How WSA can detection keep up with latest malware mutation?

Discussion in 'Prevx Releases' started by apm, Jan 12, 2013.

Thread Status:
Not open for further replies.
  1. apm

    apm Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    162
    It looks like WSA just use MD5 as signature for detection, how can its detection keep up with latest malware that can easily modify little to change the MD5?
    Other AVs use generic signature, but MD5 is unique, that means WSA need thousands of MD5 signature for just one malware variant, this is not so efficient. o_O
     
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Better than the others IMO:
    Also look at this Article http://www.webroot.com/En_US/business/resources/WSAEP_DS_Win.html

    TH
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It uses MD5 just for the scan log, not for detection. It uses a vast amount of information instead of the MD5 for actual detection.
     
Thread Status:
Not open for further replies.