View Single Post
  #10 (permalink)  
Old October 29, 2010, 02:08 PM
DCCV44.2223 DCCV44.2223 is offline
Top Prospect
 
Join Date: Apr 2010
Location: Vancouver
Posts: 242
Default

Quote:
Originally Posted by AkG View Post
AV's are great at catching VIRUS' but out and out suck at malware.
"Virus" is the traditional descriptor for all malware, including virus (file infector), worms, trojans, backdoors, bots, dialers, etc., because in the old days the majority of malware are file infector viruses.

Nowadays most malware are trojans and all AV will try to detect them. Take a look at the results of AV-Comparative, it lists the various categories detected by the AV. Note that adwares and spyware are not listed since most of them are trojans.

http://www.av-comparatives.org/image...od_aug2010.pdf

Quote:
AV programs are just too slow at updates compared to once an hour updates mbytes has.
Many AV provides hourly updates when necessary, some like Norton can provide updates even more frequently than that. Most of the big AV vendors are also implementing "cloud" based technology, which basically means that the AV will query the vendor's servers on suspicious files instead of waiting for an update. It's currently the quickest way to respond to new threats.

Signature based detection rate for brand new variants is pretty bad across the board for all antivirus/antimalware, we're seeing more than 5000 new samples a day, so even with hourly updates, you're going to miss a few (not to mention that you need yo capture a sample first before you can generate a signature). That's why most of the better AV include non-signature based detection modules.
__________________
iK
Reply With Quote