lang_loc=3
Pattern File: http://downloadcenter.trendmicro.com/index.php?clk=tab_pattern&clkval=33®s=APAC&lang_loc=3
You need to copy these files to the hard disk of the infected PC and start a full scan. DO NOT USE A THUMB DRIVE WITHOUT A WRITE LOCK. Any USB thumb drive or flash memory (without lock) you have may have already been infected. Make sure that you're using a clean or new flash memory (like a SD Card with a write lock, this will protect your memory card from infection) to copy files. Another way, burn the files to a CD-R.
Copy all the needed files in one folder, run the sysclean program on the infected PC.
After full scan, reboot your computer.
Scan all your memory cards, USB thumb drives, external HDD, etc., that may have a chance to be infected because they've been plug into the infected PC. To do so, I like to keep a Linux PC or laptop to do the work. Format them before use.
What antivirus software is most effective and should be installed?
I don't believe there's any antivirus solution which is 100% effective. What you can try, is to install your favorite antivirus with the cloud-based antivirus software - clamav. Clamav has a solid user-cloud, which keeps it very efficient in responding to new virues and security threats. In most cases, it won't conflict with other brands' antivirus. Moreover, it's very light weight, won't significantly slow down your PC. The current version works even without the cloud, when no network connection.
What are some good practices to avoid virus infection and network attacks?
Most effective - your awareness! So many times, a system was infected not because of the antivirus solution ineffective, but the user is too careless, too lazy to check any message that pops up and prompt and warn the user. They are simply being ignored by the user!!
Some other good practices - same old stories - regular Windows updates, apply any service packs available. Do not visit, download, nor install any software from websites that you do not really know. Understand and evaluate the risks before you install any software.
Windows XP platforms are too vulunerable to virues to be used. Migrate your system to Windows 7 or higher. Another effective measure is to stop the Autorun feature, when thumb drives are pluggin.
Do not stop your Windows firewall just for your own convenience, but simply make your system easier for hackers and virus attacks.
Set strong passwords to your user and administrator accounts.
If you're using a router to share Internet, you should make sure that the router is probably set, especially when Wifi in enabled. Stop using WEP. Use WPA or WPA-2, with keys not easily cracked. Most routers will prompt you for security concerns when the key is not strong, don't just ignore it.
Final words, precaution is always better than cure. When a system is infected and compromised, often it's hard to assess the damage. Recovery is never 100%. Any serious IT professionals will tell you, there is no other option, but reformat, reinstall everything...
Friday, February 17, 2012
DISCUSSION - Antivirus for Android, Are They Really Effective?
Although the linux-based Android is a well protected system, I doesn't mean that it will not be affected by viruses, Trojans and worms.
Viruses for linux do exist, and they're getting more popular as the linux user-base keeps growing.
Recently, the reputatble AV-TEST lab has conducted some tests on Android antivirus. Yoy may be surprised to read their reported results: http://www.av-test.org/fileadmin/pdf/avtest_2011-11_free_android_virus_scanner_english.pdf
In summary, many popluar free antivirus solutions for Android are not as effective as they're thought to be. Detection rate is poor. The concern of false sense of security is valid, which a user believes that his data is being well protected. Sadly, many Android phones and tablets WILL store much sensitive or confidential information.
There's no other more effective measure than USER AWARENESS of the risk involved in using any technological products. Of course, I'm not objecting the idea of having an antivirus app. But, it is no replacement for our carefulness and awareness of the risk factor. Follow good practices, like:
Recently, the reputatble AV-TEST lab has conducted some tests on Android antivirus. Yoy may be surprised to read their reported results: http://www.av-test.org/fileadmin/pdf/avtest_2011-11_free_android_virus_scanner_english.pdf
In summary, many popluar free antivirus solutions for Android are not as effective as they're thought to be. Detection rate is poor. The concern of false sense of security is valid, which a user believes that his data is being well protected. Sadly, many Android phones and tablets WILL store much sensitive or confidential information.
There's no other more effective measure than USER AWARENESS of the risk involved in using any technological products. Of course, I'm not objecting the idea of having an antivirus app. But, it is no replacement for our carefulness and awareness of the risk factor. Follow good practices, like:
- Install only reputable apps from Android Market; before you install an app, assess the risk involved in giving out the different system rights to the app
- Turn off your wifi when not in use
- Worst scenario - what if your phone / tablet is stolen, hacked, what is your emergency plan? Can you survive that?
