Which of the following do you recommend for anti-virus ware?

[rubyjack]

I have the following choices to install as anti-virus ware/suite (my
NortonWorks is expiring). The price ranges from $0 to $40 to install (all
legit, I have some on hand).

Norton SystemWorks
Norton 360
MacAfee 2007
Panda 2007
Kaspersky 6.0

Your help would be appreciated,
Dan Hacker

--

-----------
Thousands of years ago cats were worshipped as gods. Cats have never
forgotten this. -- Danbury Mint
-----------

 

[RJK]

Synmantecs' Norton has for sometime has been called bloatware, and if you
don't mind the significant system-slowdown that comes with it - it's quite
good. Another Norton minus, in my view, (in previous versions of Norton at
least), is that one ends up with TWO trusted sites lists to maintain, one in
IE, and one in Norton firewall !!

For many years in the past Mcafee VERY often caused nightmares i.e. it was
often very intolerant of most of the myriad OS/software mixes it found
itself installed into. (...dunno if that's true nowadays - Mcafee was so
awful - years ago - I've never revisited it), ...having said that I've
always been grateful for their free a/v CLS.
Panda, ...same as Norton, quite good but, really slows down, (even fast),
systems.
Kaspersky, lots of people rave about it - I found it nothing but trouble -
a year or so ago I tried their internet security suite in several systems
that were clean, tidy and well maintained. Kaspersky refused to perform on
all of them i.e. caused, lock-ups, crashes ...never got on well Kaspersky at
all. ...again, ...quite good free CLS from Kaspersky though

AVG free (anti-virus only), is really good, minimal impact on system speed
and overhead, not quite as good a detection rate as NOD32 and others but,
one has to pay for NOD32 :-(
AVG anti-spyware is really good, (I pay for that), ....though Windows
Defender has to date, intercepted everything nasty heading my way before it
got anywhere near AVG anti-spyware !! ...and so many out there keep
criticizing Windows Defender !!
....Zonealarm free firewall is VERY good but, occasionally one has to fight
with it.
PrevX, mentioned (negatively) in here http://tibbar.blog.co.uk/ (made in
the UK) is quite good, it's advanced heuristics detection is quite good but,
as with ALL a/v/ a/malware software it often misses things !!
....Spybot Search and Destroy (and the Teatimer realtime scanner help - ),
....in a highly unusual fit of generousness, (is there such a word), a couple
of weeks ago, I donated £15 to Spybot S&D !!!

....I could go on and on and on but, won't !
....everybody has their own preferences
....and however good your "multi-layered" approcah to internet defences, and
despite ones best efforts in "hardening up" a PC for internet use, (which is
of course attempting the impossible by trying to strike a balance between
safety, (crippling almost everything), and {usablility which often equates
into the the owner allowing in something nasty} !

regards, Richard


"rubyjack" wrote in message
news:e0bMGX%23FIHA.6068@TK2MSFTNGP05.phx.gbl...
>I have the following choices to install as anti-virus ware/suite (my
> NortonWorks is expiring). The price ranges from $0 to $40 to install (all
> legit, I have some on hand).
>
> Norton SystemWorks
> Norton 360
> MacAfee 2007
> Panda 2007
> Kaspersky 6.0
>
> Your help would be appreciated,
> Dan Hacker
>
> --
>
> -----------
> Thousands of years ago cats were worshipped as gods. Cats have never
> forgotten this. -- Danbury Mint
> -----------
>
>

 

[Max M.Wachtel III]

"rubyjack" after much thought,came up
with this jewel in news:e0bMGX#FIHA.6068@TK2MSFTNGP05.phx.gbl:

> I have the following choices to install as anti-virus ware/suite
> (my NortonWorks is expiring). The price ranges from $0 to $40 to
> install (all legit, I have some on hand).
>
> Norton SystemWorks
> Norton 360
> MacAfee 2007
> Panda 2007
> Kaspersky 6.0
>
> Your help would be appreciated,
> Dan Hacker
>

If you are going to dump Norton,Add+Remove doesn't always work very
well. You may need to download their cleanup tool. I have heard good
things about Kaspersky. The others,I have tried and thought that they
seemed to take over ownership of my system. I like to keep things
simple. The free version of AntiVir works well for me. It has a very
good detection rate and seems light on resources.If you are going to
use a paid-version AntiVirus,NOD32 would be my choice hands down. You
should try using a more secure email client and browser(Thunderbird
and Firefox come to mind). Prevention is the key here. I have written
some pages that might be helpful(see below)
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.

