Norton Virus Information
Security Software epstein barr virus pictures rash Suites No Match for Custom Attacks - Security Fix
Security Fix
Subscribe to The Post
recent
amphetamine and the cold virus
posts
Microsoft's Patch Tuesday Includes New Rating Index
Security Software Suites No Match for Custom Attacks
Microsoft Stock Price Routinely Dinged by Security Patches
Phishers, Virus Writers Exploit Global Financial Crisis
Apple, Opera Ship Security Updates
Stories by Category
Cyber Justice
Fraud
From the Bunker
Latest Warnings
Misc.
New Patches
Piracy
Safety Tips
U.S. Government
Web Fraud 2.0
Stories By Date
Full Story Archive
related links
The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section
syndicate
RSS Feed
Brian Krebs
Cutinus Papilloma Virus on Computer Security
About This Blog | Archives | RSS Feed (What's RSS?)
Security Software Suites No Match for Custom Attacks
The all-in-one security software suites from the major anti-virus vendors fail spectacularly at detecting custom-made malware that exploits the latest software vulnerabilities, according to testing done by security analysis firm Secunia.
Secunia tested how well nearly a dozen security suites fared against malicious files and direct attacks that leveraged more than 150 known software flaws. All of the vulnerabilities used in
Yahoo Sbc Anti Virus the test are publicly documented -- details of them can be found in the Common Vulnerabilities and Exposures (CVE) database -- and most of the vulnerabilities can be fixed by applying a software update currently available from the program's maker.
Secunia says that out of the 300 test cases, 126 virus software review are particularly important because they affect very popular products and have either been discovered as zero-day threats or Secunia has
israeli acute paralysis virus developed working exploits. Secunia CTO
weighted phrase limit exceeded virus
Thomas Kristensen said all of the vulnerabilities used in the test merit a moderate security rating or higher, meaning they can be used to remotely install software on the victim's PC, with little or no help from the user aside from opening or viewing the malicious file.
The company found that nearly all of the security suites -- including those from McAfee, F-Secure, Microsoft and TrendMicro -- detected between just 1 percent and 3 percent of the attacks. Symantec's Norton Internet Security 2009, dramatically outperformed the rest, detecting more than 20 percent of all virus gida-a removal threats and more than 30 percent of the most dangerous threats, according to the results.
Still, that means in at least 7 out of 10 cases, the bad guys using a targeted exploit will slip past Norton's defenses. banana bunchy top virus That also suggests that the other products detect roughly 3 percent
virus scans are not working
of targeted attacks.
At any rate, readers can find a detailed
virus image breakdown of Secunia's test results and interesting methodology here (PDF).
I emphasize the word "targeted" because most anti-virus products are still reactive, in that they focus on protecting customers by figuring out what people are getting attacked by and then creating custom "signatures" to detect that specific threat going forward. While most anti-virus companies claim to have incorporated technology capable of detecting programs that exhibit suspicious behavior or that attack specific software vulnerabilities, it appears that Symantec is alone in making significant strides in this respect, at least virus definition file as it relates to the latest, known vulnerabilities in widely-used software.
Secunia's study is useful, but it ignores the unfortunate reality of today's threats, which rely not
download virus on software vulnerabilities but mainly on tricking people into installing software. Interestingly, Symantec itself documents this fact in its Internet Security Threat Report, which found that in the second half of 2007, only 10 percent of the new malicious code threats affecting consumers used software flaws.
At the very
best virus protection
least, Secunia's
Photobucket Virus study is a stark reminder that having security software installed is no substitute for keeping the rest of the software you use up-to-date with the latest security patches. On this front, I've recommended Secunia's vulnerability scanners, which work either through the company's interesting virus stories Web site or a free, installable program. Some readers have said they refuse to use Secunia's scanners because they
avg virus protection cnet require users to have Java yahoo messenger virus installed, a program that needs frequent security updates itself and clutters the user's system with old, outdated versions of itself. My take on it is that 90 percent of the planet herpes simplex virus already has Java installed. What's more, anything that raises the average user's awareness on the need for regular patching is overall a good thing, Sun's clumsiness with its Java software notwithstanding.
Incidentally, if you're looking to see how well the products named in this study detect the latest threats that are actually in circulation, check out the stats released in September by AV-test.org(Microsoft Excel file). The group's battery of tests also examined how the software suites fared in terms of system memory usage, proactive malware detection, internet and virus protection false positive rates and
relieve from entistical virus on-demand scanner performance.
By Brian Krebs | October 13, 2008; 4:44 PM ET Latest Warnings crusie ship virus , Misc. , New Patches , Safety Tips
Previous: anti virus scan online Microsoft Stock Price
agv virus software Routinely Dinged by
cold virus incubation period Security Patches | Next: kaspersky anti virus Microsoft's Patch Tuesday Includes New Rating Index
Comments
Please email us to report offensive comments.
