Anti-virus can't keep up with threat onslaught

Discussion in 'other anti-virus software' started by Thankful, Apr 12, 2012.

Thread Status:
Not open for further replies.
  1. Thankful

    Thankful Registered Member

    Joined:
    Feb 28, 2005
    Posts:
    3,027
    Location:
    New York City
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Nothing that we didn't know already in the article. Nevertheless a good reminder to not depend on single point of detection (not that we do ;) )
     
  3. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    3,869
    55,000 unique samples a day or more than 1 new virus every 2 seconds? What are they, neutrinos? Since I joined Wilders I've only experienced one or two real detections from the Internet, but I agree an unprotected computer can be dangerous for credit card/banking activities.
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,599
    Location:
    Toronto Canada
    It should be noted that opinions weren't unanimous in the article.
     
  5. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    699
    The problem is not really the number of new samples, but how fast the malware writers put out counter-updates of their malware after the AV products updated - and the complexity of the malware adaption.

    Another challenge is to recieve and correctly classify the new samples and perform detection and false positive QA in time. The life time of malware is extremely short, the reaction time of AV must be faster than that.

    In short, every AV without a proper detection cloud and the background processing to support it is quite useless.
     
  6. Doraemon

    Doraemon Registered Member

    Joined:
    Aug 5, 2009
    Posts:
    201
    I work as an IT technician and we always install Avast Free in our clients computers. For the last 4-6 weeks I've seen an AMAZING high amount of computers infected with the National Police virus.

    The problem I see is that we cannot suggest our clients to use complementary software as they're brainless in 95+% of the cases. They see adware toolbars as "normal" things that get installed over the time on their browsers. :rolleyes: Sometimes 50% of the screen is collapsed by toolbars. :rolleyes: And they think it's OK.

    OTOH they complain why they get infected if they have an antivirus. :rolleyes: I always tell them the same excuses, as no AV is 100%, that common sense is always good and such...

    Anyway it's good for us that so many viruses spread :D but we have to agree that the AV are less and less of any use. Most of the full suites don't even detect Ask, Softonic and Co. toolbars garbage. :rolleyes:

    Of course I have some layered protection for my own computers but people's ignorance is really ashaming.
     
  7. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    8,953
    Hey Doraemon,

    I get the same from my customers. I have only seen one fake police notice so far. I had one customer who got another fake av one week after the first.
    IMHO I feel that some people leave their brain behind when using a computer. it happens to some well educated people as well. recently most of my new customers who are getting infected by fake avs eiether have no antivirus or a very outdated antivirus with no subscription left. I still dont know why some antivirus vendors feel that one daily update is enough with the current amount of malware ITW. then again you also have the antivirus products which seem to block pretty much anything which isnt from a major company which is just as bad.
     
  8. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Do you guys remember the notion of the white list of exe's?

    IF (big word) we had such a list and were helped by M$ instead of confused we could have systems that said if you are NOT on the white list YOU don't get to run!

    Game over for malware.
     
  9. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    8,953
    hey,
    The problem is that small software developers would suffer and it would take longer to get on the list. black list combined with white list and detailed scanning of unknown files is the way to go IMO.
     
  10. RejZoR

    RejZoR Polymorphic Sheep

    Joined:
    May 31, 2004
    Posts:
    6,233
    Location:
    Europe/Slovenia
    Apparently i'm the only one who thinks current anti-malware solutions keep up with threats just fine. If this wasn't the case, then all my systems would be constantly infected. But they haven't been infected for years. I check them here and there with other tools manually just to find, nothing.
     
  11. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    699
    Rejzor, I am also wondering where all these users manage to get infected all the time. My recommendation to users at the moment is:

    - Chrome + AdBlock(Plus) plugin (or FireFox with NoScript+AdBlock)
    - have Flash updated all the time (if you are not using Chrome)
    - uninstall Adobe PDF reader, use Chrome for PDF displaying
    - uninstall Java JRE if you don't really need it
    - AV: anything starting with A or M ;)

    All the users with that setup I know never got infected so far.

    I think AdBlock (or any other ad blocker) is quite effective in supressing advertisement that redirects you to exploit pages. Seems to reduce the risk somewhat.
     