 

[Virus Guy]

rubyjack wrote:

> I have the following choices

> Norton SystemWorks
> Norton 360
> MacAfee 2007
> Panda 2007
> Kaspersky 6.0

Which one is the least likely to be neutralized (de-activated) by the
Storm virus?

It's not good enough these days that an AV program detect malware.

It must be hardy enough to withstand deactivation attempts by malware.

And which of those AV programs can gain enough control to actually
delete or quarantine viral files?

 

[3Cat]

Avast is free and pretty good.
http://www.avast.com/eng/home-registration.php
AVG is also free and good comment in market. http://free.grisoft.com/doc/1

I used Norton before but expensive and not well protected, I changed to
NOD32 now (my Notebook) and Avast Home (free) for my Home Desktop.


"rubyjack" wrote in message
news:e0bMGX%23FIHA.6068@TK2MSFTNGP05.phx.gbl...
>I have the following choices to install as anti-virus ware/suite (my
> NortonWorks is expiring). The price ranges from $0 to $40 to install (all
> legit, I have some on hand).
>
> Norton SystemWorks
> Norton 360
> MacAfee 2007
> Panda 2007
> Kaspersky 6.0
>
> Your help would be appreciated,
> Dan Hacker
>
> --
>
> -----------
> Thousands of years ago cats were worshipped as gods. Cats have never
> forgotten this. -- Danbury Mint
> -----------
>
>

 

[Carey Frisch [MVP]]

Windows OneCare: http://onecare.live.com/standard/en-us/default.htm

--
Carey Frisch
Microsoft MVP
Windows Shell/User

---------------------------------------------------------------

"rubyjack" wrote in message news:e0bMGX%23FIHA.6068@TK2MSFTNGP05.phx.gbl...
I have the following choices to install as anti-virus ware/suite (my
NortonWorks is expiring). The price ranges from $0 to $40 to install (all
legit, I have some on hand).

Norton SystemWorks
Norton 360
MacAfee 2007
Panda 2007
Kaspersky 6.0

Your help would be appreciated,
Dan Hacker

--

-----------
Thousands of years ago cats were worshipped as gods. Cats have never
forgotten this. -- Danbury Mint
-----------

 

[Leythos]

In article ,
cnfrisch@nospamgmail.com says...
> Windows OneCar

One Care is not even close to a viable protection product for anyone
that has a clue about security.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[RJK]

mmm! I though I'd have another go at this one :-

Symantecs' Norton has for sometime has been called bloatware, and if you
don't mind the significant system-slowdown that comes with it - it's quite
good. Another Norton minus, in my view, (in previous versions of Norton at
least), is that one ends up with TWO trusted sites lists to maintain, one in
IE, and one in Norton firewall !!

For many years in the past Mcafee VERY often caused nightmares i.e. it was
often very intolerant of most of the myriad OS/software mixes it found
itself installed into. (...dunno if that's true nowadays - Mcafee was so
awful - years ago - I've never revisited it), ...having said that I've
always been grateful for their free a/v CLS.
Panda, ...same as Norton, quite good but, really slows down, (even fast),
systems.
Kaspersky, lots of people rave about it - I found it nothing but trouble -
a year or so ago I tried their internet security suite in several systems
that were clean, tidy and well maintained. Kaspersky refused to perform on
all of them i.e. caused, lock-ups, crashes ...never got on well Kaspersky at
all. ...again, ...quite a good free CLS from Kaspersky though

