Anti-virus can't keep up with threat onslaught

Discussion in 'other anti-virus software' started by Thankful, Apr 12, 2012.

Thread Status:
Not open for further replies.
  1. Thankful
    Offline

    Thankful Registered Member

  2. Cudni
    Offline

    Cudni Global Moderator

    Nothing that we didn't know already in the article. Nevertheless a good reminder to not depend on single point of detection (not that we do ;) )
  3. Osaban
    Offline

    Osaban Registered Member

    55,000 unique samples a day or more than 1 new virus every 2 seconds? What are they, neutrinos? Since I joined Wilders I've only experienced one or two real detections from the Internet, but I agree an unprotected computer can be dangerous for credit card/banking activities.
  4. The Hammer
    Offline

    The Hammer Registered Member

    It should be noted that opinions weren't unanimous in the article.
  5. Stefan Kurtzhals
    Offline

    Stefan Kurtzhals AV Expert

    The problem is not really the number of new samples, but how fast the malware writers put out counter-updates of their malware after the AV products updated - and the complexity of the malware adaption.

    Another challenge is to recieve and correctly classify the new samples and perform detection and false positive QA in time. The life time of malware is extremely short, the reaction time of AV must be faster than that.

    In short, every AV without a proper detection cloud and the background processing to support it is quite useless.
  6. Doraemon
    Offline

    Doraemon Registered Member

    I work as an IT technician and we always install Avast Free in our clients computers. For the last 4-6 weeks I've seen an AMAZING high amount of computers infected with the National Police virus.

    The problem I see is that we cannot suggest our clients to use complementary software as they're brainless in 95+% of the cases. They see adware toolbars as "normal" things that get installed over the time on their browsers. :rolleyes: Sometimes 50% of the screen is collapsed by toolbars. :rolleyes: And they think it's OK.

    OTOH they complain why they get infected if they have an antivirus. :rolleyes: I always tell them the same excuses, as no AV is 100%, that common sense is always good and such...

    Anyway it's good for us that so many viruses spread :D but we have to agree that the AV are less and less of any use. Most of the full suites don't even detect Ask, Softonic and Co. toolbars garbage. :rolleyes:

    Of course I have some layered protection for my own computers but people's ignorance is really ashaming.
  7. lodore
    Offline

    lodore Registered Member

    Hey Doraemon,

    I get the same from my customers. I have only seen one fake police notice so far. I had one customer who got another fake av one week after the first.
    IMHO I feel that some people leave their brain behind when using a computer. it happens to some well educated people as well. recently most of my new customers who are getting infected by fake avs eiether have no antivirus or a very outdated antivirus with no subscription left. I still dont know why some antivirus vendors feel that one daily update is enough with the current amount of malware ITW. then again you also have the antivirus products which seem to block pretty much anything which isnt from a major company which is just as bad.
  8. Escalader
    Offline

    Escalader Registered Member

    Do you guys remember the notion of the white list of exe's?

    IF (big word) we had such a list and were helped by M$ instead of confused we could have systems that said if you are NOT on the white list YOU don't get to run!

    Game over for malware.
  9. lodore
    Offline

    lodore Registered Member

    hey,
    The problem is that small software developers would suffer and it would take longer to get on the list. black list combined with white list and detailed scanning of unknown files is the way to go IMO.
  10. RejZoR
    Offline

    RejZoR Polymorphic Sheep

    Apparently i'm the only one who thinks current anti-malware solutions keep up with threats just fine. If this wasn't the case, then all my systems would be constantly infected. But they haven't been infected for years. I check them here and there with other tools manually just to find, nothing.
  11. Stefan Kurtzhals
    Offline

    Stefan Kurtzhals AV Expert

    Rejzor, I am also wondering where all these users manage to get infected all the time. My recommendation to users at the moment is:

    - Chrome + AdBlock(Plus) plugin (or FireFox with NoScript+AdBlock)
    - have Flash updated all the time (if you are not using Chrome)
    - uninstall Adobe PDF reader, use Chrome for PDF displaying
    - uninstall Java JRE if you don't really need it
    - AV: anything starting with A or M ;)

    All the users with that setup I know never got infected so far.

