Slashdot Mirror

← Back to Stories (view on slashdot.org)

The End of Signature-Based Antivirus Software?

Posted by CmdrTaco on from the one-can-only-hope dept.

nosig writes "PCMagazine is running a story around the latest AV-TEST response time and proactive detection test for the latest MS05-039 vulnerability related attacks. The test results were announced by the author to the focus-virus discussion list. What's really impresive, besides the huge difference between response times among antivirus companies, is that two products succeeded to proactively detect all 6 attacks without any signature update. "

5 of 290 comments (clear)

  1. Data from the article by Anonymous Coward · · Score: 5, Informative

    The product scores (only the trolls need more karma). Or you can try page 4.

    BitDefender 6/6
    Fortinet 6/6
    Nod32 5/6
    eSafe 3/6
    F-Prot 3/6
    Panda 3/6
    QuickHeal 3/6
    McAfee 2/6
    Norman 2/6
    AntiVir 1/6
    ClamAV 1/6
    Proventia-VPS 3/6
    Panda TruPrevent 6/6

  2. Hotmail is doing this already? by Thunderstruck · · Score: 5, Informative

    I think, based on my personal experience, that Hotmail is already moving away from virus definitions to a more general measure of "traits." In the case of Hotmail, the primary trait used in determining whether a file contains a virus is whether or not it has a really long name and more than one "." (dot) in it.

    I base this on the fact that, after exporting a document from StarOffice 7 directly to a .pdf file, and using a filename with two "dots." I send this document to a Hotmail user, who wrote me back that Hotmail had declared the file to contain an incurable virus. Reasonably sure that my Xandros linux box had no virii on it, I renamed the file something more Microsoft friendly. The file was received with no problems.

    So there you have it, any file with a suspicious name must contain a virus. Easy, reliable detection.

    --
    Trying to use sarcasm in text-based forums does not work.
  3. Re:well by the_mighty_$ · · Score: 4, Informative

    It just means that they already had the signature.

    No, it means that the AV program was using "proactive virus protection."

    That simply means that the AV program monitors the behavior of programs and makes sure they don't violate security policy. If they do, the AV software assumes it is a virus.

    --
    VI VI VI - the editor of the beast!
  4. Re:The problem isn't the software... by why-is-it · · Score: 4, Informative
    You truly don't know anything about "Unix", do you?

    He might. I am wondering just how much you know about it though...

    From what I have read, many (but not all) trojans , viruses and spyware can operate just find in the user space, without needing to be root. It all depends on what the vx'er wanted to achieve. Sure, if they want to 0wn j00, they want root access. But you would not need root access to:

    • install a TCP-based application in $HOME/bin and phone home
    • participate in a DDOS attack against a specific host
    • send spam via sendmail (user-mode)

    There are lots of malevolent things that could be done without being root. Fortunately, the vx'ers want the most bang for the buck and target windows users.

    The pp's point was entirely valid. It has just as much to do with user education as it does with securing your boxen.

    --
    *** Where are we going? And what's with this handbasket?
  5. Panda TruVent found 3/6 by Tetravus · · Score: 3, Informative

    clerical error in parent