AVG free (anti-virus only), is really good, minimal impact on system speed
and overhead, not quite as good a detection rate as NOD32 and others but,
one has to pay for NOD32 :-(
AVG anti-spyware is really good, (I pay for that), ....though Windows
Defender has to date, intercepted everything nasty heading my way before it
got anywhere near AVG anti-spyware !! ...and so many out there keep
criticizing Windows Defender !!
....Zonealarm free firewall is VERY good but, occasionally one has to fight
with it.
PrevX, mentioned (negatively) here http://tibbar.blog.co.uk/ (made in
the UK) is quite good, it's advanced heuristics detection is quite good but,
as with ALL a/v/ a/malware software it often misses things !!
....Spybot Search and Destroy (and the Teatimer realtime scanner help - ),
....in a highly unusual fit of generousness, (is there such a word), a couple
of weeks ago, I donated £15 to Spybot S&D !!!
Lavasoft Adaware (not to be confused with "adware"),

....I could go on and on and on but, won't !
....everybody has their own preferences

However good your "multi-layered" approach to internet security, and
despite ones best efforts in "hardening up" a PC for internet use, (which is
of course attempting the impossible by trying to strike a balance between
safety, (crippling almost everything), and "usablility,"
that "multi-layered" approach is often thwarted and ruined by the owner of
that PC !!

regards, Richard

 

[Carey Frisch [MVP]]

I've been running Windows OneCare on three different
computers for over two years now. No viruses, no spyware,
and no malware has entered any on my PCs using OneCare.

--
Carey Frisch
Microsoft MVP
Windows Shell/User

---------------------------------------------------------------

"Leythos" wrote:

One Care is not even close to a viable protection product for anyone
that has a clue about security.

--

Leythos

 

[RJK]

....that's because you've probably been practising safe-hex

regards, Richard


"Carey Frisch [MVP]" wrote in message
news:F8C60CB0-2565-41BD-9BA8-B8EF3AC77EA6@microsoft.com...
> I've been running Windows OneCare on three different
> computers for over two years now. No viruses, no spyware,
> and no malware has entered any on my PCs using OneCare.
>
> --
> Carey Frisch
> Microsoft MVP
> Windows Shell/User
>
> ---------------------------------------------------------------
>
> "Leythos" wrote:
>
> One Care is not even close to a viable protection product for anyone
> that has a clue about security.
>
> --
>
> Leythos
>

 

[Virus Guy]

RJK wrote:

> Symantecs' Norton has for sometime has been called bloatware,

Norton Anti-virus started to become bloatware with version 2003.
Prior versions were pretty good. I continue to use NAV 2002.
Something that most people don't realize is that the older versions of
NAV (like 2001 and 2002) will update themselves the first time you run
them after installing them. Updates to NAV include virus definitions
as well as updates to the scan engine, allowing the old versions to be
identical to the new versions at being able to detect malware.

But generally I don't see AV software as the front-line defense that
it was say 3 years ago. Because of polymorphic viruses, as well as
the new versions of Storm that can de-activate your AV software
without it being obvious to you, AV software is becoming irrelavent as
a first line of protection.

The best use of AV software today is to use it as a system scanner
that you boot from a CD to periodically scan a hard drive.

Forget continuous, real-time interception / protection. Today's AV
software is not capable, or robust enough, for that job.

 

[Virus Guy]

"Carey Frisch [MVP]" wrote:

> I've been running Windows OneCare on three different
> computers for over two years now. No viruses, no spyware,
> and no malware has entered any on my PCs using OneCare.

How do you know?

How do you know if an AV product is working?

Just because it keeps telling you that there is no malware on your
system doesn't mean you don't actually have malware on your system.

The polymorphic threats out there (like storm) have been deactivating
AV programs for 2 or 3 years now.

And if you really don't have any malware on your system, don't credit
your AV software. The reason you don't is because you patch your
system as soon as the patches become available.

 

[RJK]

....above this post a little, you said that you are yourself using an older
version of NAV,
....here on this part of this thread - you pointed out that viruses like
"storm" have been deactivating AV programs,
....so you are aware of this danger, and yet you are using an ancient a/v
program !
....this is a almost a contradiction !! ...(and I mean that in a warm, kind,
loving way !!!)

....malware that's programmed to deactivate AV software is just one of the
reasons that many major AV application software vendors, (like AVG), are
continually modifying their core files !

