Malware is Evading Detection

Discussion in 'other anti-virus software' started by Zyrtec, Aug 10, 2009.

Thread Status:
Not open for further replies.
  1. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Hi everybody,

    I came across with this article while browsing the web. It includes a link to the Virus Bulletin Reactive and Proactive [RAP] tests performed on major AVs programs from February-August, 2009.

    http://www.pcworld.com/businesscent...are_is_evading_detection_researchers_say.html


    I'm hopping no one posted this info. before but if they did, this thread can be merged with the original, if any.

    Kind regards,

    Carlos
     
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Well sure, it should be expected to be honest. The bad guys get smarter, the security companies play catch up. These kinds of stories, while meant well and informative, really only end up causing a scare and/or serving as an advertisement for the security companies mentioned. The number 1 security threat is the most difficult for security software vendors to deal with, social engineering. As long as you have some nosy human pointing and clicking merrily while jamming to their favorite tune, no matter what kind of hardcore defense you have set up on the system, the sh**s gonna hit the fan.

    Unlike viruses and malware samples, you can't detect, deny, and delete a stupid person.
     
  3. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Now new viruses update so fast.As for AV companies,it is hard to detect.Maybe a AV with HIPS conponent will become a trend.

    RAP test is very good and foreseeability.
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    The other thing to note is if you find a piece of malware that you know for sure is malware and isn't detected, submit it and then those using that AV/AM of choice will be protected from it.

    Yes, it's a cat and mouse game, and always will be.
     
  5. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Another observation concerns the development of cloud-based anti-virus solutions (e.g., Norton Internet Security 2010) that assume an executable is questionable, unless it has earned the designation of “trustworthy” through an analysis of its reputation. While no one approach is “bullet-proof,” this technique should make the authoring and distribution of successful malware considerably more difficult.
     
  6. tipstir

    tipstir Registered Member

    Joined:
    Jun 9, 2008
    Posts:
    830
    Location:
    SFL, USA
  7. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Cloud-based introduces an entirely different security issue though. I will agree that, if it's secured and done right, this "whitelisting" approach is much better than the old way of AV apps checking their blacklists.
     
  8. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Here is some positive enlightening feedback regarding some of the security issues while utilizing Cloud Technology:

    https://www.wilderssecurity.com/showpost.php?p=1513192&postcount=60


    HKEY1952
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    so do guys mean that in the cloud online protection is better/stronger than conventional/traditional signiture base antiviruses?thanks
     
  10. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    The use of in-the-cloud reputation ratings is similar to (but distinct from) the traditional blacklisting and whitelisting techniques. For an informative mini-presentation on the subject, please see the video found at The New Model of Consumer Protection: Quorum.
     
  11. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Cloud technology has to be better. Why do you think more and more are going to it. AV vendors are on their last dying breath with true detection rates of 80 -90 percent in real life. Forget the BS of 98 percent. This is one new way that will help them to up their rates and compete again.It doesnt matter if you like it or not, but in reality after heuristics were created, this is the only new way of detection on the market to assist them.
     
    Last edited: Aug 10, 2009
  13. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Why do I think more and more are going to it? Because people are buying into its claims of better security and vendors see the $ sign in front of their eyeballs, that's why. Cloud tech does not HAVE to be better for people to jump onboard, it HAS to be easier and cheaper for the masses. The masses don't give a crap that their data and security is now at the mercy of whatever security the servers have in place and whatever terms the companies legal departments cook up, they just want something they don't have to screw with and be responsible for, and the cloud companies want to save some cash.

    P.S, whoever thinks this stuff is going to lead to 100% detection needs to get their head out of the clouds, let alone their computers.
     
  14. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Behavioral analysis,I think,is a trend of the future.Only depends on whitelist and digital signature,it is not enough.Because they both can be made by virus.
     
  15. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    I have read the 5 Tips from Hackers on Cloud Computing.....
    All of that BS is also found in all of the End User License Agreements of all current software, only difference, each company words it differently.
    Now why would Hackers publish something like that.....perhaps to hack your thinking and reasoning of the benefits of Cloud Technology toward an negative way.
    Why would Hackers want to hack your thinking and reasoning of Cloud Technology toward an negative way.....perhaps because they realize they are on the road of defeat.
    Hackers (crackers) will always be around, now that the road ahead is more challenging, why not get an head start on things and negatively hack your thinking about Cloud Technology.
    Besides, anything I read on PCWorld or PCMag makes me vomit afterwards because of its unethical journalism.


    HKEY1952
     
  16. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Let me counter-question you: Why would hackers try to talk you out of using a cloud based service that stores every last bit of user information in one spot instead of having to resort to drive-by downloads, social engineering, and all these other tools, while also trying to break past individual home user security setups to do the job in the first place, in the hopes of catching as many users as they possibly can?

