Any American made AV's out there?

T wrote:
Hi All,

I have a customer that is a government contractor. The "Gov'
is really frowning on non-American made Anti Virus products
begin uses at the customer's site -- especially Kaspersky.

Who are the American made AV's?

I know about PC-Matic, but they are not tested by Av-comparatives

https://www.av-comparatives.org/test...eptember-2018/


meaning they are flaky.

-T

https://en.wikipedia.org/wiki/Comodo_Group

"The company was founded in 1998 in the United Kingdom
by Melih AbdulhayoÄŸlu. The company relocated to the
United States in 2004.

Comodo Security Solutions, Inc: Based in Clifton, NJ, develops
security software for commercial and consumer use.
"

https://en.wikipedia.org/wiki/Comodo_Internet_Security

https://www.newsweek.com/best-antivi...ecurity-565710

"Comodo Internet Security has come a long way since V6.x,
and such tricks are obsolete."

HTH,
Paul

On 11/4/18 5:16 PM, Paul wrote:
T wrote:
Hi All,

I have a customer that is a government contractor.Â* The "Gov'
is really frowning on non-American made Anti Virus products
begin uses at the customer's site -- especially Kaspersky.

Who are the American made AV's?

I know about PC-Matic, but they are not tested by Av-comparatives

https://www.av-comparatives.org/test...eptember-2018/


meaning they are flaky.

-T

https://en.wikipedia.org/wiki/Comodo_Group

Â*Â* "The company was founded in 1998 in the United Kingdom
Â*Â*Â* by Melih AbdulhayoÄŸlu. The company relocated to the
Â*Â*Â* United States in 2004.

Â*Â*Â* Comodo Security Solutions, Inc: Based in Clifton, NJ, develops
Â*Â*Â* security software for commercial and consumer use.
Â*Â* "

https://en.wikipedia.org/wiki/Comodo_Internet_Security

https://www.newsweek.com/best-antivi...ecurity-565710


Â*Â*Â* "Comodo Internet Security has come a long way since V6.x,
Â*Â*Â*Â* and such tricks are obsolete."

HTH,
Â*Â*Â* Paul

I am not finding them on av-comparatives. Rats!

T wrote:
Hi All,

I have a customer that is a government contractor. The "Gov'
is really frowning on non-American made Anti Virus products
begin uses at the customer's site -- especially Kaspersky.

Who are the American made AV's?

I know about PC-Matic, but they are not tested by Av-comparatives

https://www.av-comparatives.org/test...eptember-2018/

meaning they are flaky.

-T

Maybe they would be ok with an ally?
Sophos is incorporated in England and Wales.
My employer has used it for about 5 years on thousands of comps.
It seems to work well.
However, the actual software is probably developed in Hyderabad along
with every other software developer.

On 11/4/18 5:47 PM, Paul in Houston TX wrote:
T wrote:
Hi All,

I have a customer that is a government contractor.Â* The "Gov'
is really frowning on non-American made Anti Virus products
begin uses at the customer's site -- especially Kaspersky.

Who are the American made AV's?

I know about PC-Matic, but they are not tested by Av-comparatives

https://www.av-comparatives.org/test...eptember-2018/


meaning they are flaky.

-T

Maybe they would be ok with an ally?
Sophos is incorporated in England and Wales.
My employer has used it for about 5 years on thousands of comps.
It seems to work well.
However, the actual software is probably developed in Hyderabad along
with every other software developer.

Allies would be perfect.

To be frank, I can't see why they are picking on Kaspersky. There are
ways to tell if you are being spied on and it would be pretty stupid
of Kaspersky to go along with it as its discovery would put them
out of business

Also the Chinese are involved in a cyber war with us at the
moment and the gov does not whine about the Chinese.

I do not see Sophos on Av-Comparatives. Rats! :'(

On Sun, 4 Nov 2018 16:30:40 -0600, VanguardLH wrote:

Is this contractor taking his own personal PC to his gov't employer to
connect to the corporate network? That in itself is a security breach
unless the gov't IT folks are restricting this contractor to connecting
only to a specific subnet that is protected (aka war zone or DMZ). No
matter what AV the contractor uses, a corporate network should not be
trusting any outsiders to get at the whole corporate network. Host not
*in* the network should not be trusted. However, that also means the
contactor may not be able to reach the hosts where he needs to work.
For a gov't employer to know what is the host that comes outside to hook
into their network, they should be providing their own laptop and using
software auditing of clients to ensure none have any software not
authorized in a sysprep image.

Over the last 6 years, about 80-90 of my work contracts have been with
government entities, (pretty evenly distributed across city, county,
state, and federal), and every single one of those contracts specifies
that the gov't will supply a laptop or desktop as my workstation. It's
in every contract because it's our boilerplate language, to which they
agree when they sign off. All good so far, except that exactly zero
times has that actually happened. During the pre-engagement call, I ask
about it and they tell me to use my own, which happens to be my personal
laptop, not a company-provided unit. And yes, they give me full access
to everything in their datacenter.

