Study: If your antivirus doesn't sniff 'new' malware in 6 days, it never will Mainstream antivirus software only has small window for detecting and blocking attacks, according to a controversial new study. Host-based intrusion prevention firm Carbon Black found that if an antivirus package had failed to detect a piece of 'new' (recently discovered) malware within six days of its first being detected by …
From VirusTotal's own website:
"Those who use VirusTotal to perform antivirus comparative analyses should know that they are making many implicit errors in their methodology"
In a nutshell, it ain't a real world test, as VirusTotal does not (and doesn't claim to) mimic the protection that users would experience in the real world where they may have multiple levels of protection, cloud-based lookup, runtime behavioural analysis etc etc..
So Graham Cluely is here. I wondered where my downvotes were coming from... :-)
Seriously, six minutes is too long a time window, never mind six days. Malware scanners all fail to catch new malware because of their design, including scanners from Sophos.
How does Sophos avoid being infected when their customers get infected? I want that solution and I want a quote for it.
"What this means is that, on average, if AV doesn’t detect a piece of malware almost immediately, it likely never would."
"Stuxnet and its siblings have proved pretty conclusively that the entire security industry can completely miss a significant threat for extended periods,"
Don't these statements blatantly contradict each other?
There is a simple solution:
Don't "run" Windows.
MS have always left their products open to malware and other abuse (probably deliberately) and have always hoped to maintain "security through obscurity". Their approach is so fundamentally flawed that their products are just not suitable for any serious use. Business users really do need to look elsewhere.
Fanboys need to note: Apple isn't significantly better. We're seeing ever more malware for Apple products, and some of the stupid "usability" decisions taken in Cupertino are now biting back. They're only a few years behind MS in their vulnerability!
Have you considered that many people don't get a choice of what system to run? Furthermore, it doesn't matter what O/S you run, you're at risk of malware, all that changes is the chance and likelihood of infection. That's why enterprise Linux servers will still run an AV program because it's better to do so than take on the additonal risk.
As for "MS have always left their products open to malware and other abuse (probably deliberately)", whether you like Microsoft or not, this is seriously venturing into Tin-Foil hat territory!
You're wrong. Enterprise Linux servers will run antivirus because they are managed by Windows minded people but it doesn't make it less laughable. Besides that those poor Linux machines will wast their time scanning for Windows malware.
Actually, everywhere I have ever worked, the Unix systems have been run by Unix guys because the Windows lot (myself included) have little more than a rudimentary grasp of the command line and Unix administration. That is neither here nor there though - there is a small amount of malware for Linux which could still cause problems in a production environment - hence the reason for AV software. As for scanning for Windows viruses, if your Linux server provides mail or file server capabilities to Windows desktops then I'd damn well expect it to scan for Windows malware.
Oh, and yes, I know I shouldn't feed the trolls, but I love to argue!
So, you don't really like to quit it! First of all, I said those poor Unix servers are being managed by Windows minded people (of which you seem to be one) not administered by them. Second, are you trying to tell me a Windows shop will allow Linux file servers ? And mail instead of their beloved Exchange servers ? On our Planet Earth ? I am not a troll and I have a long experience in IT by now, although not in Windows environments and I've worked for small and large companies in almost every field of activity and yet I have to see one with Unix servers running AV software. Oh, and just so you don't ask me, I'm not from the third world.
@AlbertH
Surely you are using "security through obscurity" yourself.
If all the banks, government, etc had Linux (or what ever brand of operating system that has a group of users claiming its 100% virus free) then there would be viruses written for it.
But as things stand, there is no worth in trying to hack them. No big financial gain compared to going for the bigger target of Windows machines.
One might argue that its 'poorly configured Windows machines' being infected. I'm sure in the hands of the same users, Linux will be just as badly configured.
Can you really be a "senior research fellow" just because your commercial employer calls you one?
If you believe the online dictionaries, it's a position that's either academic or at the very least granted by a learned society...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
