Slashdot Mirror
Anti-Virus Effectiveness Down from Last Year
juct sends us Heise Security's summary of an article detailing the abilities of 17 current anti-virus solutions. German computer magazine c't has found that, compared to last year, the virus scanners are having a more difficult time recognizing malware. Quoting Heise:
"For real protection, however, in view of the flood of new malware, the way these programs cope with new and completely unfamiliar attacks is more important. And that's where almost all of the products performed significantly worse than just a year ago. The typical recognition rates of their heuristics fell from approximately 40-50 per cent in the last test - at the beginning of 2007 - to a pitiful 20-30 per cent."
I've had a lot of people bring me infected PC's with smitFraud, that the big AV's have not even recognised or been able to properly remove, they have been pretty angry that the $90 or so they paid for a complete Internet Security product was not able to protect them.
It causes windows to pretty much choak and die as it just consumes so many resources and provides so much irritation, but major products like Trend or Symantec have not been able to successfully protect or remove them, I have had to use custom written tools that you get off the net for free. They really dropped the ball with that one.
Just don't have AV's installed at all. Not having AV installed on my system keeps me from even thinking of trying anything stupid. every month or so I download a free trial of a Non Norton / Non Mcaffee AV program, update it and run a full scan. Then I do the same with a different one. Then I repeat with Spyware/malware programs. All that has ever been found is a few cookies. Safety through not doing stupid shit.
Why is it so hard to only have politicians for a few years, then have them go away?
You make an excellent point.
Pro Linux, as I am, I still do not feel that we can afford to be complacent about the malware issue. The reason that Linux is largely unaffected is that it is not very widely used, especially by the sort of numpties that get tempted by exciting new screensavers baring trojans.
If/when we succeed in bringing Linux to the masses, this layer of protection will be torn away. I hope and believe that Linux is more secure by design and the same is probably true of many of the apps that are popular in Linux distros - you won't find ActiveX cheerfully opeing the door to anyone. However nobody should be ignoring malware with the excuse that Linux is immune.
A user compromise on a Linux system would provide suitable functionality for today's typical malware.
/tmp or elsewhere that would persist on the system even after the user had been deleted.
On my defualt, fully security patched Mandriva workstation:
- I have full read write execute permission to my home directory.
- I can run wget to download anything, and put it as an executable anywhere in my home directory.
- I can use perl, awk, whois, grep, sed, whatever, to craft some pretty nasty scripts.
- I can use telnet and I could write an expect script to send spam with telnet.
- Or, I could just download a precrafted elf binary to run as a mini-mail server in my home directory.
- It's not to hard to imagine that I could pop something in
- I could fire off a fork bomb that will crash the system instantly.
I does not take to much imagination to figure out some suitably bad stuff that you could do as any old user.
Of course, hiding yourself on the system and ensuring your survival could be difficult. It would be easy to find all the nasty services running as said user, since top, ps, etc.. would not have been compromised.