While I completely agree with what you're saying above regarding how
things should be, I'm here to say that so far it has never once worked
out that way. In talking with my colleagues, their experience is the
same.

If the contractor is working from home using his own PC, the employer
should be requiring the use a limited secured VPN (uses tokens that
allow the VPN to only hook into the corporate network and nowhere else)
that only gets the contractor into a DMZ subnet at work.

These days, 90% of my work is from home and so far only one company has
required the use of a VPN, and in that case a) it wasn't a gov't agency
and b) once I was on their VPN I had access to everything, as if I was
inside their datacenter. With remote work, we use Skype for Business to
set up the conference, then they give me full control of their PC, which
of course has full access to everything in their datacenter. About half
the time, they walk away and let me work, only checking in if I ping
them with a question or when I let them know that I'm done. Government
security, just like corporate security, is mostly an illusion.

Char Jackson wrote:

On Sun, 4 Nov 2018 16:30:40 -0600, VanguardLH wrote:

Is this contractor taking his own personal PC to his gov't employer to
connect to the corporate network? That in itself is a security breach
unless the gov't IT folks are restricting this contractor to connecting
only to a specific subnet that is protected (aka war zone or DMZ). No
matter what AV the contractor uses, a corporate network should not be
trusting any outsiders to get at the whole corporate network. Host not
*in* the network should not be trusted. However, that also means the
contactor may not be able to reach the hosts where he needs to work.
For a gov't employer to know what is the host that comes outside to hook
into their network, they should be providing their own laptop and using
software auditing of clients to ensure none have any software not
authorized in a sysprep image.

Over the last 6 years, about 80-90 of my work contracts have been with
government entities, (pretty evenly distributed across city, county,
state, and federal), and every single one of those contracts specifies
that the gov't will supply a laptop or desktop as my workstation. It's
in every contract because it's our boilerplate language, to which they
agree when they sign off. All good so far, except that exactly zero
times has that actually happened. During the pre-engagement call, I ask
about it and they tell me to use my own, which happens to be my personal
laptop, not a company-provided unit. And yes, they give me full access
to everything in their datacenter.

While I completely agree with what you're saying above regarding how
things should be, I'm here to say that so far it has never once worked
out that way. In talking with my colleagues, their experience is the
same.

If the contractor is working from home using his own PC, the employer
should be requiring the use a limited secured VPN (uses tokens that
allow the VPN to only hook into the corporate network and nowhere else)
that only gets the contractor into a DMZ subnet at work.

These days, 90% of my work is from home and so far only one company has
required the use of a VPN, and in that case a) it wasn't a gov't agency
and b) once I was on their VPN I had access to everything, as if I was
inside their datacenter. With remote work, we use Skype for Business to
set up the conference, then they give me full control of their PC, which
of course has full access to everything in their datacenter. About half
the time, they walk away and let me work, only checking in if I ping
them with a question or when I let them know that I'm done. Government
security, just like corporate security, is mostly an illusion.

Then I don't see how T can tell his customer per your experience that
any specific AV software must be employed by T's customer. If T's
contractor is using his own PC and it is being used for work, a separate
"work" PC should be assigned that duty. If any employer demands a
specific suite of software on a contractor's personal PC, sure, reimage
to the base backup and put on whatever the employer demanded.

On Sun, 4 Nov 2018 22:00:25 -0600, VanguardLH wrote:

Char Jackson wrote:

On Sun, 4 Nov 2018 16:30:40 -0600, VanguardLH wrote:

Is this contractor taking his own personal PC to his gov't employer to
connect to the corporate network? That in itself is a security breach
unless the gov't IT folks are restricting this contractor to connecting
only to a specific subnet that is protected (aka war zone or DMZ). No
matter what AV the contractor uses, a corporate network should not be
trusting any outsiders to get at the whole corporate network. Host not
*in* the network should not be trusted. However, that also means the
contactor may not be able to reach the hosts where he needs to work.
For a gov't employer to know what is the host that comes outside to hook
into their network, they should be providing their own laptop and using
software auditing of clients to ensure none have any software not
authorized in a sysprep image.

Over the last 6 years, about 80-90 of my work contracts have been with
government entities, (pretty evenly distributed across city, county,
state, and federal), and every single one of those contracts specifies
that the gov't will supply a laptop or desktop as my workstation. It's
in every contract because it's our boilerplate language, to which they
agree when they sign off. All good so far, except that exactly zero
times has that actually happened. During the pre-engagement call, I ask
about it and they tell me to use my own, which happens to be my personal
laptop, not a company-provided unit. And yes, they give me full access
to everything in their datacenter.