....and this is one aspect of the "preventing malware / multi-layered
internet security approach," that's being utilized by people who are
interested in the subject, and are often the same people who try to help
others with anti-malware procedures / ...i.e. that "multi-layered approach."
That includes lengthy experimentation to determine which anti-malware
software applications will happily coexist in the same machine. e.g. we all
know that it can be very problematic to have more that one "real-time" a/v
scanner and/or other malware scanner all running at the same time. Though,
(after LOTS of trial and error), I have, at the moment, a LARGE number of
anti-malware programs running, all use a real-time scanner module, almost
all are using signature databases and heuristic detection algorithms,
....none are interfering with each other - or any other software in my
machine, (one has to keep any eye out for scheduled scan "time of day"
coincidence / clashes), And they are not placing a discernable load on my
system.

It does get a bit boring switching them all off, or suspending them, prior
to making any system changes, such as installing or uninstalling software,
....including drivers !

regards, Richard

ps I will not divulge how large "LARGE" is ! ...howzat for grammar ?!


"Virus Guy" wrote in message
news:4724A240.5F2C0683@Guy.com...
> "Carey Frisch [MVP]" wrote:
>
>> I've been running Windows OneCare on three different
>> computers for over two years now. No viruses, no spyware,
>> and no malware has entered any on my PCs using OneCare.
>
> How do you know?
>
> How do you know if an AV product is working?
>
> Just because it keeps telling you that there is no malware on your
> system doesn't mean you don't actually have malware on your system.
>
> The polymorphic threats out there (like storm) have been deactivating
> AV programs for 2 or 3 years now.
>
> And if you really don't have any malware on your system, don't credit
> your AV software. The reason you don't is because you patch your
> system as soon as the patches become available.

 

[Virus Guy]

RJK wrote:

> ...above this post a little, you said that you are yourself
> using an older version of NAV,

I manage about a dozen PC's. On most of them, I either have NAV 2002,
or Symantec corporate (version 8 I think). I've only ever paid for 1
copy of NAV 2002, and that was at a swap meet in 2003. The Symantec
Corporate installations are pirated.

On my own 2 PC's, I've allowed my NAV 2002 to expire (I've uninstalled
them to stop them from nagging me about their expired status). All it
takes to re-activate them is to copy the file "catalog.livesubscribe"
from any of the other systems that haven't expired yet.

I also run a real time registry monitor made by "The Cleaner" (also a
bootlegged copy).

> ...here on this part of this thread - you pointed out that viruses
> like "storm" have been deactivating AV programs,

Yes.

> ...so you are aware of this danger, and yet you are using an
> ancient a/v program !

The age of the program is not relavent - and might even be an
advantage. The Storm "thing" has a built-in list of process names
that it looks for. Using an old (ancient) piece of AV software might
be an advantage - assuming that the same process name isin't being
used in more modern versions. And even though NAV 2002 is old, it
updates itself via Symantec's "LiveUpdate" with the most current virus
definitions and scan engine.

> ...malware that's programmed to deactivate AV software is just
> one of the reasons that many major AV application software
> vendors, (like AVG), are continually modifying their core
> files !

What they need to do is give their program modules different names
(random process names) so that things like Storm can't identify them
at run time.

> ...and this is one aspect of the "preventing malware /
> multi-layered internet security approach,"

I run win-98 on my systems. That's the most effective "layer" going
(besides running Linux or Mac OS I guess).

It's a lot harder to run a root-kit on Windows 9x, and it's a way
easier to identify, and delete malware on a win-98 box (fat-32 makes
things easier compared to NTFS). In the 8 years we've been running
win-98 on most of our systems, I think there have only been 2
infections, and those were prior to 2004. In fact, our win-98 systems
were directly facing the internet (no firewall, no NAT router) up
until the end of 2005 and none were ever hit with a network worm,
port-scan, etc. We've had about 1/2 dozen occurrances of malware on
our handful of NT and 2K machines over the same time frame.

 

[Jupiter Jones [MVP]]

"The Symantec Corporate installations are pirated."
Am I missing something?
Or are you admitting to theft?

