AV and malware

Discussion in 'other anti-virus software' started by cfp999, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. cfp999

    cfp999 Registered Member

    Joined:
    Jul 12, 2002
    Posts:
    36
    What is the status on AVs ability to detect and remove "malware". By malware I mean stuff that executes various tasks like downloading icons, dialers, installing dlls, redirecting IE pages etc. I recently got infected with at least 2 variants of CoolWebSearch (About:blank, CWS.NS3) and a couple of trojans. HiJackThis, CWShredder and so forth didnt do any good. Neither did SpySweeper / Ad-Aware. Norton AV was able to take out the trojans, but the CWS problem remained. Out of desperation I installed trials of various AVs. The only one that was able to remove CWS completely was PC-cillin Internet Security 2005.
     
  2. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Although all AV vendors are increasingly taking a more generic approach towards malware, that is attempting to deal with anything a consumer would classify as malware versus, for example, an application that handles pure viruses, this takes time to achieve and the landscape is very rapidly changing.

    A good way to look at the malware coverage scene in general is to note the situation with spyware in which the best single coverage handled something like 63% of the test challenge, while adding a second layer raised that to ~ 70% (these results are likely already outdated). The direct link is here.

    Clearly there is a substantial duplication of coverage in this example, but at any given point in time a layered solution does provide an incremental increase in coverage - the key is getting a sense of the point of diminishing returns and not heaping duplicate solutions on top of one another. What is seen with spyware is generally applicable to the malware scene as a whole

    For the case here, I'd say that looking at a pure AV solution is probably not the most effective approach, although KAV 5.0 with maxed out setting will probably be very close. I'd augment a decent AV with a dedicated AT. TDS3, BOClean, TrojanHunter, Ewido, and a² are all viable options. Right now I use BOClean as my realtime AT coverage and I know that handles CWS.NS3, with TDS3 as my on-demand backup.

    Blue
     
  3. cfp999

    cfp999 Registered Member

    Joined:
    Jul 12, 2002
    Posts:
    36
    Thanks for your answer. Basically I need to add some kind of anti-malware on top of my antivirus I recon.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Indeed, for security setups you may want to take a look HERE. As well there are discussions HERE and even more HERE.

    Hope this helps...

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.