How do security vendors differentiate between various malware?

These exchanges solcroft continue to divert totally off-topic to a point here so i must refuse engaging anymore in tit for tat nonsense, plus no amount of links or opinions is gaining any encouragement to dissuade my attention to Linux or Unbuntu which seems your odd intention anyway.

I do however reserve the right instead to extend the proper courtesy to other members who wish to continue to contribute their valuable discussions to the topic at hand.

Sorry to have to disappoint you. Technology is my business & life, and contrary to popular belief i'm not totally devoid of facts, and the facts are MS Patches can be easily exploited and i choose to avoid them for two reasons, that is one, the other is they are not fashioned by the best engineers microsoft has to offer either. Their long track record of problems with them are evident of that fact. Besides, theres enough hi quality security apps to more then make up any gaps or limitations should a user forfeit those patches as i exercise my right to do. And since then i have the best running machine i ever experienced compared to before as well as solidly protected, who could ask for more? Patches? Bandaids?

Articles supporting their usefullness is propaganda when you pit their security flaws with security vendor's addressing of the same and more issues.

 

Pushing your own suppositions onto me doesn't really achieve anything. I was merely making sure that people aren't unnecessarily misled by your claims, by providing the facts to the contrary. Mission accomplished.

 

Patches are safe and you should apply them ASAP. Yes, some patches may be troublesome in certain systems (hardware/software conflicts, etc) but they are fine for most people.
You can't have a secure system if its foundation is vulnerable. Before even considering security apps, you should ensure that you have the most secure version of your OS and applications.

 

Many Reliable Security Programs are safe too and should be applied ASAP, but does that mean they can be trusted 100%? Of course not, but i rather put my money on layers of security apps than patches but then thats just me, i don't trust them and likely never will, they can be exploited now more than ever plus what do they do that a good security strategy of a combo of security apps couldn't do better at this point in time?

Patches and Updates are ok for some but they leave me with many doubts because microsoft engineers ARE NOT the best in the world even on their own machines!

Thats very valid reasons for serious doubts.

 

This thread didn't turn out like I expected, but nevertheless it's still an interesting read.

 

See Automatic classification of malware

 

From paper 'Automated Classification and Analysis of Internet Malware'

 

Relevant paper from Symantec: Virus and Vulnerability Classification Schemes: Standards and Integration.

 

@MrBrian:

That was an interesting read indeed, it seems like the various vendors differentiate all kinds of malware it radical different ways. What one vendor calls a worm, the other vendor calls a trojan and with the rising of blended malware (malware which have characteristics that belong to many different kinds of malware all at once), problems will become even worse.

I seriously doubt that signature based recognition will be the way to go in recognizing new future malware. Signatures alone just won't be enough as time progresses. The trend has already been set, first there were only signatures, now we have heuristics scanning, behaviour based recognition, HIPS, virtualization, sandboxing, etc.

I wonder where things will be in say 10 years from now?!

 

The malware count is definitely accelerating. From http://computerworld.co.nz/news.nsf/scrt/BE0FBE39C58ED591CC2574250077DA30:

The reports from Symantec, by the way, are excellent to read if you want to know more about malware trends.

 

You can't win the war with signatures and heuristics and they create other problems, one of them are false positives.
I don't use any scanners anymore and no scanner is able to find something on my system partition.
If you want to change something thoroughly, you have to forget everything and start all over again and all users will call you a nut, because you don't act like them.

 

Anyone notice something here?

Time and again those statistics consistently elevate as reported from the AV fellows and that is a progression that will never end.

Like the above, signature identifications via a blacklist is not going to equate with security as well as with a HIPS, Virtualware, Sandbox, etc.

Map the O/S critical attack points and lock them in with a Whitelist of safe executables and then all other files be scrutinized or condemned and even go constantly Virtual with a safe zone for keeping files you can examine before activating, and you suddenly have a more stable and dependable security arrangement IMHO.

Heuristics to me equal False Finds, not reliable enough to depend on, but then i don't need to bother with AV's anymore with their ridiculous statistics or false negatives but instead just a simple combo of a decent HIPS & FD-ISR/Returnil, plus a few minor supporting apps that won't stress a PC like AV's do.

 

A worm is a self-replicating computer program.
A trojan is a computer program that appears to be useful, but that actually does damage.
Both changed my system and that is their weakness, because my reboot undoes changes.
Change + Anti-change = Nothing or the Einstein way : C+Ac=N²

 

I found some relevant data in reports from Microsoft. On page 48 of the latest full report, we find data on the disinfection rate by Microsoft's MSRT program that runs automatically with Microsoft updates. According to Microsoft's data, during the 2nd half of 2007, for every 100 computers running Vista, 100 computers running XP SP2, 100 computers running XP SP1, etc., this is the percentage of total MSRT disinfections by each operating system:

Windows XP with no service pack: 30.6%
Windows XP SP1: 21.5%
Windows XP SP2: 7.2%
Windows Vista: 2.8%

Note: the numbers don't add up to 100% because I didn't include Windows 2000 figures.

Microsoft's conclusion:

 

Thanks for the time to compile those stats and post them. I normally don't put much stock in such MS release stats much like i wouldn't for a voting poll but some averages can point to certain patterns worth considering.

The problem for me is if those percentages are with and/or without using commercial or third party PC protections or not.

 

You're welcome .

These percentages are for the population as a whole that uses MSRT, typically I suppose automatically with Windows/Automatic/Microsoft Updates.