Rutkowska: Anti-virus Software Is Ineffective

Discussion in 'other anti-virus software' started by ronjor, Oct 26, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Article
     
  2. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Thanks Ron. Very enlightening/frightening article by one of the true geniuses among the "good guys."

    I have been reading about Joanna Rutkowska & her "proof of concept" masterworks for several weeks. I had pictured her as a little old lady in combat boots with a severe bun of gray hair at the nape of her neck, with protruding front teeth, and eyeglasses like the bottom of a Coke bottle. You know -- the standard M1-A1 genius lady. But it turns out (based on her photo) that she's a very lovely young woman. Wow!
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006

    LMAO.
     
  4. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Just read the article. This is kind of frightening if we look at the future development of Malware (Typ III).
     
  5. dw2108

    dw2108 Registered Member

    Joined:
    Jan 24, 2006
    Posts:
    480
    Although the proof-theoretic, typed, combinatory logic of polymophisms and coersions has been with us for years, I find it hard to believe that many could put such ideas to "practical" use as per malware. Nearly all malware "authors" are idiots who could not work with such notions. If there be one malware "author," with sufficient mental prowess as to implement these notions, then he would be wise enough to STEAL the notions rather than master them!

    Dave
     
  6. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Thanks for the article, Ronjor ;)
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    You are quite welcome.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Of course she does have a point but I still think an AV/AT/AS is still an important tool that might save your ass, combined with a HIPS of course. :rolleyes:

    I do have to admit that currently I´m not using an AV, and when I´m installing a new app I first run them in Sandboxie to see how they act. This is of course not the best method to discover malicious behavior. However at the moment I have a lot of confidence in my HIPS, so even if I might be running a virus I´m sure that the malicious behaviour will be blocked.
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    which HIPS are you using.
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I find AVs perfectly capable of what they're meant for. At least for my degree of knowledge where i keep my system clean on my own, AV is just a second line of defense.
     
  11. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Point One: I really cannot understand why people stating such things. Every AV company might have a different type of customer fields. There are also customers which do not like to get interrupted during work. They simply don't want to answer popups "Are you sure you want to allow this program?". Point!
    They just expect that something runs in the background without any needed user action. I mean just imagine a big company and everyone is running to the system administrator asking if he/she should grand permission for program "X". The guys running bersek there soon. There's no doubt if HIPS is useful or not, but to be useful it has to match certain requirments. History proves that users are even clueless when a virus scanner says "This is a Trojan and needs to be deleted." Half of the users contacting the support and asking for help. (Remember: They just have to press the delete button - contacting the support because the av cannot disinfect/delete something is however another issue)

    You guys should keep in mind that only a minor number of users knows about security forums and would be willing to spend their time there asking for help.
    For a lot of users the computer is just a tool. They don't blow a kiss to it when shutting it down and going to bed. They might not even clean the keyboard :D And now comes the most important fact: It doesn't make any sense to try to educate those people since they simply don't want it. They just want to use the computer.

    When u drive a car that doesn't mean automatically you have to be a mechanic. You know basic things (eg. the petrol control flashes, the inspection lights up etc) but most of the drivers wouldn't know how to rate a special engine sound. They drive into a garrage to get help and to let others do the work. Same as for AV programs - you should not interrupt users with things if possible. If you ask the common user he will tell you first "Oh since i installed it never had any problem with it". That means the same as "It never bugged me". As long as it detectes things and does it's job that is the perfect av solution then.
     
  12. marcromero

    marcromero Guest

    I don't think the current age of antivirus solutions has come and gone yet and they are still relevant to the everyday user, like Inspector Clouseau said, if it runs in the background and does it's thing without bothering the user, that's the perfect antivirus solution. This is what I like also, in an antivirus solution, perfomance and protection, without interruption while I work. Atleast for me, an antivirus is still relevant, but this could change tomorrow.
     
  13. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    no more no less...
     
  14. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    Inspector makes a valid point about the criteria of AV's.

    More than half of my friends and relatives have no clue about them. I prefer to drive a car to enjoy the views and the breeze. Same thing goes for browsing the internet. Let the engines and the experts take care of the bone.

    Sometimes the approach of effective antivirus is the useability issue. Ever notice the tray icon menu of the F-PROT beta - Update, Scan, and Open. Very simple and not clottered like others. Very nice approach in dealing with those who have no clue. All you have to tell them is click the update and next click scan. Simple. Don't waste or spend too much time trying to click or dissect your av. Do more things enjoyable with your computer and internet. :)

    Honestly, I spend too much time here reading about various av's when I have one that's running in the background. There are many tempting baits or should I say loose baits. Stick to one and keep it.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I always like install and forget type of applications. That,s really nice. It,s a painful fact that so many top tier security appliances are not user friendly at all.
    I wonder why they don,t put them infront of idiot users before putting them in market, so that they can know whether it is user friendly or not.
     
  16. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Absolute truth Inspector. But for me and the most here it's a concern.

    "Nearly all malware "authors" are idiots who could not work with such notions." I don't know the statistics, but enough of them understand and more. They are the ones that already knew of this. That's how i think. And these days, not only lone hackers do this, but groups. Exploiting weaknesses to make money. Steal credit card numbers, etc. Bet your ass they are sofisticated!

    We only know the malware that was caught
     
  17. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    Its not the idiots that you should be worrying about.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I will not tell because I´m afraid you will hack me. No just kidding, I´m using SSM and Neoava Guard, I believe they protect against the most dangerous stuff.

    On topic: I can understand why Rutkowska is a bit disappointment with the current state of AV technology (signature + heuristics) I mean the first time I saw AV´s missing stuff on my system I was a bit shocked. And now it´s obvious to me that no AV will recognize 100 % of all malware. But I still think a realtime AV/AT/AS is important, it´s like getting a first opinion and my HIPS is the second opinion, that´s how I see it. :)
     
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Voila, that woman could be my sister. :)
     
Loading...
Thread Status:
Not open for further replies.