While I completely agree with what you're saying above regarding how
things should be, I'm here to say that so far it has never once worked
out that way. In talking with my colleagues, their experience is the
same.

If the contractor is working from home using his own PC, the employer
should be requiring the use a limited secured VPN (uses tokens that
allow the VPN to only hook into the corporate network and nowhere else)
that only gets the contractor into a DMZ subnet at work.

These days, 90% of my work is from home and so far only one company has
required the use of a VPN, and in that case a) it wasn't a gov't agency
and b) once I was on their VPN I had access to everything, as if I was
inside their datacenter. With remote work, we use Skype for Business to
set up the conference, then they give me full control of their PC, which
of course has full access to everything in their datacenter. About half
the time, they walk away and let me work, only checking in if I ping
them with a question or when I let them know that I'm done. Government
security, just like corporate security, is mostly an illusion.

Then I don't see how T can tell his customer per your experience that
any specific AV software must be employed by T's customer. If T's
contractor is using his own PC and it is being used for work, a separate
"work" PC should be assigned that duty. If any employer demands a
specific suite of software on a contractor's personal PC, sure, reimage
to the base backup and put on whatever the employer demanded.

I can't speak for him and whoever his customer might be. I was only
relating my own experience.

T wrote:

On 11/4/18 3:33 PM, VanguardLH wrote:
T wrote:

On 11/4/18 2:30 PM, VanguardLH wrote:
T wrote:

I have a customer that is a government contractor. The "Gov'
is really frowning on non-American made Anti Virus products
begin uses at the customer's site -- especially Kaspersky.

Who are the American made AV's?

I haven't checked, especially since AV companies are distributed
worldwide for a very long time now (dev could be anywhere), but probably
Norton or Fortinet would be a safe bet for your customer (which must be
some employee looking at personal solutions for a company loaner they
use at home since obviously a user can use anything they want at home
for their own non-company PC). Just because they list corporate HQ in
the USA doesn't mean all of their product is developed and produced
entirely within the USA. There's "based in the USA" and then there's
"made in the USA". Same for "where is it made" versus "where is it
sold." The USA has become a 3rd-world manufacturer. Used to be the USA
imported the raw materials and made the products here. Now trade has
reversed and the USA is shipping out the raw materials for products to
be manufactured elsewhere hence our huge and growing trade deficit.
Plus if the concern is Russian- or China-made, what about all the other
countries where an AV author may be headquartered? Avast started out
Czech but has become worldwide. The Czech Republic is a member of the
European Union. It is not Russia.

Is this contractor taking his own personal PC to his gov't employer to
connect to the corporate network? That in itself is a security breach
unless the gov't IT folks are restricting this contractor to connecting
only to a specific subnet that is protected (aka war zone or DMZ). No
matter what AV the contractor uses, a corporate network should not be
trusting any outsiders to get at the whole corporate network. Host not
*in* the network should not be trusted. However, that also means the
contactor may not be able to reach the hosts where he needs to work.
For a gov't employer to know what is the host that comes outside to hook
into their network, they should be providing their own laptop and using
software auditing of clients to ensure none have any software not
authorized in a sysprep image.

If the contractor is working from home using his own PC, the employer
should be requiring the use a limited secured VPN (uses tokens that
allow the VPN to only hook into the corporate network and nowhere else)
that only gets the contractor into a DMZ subnet at work.

If the network access requires workstation auditing, what else might
this contractor have the employer may ban? Like chat clients, game
servers, or other iff web clients that have nothing to do with work?
The contractor should have one PC for his own personal use and a
separate PC (perhaps a loaner from the employer) for work use. He
doesn't get to "play" on the work PC.

Unless you get a branded AV (Norton, McAfee, Avast, Avira, etc), you
don't know what AV engine the 3rd-tier market is using. The could, for
example, be using ClamAV which sucks for detections and disinfection.
PC-Matic certainly sounds like one of those iffy brands that uses
someone else's engine under royalties or contract. They (PC Pitstop)
certainly don't seem to have the wherewithal to have the labs, dev,
engineers, and other resources to produce a top-level AV product, so
they're riding on someone else's coattails -- but whose? You can't even
visit its parent's home site (pcpitstop.com) without allowing several
off-domain scripts and resources. I gave up trying to get their web
pages to render after having to allow many off-domain resources. I
would never trust software that is "as seen on TV".

https://www.riskbasedsecurity.com/re...03-02-2016.pdf
"PC Matic also relies on a threat engine where somedevelopment and
research potentially may occur outside the USA."
Then read section 6.3, which includes the comments:

- PC Matic is a suite of utilities where some definitely were not
developedinternally at PC Pitstop. Furthermore, some of them were not
developed in the USA.
- the ad-blocking capability is a rebranded version of uBlock.
- The threat engine is VIPRE. This was developed by Sunbelt Software,
which was later acquiredby GFI Software. Eventually, VIPRE spun off as
ThreatTrack, which has two offices in USA, butalso offices in Spain,
Philippines, and Australia25. This means that ThreatTrack may have
somedevelopment and threat research in countries outside USA e.g.
Philippines, which specifically isa country that PC Pitstop criticizes
their competition for outsourcing R&D.