    I think AdBlock (or any other ad blocker) is quite effective in supressing advertisement that redirects you to exploit pages. Seems to reduce the risk somewhat.
  12. gerardwil
    Offline

    gerardwil Registered Member

    You are not the only one, believe me :)
  13. Hungry Man
    Online

    Hungry Man Registered Member

    This is a faulty assumption. You might be completely without infection and not even running antivirus at all - does that mean that no protection works? Of course not, people get infected all of the time with an AV running - that you have not does not actually mean anything.
  14. noone_particular
    Offline

    noone_particular Registered Member

    Vendor controlled whitelisting has more than it's share of problems. It leads to "approved software", closed gardens, etc, taking choice away from the user. Being whitelisted becomes a commodity that favors big vendors who can afford it. It suffers from most of the same problems blacklisting does, never complete, never up to date, false positives, government/big money approval, etc.

    Whitelisting itself is an excellent core policy, but only when it's your whitelist, not one based on someone elses criteria, and definitely not one that a vendor has to pay in order to be included in it.
  15. Ranget
    Offline

    Ranget Registered Member

    AV companies should Collaborate together in reversing malware

    there is no need for malware to be analyzed by all companies
    just one and share the Sig between each others

    i think companies should be forced to do that by GOV or some law
  16. RejZoR
    Offline

    RejZoR Polymorphic Sheep

    Is it? You can also keep Airbags in car in perrfect condition but neglect brakes and tires entirely. So, what have you done by doing that?

    Read what Stefan said. I'm doing exactly that. Minimizing infection vectors with minimal effort. Having AV installed and everything else up to date helps more than most may think...
  17. Nebulus
    Offline

    Nebulus Registered Member

    I'm also trying to minimize infection vectors, and I use an AV too, but since I first started using it I never got a single warning that a file that I EXECUTED was infected. I also had the situation when I knew that a file was infected with a virus, but the (on demand) AV that I was using at the time didn't recognized it as a virus.
    So, are the AV solutions effective? I think so, but not as the first line of defence, but as the last resort - when every other security measure fails, the AV might save you.
  18. RejZoR
    Offline

    RejZoR Polymorphic Sheep

    And what else would you use? 10 other programs so in the end it almost doesn't matter if you get infected or not coz all the security apps swallowed your PC themself anyway...

    Keeping all the things up to date is a great start. Most of stuff uses vulnerabilities as infection vectors. So if you cut 1/3 of those away it can make a huge difference. Ad blocking can also greatly reduce the risk since majority of legit and otherwise clean webpages get infected through malicious stuf injected between regular ads. Making it even harder to spot and report to site administrator since it doesn't happen toe very visitor. And if you have an engine that can check the guts of files and apps, that cuts away another large chunk.
    This way, even if you're very reckless, it will save your bacon rather easily. If you rely strictly on AV and neglect everything else, then you have much higher chances of getting infected.
  19. zip
    Offline

    zip Registered Member

    +1 :)
  20. zip
    Offline

    zip Registered Member

    In my sig. is what works for me. Once in a while Incredimail will detect a

    virus in my incoming mail. So, that makes Incredimail a security app.
  21. tgell
    Offline

    tgell Registered Member

    +1 :thumb: I also do the above and have never been infected, and this with XP. I also use a LUA.
  22. carat
    Offline

    carat Guest

    If brain.exe is outdated no AV software can keep your computer clean. However, most of the detections I saw in the last months were false positives :doubt:
  23. steve1955
    Offline

    steve1955 Registered Member

    lol
    AV products have always been playing catch-up with the malware writers,its probably better nowadays for keeping up than in the past due to more advanced heuristics/cloud,in the past when detection was solely down to definitions you could be unprotected against latest threats for days,or even weeks with some products
  24. Ranget
    Offline

    Ranget Registered Member

    that's for modern day malware
    what about targeted Hacks !!!
    if the companies are not Keeping up with the Large of distributed malware
    you don't expect that the Setup Stefan Recommended will work

    For me i never Got a virus but i got hacked multiple times as far as i know
    How can i get my peace of Mind ??
  25. steve1955
    Offline

    steve1955 Registered Member

    best way would be to leave your PC turned off!
Thread Status:
Not open for further replies.