Main Area and Open Discussion > Living Room

Do virus scanners need to get stupid again?

<< < (2/3) > >>

Renegade:
Eset NOD32 that I use recently popped up a dialog saying that there was a file that needed to be submitted for review to Eset. I clicked Next to bring up the file submission window and the file was 'firefox.exe' from the Program Files directory! I ignored it but it kept reminding me every few days - so I finally submitted it. Wonder what they will find?

Jim
-J-Mac (September 10, 2010, 11:41 PM)
--- End quote ---

That's actually not surprising. Given the ability of FF to host all kinds of extensions, you never know what could be going on.

J-Mac:
That's actually not surprising. Given the ability of FF to host all kinds of extensions, you never know what could be going on.
-Renegade (September 10, 2010, 11:59 PM)
--- End quote ---

Really think so? Sure was a surprise to me!

Jim

Krishean:
submitting firefox.exe itself is probably going to turn up nothing, as long as it hasn't been altered to include malicious code. i have seen other antiviruses request common programs to be submitted for analysis myself (MSE requested that i submit a beta version of 7zip for analysis once)

you would have to submit the malicious extension for anything to be done about it.

additionally, signature-based approaches are ineffective, thousands of new malware variants are released each day, and creating signatures for all of them is impossible (see the second half of my post here for a better explination with links to articles)

i also agree that the heuristic approach is flawed, and needs to be drastically improved before it will be of any use. false positives (and also "potentially unwanted programs") are particularly annoying.

Stoic Joker:
Not to mention the insanely irresponsible shoot first and ask questions later policy many of the fringe/malware "Security" sites seem to have. Just Google anything.dll or.exe and many of them will surface.

There was a time these sites were (screened properly) helpful, but now... Hell last week I found several site that featured horrific warnings about the "deadly" Tclock virus...  :huh: ...Yeah that one. :wallbash: Unfortunately, being that it was Kazubon's build, I can't really do much...So I'll let it go for now.

These idiots actually had three (yeah that's right 3/three/III) pages of instructions on how to remove a program that consists of 2 binaries & a single registry key. WTF?

...Who do Ya trust? These days nobody - I'm even half tempted to think my own eyes might lie to me...  :D

tomos:
Is there any antivirus that have a good record in this regard? - Sorry that's probably veering off-topic (and may be discussed elsewhere?)

Re Avira I've complained in their forums three or four times now about how difficult it is to report false positives on their website. Each time they ask me for the link or file and report the thread as solved. In my latest effort Still having problems reporting false-positives at Avira website, I have stuck to the topic (i.e. not given anyone on the forum the details of the false positive) and am now simply getting no response. I get the impression there are a couple of employees who's job it is to reply on the forums and they work on a commission basis per threads marked <Solved>. (And solving that just doesnt seem to be on Avira's agenda...)

When my year with Avira run out (or maybe sooner) I'm moving on...

Navigation

[0] Message Index

[#] Next page

[*] Previous page