- A Rooted Android may give you much more freedom in installing apps and try different things, yet it also at the same time increases the extend of damages that a virus can have on your device system
Monday, February 6, 2012
TIPS - Android, my recommendation
Android has gained worldwide popularity, and is gradually mature enough for practical day to day use. Samsung, HTC are big names, yet I found that this China brandname - Cube - a very quality product.
Tested model: Cube K8GT ( <USD100)
Main Specification: Cortex A8 1GHz RK2918, 7" 16:9, 800×480 resolution, 512MB DDR3, 8GB built-in storage, Android 2.3
Other features: wifi, 3D graphic accelerator, USB port, microSD slot
Benchmark: Quadrant - 1673 (higher than HTC Nexus One, 2 times faster than Samsung Galaxy S)
Test Results:
I've been using it for more than a month. Everything works very smoothly - the screen, the senors, the buttons, the wifi, the sound, the slots, ... yes, everything to my satisfaction. Battery is always the concern, yet I found the 4000mAH battery did a very good job. If left the wifi on, the battery can run for 6-7 hours. Turn off the wifi and you can work on the tablet for more than 24 hours. I used it to take notes and run various software tools throughout the day, after 10 hours the battery only dropped by about 10%. Of couse, it inherited all the advantages and strengths of Android system, which I love so much!
Bonus feature:
The built-in USB port is very useful! I can plug my USB thumb drive on it, connect a USB network card (for wired network), and even a USB mouse!!
The microSD (or T-flash) card slot is very useful, I have a 16GB UHS-1 microSD card inserted with my music, videos, and other big files...
The "Home" button is handy!
Important Tips for those looking for a Android Tablet:
Tested model: Cube K8GT ( <USD100)
Main Specification: Cortex A8 1GHz RK2918, 7" 16:9, 800×480 resolution, 512MB DDR3, 8GB built-in storage, Android 2.3
Other features: wifi, 3D graphic accelerator, USB port, microSD slot
Benchmark: Quadrant - 1673 (higher than HTC Nexus One, 2 times faster than Samsung Galaxy S)
Test Results:
I've been using it for more than a month. Everything works very smoothly - the screen, the senors, the buttons, the wifi, the sound, the slots, ... yes, everything to my satisfaction. Battery is always the concern, yet I found the 4000mAH battery did a very good job. If left the wifi on, the battery can run for 6-7 hours. Turn off the wifi and you can work on the tablet for more than 24 hours. I used it to take notes and run various software tools throughout the day, after 10 hours the battery only dropped by about 10%. Of couse, it inherited all the advantages and strengths of Android system, which I love so much!
Bonus feature:
The built-in USB port is very useful! I can plug my USB thumb drive on it, connect a USB network card (for wired network), and even a USB mouse!!
The microSD (or T-flash) card slot is very useful, I have a 16GB UHS-1 microSD card inserted with my music, videos, and other big files...
The "Home" button is handy!
Important Tips for those looking for a Android Tablet:- Look for a tablet with physical Home, Menu, ESC and power buttons
- Look for one with USB port and card slot
- For security concern, you may want to create a new Google account just for your tablet
- If ever possible, always download and install apps from Android Market, which is actively monitored by Googles; downloading apps from third party sites should be avoided
- If not needed, turn off your wifi card
- When installing apps, carefully read the rights you will allow the apps' vendor. For exapmle, if an apps needs full access to the network, you need to think seriously if you can trust the vendor
- If ever possible, I'll only install apps without ads
Monday, January 17, 2011
Virus and Unable to Show Hidden Files
If you find your computer unable to show hidden files, the chance is that your computer is already being hijacked by a trojan! Even you try to configure your Explorer to show hidden and protected files, the settings simply not being saved.
SOLUTION - Check these registry keys:
Now is the time to proceed to full scan your computer for viruses!!
SOLUTION - Check these registry keys:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN - make sure the values for "CheckedValue" and "DefaultValue" should be 2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL - make sure the values for "CheckedValue" should be equal to 1 and "DefaultValue" should be equal to 2
Now is the time to proceed to full scan your computer for viruses!!
Saturday, January 1, 2011
Skype being banned in China
In these couple of days many were discussing the sudden news that Skype is being banned in China. The news started on Dec 30, 2010 and quickly spread, becoming a heat topic of discussion.
The actual impact is not yet known. However, for sure under the "one country two system" policy, Hong Kong and Macao should not be affected. But, communication with friends or relatives in China will probably soon experience interruptions of Skype service. Interestingly, a few days ago Skype users had already experienced interruptions, as some "supernode" "technical problems" had caused Skype service temporary down. I believe that the incident is actually related to the China Government's new law.