    Wouldn't you, as a hacker, rather tackle one spot instead of trying to gain control of hundreds or thousands of individual systems? People are so caught up in the "new waves of the future" sometimes that they fail to look deeper into the possible problems and whether those problems are worse than the problems these "new waves" are trying to address. Do you realize the consequences of a slip-up in security by a major cloud-based service and the kind of damage that could be done if not only home users but huge corporations jump on board?

    I don't think you really understand how the hacker community works, they don't come out and publicly try to dissuade people from using the "best security", they quietly work behind the scenes trying to break things before they ever get released. As far as "unethical reporting", that's opinion. Biased, possibly, unethical, as in doing things no other big media organization would do in normal business operations, start providing the proof please.
     
  17. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    All security vendors store user information in one place.
    All security venders have made slip-ups in security by for example downloading an bad definition to the client that caused shutdowns of servers.
    Your Post has no foundation.


    HKEY1952
     
  18. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Wow, you didn't understand a word of my post, and evidently you aren't too clued in to what is wanting to be done with cloud-based services. You do realize this cloud-based service is WAY more than just an idea to replace antivirus/antimalware software, don't you? We're talking about information storage here also, not just a security deal. If you DO know what these services are going to be doing, then you should know that there is FAR more danger here than just "downloading a bad definition and causing a server outage".
     
  19. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Well, since I do not understand, then please explain it to me, elaborate please, so that we all can have this intellectual knowledge, and start providing the proof please.


    HKEY1952
     
  20. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Of course, HKEY. You see, the cloud-based idea was also created with storage in mind. By storage, I mean the data that would normally be stored on-site for, let's say a large corporation or even a small business, could be stored off-site too. Think of it as a much bigger version of the online backup services that are widely available for home users. However, instead of using this type of service as backup, there's talk of using it for everyday storage in place of expensive to buy and maintain on-site servers.

    I know that sounds a little ludicrous, but that's what some are suggesting these cloud services be used for. By using off-site storage, you cut out some costs, and we all know businesses like doing that. You can also cut down on staff, after all, you don't need a lot of IT guys getting paid to roll out security updates, you don't need a lot of in-house security apps that you pay high prices for and then of course pay IT guys to roll out, configure, update, and troubleshoot.

    As far as the security aspect of it all, again, I bring back my point of hackers having it MUCH easier to break into these "server farms" and have a sort of "one stop shopping" experience, instead of relying on malware, viruses, and keyloggers to be let in onto individual systems by a hapless user or a poorly configured security setup. Let me put it to you this way, why rob a ton of banks when you can get into Fort Knox?

    THAT is why this whole cloud computing thing bothers me. It will be relying on too few to properly maintain and secure vital and personal information. I hope I've made a bit more sense now.

    SSJ, while you're right that if you want to "theoretically" get the best protection, you may not be able to argue that HIPS and such are needed. But, the big problem is these programs are still far too cryptic for your "average user". They are more likely to get themselves in a deeper pile of the brown stuff by answering prompts wrong or making terrible configurations, than actually being saved by these programs. Now, I know that sounds a bit off-topic, but it's not when you consider that users having problems with security setups is one of the other reasons this whole cloud computing thing got started.

    So now, with cloud computing in regards to security, users can go back to being their lazy, un-attentive selves and let these cloud companies do the work, sleeping soundly at night with the "assurance" their data is safe and sound behind the "impregnable" defenses of huge, multi-million/billion dollar server farms of big, "trustworthy" names like Google (God, the Google thought alone makes me shiver)....problem is, they're truly dreaming. It may take some time before it happens, I'll concede to that. But, when that day comes, when one of these big server farms are undergoing a DoS or DDoS attack or have just plain been penetrated, boy is there ever going to be trouble in this new so-called "paradise".
     
    Last edited: Aug 11, 2009
  21. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Back to the topic at hand, Malware is Evading Detection. Of course it is. There is no single solution that is 100% effective. Even using combinations of products are not 100% effective, particularly with click happy users and that is the real root of the problem.
     
  22. stanmonday

    stanmonday Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    8
    The best thing we can do is use an anti-malware software with a high detection rate and other features like firewall, atispam, anti-phishing, etc. my solution is bitdefender internet security
     
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,032
    Location:
    Hengelo, The Netherlands
    That is why Hitman Pro 3.5 combines products from 7 different vendors (G Data 2010 with BitDefender and Avast!, NOD32 4.0, Avira, Prevx and a-squared) to achieve the highest detection rate. Hitman Pro uses cloud computing so these scanners are not installed on the PC.
     
  24. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    What is proactive detection?
    Do they run the malware on the machine? Or the just scan it with old signature? Big difference between the two methods... Only with the first you are able to test HIPS, Clouds, sandbox, etc protection.

    Thanks,
    Fax
     
    Last edited: Aug 11, 2009
  25. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    im guessing its running the malware and seeing if the AV detects it using whatever methods the AV has other than pure sigs and heur. its like the tests AV-C has with retrospective and w/e the other one was.
     
Loading...
Thread Status:
Not open for further replies.