How WSA can detection keep up with latest malware mutation?

Discussion in 'Prevx Releases' started by apm, Jan 12, 2013.

Thread Status:
Not open for further replies.
  1. apm

    apm Registered Member

    Joined:
    Mar 15, 2006
    Posts:
    164
    It looks like WSA just use MD5 as signature for detection, how can its detection keep up with latest malware that can easily modify little to change the MD5?
    Other AVs use generic signature, but MD5 is unique, that means WSA need thousands of MD5 signature for just one malware variant, this is not so efficient. o_O
     
    apm, Jan 12, 2013
    #1
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,275
    Location:
    Ontario, Canada
    Better than the others IMO:
    Also look at this Article http://www.webroot.com/En_US/business/resources/WSAEP_DS_Win.html

    TH
     
    Triple Helix, Jan 12, 2013
    #2
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It uses MD5 just for the scan log, not for detection. It uses a vast amount of information instead of the MD5 for actual detection.
     
    PrevxHelp, Jan 12, 2013
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...