What's the most common method for targeted
Delete A Self Replicating Virus malware to be put into individual computers? Spam? Drive by from infected websites? Dedicated deceptive websites? Others?
Posted by: Kfritz | October 13, 2008 9:00 PM
Are we to therefore conclude that both BitDefender and Kaspersky did well in these test, i.e., did better than Norton Internet Security 2009?
Posted by: brucerealtor | October 13, 2008 9:15 PM
This points out the need for a multi-layered defense (defense in depth). Relying on just one layer such as security software is foolish. When that one layer is compromised, game over.
Instead, in virus heur gwmdmpi a multi-layered defense, a system compromise may be averted by another layer.
Typical layers of defense:
1. Hardware firewall - protects the system(s) gastrointestinal virus contagious from external intrusion should the software firewall need to be turned off or is inactive for any reason. Also, is much more difficult to hack past than
Nausea After Stomach Virus a software firewall alone.
2. Software firewall - protects the system when used outside the confines of the hardware firewall and provides outbound filtering and possible indication of malicious system activity.
3. Non-admin account - prevents system wide changes or epstein bar virus software installation whether intentional or not (including malicious code should it get past other defenses).
4. Patch all software - prevents system compromise via bugs (especially important for Internet facing software such as browsers, e-mail clients and media players).
5. Limit amount of software installed on a system - lowers system attack surface and reduces patching.
6. Backup data on stomach virus cures a regular basis - protects data in the event of system compromise resulting in data loss.
7. Blocking top computer virus detection software hosts file - blocks access to known malicious websites.
And finally,
8. The human layer (computer user) as they can override all the other layers.
Posted by: TJ | October 13, 2008 10:03 PM
TJ
Thank you for that very useful list.
For those of us who do not leave our systems on 24/7 [like that 'standby' option on XP, which
protein ebstien barr virus I presume Vista also has] what is the advantage of a hardware firewall?
Some years back a friend of mine explained a hardware firewall by using the analogy to an incoming phone call, where the 'firewall' in effect virus software for mac 'takes a message' and then calls the supposed originating number back before allowing a call to connect, whereby IF the incoming call says its coming from number 202-123-4567, but when that number is
you got a virus
called back and 'not at a working 202
Ca Virus Definitions exchange, the bogus communication from a phoney incoming number is prevented. We will ignore, for the purpose of this example, the ability to manipulate the ebola virus mechanisms of pathogenesis number appearing on a caller ID device.
Posted by: BRUCEREALTOR | October 14, 2008 1:36 AM
I skimmed the 6-page PDF, and it seems that the "malware" that most of the suites failed to detect is actually in-house Proof-of-Concept malware code provided by Secunia, not actual "in the wild" malware. Testing anti-malware software against academic code isn't a real-world test IMHO.
Posted maize white line mosaic virus by: Angus S-F | October 14, 2008 1:46 AM
"what is the
virus protect removal
advantage of a hardware firewall?"
Think of it as a fence f secure anti virus around a fort protecting every building. Whereas a software firewall would protect only a single building assuming it's turned on (doors and windows locked). Even if you have only one building, it still provides another layer of protection, in particular if for some reason the doors or windows are left unlocked as would happen when you’re either installing chronic active epstein barr virus a fresh copy of your operating system or troubleshooting a problem that requires disabling your software firewall. At least then, the hardware firewall would still protect your system from the outside world.
This free norton virus software provides more info:
http://www.webopedia.com/DidYouKnow/Hardware_Software/2004/firewall_types.asp
Posted by: TJ | October 14, 2008 12:30 PM
TJ
Thanks
I guess my question is that if my machine is for whatever reason not online, that seems certainly as effective as a hardware firewall, right.
I clicked on your link and thought I had hit gold under 'online' firewall testing services.
Alas, the definition of 'online' appeared. LOL
Posted by: brucerealtor | October all windows virus error 15, 2008 4:07 AM
kfritz remove browser hijack virus - most common medium for malware attack are from "botnets". botnets are hoards of zombie computers
Bootable Virus Remover (computers already at the mercy of malware) that push out all forms of spam, including phishing and other tactics. Another common one now is embedding malicious code within legitimate ads on otherwise legitimate websites. Can't trust anything these days can ya?
Posted by:
no dial tone virus Jay | October 15, 2008 10:49 AM
TJ,
myspace virus let's not forget Network Intrusion Prevention
Free Bootable Virus Remover Systems (NIPS) and Host Intrusion Prevention Systems (HIPS) in our layered defense infected by trojan virus model.
Posted by: Intrusion Prevention | October 15, 2008 11:27 AM
Post a Comment
We encourage users to analyze, comment on and even virus making programs challenge washingtonpost.com's articles, blogs, reviews and multimedia features.
User
virus protections reviews and comments that include profanity or personal attacks or other inappropriate comments or material
Anti Virus X64 Xp64 will be virus protesct removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.
Name:
Comments:
Blog Archives
RSS Feed
Subscribe any virus to The Post
© The Washington Post Company