  12. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,713
    Location:
    NL
    You are not the only one, believe me :)
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,139
    This is a faulty assumption. You might be completely without infection and not even running antivirus at all - does that mean that no protection works? Of course not, people get infected all of the time with an AV running - that you have not does not actually mean anything.
     
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Vendor controlled whitelisting has more than it's share of problems. It leads to "approved software", closed gardens, etc, taking choice away from the user. Being whitelisted becomes a commodity that favors big vendors who can afford it. It suffers from most of the same problems blacklisting does, never complete, never up to date, false positives, government/big money approval, etc.

    Whitelisting itself is an excellent core policy, but only when it's your whitelist, not one based on someone elses criteria, and definitely not one that a vendor has to pay in order to be included in it.
     
  15. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    AV companies should Collaborate together in reversing malware

    there is no need for malware to be analyzed by all companies
    just one and share the Sig between each others

    i think companies should be forced to do that by GOV or some law
     
  16. RejZoR

    RejZoR Polymorphic Sheep

    Joined:
    May 31, 2004
    Posts:
    6,233
    Location:
    Europe/Slovenia
    Is it? You can also keep Airbags in car in perrfect condition but neglect brakes and tires entirely. So, what have you done by doing that?

    Read what Stefan said. I'm doing exactly that. Minimizing infection vectors with minimal effort. Having AV installed and everything else up to date helps more than most may think...
     
  17. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,493
    Location:
    European Union
    I'm also trying to minimize infection vectors, and I use an AV too, but since I first started using it I never got a single warning that a file that I EXECUTED was infected. I also had the situation when I knew that a file was infected with a virus, but the (on demand) AV that I was using at the time didn't recognized it as a virus.
    So, are the AV solutions effective? I think so, but not as the first line of defence, but as the last resort - when every other security measure fails, the AV might save you.
     
  18. RejZoR

    RejZoR Polymorphic Sheep

    Joined:
    May 31, 2004
    Posts:
    6,233
    Location:
    Europe/Slovenia
    And what else would you use? 10 other programs so in the end it almost doesn't matter if you get infected or not coz all the security apps swallowed your PC themself anyway...

    Keeping all the things up to date is a great start. Most of stuff uses vulnerabilities as infection vectors. So if you cut 1/3 of those away it can make a huge difference. Ad blocking can also greatly reduce the risk since majority of legit and otherwise clean webpages get infected through malicious stuf injected between regular ads. Making it even harder to spot and report to site administrator since it doesn't happen toe very visitor. And if you have an engine that can check the guts of files and apps, that cuts away another large chunk.
    This way, even if you're very reckless, it will save your bacon rather easily. If you rely strictly on AV and neglect everything else, then you have much higher chances of getting infected.
     
  19. zip

    zip Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    359
    Location:
    Mars
    +1 :)
     
  20. zip

    zip Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    359
    Location:
    Mars
    In my sig. is what works for me. Once in a while Incredimail will detect a

    virus in my incoming mail. So, that makes Incredimail a security app.
     
  21. tgell

    tgell Registered Member

    Joined:
    Nov 12, 2004
    Posts:
    1,000
    +1 :thumb: I also do the above and have never been infected, and this with XP. I also use a LUA.
     
  22. carat

    carat Guest

    If brain.exe is outdated no AV software can keep your computer clean. However, most of the detections I saw in the last months were false positives :doubt:
     
  23. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,383
    Location:
    Sunny(in my dreams)Manchester,England
    lol
    AV products have always been playing catch-up with the malware writers,its probably better nowadays for keeping up than in the past due to more advanced heuristics/cloud,in the past when detection was solely down to definitions you could be unprotected against latest threats for days,or even weeks with some products
     
  24. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    that's for modern day malware
    what about targeted Hacks !!!
    if the companies are not Keeping up with the Large of distributed malware
    you don't expect that the Setup Stefan Recommended will work

    For me i never Got a virus but i got hacked multiple times as far as i know
    How can i get my peace of Mind ??
     
  25. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,383
    Location:
    Sunny(in my dreams)Manchester,England
    best way would be to leave your PC turned off!
     
Thread Status:
Not open for further replies.