what is the use of good heuristics engine?

Discussion in 'other anti-virus software' started by pravbk, Aug 15, 2007.

Thread Status:
Not open for further replies.
  1. pravbk

    pravbk Registered Member

    Joined:
    May 28, 2007
    Posts:
    54
    I am slowly started to hate this so called better heuristics engine of avs.
    last week i got 2 malware(both r zero day threats according to AVs) which were not detected by avira which i have installed on pc. that was not enough, when i submitted them to virus total nod32 also detected nothing.
    I think every AV vendors have to make quick updates of their AVs. cause only bitdefender detected both when scanned thru virusTotal.and when i submitted them to AV vendors kaspersky was the first to respond both times.
    avira took 1 day to respond and eset didnt responded.so that means after 2 hours of my submission to kaspersky, it is capable to detect those malware. but avira took one and half days to add them to database.anything can happen in those one and half days if the new malware is powerfull.
    So im much dissappointed with so called good heuristics engine or somthing like that.
    I think its better for Every AVs to head to the kaspersky or bitdefender's way(i mean quick updates).
     
  2. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Some malware authors obviously "optimize" their "products" before they release them - they try around until no av program detects the malware anymore. There is nothing you can do against it, you can bypass every detection method. Luckily, it's not so easy to bypass all the av programs, so most of the new malware is still caught by heuristics or generic detection.

    Even with all those av companies adding HIPS protection, I think it won't be long until the malware authors start to adjust to those aswell. It takes even more work for them - but they get paid for it so we will have to expect it.

    It pretty much boils down to the simple fact: who got more manpower to react faster?
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Greets.

    They already DO! A very recent HIPS tests by a memebr of this forum exposes a weakness/loophole in some HIPS that fail to hold their seats in the SSDT Table (hooks), and that malware easily Unhooks those HIPS behavior detection drivers and some can simply replace those hooks with their own in order to safely seat themselves while that particular intruder then takes over as the system's enforcer for whatever operation they intend to carry out, (keylog)(destruction) etc. Effectively wresting control of the user's system for it's own designed purpose.

    Interesting & Timely Topic.
     
  4. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Hmm, but SSDT restoring is known for so long - which products are affected by this?
     
  5. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
Loading...
Thread Status:
Not open for further replies.