So this is a front-end product using technology from other sources.
They lie. Oh, what code THEY write might be devs located in the USA but
many parts of their /product/ are produced elsewhere. That's not really
atypical of software development. You'll be hardpressed to find any
consumer or enterprise software that is distributed worldwide being
wholly written by USA devs located in the USA.

Maybe this "contractor" should be using whatever his employer requests
or demands. Build a simple image (basic stuff only, no 3rd party
software) to save and install whatever the employer wants on the work
PC. In the next job, restore to the basic image and use whatever the
next employer wants. If they require specialty VPNs or other software,
restoring to a base image eliminates having to uninstall and perform
remnant registry and file cleanup for reuse of the work PC for the next
employer.


pc matic won't submit their stuff to av-comparatives, meaning they
know it is s***.

I already told you what AV engine that PC-Matic uses. Guess you
couldn't be bothered to read all of my reply.

Same with Norton

Both Symantec and Vipre (the engine used by PC-Matic) *are* included at
av-comparatives.org. So is Tencent (Chineseware) and Kaspersky
(Russianware). av-comparatives.org tests on engines, not who happens to
use/borrow/contract what other scan engines.

https://www.av-comparatives.org/test...st-april-2018/

So what's going to be your next bigot remark?


I am not a bigot, but you are an ass hole for calling me one.

Also, you are a WORD WALL and use 1000 words where 10 will do
and as such are very difficult to comprehend. So do no
get on my case for not following your lengthy missives.

I wasn't the one making claims without first LOOKING! You're the lazy
one. You can't bother to read. Can't bother to do much research,
either. You expect all responses to treat you like a boob with a very
short attention span?

You claim Symantec isn't included in av-comparitives.org. You didn't
look. You didn't want to look. You were bigoted against Symantec and
proof would counter your discrimination.

You claim PC-Matic isn't included at av-comparatives.org. I told you
that AV uses Vipre. You were too lazy to read that. This community
helps you for free to do what you won't do for yourself, and then you
charge your customers for expertise you never had nor yet possess.
Research isn't a bad thing to gain the expertise but you are averse to
doing much. You are averse to reading my 874-word reply. Most
information you read to self-educate yourself will be a lot longer.
Even a Dummies book is longer. Cliff Notes are longer. The blurbs on
the inside front and back flaps of a book cover are likely longer.

I could've said you were overtly biased or you discriminate but those
are just synonyms for bigotry. Good luck finding any enterprise-grade
or even consumer-grade anti-virus program that is wholly USA/American
made yet distributed worldwide. The world went international while you
were sleeping.

Without qualification, "American" means wholly American. You didn't say
the scan engine had to be developed solely by Americans but other
components of the product could be developed elsewhere. You didn't say
an American-headquartered developer using programmers in India didn't
qualify as American. You're biased against Russian- and Chinese-ware
and yet it's the USA gov't and software authors that have, so far,
proven the biggest spies on their citizens and customers.

If the code is closed, how do you know what back doors or deliberate
vulnerabilities there are in that Americanware? Clam AV (Cisco) is open
source but it's a limp AV. Are YOU going to perform a code audit? Who
has? Is Cisco wholly American? Is ClamAV's code wholly American?

https://github.com/Cisco-Talos/clama...s/contributors

Can you tell what nationality (by citizenship and geolocation) or
political affiliation is each contributor?

PC-Matic is one of those products that rolls together various tools.
Such tools are rarely best of breed but eliminates you from having to
roll your own suite. It's like those other bundled tools with a
frontend that brings together multiple functions but each alone isn't
the top tool. If using just your example of av-comparatives.org for AV
testing, Vipre seems a decent AV - but it is only part of the entire
PC-Matic product. Vipre was from Sunbelt, then to GFI, and now owned by
j2 Global. Since j2 operates messaging services in 50 countries in 6
continents, perhaps they wouldn't qualify as wholly American to you.

American-made doesn't mean what you would like it to mean. You can't
even buy an American-made car that is wholly American made, only
partially American-made and often just American-assembled.

https://www.forbes.com/sites/jennife.../#70e0a28f2f75

I'd have to pop open the ECU inside a Jeep to see the markings on the
PCB to see where it was actually made. Probably China or Japan. Even
if somehow USA-made, there are still parts in the car that weren't mined
or harvested with raw materials in the USA, formed into more complex
objects by USA manufacturers, and assembled into component-level
assemblies in USA plants. The phenolic connectors, PCB, chips, caps,
resistors, and most everything else inside the ECU came from a non-USA
manufacturer. Some ECUs for the Jeep Cherokee are made by Bendix who is
a French manufacturer, but where did they get all the parts to build it?

