Tell us something we didn’t know. This article comes to us from the Register UK:
Antivirus software is getting worse at protecting users from new threats, according to two reports which found malware authors are getting better at disguising their creations.
German computer magazine c’t studied 17 antivirus programs and exposed them to completely new samples of malware. What they found wasn’t encouraging. Detection rates sank to 20-30 per cent, from 40-50 per cent in a similar test last year.
The c’t researchers also created variants of known viruses and found that virtually all of the scanners missed at least some of them.
The fact that the variants could get past a lot of the filters doesn’t really surprise me. In a lot of ways this is expected (although not welcome) behaviour. Most scanning is based on signatures. If you pad one of the payloads to be longer or shorter it is very possible that it will be undetected. This is exactly why Code Red was able to spread undetected by intrusion detection systems and AV alike in the beginning. By adding 100 bytes to the payload it outstripped the signature. Another problem that this testing showed is that the heuristics for a lot of the vendor offerings is immature at this point. I have seen enough instances of false positives in several vendor products to come to that conclusion.
It won’t take long before the vendors are crying foul. Lord knows that Chinese users won’t find much sympathy for the AV crowd.
Hope springs. Current AV is still better than the alternative.
On a side note, I know a user that refuses to use anti-virus of any kind. No firewall et cetera. He maintains that it is a waste of money. Then his computer invariably slowwws down. So, what does he do? Get AV? Nope. He THROWS THE COMPUTER OUT! That works for me as I plan to be in front of his house when he pitches his tricked out machine with dual core processors and 4 GB of RAM. Oh yeah, and he’ll pitch the monitor as well. A 21″ flat screen.
Free is good.
[tags]Anti-Virus, Antivirus, Malware, Heuristics, c’t[/tags]
Here is the translated article from German computer magazine Heise:
http://72.14.203.104/translate_c?&ie=utf-8&oe=utf-8&u=http://www.heise.de/ct/08/01/092/
Another interesting pdf on this subject:
The Death of AV Defense in Depth? Revisiting AV Software
http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf
“That works for me as I plan to be in front of his house when he pitches his tricked out machine with dual core processors and 4 GB of RAM. Oh yeah, and he’ll pitch the monitor as well. A 21″ flat screen.” wow! T or F?
@anonymous
Sadly, that is actually true.