Information and Misinformation

Courtesy of the alt.comp.virus newsgroup participants.
(These "anti-malware" pages are the result of a continuing cooperative effort.)

Anti-Virus Main Menu
Main Menu
Written by: Frederic Bonroy
(Minor contribution by: Clay)

In order to protect yourself from malicious programs, you should obtain information. The Internet is a rich source of information - the problem is that there isn't only good advice out there and at first sight bad advice isn't always recognizable.

1. The "False Authority Syndrome"

Don't believe everything. Some people talk or write about viruses as if they were an authority in this field, but in fact they are often not.

1.1 Web sites

If you search for anti-virus information on the Internet, you will find thousands of pages. Obviously, they do not all offer accurate information. It's probably not easy for a novice to distinguish correct from incorrect information. There is no real solution to this problem - but you have been warned.

Maybe the overall impression a certain web site makes on you can help you decide whether the author is trustworthy or not. For example, I wouldn't trust a page that teems with spelling errors or expletives too much. And the fact that a certain page requires you to enable JavaScript and/or Java in order to be viewed correctly does not exactly indicate that the author cares about your security.

If you have doubts about the accuracy of a piece of advice, don't follow it. If you visit the sites of anti-virus producers, you should be safe. These are particularly good:

http://www.sophos.com/virusinfo/analyses
http://vil.nai.com
http://www.viruslist.com

1.2 Computer professionals

Even someone who works with computers professionally is not necessarily qualified to deal with viruses. Being a programmer or a computer salesman definitely does not make a person a virus expert (in fact, being capable of configuring or using an anti-virus program does not make a person a virus expert either).

This of course does not mean that programmers or computer salesmen are clueless - it simply means that you shouldn't trust someone just because they happen to work with computers. You don't consult a neurologist when you have the flu, do you?

For a very interesting article on the "False Authority Syndrome" see http://www.vmyths.com/fas/fas1.cfm

1.3. Friends

Friends can be a source of misleading information. This is unfortunate because you probably tend to believe what your friends tell you without thinking about it too much. However, believing your friends is not only a matter of trust, it's also a matter of knowledge. Does your friend scan files for viruses before he opens them or sends them to someone else? Does he have any experience with viruses at all? Can he distinguish a hoax from a genuine virus warning?

1.4. You!

Don't give advice if you don't know whether it's good advice. This is important. It's laudable that you are willing to be helpful, but keep in mind that bad advice can cause more damage than a malicious program.


2. Incompetent reviews of anti-virus products

Often you will see individuals or computer magazines conduct their own antivirus review or comparison. In most cases the results of these reviews are inaccurate for several reasons:
  • The testers place too much emphasis on relatively unimportant aspects of the different products, such as the user interface, etc.
  • The testers do not use the latest version of the different products.
  • The testers use poorly configured products.
  • The testers have not verified that the "viruses" are really viruses.
  • The testers use a much too small collection of samples so the results aren't representative.
  • The testers do not clearly outline their testing methodology.
Basically, a review that consists of downloading a few alleged virus samples from some dubious Internet sites, setting scanners on those samples and counting the number of reported viruses for each scanner is worthless.

Sources of serious and competent reviews can be found on the anti-virus product page. Next time you see an anti-virus review in a computer magazine, skip it. (Don't you think it's odd that Norton Antivirus wins so often although its detection rates are somewhat below those of the better scanners?)

As a side note, you should disregard the number of viruses that a given anti-virus product proudly claims to detect. This number may help you make sure that your anti-virus product is up-to-date, but it reveals absolutely nothing about its detection rates. The numbers are also not suited for comparing different products because their respective producers probably count viruses differently.


3. Hoaxes

A hoax is generally a message that warns you of a new and terribly destructive threat and asks you to forward the warning to all your acquaintances. Hoaxes are easily recognizable by one or more of the following characteristic traits:
  • The message claims that the new virus was discovered by a big company such as AOL, IBM or Microsoft
  • The message claims that the new virus cannot be detected by virus scanners
  • The message claims that the new virus is extremely destructive
  • The message asks you to forward the message to all your acquaintances
You can safely ignore virus warnings unless you subscribe to a serious virus newsletter. AOL, IBM or Microsoft definitely do NOT send out virus warnings per email and undetectable viruses do not exist (sometimes a virus scanner can miss a virus, but no virus is really undetectable!) And please do not forward the message to anyone, no matter how genuine, accurate and honest the message sounds. If you have doubts, check here first: http://www.vmyths.com.

The only good thing about a hoax is that it indirectly warns you not to open files you receive per email.

Other helpful links are:
Email Virus Hoaxes
Sophos email notification service
Sophos hoaxes and scares page


4. Format and Fdisk

Format and Fdisk are often recommended as a radical cure for a virus infection. Format is never necessary (or really very very rarely) and can cause more damage than the virus you are trying to remove. Fdisk can be very useful and remove a virus, but you have to know exactly which virus you are dealing with, otherwise data loss can occur. An antivirus program and/or manual removal instructions will in almost all cases help you get rid of the virus easily and quickly.

Just say no to Format and Fdisk!


5. The media

Whenever there is a new virus breakout, the media often reports the event inaccurately. Whether this inaccuracy is the result of sloppiness, misunderstanding or simply to hype an event in order to increase revenue, is irrelevant.

The fact is, the "media" are not qualified to report on viruses as long as they continue to consistently report erroneously. Furthermore, they often write very foolishly about viruses, so please beware!

Click here for an article on computer magazine reviews of anti-virus scanners written by Andrew J. Lee.


6. Anti-Virus Products

You have probably seen claims such as "100% virus detection", "complete protection" on web sites, in magazines or on AV product boxes. Don't let those claims delude you, because no antivirus product detects all viruses, all of the time. As a result, no antivirus product can guarantee that you will never be infected by a virus.

It's not that antivirus products are useless, but they should not be relied upon at the expense of practicing "safe hex".

© Claymania Creations 2001 - 2010. All rights reserved.

Updated: January 22, 2002