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"Virus Guy" wrote in message
news:47251C38.EFE7D73B@Guy.com...
> RJK wrote:
>
>> ...above this post a little, you said that you are yourself
>> using an older version of NAV,
>
> I manage about a dozen PC's. On most of them, I either have NAV
> 2002,
> or Symantec corporate (version 8 I think). I've only ever paid for
> 1
> copy of NAV 2002, and that was at a swap meet in 2003. The Symantec
> Corporate installations are pirated.
>
> On my own 2 PC's, I've allowed my NAV 2002 to expire (I've
> uninstalled
> them to stop them from nagging me about their expired status). All
> it
> takes to re-activate them is to copy the file
> "catalog.livesubscribe"
> from any of the other systems that haven't expired yet.
>
> I also run a real time registry monitor made by "The Cleaner" (also
> a
> bootlegged copy).
>
>> ...here on this part of this thread - you pointed out that viruses
>> like "storm" have been deactivating AV programs,
>
> Yes.
>
>> ...so you are aware of this danger, and yet you are using an
>> ancient a/v program !
>
> The age of the program is not relavent - and might even be an
> advantage. The Storm "thing" has a built-in list of process names
> that it looks for. Using an old (ancient) piece of AV software
> might
> be an advantage - assuming that the same process name isin't being
> used in more modern versions. And even though NAV 2002 is old, it
> updates itself via Symantec's "LiveUpdate" with the most current
> virus
> definitions and scan engine.
>
>> ...malware that's programmed to deactivate AV software is just
>> one of the reasons that many major AV application software
>> vendors, (like AVG), are continually modifying their core
>> files !
>
> What they need to do is give their program modules different names
> (random process names) so that things like Storm can't identify them
> at run time.
>
>> ...and this is one aspect of the "preventing malware /
>> multi-layered internet security approach,"
>
> I run win-98 on my systems. That's the most effective "layer" going
> (besides running Linux or Mac OS I guess).
>
> It's a lot harder to run a root-kit on Windows 9x, and it's a way
> easier to identify, and delete malware on a win-98 box (fat-32 makes
> things easier compared to NTFS). In the 8 years we've been running
> win-98 on most of our systems, I think there have only been 2
> infections, and those were prior to 2004. In fact, our win-98
> systems
> were directly facing the internet (no firewall, no NAT router) up
> until the end of 2005 and none were ever hit with a network worm,
> port-scan, etc. We've had about 1/2 dozen occurrances of malware on
> our handful of NT and 2K machines over the same time frame.

 

[RJK]

I'd rather argue with him about, (paraphrased a little, "the age of the
A/V programs isn't relevant but, I don't think it would do any good."
e.g. AVG seem change their *.DLL contents and filenames almost as often as
they supply signature pattern updates, ...e.g. my firewall often rediscovers
AVG itself "trying to get out" after several 'signature only' updates

....I feel that my argument is already partly won because his, (IMHumbleO),
flawed methodology, and views, has already got his systems a virus or two !


