AV Isn't Dead, It Just Can't Keep Up

Discussion in 'other anti-virus software' started by Rasheed187, May 28, 2014.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
  2. Charyb

    Charyb Registered Member

    Joined:
    Jan 16, 2013
    Posts:
    552
    Isn't VirusTotal signature detection only? None of the files were actually executed, right?
     
  3. Alikhan

    Alikhan Registered Member

    Joined:
    May 25, 2014
    Posts:
    16
    Correct.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Can you both explain what you´re trying to say? Would it have made any difference? :)
     
    Last edited: May 28, 2014
  5. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    977
    Location:
    Paris
    The one thing that they never say is that for all the "hundreds of thousands of pieces of malware" they tested, almost all will be slightly different variants of the same classes (Fake AV's, Ransomware, injectors, keyloggers, etc). If a security product can catch the mechanism of infection (preventing a hook for a keylogger, detecting the payload for Ransomware, stopping injections, stopping autostarting), it doesn't really matter if the parent malware file is detected or not.

    As an analogy consider a disease like malaria. A mosquito carries a virus that causes the disease. To eradicate malaria you can either kill every mosquito on earth (not realistic) or else develop a vaccine that prevents the virus from causing the disease. A definition only AV tries to kill all the malware in the world (not realistic); a good anti-malware Proactive routine attempts to stop malware from infecting the system (like a vaccine preventing changes from the virus).

    In short, the the test in the OP just says that they haven't killed off all the mosquitoes in the world (who really cares?).
     
  6. Gein

    Gein Registered Member

    Joined:
    Dec 8, 2013
    Posts:
    76
    That's always what webroot has been saying, hasn't it? That how a product responds when an unknown piece of malware gets hold of a system is just as important as static file detection.
     
  7. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yes it would.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    OK so you´re all saying it´s a flawed test? :)

    Perhaps I´m being a bit too negative, but to me the results are not surprising. I haven´t used an AV for years.
    Yes they can catch a lot, but they also miss a lot. I would never rely on only one (or two) anti malware engines.
     
    Last edited: May 30, 2014
Loading...
Thread Status:
Not open for further replies.