How important is a good unpacker in a antivirus?

Discussion in 'polls' started by Pollmaster, Nov 14, 2004.

?

Is the ability to unpack archives important for you in a antivirus scanner?

  1. Yes, very important

    5 vote(s)
    23.8%

  2. Yes, quite important

    10 vote(s)
    47.6%

  3. It's nice to have, but not very important

    2 vote(s)
    9.5%

  4. I rather the antivirus vendors focus on other areas

    3 vote(s)
    14.3%

  5. I don't know

    1 vote(s)
    4.8%
Thread Status:
Not open for further replies.
  1. Pollmaster

    Pollmaster Guest

    How important is a good unpacker in a antivirus?

    I have learnt that KAV probably handles the most number of archives and packers and AVG handles very little.

    A antivirus weak in this area, will not be able to pick up malware if it's packed suitably.

    On the other hand, it's nearly impossible to handle all possible packers and the more you add, the slower the scanner gets? In any case, once the file executes, the onaccess scanner will get it anyway, so why worry?

    What do you think?
     
    Pollmaster, Nov 14, 2004
    #1
  2. bigc73542

    bigc73542 Retired Moderator

    I will take a little hit in performance for the extra protection of a good unpacker.

    bigc
     
    bigc73542, Nov 14, 2004
    #2
  3. dog

    dog Guest

    I agree ... BigC

    *puppy*
     
    dog, Nov 14, 2004
    #3
  4. meneer

    meneer Registered Member

    My scanner is not the only security measure. I tend to avoid security risks by avoiding unhealthy software, unhealthy sites.
     
    meneer, Nov 15, 2004
    #4
  5. dvk01

    dvk01 Global Moderator

    Viruses are rarely packed so an "antivirus" doesn't need an unpacker

    BUT the majority of malware today are not traditional viruses but trojans and worms and gradually the AV's are moving away fom just virus detection to include all the other forms of malware

    Most trojans are packed in order to hide themselves from detection

    KAV is more than an antivirus as it detects a lot of Trojans and spyware/adware as well and blocks them, that is where the unpack engine comes in

    One of the best unpack engoines anywhere is the one in adaware, that is why many antiviruses pop up warnings when adaware scans because adaware has unpacked it so the antivirus can see the malware
     
    dvk01, Nov 15, 2004
    #5
  6. Pollmaster

    Pollmaster Guest

    So you would choose otherwise if I the poll was changed to anti-trojan? But even then, people would argue the same, that only a true memory scanner (whatever that is) would give you 100% protection right?

    That is interesting, I did not know this. Could you supply more details? A thread here in http://www.clanspace.com/forum/remark,9767517~mode=flatseems to contradict this.

    As things changed since then?
     
    Last edited by a moderator: Nov 15, 2004
    Pollmaster, Nov 15, 2004
    #6
  7. rdsu

    rdsu Registered Member

    Me too... ;)
     
    rdsu, Nov 15, 2004
    #7
  8. no13

    no13 Retired Major Resident Nutcase

    I always thought that a packed virus could do no harm, and an unpacked one would get detected... Am i mistaken? :(
     
    no13, Nov 15, 2004
    #8
  9. Infinity

    Infinity Registered Member

    NO13 P.M sent to you


    cheers.
     
    Infinity, Nov 15, 2004
    #9
  10. freeloadin

    freeloadin Guest

    Hi, wife does mine, but, she washe her hands first, not one virus all this time!
     
    freeloadin, Nov 15, 2004
    #10
  11. Infinity

    Infinity Registered Member

    then she must have some nice unpackers freeloadin :D
     
    Infinity, Nov 15, 2004
    #11
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice