I don't see any company stopping it all
I'm not saying they should call it a day but anti-virus is mostly useless against the kind of attacks I've seen lately. It only gives the casual user a false sense of security. Tighten up the OS and use a great scanner. Wham! They still get nailed by social engineering attacks.
Major antivirus engines failing to detect malware
Summary
A dramatic rise in the number of e-mail viruses that slipped past major antivirus engines between late May and June was due to "aggressive" new variants of a number of Trojans, according to a new study.
Topics
Antivirus vendors are having trouble keeping up with e-mail viruses, according to a new security report.
Released Tuesday, the Commtouch Q2 2009 Internet Threats Trend Report noted a spike in the number of e-mail viruses that slipped past major antivirus engines between late May and June. The security vendor based its findings on the analysis of over 2 billion e-mail messages and Internet transactions daily in its cloud-based global detection centers.
The dramatic rise, said the Israel-headquartered security vendor, was due to "aggressive" new variants of a number of Trojans. Several outbreaks had a wide distribution, which caused malware numbers to increase exponentially from typically low quantities circulated via e-mail.
With every new malware variant, there is a window where antivirus companies recognize and implement dedicated new signatures to protect their customers, explained CommTouch. This method, however, proved inefficient with the massive growth, so security vendors resorted to generic signatures to block all variants of the same malware family, which have not been effective against the recent variants, it added.
"For the last year-and-a-half, antivirus engines effectively blocked many virus variants with generic signatures," Amir Lev, chief technology officer of Commtouch, said in a company statement. "In the second quarter, however, malware distributors introduced large quantities of new variants which are immune to these generic signatures, therefore causing sharp increases in undetected malware samples that were blocked by Commtouch."
Some of the top malware cited by CommTouch as undetected by major antivirus software, were Mal/WaledPak-A, Troj/Agent-KBE and Mal/WaledPak-A.
The report also noted a sharp rise in the number of newly activated zombie PCs or bots during the same period. For the second quarter, an average of 376,000 new bots were activated each day for malicious use.
Between April and June, Brazil had the biggest share of zombie machines, with a 17.5 percent share of global bot activity, said CommTouch.
Mac malware is also on the rise, according to the company. Last month, security researchers warned of two new attacks targeting OS X users.
Citing security software company ParetoLogic, CommTouch said in its report there was an increasing number of Mac Trojans in the wild, as malware writers expand their attack surface by including as many platforms and browsers as they can. This trend is expected to continue for the rest of the year, it added.
This article was originally posted on ZDNet Asia.
Just In
I remember at the start of the web era... 1995-96-ish where if there was a video in a web page, it launched in a separate player. Same deal for a document.
Now, everything is embedded in the browser itself, and it's a self-created security nightmare.
Javascript.. same deal. It has a place, but more often than not it's about enabling an ad of some kind.
Most of what constitutes a modern web page is all about enabling advertising, and the complexity that makes that possible is the biggest security problem on a PC today.
Now, everything is embedded in the browser itself, and it's a self-created security nightmare.
Javascript.. same deal. It has a place, but more often than not it's about enabling an ad of some kind.
Most of what constitutes a modern web page is all about enabling advertising, and the complexity that makes that possible is the biggest security problem on a PC today.
AV is not enough... Plain and simple. No vendor no
matter how big they are with vast resources or staff
and R&D funds, with large honey pots, or how small and
dynamic they are with updates, patches and removal
tools, can keep up with malicious virus authors.
We need better more secure browsers, better proactive
based protection leveraging IPS like technology,
Firewalls NEED to be enabled, and for christ's sakes,
stop being assigned the "Administrator," role.
Some AV vendors have gone down the route of a
whitelist, rather than a blacklist of bad apps. There
are 10x or more bad things than good things, so they
are moving towards community based feedback, weighted
scores, and allowing trusted apps. Think Cloud
security...
matter how big they are with vast resources or staff
and R&D funds, with large honey pots, or how small and
dynamic they are with updates, patches and removal
tools, can keep up with malicious virus authors.
We need better more secure browsers, better proactive
based protection leveraging IPS like technology,
Firewalls NEED to be enabled, and for christ's sakes,
stop being assigned the "Administrator," role.
