Antivirus loss the War more and more...

here is a document, say this...

h[I]tt[/I]p://www.commtouch.com/download/1491

And even Avira is affected...

 

i hope the Avira's detection become strong again, against those chinese virus samples...

 

Interesting and succinct.

(Had a chuckle at the UN 419 )

 

What has this got to do with Avira in particular? - as far as I see, its about the AV industry as a whole - correction, "major AV engines" only and there is no specific naming of any AVs.


On the whole, IMO, this is why either, users need additional security features or AVs have the need to integrate additional security features in their products in order to protect users to stay on top of the game (protecting users, not only detecting) - HIPS; sandboxes etc.

The onus is not only on AVs though, users need to learn to use these additional features effectively, as "automated" protection is usually less effective than "interactive" protection, and if an AV tries to make "automated" protection too tight - it may make it more effective against malware, but runs the risks of interfering with other software's installation, uninstallation and usability.

IMO, forget Spam emails as a portal of infection/fraud (unless its phishing), they're mainly a nusence. People should know not to click on these (which also encourages spammers to spam).

Also, IMO, infected/hacked/phishing websites, social engineering and vulnerabilities are the main area of concern with the emergence of future threats as they are deceiving and not blatantly malicious.

 

I think that this discussion is relative to the antivirus you're using! I'm using for example BitDefender and it suits me well! I don't have problems with anything!

Since I've installed it I think I won the war against malware

I recommend it for those of you who are dissapointed by your security solutions!

 

Link is dead!

 

Thanks..

 

While the paper isn't entirely wrong, one should consider that the authoring company has an agenda... to sell it's own, of course "far superior" (tm) solution...

 

The sky isn't falling

I would like to see more specifics from the source - and they do have an ax to grind. They are trying to show their detection is better then other vendors. How did they test virus scanning? What was the methodology? What versions of products on what platforms?

We haven't seen dramatic outbreaks of virus varients that we aren't detecting.

 

sometimes i wish that those virus makers being judged and executed. they try to hurt people with no reason just make fun for their sick minds.

 

But they have a very good reason! They make money, loads of money. The guy responsible for FakeXPA got caught, he made 50m $ or so. He got fined for 116k $ or something like this - and no jail time!
Being criminal is really paying off these days. You just need to be a BIG criminal. If you are just downloading MP3s, you are OF COURSE such an evil criminal that you need to be punished to the absolute maximum...

The name and adress of the W32/Virut virus author is known for about 2 years, he is constantly registering his new updating domains with his original name I think. Police does nothing. My understanding is that the police is not really interested in information - because the damage done to people by malware is too "low".

 

That relative pocket-change fine to that guy sums up what a low personal risk for huge financial gain is involved with the malware 'business'.

Not long ago I read in the local paper of a robber that held up a building society with a banana wrapped in a brown paper bag,he got away with something like £3000 and when caught received a 3 year sentence!

No wonder the smart criminals have turned to cyber crime,even if the authorities can be bothered to get them into a court of law the sentence will mean just the loss of a week's wages.

 

I am very sad to see that.It represents our computer and network will be in danger at any time.

 

So what's new? As they say there is no foolproof lock, and there is no completely secure solution. The stakes are high and some very smart people are involved in making both the viruses and the detection.

The really dangerous malware is probably deplyoed on select networks where it can do the most damage, their authors and botnet operators don't want it out in the open so it doesn't trigger the security companies.

 

They said AV's will fail long ago, but they're still holding strong. They've said this many times but AV's are still around. It's just that they have evolved further from those basic thingies we had in the past.

 

Couldn't agree more - great insight.

 

,I totally agree with you.AV can't win.AV is only able to follow behind viruses.AV can't know viruses founder's thinking.

 

A note... that's why "the cloud" was created in the first place. Analyzing behavior and using "reverse detection" by looking at how many people have the file, makes those "undetected" pieces of malware get detected instead.

 

"The Cloud" is very good indeed.But it depends on a large number of users.And analysing viruses need time.That means it costs a long time from a virus being found to a virus being add into AV's virus database.So Antivirus can't win this war.

BTW:Maybe HIPS with a good ruleset can defend some simple viruses .

 

Taking it short... sandboxing is the ultimate defense there is, yes, but I don't understand the scores for Norton 2010 at least when tested by PCMag, since the software needs things that are run/downloaded/whatever to be analyzed or deemed safe through enough data to be allowed to run on a PC, which means that (new) malware "shouldn't" be to pass through - I honestly dunno why it does.

I don't wanna write a long post here, so Joe will have to reflect on why Prevx didn't receive a full score in PCMag's testing - he also has the insight that I will never have after all.

 

Tend to agree with the majority posting on here that do not appear to "rely" on their AV..

Essentially, software is either downloaded intentionally (you want it) or unintentionally (trying to get onto the machine unnoticed), although I accept that social engineering tricks etc can blur that black and white perspective:

1) If an intentional download - an AV can help (whether resident and / or on-demand, cloud, or online checker like Virus Total etc), and to which one can add and / or substitute common sense, download from trusted sites, google for reputation or problems, etc, etc.

2) If an unintentional download - the AV "start with a blacklist" concept is always a more "reactive" process; and to which
a) securing the front line troops (ie the browser, OS and other software that is going to be facing the attacker first head on); combined with
b) one or more of the white list / sandbox / isolation / HIPS approaches etc - whatever your preferred flavours - to block or contain whatever a) misses;
should in theory always be far more effective.

I have been interested to see AV suppliers increasingly making the perfectly rational argument, essentially responding - to the usual posts from those who have been infected asking "why did the AV not stop it" etc - that no one should always be relying simply on their AV, but should be using the AV as part of a more structured approach.. and which is pretty much what most of you guys recommend to people who come on here looking for help..

Also agree with those of you who suggest AV's will continue to morph into these other areas, particularly given the significant revenue streams they will want to protect.

Peter

 

Ever thought it's just not possible doing the other way around? It's just not possible to deliver 100% detection and also provide 100% protection for anything that might come tommorow or after 7 days.

 

Wrong!

I ran with only an antivirus and Windows firewall for 2-years,never had any issues.

 

Ofc - habits and common sense plays a BIG role. At least that's what comes to my mind when you're writing this.