regards, Richard


"Jupiter Jones [MVP]" wrote in message
news:ujzni8bGIHA.4228@TK2MSFTNGP02.phx.gbl...
> "The Symantec Corporate installations are pirated."
> Am I missing something?
> Or are you admitting to theft?
>
> --
> Jupiter Jones [MVP]
> http://www3.telus.net/dandemar
> http://www.dts-l.org
>
>
> "Virus Guy" wrote in message
> news:47251C38.EFE7D73B@Guy.com...
>> RJK wrote:
>>
>>> ...above this post a little, you said that you are yourself
>>> using an older version of NAV,
>>
>> I manage about a dozen PC's. On most of them, I either have NAV 2002,
>> or Symantec corporate (version 8 I think). I've only ever paid for 1
>> copy of NAV 2002, and that was at a swap meet in 2003. The Symantec
>> Corporate installations are pirated.
>>
>> On my own 2 PC's, I've allowed my NAV 2002 to expire (I've uninstalled
>> them to stop them from nagging me about their expired status). All it
>> takes to re-activate them is to copy the file "catalog.livesubscribe"
>> from any of the other systems that haven't expired yet.
>>
>> I also run a real time registry monitor made by "The Cleaner" (also a
>> bootlegged copy).
>>
>>> ...here on this part of this thread - you pointed out that viruses
>>> like "storm" have been deactivating AV programs,
>>
>> Yes.
>>
>>> ...so you are aware of this danger, and yet you are using an
>>> ancient a/v program !
>>
>> The age of the program is not relavent - and might even be an
>> advantage. The Storm "thing" has a built-in list of process names
>> that it looks for. Using an old (ancient) piece of AV software might
>> be an advantage - assuming that the same process name isin't being
>> used in more modern versions. And even though NAV 2002 is old, it
>> updates itself via Symantec's "LiveUpdate" with the most current virus
>> definitions and scan engine.
>>
>>> ...malware that's programmed to deactivate AV software is just
>>> one of the reasons that many major AV application software
>>> vendors, (like AVG), are continually modifying their core
>>> files !
>>
>> What they need to do is give their program modules different names
>> (random process names) so that things like Storm can't identify them
>> at run time.
>>
>>> ...and this is one aspect of the "preventing malware /
>>> multi-layered internet security approach,"
>>
>> I run win-98 on my systems. That's the most effective "layer" going
>> (besides running Linux or Mac OS I guess).
>>
>> It's a lot harder to run a root-kit on Windows 9x, and it's a way
>> easier to identify, and delete malware on a win-98 box (fat-32 makes
>> things easier compared to NTFS). In the 8 years we've been running
>> win-98 on most of our systems, I think there have only been 2
>> infections, and those were prior to 2004. In fact, our win-98 systems
>> were directly facing the internet (no firewall, no NAT router) up
>> until the end of 2005 and none were ever hit with a network worm,
>> port-scan, etc. We've had about 1/2 dozen occurrances of malware on
>> our handful of NT and 2K machines over the same time frame.
>

 

[Leythos]

In article , Virus@Guy.com says...
> I manage about a dozen PC's. On most of them, I either have NAV 2002,
> or Symantec corporate (version 8 I think). I've only ever paid for 1
> copy of NAV 2002, and that was at a swap meet in 2003. The Symantec
> Corporate installations are pirated.

Why - Symantec Corp AV for Workstations and Servers 10.2 can be
purchased in as little as 5 CAL.

Being an unethical hack and then telling people about it is a way to
have no one listen to you again.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[Virus Guy]

Leythos wrote:

> Why - Symantec Corp AV for Workstations and Servers 10.2 can be
> purchased in as little as 5 CAL.

What's a CAL?

> Being an unethical hack and then telling people about it is a
> way to have no one listen to you again.

That's up to you. You can do a lot worse than using the odd piece of
software without paying for it. And being "unethical" is not the same
as being unknowledgeable.

 

[Leythos]

In article , Virus@Guy.com says...
> Leythos wrote:
>
> > Why - Symantec Corp AV for Workstations and Servers 10.2 can be
> > purchased in as little as 5 CAL.
>
> What's a CAL?

Forget how to use google? Client Access License.

>
> > Being an unethical hack and then telling people about it is a
> > way to have no one listen to you again.
>
> That's up to you. You can do a lot worse than using the odd piece of
> software without paying for it. And being "unethical" is not the same
> as being unknowledgeable.

Yea, it is, it shows that your willing to do the wrong thing because of
your lack of ethics - it makes everything you say/suggest questionable
and suspect.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

 

[Virus Guy]

RJK wrote:

> I'd rather argue with him about, (paraphrased a little,
> "the age of the A/V programs isn't relevant but, I don't think
> it would do any good."
> e.g. AVG seem change their *.DLL contents and filenames almost
> as often as they supply signature pattern updates,

Ok, if AVG is a moving target, good for it. I'm not saying that's not
(I've never owned or used AVG).

Based on the writeups for Storm, there seem to be lots of anti-malware
products that don't change their process names.

(tangent - some writeups say that Storm also turns off some P2P apps -
anyone know why it would do that?)

> ...I feel that my argument is already partly won because his,
> (IMHumbleO), flawed methodology, and views, has already got his
> systems a virus or two !

>

When you manage systems being used by a few monkeys, you can't always
be watching over their shoulder...