Slashdot Mirror

← Back to Stories (view on slashdot.org)

Testing Free English Anti-Malware On Non-English Threats

Posted by Soulskill on from the may-you-direction-me-to-the-ham dept.

An anonymous reader writes "Brazilian technology news site O Globo posted an interesting comparison on how free anti-malware behaves against non-English threats (Google translation of Portuguese original). By using a database of over 3000 samples from Brazil's Security Incident Contact Center, the numbers are quite different from all US anti-malware reviews. While Avira achieved the best score, 78%, Microsoft Security Essentials stopped less than 14%. This can be a headache for some large multinational corporations, whose IT departments deploy US anti-malware on the entire network, but have network segments outside US with many 'unknown' threats roaming around. I wonder what the results would be in other countries."

3 of 78 comments (clear)

  1. Interesting... by fuzzyfuzzyfungus · · Score: 4, Interesting

    It isn't really news that AV products rely fairly heavily on canned signatures and that heuristic detection of evil lags behind evil by a fair margin.

    What does surprise me, though, about these results, is that they suggest a fairly high level of geographic discrimination in the customization and targeting of malware. My (naive) expectation would have been that, aside from trivial stuff like trying to get the language of your spam/phishing/social engineering emails correct, the market for good exploits, well-crafted viruses, and so forth would be a fairly global one. Also, given that some malware attempts to propagate itself, rather than being delivered by a bugged website or other external mechanism, I would expect a fair amount of "splash" from malware spreading to any vulnerable hosts it can find, not bothering with any sort of geolocation, or from expats who live in country A, but still visit websites from home country B.

    I would have expected a much more homogeneous(from the perspective of the mechanics of the exploit mechanism, evasion techniques, and payload) worldwide population of malware.

  2. What about the other way around? by _133MHz · · Score: 3, Interesting

    In my experience it's pretty easy to spot malware when English menu options and stuff start appearing on a non-English Windows installation, such as "Open" or "Open folder to view files" for thumbdrives while the rest of the options show up in the local language, sometimes malware can even bork the system because of it (like in the olden days of Windows 9x when installing IE in a different language caused all sorts of havoc in the OS)

    Even with such a blatant language mismatch most users simply won't notice anything wrong with their systems until it bites them really hard.

  3. Re:They don't even remove the biggest US threat by Enter+the+Shoggoth · · Score: 5, Interesting

    Actually the installer for OS/2 (warp iirc) would do a virus scan before installing and would come up with the messge

    "windows found, remove: (y/y)?"

    so someone at IBM shares your sense of humor... or maybe it was you?

    --
    Andy Warhol got it right / Everybody gets the limelight
    Andy Warhol got it wrong / Fifteen minutes is too long.