There have been a couple incidents recently where anti virus software has crippled some Windows systems. Notably (notoriously?) BitDefender and McAfee :eek:

Can Windows "system restore points" be useful to ease recovery from such? Or is this impractical because most AV product update too automatically and too frequently?

Would cloud based AV or reputation based AV reduce this problem?

Are the bad guys gaining ground so fast that some AV mfg's trip over themselves trying to keep up?

Me is too tired right now to ponder this :(

There have been a couple incidents recently where anti virus software has crippled some Windows systems. Notably (notoriously?) BitDefender and McAfee :eek:
...

Would cloud based AV or reputation [similar to whitelisting] based AV reduce this problem?
...
McAfee is doing more than apologizing. The company is taking steps to prevent the mistake from happening again. Specifically, the company is implementing additional QA protocols for any releases that directly impact critical system files. McAfee also plans to add capabilities to its cloud-based Artemis system that will provide an additional level of protection against false positives by leveraging an expansive whitelist of critical system files.
http://news.yahoo.com/s/nf/20100423/bs_nf/72944
I have no idea if the said 'Artemis' is available to home/consumer customers?

I am not a security pro or even amateur but I have seen security experts claim that eventually whitelisting will have to be the main solution.
Of course, even with whitelisting there could still be SNAFU's in future like this one with McAfee.

I don't think cloud based stuff is all that much better David and is too dependent on the 'net.

I don't think cloud based stuff is all that much better David and is too dependent on the 'net.I think there's a difference when you talk about cloud based AV and "in the cloud" in general.

FWIW, Panda Cloud AV seemed to come out on top in one review of free AV, in catching more malware. YMMV.

Also, FWIW, if you think about it a minute, whitelisting has to be based on some algorithm for some kind of voting, possibly or probably with some supplemental mechanism for actual biological living humans to claim things are false positives. Therefore IF there is voting, then by necessity there must be SOME kind of network (probably not telepathic or word of mouth [sorry for the silly aside]). Therefore IF the voting depends on a network, one may wish to call it 'cloud based', IMO. Actually I suppose there might not be a sharp distinction between whitelisting and reputation based AV. I suppose also that a particular company could set up a strict whitelist. But that approach might only be suitable to companies that do not need to use a wide range of program. Science, tech, engineering, & research companies may need to use a wider range of specialty software?

I have used Panda Cloud AV and it does seem to slow down the machine less than AVG (very limited sample size, 1 cloud, 1 not cloud :( ). I don't know how it works under the hood. But I'm guessing that it doesn't rescan everything all the time AND doesn't poll the net all the time. So there must be some kind of load balancing algorithm, load damping algorithm, etc. , if you will. I apologize for my vague and probably inexact terminology.