From the legal point of view, China has made it illegal to use Skype in the country. This certainly restricts the growth of Skype business in China. The rationale is obviously - to protect the huge and fast growing VOIP market in China. In comparison, Skype can be 10 times cheaper than the other local telecom providers.
Technically, it may be difficult to shut down Skype completely in China, especially the Skype PC to PC calls. Even China can do it, there are still other options and people are always able to find ways to work around. Still, there are much inconvenience as nowadays people and business depend so much on Skype commmunications.
Let's keep an eye on the future development. Too bad!!
The actual impact is not yet known. However, for sure under the "one country two system" policy, Hong Kong and Macao should not be affected. But, communication with friends or relatives in China will probably soon experience interruptions of Skype service. Interestingly, a few days ago Skype users had already experienced interruptions, as some "supernode" "technical problems" had caused Skype service temporary down. I believe that the incident is actually related to the China Government's new law.
From the legal point of view, China has made it illegal to use Skype in the country. This certainly restricts the growth of Skype business in China. The rationale is obviously - to protect the huge and fast growing VOIP market in China. In comparison, Skype can be 10 times cheaper than the other local telecom providers.
Technically, it may be difficult to shut down Skype completely in China, especially the Skype PC to PC calls. Even China can do it, there are still other options and people are always able to find ways to work around. Still, there are much inconvenience as nowadays people and business depend so much on Skype commmunications.
Let's keep an eye on the future development. Too bad!!
Friday, December 24, 2010
Hong Kong MTR Advertisement – Windows Blue Screen!
I wonder if there'll be compensation to sponsors. Besides, it reflects the technology behind or the attitude of Hong Kong MTR, which worries many and surely damaging the corporate's public image.
In fact, it's not just Hong Kong MTR alone, but often happened in other outdoors huge LCD/Plasma TV advs. Some are even being hacked or infected by virus! What a BIG advertisement, friend!
Having a brilliant video adv of course is important, yet a stable display software/hardware platform is essential too. Windows XP is surely not a good platform for such application. Some kind of backup system should always exist as well.
*Fact from HK MTR:
Mega 103” TV Network covers trackside and concourse area at a total of 48 MTR stations through 105 units of 103” HD Plasma TV and 51 HD LCD TV with optimal coverage of mass audiences.
Mega 103” TV Network covers trackside and concourse area at a total of 48 MTR stations through 105 units of 103” HD Plasma TV and 51 HD LCD TV with optimal coverage of mass audiences.
Wednesday, December 15, 2010
No Firewall in Trend Micro Titanium?!
To many long time users of Trend Micro Internet Security, the missing of a firewall in their latest Titanium series is totally unacceptable. However, I do admire their courage to take this move.
Over the years, I'm feeling that Internet security software has been running into a dead end, drawing more and more system resources; downloading larger and larger update files … this situation is just getting worse and worse.
In places such as China, where the Internet bandwidth is low, users may not be able to get updates to their antivirus software.
With Windows Vista and 7, the built-in firewall is indeed strong enough even for serious users. Titanium will take advantage of this and gives users a cloud-based light weight security solution. I won't say it's a downgrade but just a brave move to face the challenging reality, which I believe many other software vendors will follow suit – it's just a matter of time!
To read more:
Saturday, December 11, 2010
Comodo
A friend called me today for some advice because her computer behaves strangely after switching to an antivirus software called “c.o.m.xxx”, even can't spell the name properly. After doing some research, it is actually “comodo”, which is a free antivirus based in US and UK.
It's my first time to hear this name, what a shame! Yet, what my friend experienced confirmed the truthfulness of the comments from PC Magazine, which says “...Sandbox technology can prevent valid programs from installing or running correctly...” -
It is not uncommon to see some antivirus software go a bit too “aggressive” and “sensitive”, in this case “comodo” seems to fall into the category. However, I'm not saying that then we shouldn't use “comodo”. The fact is that, even for paid software like Norton and Trend Micro, all have the same problem. It's always a challenge to balance between security and practicality. You can have a very very very secure system, but nothing else could run on it, do you want it?
My opinion is to be reasonable, and realize that “human factor” is always the weakest factor. Awareness of security threat is the single major factor that determines your level of security. Of course, a security software is a must and it does help, yet even the most secured system in the world can be breached by someone who is lacking awareness of the threat.
If you are not satisfied with one antivirus software, there is always another software vendor happy to offer you an alternative free version if you don't mind spending the time uninstalling and installing.
TIPS - How to Setup your wireless router security
Wireless Internet are so common today that many will setup their own wireless network at home. But, how secure is your wireless network? Wireless router or access point must be properly set. The followings are some items you indefinitely should check.
