Anti-Virus Reviews
in [Anti-Virus]
|
Prev: Antivirus xp 2008 system defender PCPrivacyCleaner
Next: OpenTablet 7 is iPad alternative, Specs, Reviews and Prices
From: David Kaye on 19 Feb 2010 06:15 PajaP <pajap(a)news-only.co.uk.invalid> wrote: >I have not read his reasoning and neither do I want to. To me he is just >a person, not an idol. I make up my own mind. All I can say as someone who has been removing these things for the past 8 years is that I haven't found one tool that does it all. Currently, Avast seems to be the best realtime blocker, but I'm betting that it wouldn't stop a Trojan such as the one that is disguised in a list of images of Olympic snowboarder Shawn White I came upon Wednesday night. Here's the link to a Google image search. http://images.google.com/images?q=%22shaun%20white%22 Beware the third image, the one with the URL of lenka-baby.sk. Going to that website shows the photo for a moment and then displays a webpage that looks like a malware scan. It then encourages the user to download a fix. Now, you folks tell me: how many a-v programs are going to catch something like that? Heck, Google didn't even catch it!
From: FromTheRafters on 19 Feb 2010 08:13 "David Kaye" <sfdavidkaye2(a)yahoo.com> wrote in message news:hllrsf$ihb$6(a)news.eternal-september.org... > PajaP <pajap(a)news-only.co.uk.invalid> wrote: > >>I have not read his reasoning and neither do I want to. To me he is >>just >>a person, not an idol. I make up my own mind. > > All I can say as someone who has been removing these things for the > past 8 > years is that I haven't found one tool that does it all. Currently, > Avast > seems to be the best realtime blocker, but I'm betting that it > wouldn't stop a > Trojan such as the one that is disguised in a list of images of > Olympic > snowboarder Shawn White I came upon Wednesday night. > > Here's the link to a Google image search. > > http://images.google.com/images?q=%22shaun%20white%22 > > Beware the third image, the one with the URL of lenka-baby.sk. Going > to that > website shows the photo for a moment and then displays a webpage that > looks > like a malware scan. It then encourages the user to download a fix. > Now, you > folks tell me: how many a-v programs are going to catch something like > that? > Heck, Google didn't even catch it! If the page doesn't contain malware, your AV won't (or shouldn't) detect it. There is essentially no difference between a legit page trying to convince you to download their legitimate program and a socially engineered webpage trying to convince you to download their illegitimate program. When you actually download the program (and it hits your filesystem) it is then that your AV scans it. Then, there is little difference between a legitimate application and an illegitimate one programmatically speaking. When antivirus programs were expected to detect viruses, they could at least depend on the fact that *all* viruses have code that replicates and very few legitimate programs do this. Now with being expected to detect non-replicating malicious code, it is nearly impossible to tell legitimate from illegitimate programatically. An illegitimate program has to be reported as malware (determined subjectively) and detect it by cryptographic hash algorithm comparison or some other means. P.S. You were probably redirected from that site to another which actually contained the social engineering. I recently read that nearly 80% of the top 100 legitimate websites have at one time or another within the year 2009 led to malware of this type.
From: VanguardLH on 19 Feb 2010 10:43
David Kaye wrote: > PajaP <pajap(a)news-only.co.uk.invalid> wrote: > >>I have not read his reasoning and neither do I want to. To me he is just >>a person, not an idol. I make up my own mind. > > All I can say as someone who has been removing these things for the past 8 > years is that I haven't found one tool that does it all. Currently, Avast > seems to be the best realtime blocker, but I'm betting that it wouldn't stop a > Trojan such as the one that is disguised in a list of images of Olympic > snowboarder Shawn White I came upon Wednesday night. > > Here's the link to a Google image search. > > http://images.google.com/images?q=%22shaun%20white%22 > > Beware the third image, the one with the URL of lenka-baby.sk. Going to that > website shows the photo for a moment and then displays a webpage that looks > like a malware scan. It then encourages the user to download a fix. Now, you > folks tell me: how many a-v programs are going to catch something like that? > Heck, Google didn't even catch it! So what? That page is showing you some content that YOU interpret as an AV scan. That it has some animation and some text and some graphics doesn't make it malware or even a program. YOU will have to actually *download* the software that they offer to then find out if it is malware. I draw a picture of a gun shooting a bullet that blows a hole in a person's head. So what real people have died to whom you showed that picture? If that worked, you wouldn't have to wait to buy a handgun. Just draw to kill. |