Anti-virus can't keep up with threat onslaught

http://www.smh.com.au/digital-life/...-up-with-threat-onslaught-20120405-1weis.html

 

Nothing that we didn't know already in the article. Nevertheless a good reminder to not depend on single point of detection (not that we do )

 

55,000 unique samples a day or more than 1 new virus every 2 seconds? What are they, neutrinos? Since I joined Wilders I've only experienced one or two real detections from the Internet, but I agree an unprotected computer can be dangerous for credit card/banking activities.

 

It should be noted that opinions weren't unanimous in the article.

 

The problem is not really the number of new samples, but how fast the malware writers put out counter-updates of their malware after the AV products updated - and the complexity of the malware adaption.

Another challenge is to recieve and correctly classify the new samples and perform detection and false positive QA in time. The life time of malware is extremely short, the reaction time of AV must be faster than that.

In short, every AV without a proper detection cloud and the background processing to support it is quite useless.

 

I work as an IT technician and we always install Avast Free in our clients computers. For the last 4-6 weeks I've seen an AMAZING high amount of computers infected with the National Police virus.

The problem I see is that we cannot suggest our clients to use complementary software as they're brainless in 95+% of the cases. They see adware toolbars as "normal" things that get installed over the time on their browsers. Sometimes 50% of the screen is collapsed by toolbars. And they think it's OK.

OTOH they complain why they get infected if they have an antivirus. I always tell them the same excuses, as no AV is 100%, that common sense is always good and such...

Anyway it's good for us that so many viruses spread but we have to agree that the AV are less and less of any use. Most of the full suites don't even detect Ask, Softonic and Co. toolbars garbage.

Of course I have some layered protection for my own computers but people's ignorance is really ashaming.

 

Hey Doraemon,

I get the same from my customers. I have only seen one fake police notice so far. I had one customer who got another fake av one week after the first.
IMHO I feel that some people leave their brain behind when using a computer. it happens to some well educated people as well. recently most of my new customers who are getting infected by fake avs eiether have no antivirus or a very outdated antivirus with no subscription left. I still dont know why some antivirus vendors feel that one daily update is enough with the current amount of malware ITW. then again you also have the antivirus products which seem to block pretty much anything which isnt from a major company which is just as bad.

 

Do you guys remember the notion of the white list of exe's?

IF (big word) we had such a list and were helped by M$ instead of confused we could have systems that said if you are NOT on the white list YOU don't get to run!

Game over for malware.

 

hey,
The problem is that small software developers would suffer and it would take longer to get on the list. black list combined with white list and detailed scanning of unknown files is the way to go IMO.

 

Apparently i'm the only one who thinks current anti-malware solutions keep up with threats just fine. If this wasn't the case, then all my systems would be constantly infected. But they haven't been infected for years. I check them here and there with other tools manually just to find, nothing.

 

Rejzor, I am also wondering where all these users manage to get infected all the time. My recommendation to users at the moment is:

- Chrome + AdBlock(Plus) plugin (or FireFox with NoScript+AdBlock)
- have Flash updated all the time (if you are not using Chrome)
- uninstall Adobe PDF reader, use Chrome for PDF displaying
- uninstall Java JRE if you don't really need it
- AV: anything starting with A or M

All the users with that setup I know never got infected so far.

I think AdBlock (or any other ad blocker) is quite effective in supressing advertisement that redirects you to exploit pages. Seems to reduce the risk somewhat.

 

You are not the only one, believe me

 

This is a faulty assumption. You might be completely without infection and not even running antivirus at all - does that mean that no protection works? Of course not, people get infected all of the time with an AV running - that you have not does not actually mean anything.

 

Vendor controlled whitelisting has more than it's share of problems. It leads to "approved software", closed gardens, etc, taking choice away from the user. Being whitelisted becomes a commodity that favors big vendors who can afford it. It suffers from most of the same problems blacklisting does, never complete, never up to date, false positives, government/big money approval, etc.

Whitelisting itself is an excellent core policy, but only when it's your whitelist, not one based on someone elses criteria, and definitely not one that a vendor has to pay in order to be included in it.

 

AV companies should Collaborate together in reversing malware

there is no need for malware to be analyzed by all companies
just one and share the Sig between each others

i think companies should be forced to do that by GOV or some law

 

Is it? You can also keep Airbags in car in perrfect condition but neglect brakes and tires entirely. So, what have you done by doing that?

Read what Stefan said. I'm doing exactly that. Minimizing infection vectors with minimal effort. Having AV installed and everything else up to date helps more than most may think...

 

I'm also trying to minimize infection vectors, and I use an AV too, but since I first started using it I never got a single warning that a file that I EXECUTED was infected. I also had the situation when I knew that a file was infected with a virus, but the (on demand) AV that I was using at the time didn't recognized it as a virus.
So, are the AV solutions effective? I think so, but not as the first line of defence, but as the last resort - when every other security measure fails, the AV might save you.

 

And what else would you use? 10 other programs so in the end it almost doesn't matter if you get infected or not coz all the security apps swallowed your PC themself anyway...

Keeping all the things up to date is a great start. Most of stuff uses vulnerabilities as infection vectors. So if you cut 1/3 of those away it can make a huge difference. Ad blocking can also greatly reduce the risk since majority of legit and otherwise clean webpages get infected through malicious stuf injected between regular ads. Making it even harder to spot and report to site administrator since it doesn't happen toe very visitor. And if you have an engine that can check the guts of files and apps, that cuts away another large chunk.
This way, even if you're very reckless, it will save your bacon rather easily. If you rely strictly on AV and neglect everything else, then you have much higher chances of getting infected.

 

+1

 

In my sig. is what works for me. Once in a while Incredimail will detect a

virus in my incoming mail. So, that makes Incredimail a security app.

 

+1 I also do the above and have never been infected, and this with XP. I also use a LUA.

 

If brain.exe is outdated no AV software can keep your computer clean. However, most of the detections I saw in the last months were false positives

 

lol
AV products have always been playing catch-up with the malware writers,its probably better nowadays for keeping up than in the past due to more advanced heuristics/cloud,in the past when detection was solely down to definitions you could be unprotected against latest threats for days,or even weeks with some products

 

that's for modern day malware
what about targeted Hacks !!!
if the companies are not Keeping up with the Large of distributed malware
you don't expect that the Setup Stefan Recommended will work

For me i never Got a virus but i got hacked multiple times as far as i know
How can i get my peace of Mind ??

 

best way would be to leave your PC turned off!