Some AV vendors have gone down the route of a
whitelist, rather than a blacklist of bad apps. There
are 10x or more bad things than good things, so they
are moving towards community based feedback, weighted
scores, and allowing trusted apps. Think Cloud
security...
What happens when viruses use vulnerabilities inside of whitelisted applications to tunnel past your firewall and a/v? They already do it with IE and svchost frequently.
One needs a virus scanner with strong "heuristic" scanning which uses algorithms to detect malware "in the wild". Best one I know of is Nod32 from Eset.
Unlike definition based scanners you don't need to wait for the a/v company to analyse the virus before they can catch it. (and yes, keep those firewalls running)
One needs a virus scanner with strong "heuristic" scanning which uses algorithms to detect malware "in the wild". Best one I know of is Nod32 from Eset.
Unlike definition based scanners you don't need to wait for the a/v company to analyse the virus before they can catch it. (and yes, keep those firewalls running)
I recommend Threatfire for real-time behavior-based protection.
Will run with your regular AV application.
http://www.threatfire.com/download/
Will run with your regular AV application.
http://www.threatfire.com/download/
Most of us are smart enough to NOT go into an unknown dangerous looking neighborhood, but in the virtual web world nothing seems dangerous until it is too late.
Social engineering (like Bernie Madoff) can get even the most intelligent of us.
A secure, non-modifyable OS setup appears to be the simplest solution.
Social engineering (like Bernie Madoff) can get even the most intelligent of us.
A secure, non-modifyable OS setup appears to be the simplest solution.
I guess end users just need to learn to adjust their use of the software depending on the consumer reports results... just like with cars.
Just like predators in nature go for the sick, injured
or otherwise weak members of the herd. Malicious
computer users go for the weak, uninformed "average"
users. People need to be trained to recognize
malware. But it's no easy task and most people don't
want to commit the time. So, it's a self-perpetuating
system, and people want the quick fix with anti-virus
software that at-best only will catch 70% of the
malware. These people put their anti-virus software
to the test and quickly realize that it's often not up
to snuff.
Anti-virus software is like body armor. It protects
you most of the time, but it doesn't work against all
rounds. And they are always developing armor-piercing
rounds. So, the point is not to get hit.
But marketeers don't want to market their software as
bullet-resistant. They want to pretend like they're
selling you a tank when really it's at best some
kevlar. And those users that think their AV software
is a tank are usually the ones to run headstrong into
a firefight. Uninformed users...
or otherwise weak members of the herd. Malicious
computer users go for the weak, uninformed "average"
users. People need to be trained to recognize
malware. But it's no easy task and most people don't
want to commit the time. So, it's a self-perpetuating
system, and people want the quick fix with anti-virus
software that at-best only will catch 70% of the
malware. These people put their anti-virus software
to the test and quickly realize that it's often not up
to snuff.
Anti-virus software is like body armor. It protects
you most of the time, but it doesn't work against all
rounds. And they are always developing armor-piercing
rounds. So, the point is not to get hit.
But marketeers don't want to market their software as
bullet-resistant. They want to pretend like they're
selling you a tank when really it's at best some
kevlar. And those users that think their AV software
is a tank are usually the ones to run headstrong into
a firefight. Uninformed users...
Which ones failed at malware and which ones worked most often?
Which engines worked and which ones failed most often for Malware?
The headline of this blog indicates that
certain major antivirus engines failed to
detect malware.
Which ones?
Are you not telling us because either:
(a) they are advertisers, or,
(b) you don't know which ones?
certain major antivirus engines failed to
detect malware.
Which ones?
Are you not telling us because either:
(a) they are advertisers, or,
(b) you don't know which ones?
Onerous job not withstanding, AV engines have focused on viruses, not malware. No one has done a decent job keeping malware at bay.
Malwarebytes is the best malware remover on the market.
Malwarebytes is not great on viruses. I ran the free version of PC-Tools AFTER a client had used Malwarebytes and the machine was still infected. PC-Tools fixed it.
I had the opposite experience about 6 months ago, I had the purchased/registered version of PC-Tools and got some nasty malware that malwarebytes did find/remove.
I still had a root-kit infection that those 2, XSoftSpy, AdAware & SpyBot would not remove.
I was able eventually to manually remove it.
I use multiple products now.
I still had a root-kit infection that those 2, XSoftSpy, AdAware & SpyBot would not remove.
