How important is a good unpacker in a antivirus?

Discussion in 'polls' started by Pollmaster, Nov 14, 2004.

?

Is the ability to unpack archives important for you in a antivirus scanner?

  1. Yes, very important

    23.8%
  2. Yes, quite important

    47.6%
  3. It's nice to have, but not very important

    9.5%
  4. I rather the antivirus vendors focus on other areas

    14.3%
  5. I don't know

    4.8%
Thread Status:
Not open for further replies.
  1. Pollmaster

    Pollmaster Guest

    How important is a good unpacker in a antivirus?

    I have learnt that KAV probably handles the most number of archives and packers and AVG handles very little.

    A antivirus weak in this area, will not be able to pick up malware if it's packed suitably.

    On the other hand, it's nearly impossible to handle all possible packers and the more you add, the slower the scanner gets? In any case, once the file executes, the onaccess scanner will get it anyway, so why worry?

    What do you think?
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I will take a little hit in performance for the extra protection of a good unpacker.

    bigc
     
  3. dog

    dog Guest

    I agree ... BigC

    *puppy*
     
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    My scanner is not the only security measure. I tend to avoid security risks by avoiding unhealthy software, unhealthy sites.
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Viruses are rarely packed so an "antivirus" doesn't need an unpacker

    BUT the majority of malware today are not traditional viruses but trojans and worms and gradually the AV's are moving away fom just virus detection to include all the other forms of malware

    Most trojans are packed in order to hide themselves from detection

    KAV is more than an antivirus as it detects a lot of Trojans and spyware/adware as well and blocks them, that is where the unpack engine comes in

    One of the best unpack engoines anywhere is the one in adaware, that is why many antiviruses pop up warnings when adaware scans because adaware has unpacked it so the antivirus can see the malware
     
  6. Pollmaster

    Pollmaster Guest

    So you would choose otherwise if I the poll was changed to anti-trojan? But even then, people would argue the same, that only a true memory scanner (whatever that is) would give you 100% protection right?

    That is interesting, I did not know this. Could you supply more details? A thread here in http://www.clanspace.com/forum/remark,9767517~mode=flatseems to contradict this.

    As things changed since then?
     
    Last edited by a moderator: Nov 15, 2004
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Me too... ;)
     
  8. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    I always thought that a packed virus could do no harm, and an unpacked one would get detected... Am i mistaken? :(
     
  9. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    NO13 P.M sent to you


    cheers.
     
  10. freeloadin

    freeloadin Guest

    Hi, wife does mine, but, she washe her hands first, not one virus all this time!
     
  11. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    then she must have some nice unpackers freeloadin :D
     
Loading...
Thread Status:
Not open for further replies.