You think all those K-cups (a $30/pound fad for boobs incapable of
organizing their morning routine to brew coffee) are made by Keurig in
Vermont (who claims to be a North American company but that means
anywhere between Panama to the Artic Ocean)? Coffee companies with
plastic extrusion machines or that buy the K-cups can package their own
product. There's even a K-cup manufacturer in Shanghai. They're
everywhere.

The same international sourcing model applies to software, too. "Made
in country" is misleading. "Made mostly in country" would more
often be correct as would "xx% made in country" and "Assembled in
country".

What qualifies "Made in America" to be spy-free or whatever artifact
you're trying to avoid? The open-source AVs suck. The closed-source
AVs are what the vast majority use. If it isn't the USA gov't doing the
spying or tracking, it could be the AV author itself. Frankly I
consider USA spying and tracking to be of minimal concern compared to
all the commercial (non-gov't) spying and tracking.

T wrote:

On 11/4/18 5:16 PM, Paul wrote:
T wrote:
Hi All,

I have a customer that is a government contractor.* The "Gov'
is really frowning on non-American made Anti Virus products
begin uses at the customer's site -- especially Kaspersky.

Who are the American made AV's?

I know about PC-Matic, but they are not tested by Av-comparatives

https://www.av-comparatives.org/test...eptember-2018/


meaning they are flaky.

-T

https://en.wikipedia.org/wiki/Comodo_Group

** "The company was founded in 1998 in the United Kingdom
*** by Melih Abdulhayo»lu. The company relocated to the
*** United States in 2004.

*** Comodo Security Solutions, Inc: Based in Clifton, NJ, develops
*** security software for commercial and consumer use.
** "

https://en.wikipedia.org/wiki/Comodo_Internet_Security

https://www.newsweek.com/best-antivi...ecurity-565710

*** "Comodo Internet Security has come a long way since V6.x,
**** and such tricks are obsolete."

HTH,
*** Paul

I am not finding them on av-comparatives. Rats!

Comodo does not have an effective anti-virus product. Comodo Anti-Virus
(CAV) started on its own but had very poor detection coverage. Comodo
was starting from scratch and apparently had no familial ties with other
AV authors to acquire their databases, so Comodo was getting samples
submitted by the users, and that's a slow and ineffective process.
CAV's heuristics sucked (can't remember that far back if they had any).

They kept CAV in beta status to deliberately keep it out of the AV test
sites. If any tested CAV and condemned it, Comodo would claim that it
was a beta product. They kept it beta for over 3 years. Instead of
releasing it on its own, they merged it into their Comodo Firewall (CFW)
product which has its own HIPS (Host Intrusion Protection System). That
HIPS was very good. Instead of rolling their HIPS into CAV, so CAV
could stand on its own, they lopped off CAV's poor HIPS, incorporated
CAV into CFW, and relied on CFW's HIPS function.

av-comparatives.org sees CAV as a non-existent product. It was never
out of beta status. It is barely passable as an AV but only by relying
on another product's HIPS (in CFW). av-comparatives.org is not a
firewall testing organization, just anti-virus testing. Since Comodo
muddied CAV by melding and relying on HIPS in CFW, CAV cannot be tested
on its own. CAV cannot be tested by itself without reverted to an old
beta version. I suppose av-comparatives.org could disable HIPS (called
Defense+) in CFW along with all firewall functions to cripple the
produce down to just CAV being left active; however, as I recall,
av-comparatives.org, like most AV test sites, simply test an AV program
in its default or install-time configuration.

Not all AV test sites are as restrictive. AV-Test includes CFW (with
its integrated CAV). However, AV-Test runs something of a ransom to
perform testing: the AV author must pay AV-Test to get tested. Pretty
much kills any wholly freeware AV that has no commercial revenue stream
to afford the testing costs. Comodo is willing to pay to get listed.
They need exposure somewhere.

https://www.av-test.org/en/contact/t...nd-conditions/
(see section 6 & 7)

Oh, by the way, PC Pitstop decided to pay to get their PC-Matic product
listed, so you can see what AV-Test thought of the not-wholly-American-
except-for-Vipre-engine product.

T wrote:

To be frank, I can't see why they are picking on Kaspersky.

McCarthyism
https://www.dictionary.com/browse/mccarthyism

Guilt by association or, in this case, by location. Kasperky's
headquarters are in Moscow, so they just must be in cohoots with
Russia's SVR RF and FAPSI.

On 11/4/18 8:49 PM, VanguardLH wrote:
T wrote:

On 11/4/18 3:33 PM, VanguardLH wrote:
T wrote:

On 11/4/18 2:30 PM, VanguardLH wrote:
T wrote:

I have a customer that is a government contractor. The "Gov'
is really frowning on non-American made Anti Virus products
begin uses at the customer's site -- especially Kaspersky.

Who are the American made AV's?

I haven't checked, especially since AV companies are distributed
worldwide for a very long time now (dev could be anywhere), but probably
Norton or Fortinet would be a safe bet for your customer (which must be
some employee looking at personal solutions for a company loaner they
use at home since obviously a user can use anything they want at home
for their own non-company PC). Just because they list corporate HQ in
the USA doesn't mean all of their product is developed and produced
entirely within the USA. There's "based in the USA" and then there's
"made in the USA". Same for "where is it made" versus "where is it
sold." The USA has become a 3rd-world manufacturer. Used to be the USA
imported the raw materials and made the products here. Now trade has
reversed and the USA is shipping out the raw materials for products to
be manufactured elsewhere hence our huge and growing trade deficit.
Plus if the concern is Russian- or China-made, what about all the other
countries where an AV author may be headquartered? Avast started out
Czech but has become worldwide. The Czech Republic is a member of the
European Union. It is not Russia.

Is this contractor taking his own personal PC to his gov't employer to
connect to the corporate network? That in itself is a security breach
unless the gov't IT folks are restricting this contractor to connecting
only to a specific subnet that is protected (aka war zone or DMZ). No
matter what AV the contractor uses, a corporate network should not be
trusting any outsiders to get at the whole corporate network. Host not
*in* the network should not be trusted. However, that also means the
contactor may not be able to reach the hosts where he needs to work.
For a gov't employer to know what is the host that comes outside to hook
into their network, they should be providing their own laptop and using
software auditing of clients to ensure none have any software not
authorized in a sysprep image.

If the contractor is working from home using his own PC, the employer
should be requiring the use a limited secured VPN (uses tokens that
allow the VPN to only hook into the corporate network and nowhere else)
that only gets the contractor into a DMZ subnet at work.

If the network access requires workstation auditing, what else might
this contractor have the employer may ban? Like chat clients, game
servers, or other iff web clients that have nothing to do with work?
The contractor should have one PC for his own personal use and a
separate PC (perhaps a loaner from the employer) for work use. He
doesn't get to "play" on the work PC.

Unless you get a branded AV (Norton, McAfee, Avast, Avira, etc), you
don't know what AV engine the 3rd-tier market is using. The could, for
example, be using ClamAV which sucks for detections and disinfection.
PC-Matic certainly sounds like one of those iffy brands that uses
someone else's engine under royalties or contract. They (PC Pitstop)
certainly don't seem to have the wherewithal to have the labs, dev,
engineers, and other resources to produce a top-level AV product, so
they're riding on someone else's coattails -- but whose? You can't even
visit its parent's home site (pcpitstop.com) without allowing several
off-domain scripts and resources. I gave up trying to get their web
pages to render after having to allow many off-domain resources. I
would never trust software that is "as seen on TV".

https://www.riskbasedsecurity.com/re...03-02-2016.pdf
"PC Matic also relies on a threat engine where somedevelopment and
research potentially may occur outside the USA."
Then read section 6.3, which includes the comments:

- PC Matic is a suite of utilities where some definitely were not
developedinternally at PC Pitstop. Furthermore, some of them were not
developed in the USA.
- the ad-blocking capability is a rebranded version of uBlock.
- The threat engine is VIPRE. This was developed by Sunbelt Software,
which was later acquiredby GFI Software. Eventually, VIPRE spun off as
ThreatTrack, which has two offices in USA, butalso offices in Spain,
Philippines, and Australia25. This means that ThreatTrack may have
somedevelopment and threat research in countries outside USA e.g.
Philippines, which specifically isa country that PC Pitstop criticizes
their competition for outsourcing R&D.

So this is a front-end product using technology from other sources.
They lie. Oh, what code THEY write might be devs located in the USA but
many parts of their /product/ are produced elsewhere. That's not really
atypical of software development. You'll be hardpressed to find any
consumer or enterprise software that is distributed worldwide being
wholly written by USA devs located in the USA.

Maybe this "contractor" should be using whatever his employer requests
or demands. Build a simple image (basic stuff only, no 3rd party
software) to save and install whatever the employer wants on the work
PC. In the next job, restore to the basic image and use whatever the
next employer wants. If they require specialty VPNs or other software,
restoring to a base image eliminates having to uninstall and perform
remnant registry and file cleanup for reuse of the work PC for the next
employer.


pc matic won't submit their stuff to av-comparatives, meaning they
know it is s***.

I already told you what AV engine that PC-Matic uses. Guess you
couldn't be bothered to read all of my reply.

Same with Norton

Both Symantec and Vipre (the engine used by PC-Matic) *are* included at
av-comparatives.org. So is Tencent (Chineseware) and Kaspersky
(Russianware). av-comparatives.org tests on engines, not who happens to
use/borrow/contract what other scan engines.

https://www.av-comparatives.org/test...st-april-2018/

So what's going to be your next bigot remark?


