How important is a good unpacker in a antivirus?

Discussion in 'polls' started by Pollmaster, Nov 14, 2004.

?

Is the ability to unpack archives important for you in a antivirus scanner?

  1. Yes, very important

    5 vote(s)
    23.8%

  2. Yes, quite important

    10 vote(s)
    47.6%

  3. It's nice to have, but not very important

    2 vote(s)
    9.5%

  4. I rather the antivirus vendors focus on other areas

    3 vote(s)
    14.3%

  5. I don't know

    1 vote(s)
    4.8%
Thread Status:
Not open for further replies.
  1. Pollmaster

    Pollmaster Guest

    How important is a good unpacker in a antivirus?

    I have learnt that KAV probably handles the most number of archives and packers and AVG handles very little.

    A antivirus weak in this area, will not be able to pick up malware if it's packed suitably.

    On the other hand, it's nearly impossible to handle all possible packers and the more you add, the slower the scanner gets? In any case, once the file executes, the onaccess scanner will get it anyway, so why worry?

    What do you think?
     
    Pollmaster, Nov 14, 2004
    #1
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    I will take a little hit in performance for the extra protection of a good unpacker.

    bigc
     
    bigc73542, Nov 14, 2004
    #2
  3. dog

    dog Guest

    I agree ... BigC

    *puppy*
     
    dog, Nov 14, 2004
    #3
  4. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    My scanner is not the only security measure. I tend to avoid security risks by avoiding unhealthy software, unhealthy sites.
     
    meneer, Nov 15, 2004
    #4
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Viruses are rarely packed so an "antivirus" doesn't need an unpacker

    BUT the majority of malware today are not traditional viruses but trojans and worms and gradually the AV's are moving away fom just virus detection to include all the other forms of malware

    Most trojans are packed in order to hide themselves from detection

    KAV is more than an antivirus as it detects a lot of Trojans and spyware/adware as well and blocks them, that is where the unpack engine comes in

    One of the best unpack engoines anywhere is the one in adaware, that is why many antiviruses pop up warnings when adaware scans because adaware has unpacked it so the antivirus can see the malware
     
    dvk01, Nov 15, 2004
    #5
  6. Pollmaster

    Pollmaster Guest

    So you would choose otherwise if I the poll was changed to anti-trojan? But even then, people would argue the same, that only a true memory scanner (whatever that is) would give you 100% protection right?

    That is interesting, I did not know this. Could you supply more details? A thread here in http://www.clanspace.com/forum/remark,9767517~mode=flatseems to contradict this.

    As things changed since then?
     
    Last edited by a moderator: Nov 15, 2004
    Pollmaster, Nov 15, 2004
    #6
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    Me too... ;)
     
    rdsu, Nov 15, 2004
    #7
  8. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
    I always thought that a packed virus could do no harm, and an unpacked one would get detected... Am i mistaken? :(
     
    no13, Nov 15, 2004
    #8
  9. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    NO13 P.M sent to you


    cheers.
     
    Infinity, Nov 15, 2004
    #9
  10. freeloadin

    freeloadin Guest

    Hi, wife does mine, but, she washe her hands first, not one virus all this time!
     
    freeloadin, Nov 15, 2004
    #10
  11. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    then she must have some nice unpackers freeloadin :D
     
    Infinity, Nov 15, 2004
    #11
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...