actually you all had it wrong about WMF-Exploit

Discussion in 'other anti-virus software' started by Kurva, Jan 26, 2006.

Thread Status:
Not open for further replies.
  1. Kurva

    Kurva Guest

    Yeah AntiVirus OneCare from Microsoft detected WMF-Exploit before all other AV...

    OneCare users, you’re safe
    Tuesday, January 3rd, 2006
    In an earlier post, I reprinted a list of which antivirus programs had been successful at blocking the WMF exploit early. (By now, of course, almost everyone has caught up.) One name that was noticeably absent from both lists was the beta release of Microsoft’s Windows OneCare Live, which I’ve been using for a couple months now.


    Read for more info http://www.edbott.com/weblog/?cat=2&paged=2
     
  2. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Re: actually you all hade wrong about WMF-Exploit

    Can you read me where it states that it detected it before the others, when facts and this page itself states that it detected it after the others?
     
  3. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Re: actually you all hade wrong about WMF-Exploit

    Little wonder, probably Microsoft was aware of the exploit months before it got used by malware. Interesting that they choose to update their security product instead of releasing a patch for Windows itself.

    Well, after all it doesn't surprise me not a bit.
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Re: actually you all hade wrong about WMF-Exploit

    Exactly! Some antivirus programs already detected it via heuristics soon as that overhyped joke of a typical media frenzy was announced.
     
  5. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Actually, MS isn't saying that its product actually already detected the exploit itself, but the "known malware" it could leave on the system:

    It's a distinction with a difference. Think of the exploit as a "dropper," it's malware that serves as a vehicle for getting into a system and delivers a payload of another malware which itself can be zapped if your AV/AT already protects against the malware that was dropped.

    So all MS said is that its product protected against "known malware" not necessarily the exploit itself which was being modified fairly rapidly once word got out and people started to analyze it.

    Not saying that One Care wasn't updating to detect the exploit and keep up with variants. I simply don't know one way or the other how quick they were to do that. But detecting the previously known malware delivered by a new exploit is not the same as detecting the new exploit itself.
     
Loading...
Thread Status:
Not open for further replies.