I am not a bigot, but you are an ass hole for calling me one.

Also, you are a WORD WALL and use 1000 words where 10 will do
and as such are very difficult to comprehend. So do no
get on my case for not following your lengthy missives.

I wasn't the one making claims without first LOOKING! You're the lazy
one. You can't bother to read. Can't bother to do much research,
either. You expect all responses to treat you like a boob with a very
short attention span?

You claim Symantec isn't included in av-comparitives.org. You didn't
look. You didn't want to look. You were bigoted against Symantec and
proof would counter your discrimination.

You claim PC-Matic isn't included at av-comparatives.org. I told you
that AV uses Vipre. You were too lazy to read that. This community
helps you for free to do what you won't do for yourself, and then you
charge your customers for expertise you never had nor yet possess.
Research isn't a bad thing to gain the expertise but you are averse to
doing much. You are averse to reading my 874-word reply. Most
information you read to self-educate yourself will be a lot longer.
Even a Dummies book is longer. Cliff Notes are longer. The blurbs on
the inside front and back flaps of a book cover are likely longer.

I could've said you were overtly biased or you discriminate but those
are just synonyms for bigotry. Good luck finding any enterprise-grade
or even consumer-grade anti-virus program that is wholly USA/American
made yet distributed worldwide. The world went international while you
were sleeping.

Without qualification, "American" means wholly American. You didn't say
the scan engine had to be developed solely by Americans but other
components of the product could be developed elsewhere. You didn't say
an American-headquartered developer using programmers in India didn't
qualify as American. You're biased against Russian- and Chinese-ware
and yet it's the USA gov't and software authors that have, so far,
proven the biggest spies on their citizens and customers.

If the code is closed, how do you know what back doors or deliberate
vulnerabilities there are in that Americanware? Clam AV (Cisco) is open
source but it's a limp AV. Are YOU going to perform a code audit? Who
has? Is Cisco wholly American? Is ClamAV's code wholly American?

https://github.com/Cisco-Talos/clama...s/contributors

Can you tell what nationality (by citizenship and geolocation) or
political affiliation is each contributor?

PC-Matic is one of those products that rolls together various tools.
Such tools are rarely best of breed but eliminates you from having to
roll your own suite. It's like those other bundled tools with a
frontend that brings together multiple functions but each alone isn't
the top tool. If using just your example of av-comparatives.org for AV
testing, Vipre seems a decent AV - but it is only part of the entire
PC-Matic product. Vipre was from Sunbelt, then to GFI, and now owned by
j2 Global. Since j2 operates messaging services in 50 countries in 6
continents, perhaps they wouldn't qualify as wholly American to you.

American-made doesn't mean what you would like it to mean. You can't
even buy an American-made car that is wholly American made, only
partially American-made and often just American-assembled.

https://www.forbes.com/sites/jennife.../#70e0a28f2f75

I'd have to pop open the ECU inside a Jeep to see the markings on the
PCB to see where it was actually made. Probably China or Japan. Even
if somehow USA-made, there are still parts in the car that weren't mined
or harvested with raw materials in the USA, formed into more complex
objects by USA manufacturers, and assembled into component-level
assemblies in USA plants. The phenolic connectors, PCB, chips, caps,
resistors, and most everything else inside the ECU came from a non-USA
manufacturer. Some ECUs for the Jeep Cherokee are made by Bendix who is
a French manufacturer, but where did they get all the parts to build it?

You think all those K-cups (a $30/pound fad for boobs incapable of
organizing their morning routine to brew coffee) are made by Keurig in
Vermont (who claims to be a North American company but that means
anywhere between Panama to the Artic Ocean)? Coffee companies with
plastic extrusion machines or that buy the K-cups can package their own
product. There's even a K-cup manufacturer in Shanghai. They're
everywhere.

The same international sourcing model applies to software, too. "Made
in country" is misleading. "Made mostly in country" would more
often be correct as would "xx% made in country" and "Assembled in
country".

What qualifies "Made in America" to be spy-free or whatever artifact
you're trying to avoid? The open-source AVs suck. The closed-source
AVs are what the vast majority use. If it isn't the USA gov't doing the
spying or tracking, it could be the AV author itself. Frankly I
consider USA spying and tracking to be of minimal concern compared to
all the commercial (non-gov't) spying and tracking.


Good Lord. Word Wall! Prune it down by 80% and I will read it.

In article
Paul in Houston TX wrote:

T wrote:
Hi All,

I have a customer that is a government contractor. The "Gov'
is really frowning on non-American made Anti Virus products
begin uses at the customer's site -- especially Kaspersky.

Who are the American made AV's?

I know about PC-Matic, but they are not tested by Av-comparatives

https://www.av-comparatives.org/test...eptember-2018/

meaning they are flaky.