I was able eventually to manually remove it.
I use multiple products now.
McAfee caught Trojan Agent but let a second malware through.
Malwarebytes, itself a malware purveyor, unloaded a pack of Trojan redirect files onto my XP machine. Allume Internet Cleanup caught those and removed them. If Allume doesn't get a Vista/Windows compatible antispyware on the market soon, my Vista laptop will be overrun.
Malwarebytes, itself a malware purveyor, unloaded a pack of Trojan redirect files onto my XP machine. Allume Internet Cleanup caught those and removed them. If Allume doesn't get a Vista/Windows compatible antispyware on the market soon, my Vista laptop will be overrun.
As we all, or should know that not all Security tools will do it all.
Malwarebytes is only good for removing specific Malware and Trojans not every Virus known to man.
In my humble opinion Malwarebytes is one of the best malware removal tools to ever come along.
Malwarebytes is only good for removing specific Malware and Trojans not every Virus known to man.
In my humble opinion Malwarebytes is one of the best malware removal tools to ever come along.
1. Most Windows usees run with full local-admin rights; in Windows
PCs not managed by some central corporate entity, this approaches
100%.
2. Very few, if any, Windows malware attacks have a systemwide
effect unless the victim usee has admin rights.
3. Windows, until quite recently, has been essentially unusable
without local admin rights and without a central corporate entity for
management.
4. Users of non-Windows systems have far lower incidence of malware
attacks than do Windows usees, particularly those with local admin
rights.
5. While those non-Windows systems can be successfully
compromised at the application level through defects in proprietary
formats such as Flash and PDF, even in those instances, damage is
almost always easily contained and repaired.
6. In thirty years in this business, I have never observed a non-
Windows system which had to be reformatted and reinstalled from the
ground up due to a security-related failure.
7. By contrast, every Windows shop I have worked with for the last ten
years or so has routinely reformatted and reimaged Windows PCs on a
regular basis as a security measure, and more often when an infection
is confirmed or even suspected.
Conclusion? Windows is to computing-as-a-utility-service what a
pack a day of unfiltered cigarettes is to the health of a typical non-
exercising American; by itself it may not kill you, but it sure makes it a
lot easier for a whole lot of things that will.
Until we, as customers of and/or professionals in an industry, take the
same kind of attitude about our computing health as we are learning
to about some aspects of our physical health, the situation will never
improve. Kicking smoking is routinely described as the hardest thing
that those who have succeeded in doing it have ever done. It's
certainly a lot harder than kicking Windows.
PCs not managed by some central corporate entity, this approaches
100%.
2. Very few, if any, Windows malware attacks have a systemwide
effect unless the victim usee has admin rights.
3. Windows, until quite recently, has been essentially unusable
without local admin rights and without a central corporate entity for
management.
4. Users of non-Windows systems have far lower incidence of malware
attacks than do Windows usees, particularly those with local admin
rights.
5. While those non-Windows systems can be successfully
compromised at the application level through defects in proprietary
formats such as Flash and PDF, even in those instances, damage is
almost always easily contained and repaired.
6. In thirty years in this business, I have never observed a non-
Windows system which had to be reformatted and reinstalled from the
ground up due to a security-related failure.
7. By contrast, every Windows shop I have worked with for the last ten
years or so has routinely reformatted and reimaged Windows PCs on a
regular basis as a security measure, and more often when an infection
is confirmed or even suspected.
Conclusion? Windows is to computing-as-a-utility-service what a
pack a day of unfiltered cigarettes is to the health of a typical non-
exercising American; by itself it may not kill you, but it sure makes it a
lot easier for a whole lot of things that will.
Until we, as customers of and/or professionals in an industry, take the
same kind of attitude about our computing health as we are learning
to about some aspects of our physical health, the situation will never
improve. Kicking smoking is routinely described as the hardest thing
that those who have succeeded in doing it have ever done. It's
certainly a lot harder than kicking Windows.
I think that it would very interesting to run an AV comparison with the SmartScreen Filter running in IE8 as well as Outlook with all the updates installed and active. I'd tend to think that all of that in conjunction with WSE could well make quite a difference to how things come out.
What would be the syntomes shown by a malware infection? If it involves a bot would the amount of Internet be a sign?
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
