AV and malware

Discussion in 'other anti-virus software' started by cfp999, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. cfp999

    cfp999 Registered Member

    Joined:
    Jul 12, 2002
    Posts:
    36
    What is the status on AVs ability to detect and remove "malware". By malware I mean stuff that executes various tasks like downloading icons, dialers, installing dlls, redirecting IE pages etc. I recently got infected with at least 2 variants of CoolWebSearch (About:blank, CWS.NS3) and a couple of trojans. HiJackThis, CWShredder and so forth didnt do any good. Neither did SpySweeper / Ad-Aware. Norton AV was able to take out the trojans, but the CWS problem remained. Out of desperation I installed trials of various AVs. The only one that was able to remove CWS completely was PC-cillin Internet Security 2005.
     
  2. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Although all AV vendors are increasingly taking a more generic approach towards malware, that is attempting to deal with anything a consumer would classify as malware versus, for example, an application that handles pure viruses, this takes time to achieve and the landscape is very rapidly changing.

    A good way to look at the malware coverage scene in general is to note the situation with spyware in which the best single coverage handled something like 63% of the test challenge, while adding a second layer raised that to ~ 70% (these results are likely already outdated). The direct link is here.

    Clearly there is a substantial duplication of coverage in this example, but at any given point in time a layered solution does provide an incremental increase in coverage - the key is getting a sense of the point of diminishing returns and not heaping duplicate solutions on top of one another. What is seen with spyware is generally applicable to the malware scene as a whole

    For the case here, I'd say that looking at a pure AV solution is probably not the most effective approach, although KAV 5.0 with maxed out setting will probably be very close. I'd augment a decent AV with a dedicated AT. TDS3, BOClean, TrojanHunter, Ewido, and a² are all viable options. Right now I use BOClean as my realtime AT coverage and I know that handles CWS.NS3, with TDS3 as my on-demand backup.

    Blue
     
  3. cfp999

    cfp999 Registered Member

    Joined:
    Jul 12, 2002
    Posts:
    36
    Thanks for your answer. Basically I need to add some kind of anti-malware on top of my antivirus I recon.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Indeed, for security setups you may want to take a look HERE. As well there are discussions HERE and even more HERE.

    Hope this helps...

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.