-T

Any anti-virus company that does not allow the AV comparative site to
test its product does so for a reason: The product is a p.o.s.

Never trust an AV product that isn't tested by https://www.av-
comparatives.org

Read below.


https://www.courierjournal.net/colum...tic/article_14
b1d8de-6b5a-11e8-8f6f-af33f70e83ef.html

PC Matic Scam

Jim Fisher

Posted: Tuesday, June 12, 2018 12:00 am

by the "Computer Skeptic"

You have probably heard of them. Their cringe-worthy commercials are
everywhere. Their actors are horrible. The owner reminds me of one of
those creepy head statues on Easter Island.

Perhaps “scam” is too strong a word for this horrible program but I’m
gonna stick with the term because scamming is how these people got
their start and once a scammer; always a scammer. You need to know
that they are not deserving of your dollars.

PC Matic appeared on my radar years ago as “PC Pitstop.” It was one of
many fake antivirus programs that that people were tricked into
installing on their computer. Once this software was on a computer, it
would display all sorts of horrible problems that needed to be fixed
or Bad Things would happen.

Of course there was a convenient link to purchase the software that
would “fix” the problems you didn’t have. Eventually PC Matic, much
like some mafia bosses, made enough money scamming people to “go
legit.”

So how does PCMatic actually perform compared to other antivirus
programs? Well, if you listen to their commercials, they get 100%
perfect scores. No one in my line of business would believe that claim
and you shouldn’t either. No antivirus program is perfect but there
are some objective ways to determine which ones offer the best
protection.

I visited PC Matic’s website to look at their own review of their
product. They referenced an independent comparison of various
antivirus published in PC Magazine (a reputable source) who apparently
gave them the “best” score. Skeptical of this claim, I went to the
source (a skeptic always goes to the source) and here is what they
actually said, “PC Matic scored highest in the latest test, with
94.75%, but failed overall due to many false positives.”

They FAILED! False positives are never a good thing. What that means
is that PCMatic will shutdown many innocent programs which is exactly
what I see in my shop. People with PC Matic complain of all sorts of
warnings and stuff just not working right (such as not being able to
access the internet). We remove PC Matic and, miraculously, the PC
starts running well.

My biggest problem with PC Matic is that they do keep inching up in
the ranks of independent evaluations. But they are getting there
because they started out as scammers, did more scammy things to boost
sales such as offering “registry cleaners” and “driver updates” for an
extra charge (which are worthless, by the way).

They recently stopped charging extra for those because so many of us
techie people gave them grief about it but they are still scammers at
the core and should not be rewarded for the evil they’ve done!

*****
They also keep charging your credit card.

Ripoff Report | pc pitstop Complaint Review Internet

http://tinyurl.com/yagapot9

Good luck trying to cancel your auto renew with PC pitstop- while they
use your order number and order date for thier auto renewal, they
don't send it to you when they send you the email saying they just
autorenewed on your credit card. That way, you don't have the
information you need to cancel your auto renewal. They provide no way
to get your order number (mine was from two or three years ago) or the
date of the order. then they say request a refund and you can't
request it without those two pieces of information.

Then you can search thier site for an hour trying to find anything
that allows you to contact them for a refund - once you find it, they
demand your order number and date of order- betcha don't have that so
PC Pitstop just just autorenews you again!!

While you can get most of thier services free at other sites, they
appear to make it nearly IMPOSSIBLE to cancel your auto renewal!

Jim Mount Gilead Ohio

On 11/4/18 10:54 PM, Anonymous Remailer (austria) wrote:
Any anti-virus company that does not allow the AV comparative site to
test its product does so for a reason: The product is a p.o.s.

Never trust an AV product that isn't tested byhttps://www.av-
comparatives.org

My thoughts exactly.

On 11/4/18 1:31 PM, T wrote:
Hi All,

I have a customer that is a government contractor.Â* The "Gov'
is really frowning on non-American made Anti Virus products
begin uses at the customer's site -- especially Kaspersky.

Who are the American made AV's?

I know about PC-Matic, but they are not tested by Av-comparatives

https://www.av-comparatives.org/test...eptember-2018/


meaning they are flaky.

-T

Anyone have any experience with ESET? American tech support, great
av-comparative results, and good consumer reviews.

On 11/4/18 9:26 PM, VanguardLH wrote:
T wrote:

To be frank, I can't see why they are picking on Kaspersky.

McCarthyism
https://www.dictionary.com/browse/mccarthyism

Guilt by association or, in this case, by location. Kasperky's
headquarters are in Moscow, so they just must be in cohoots with
Russia's SVR RF and FAPSI.


The thing about McCarthyism is that after the cold war ended
and the Soviet Union's archives were opened up, McCarthy
was right.

Russia is now the new boggy man for the Left. It links
in with Trump derangement syndrome.