SSID – By default, many routers have the SSID the brand name or model number of the router. Change it to give no hint of neither the brand nor the model. For example, “home-wifi”. Some attacks are targeting certain weaknesses of a particular brand or model of router.
Hide or Show the SSID – hiding your SSID gives you another layer of protection as the presence of your wireless network is not obvious. However, users will find it not so convenient to use. Broadcasting your SSID is fine as long as the wireless security settings are correct.
Encryption – a must! Do not use WEP, which is very easy to break. If possible use WPA2 with TKIP or AES (probably called WPA2 Personal on your router), or WPA if WPA2 is not available. The share key or “password” should be strong enough, e.g. 12 characters or more with combination of upper and lower case and numbers. Avoid using dictionary words.
Firmware – every router or access point will have its firmware, a piece of software burned on the hardware to make it runs. Like any other software, firmware can have bugs and so security loopholes. Download the latest firmware of your router or access point, and apply to your device. Check the user guide or visit the router's website for details of how to upgrade the firmware.
MAC filtering (optional) – it seems to be useful; however, in real life I find it very troublesome to set as I have different wireless devices from time to time. Just leave it disabled!
Remote Management – if you will use the remote management function of your router, remember to set a strong password. If possible, use “https” access, which makes your settings invisible to others when you're setting them remotely.
Cloud based Internet Security
All Internet users are going to experience a new age of Internet security – “cloud”. Some may feel like “cloud” or confused of what it means “cloud”.
For many years, antivirus vendors have based their products on a “pattern-based” model. That is, your computer downloads patterns from the software vendor server, stores on users' own hard drives for detecting against security threats. However, with the new “cloud-based” technology, no such pattern files will be downloaded. Instead, users connect directly to the so called “cloud” to check against security threats.
The advantages are obvious:
· Light-weight client software – internet security software can take much lesser computer resources. As a result, user computer is not being slowed down.
· Shorten the window period – from the time a security threat is detected, a pattern released and being downloaded by user; it's always a time race. There exists a window period, in which the security threat is spreading when the pattern is not yet available to users. With “cloud”, this window time is much shorter.
· Improved detection – in the past, the efficiency of the detection depends much on how well the antivirus software vendor did in formulating the pattern files. Cloud-based technology used shared user knowledge, of course together with the feeds from the software vendor. As a result, the detection engine reflects more closely to the real-world situation.
So, it sounds like “cloud” is perfect … the fact: not really. There are disadvantages:
· Availability of the “Cloud” - if your Internet connection quality is poor or not stable, cloud-based may not be a good idea. If the cloud is not accessible, such as a temporary disconnection from the Internet, protection amounts to nothing! A scenario - you are not connected to the Internet and you plug a USB thumb drive with virus to your computer = disaster!!
· Quality of the “Cloud” - efficiency of detection depends much on the size of the cloud community. Of course, the larger the cloud community population (i.e. the number of users connecting and sharing information on the same cloud), the better will be the protection. Sadly, in many cases, the community population is not known – especially to those commercial vendors … and for good reasons, the figures are “commercial secrets”, which most commercial companies will not like to disclose. Also, the quality of cloud users affect too. If many of these cloud users are actually client software installed on email gateways, servers, you have a quality cloud!
· Geographical Factor – although it also affects the traditional pattern-based protection, it seems “cloud-based” is more sensitive to user locations. For example, if most of the cloud users are living in Europe, your cloud-based protection will be more “European” and less effective in Asia, such as in China or Korea.
· Slowness in installing new software – the presence of cloud-based detection is obvious when you're installing software to your computer. When your cloud-based security software keep checking every application and library files you're installing against the cloud, the installation process drags... sometimes, painfully slow.
Don't get me wrong, I'm not discouraging you to use “cloud-based” technology. In fact, I've been using it for months. And it's obvious that cloud-based will continue to be the trend. But, a more realistic view of “cloud” may help you better assess the situation.
Recently, many security vendors are joining the race, offering FREE cloud-based security solutions. The happiest are the users. But, have you ever wondered why “free”? Of course, market share is an issue. On technical side, a “cloud-based” without a sizable cloud will make the cloud useless! No wonder it must be free to get people in!
Want to give cloud-based a try?
Some “cloud-based” solutions like “clamav” allows you to install it on a computer with another antivirus software. So, you may install “clamav” on a computer with AVG. This approach gives you another layer of protection. The down side, of course, it further slows down your computer a little bit.
Other well known vendors like Panda and Trend Micro (China) also have free or 1-year free trial available. There is nothing to lose with another good layer of Internet protection, which is definitely a must in today's cyber world.
Subscribe to:
Posts (Atom)