Antivirus Software Performs Poorly Against New Threats

[TaoPhoenix]

I'll just open this with a quick link to Slashdot's version of the news, without repeating all their links etc.
Antivirus Software Performs Poorly Against New Threats
http://it.slashdot.o...-against-new-threats

The main report is here:
http://www.imperva.c...ivirus_Solutions.pdf

My initial remark is that Microsoft is noted at the top of the "market share" list, yet as they are a little unemphasized in the detailed reporting charts.

[Renegade]

This boils down to there being APIs that are very sensitive and open to abuse, and that they are completely open on the desktop. Mobile platforms force you to declare the APIs that you use, and this offers a degree of protection.

I could easily write a quick piece of software to steal passwords and send them to me that you could run, and the only thing that would set off your AV software is that it wasn't a common piece of software that it already knew about, so it could alert you. Avast does this.

However, look at all the NANY entries. You may very well get some warnings from some of them.

That doesn't mean that they are infected, nor that they are safe. Basically, you need to trust in the author. (I can assure you that I do not write malware, though I have had very thick envelopes passed across the table to me just to consider it [not even for writing it] -- I pushed the envelope back.)

New threats will always emerge. A good tactic is to "wait and see".

[barney]

Accidents will happen, but until the average users are willing to take/accept responsibility for their actions/activities online, malware will always be a threat.  Instead folk on the Web want to rely upon third party software to protect them from their own folllies.  Kinda like a drunk driver not understanding why he got a DWI - he was just havin' fun.

When I was on CompuServe many moons ago, there was a guy - Ross Greentree or Greenberg, I think - who challenged virus writers to attack him.  (This was when Peter Norton (nice guy) and Ron McAfee (ego and bad attitude) and Phil Katz (ZIP format author - interesting story tied to that) were just getting started.)  He considered his protections to be superior.  It wasn't.  A lot of folk browsing today have Ross' attitude:  they can go anywhere because they are protected, so they don't have to exercise caution, just have fun - just like that guy with the DWI.

The willingly unaware will always be in danger, for, as Renegade said, "New threats will always emerge."

[Notok]

Accidents will happen, but until the average users are willing to take/accept responsibility for their actions/activities online, malware will always be a threat.  Instead folk on the Web want to rely upon third party software to protect them from their own folllies.  Kinda like a drunk driver not understanding why he got a DWI - he was just havin' fun.

When I was on CompuServe many moons ago, there was a guy - Ross Greentree or Greenberg, I think - who challenged virus writers to attack him.  (This was when Peter Norton (nice guy) and Ron McAfee (ego and bad attitude) and Phil Katz (ZIP format author - interesting story tied to that) were just getting started.)  He considered his protections to be superior.  It wasn't.  A lot of folk browsing today have Ross' attitude:  they can go anywhere because they are protected, so they don't have to exercise caution, just have fun - just like that guy with the DWI.

The willingly unaware will always be in danger, for, as Renegade said, "New threats will always emerge."

-barney (January 03, 2013, 08:27 PM)

It's definitely too often overlooked that the person is an integral part of their security. It's just like any RL security: you need to lock your doors, don't park in a bad part of town if you don't have to, don't leave an expensive laptop alone in public spaces, and so on. Part of the problem is that there isn't much education on the matter, though. I've been recently thinking that AV software really should have a "product tour" when installed (like so many other apps) that shows the user what real alerts look like (as opposed to the fake AV popups and such), generally how it works, and things to look out for while using the computer.

With that said, this test was deeply flawed. They used VirusTotal, which does NOT give an accurate picture of how well the software protects the user (VirusTotal themselves state this -- they use the commandline scanner only, which often doesn't include things like heuristics, for starters; see HERE).

AV testing is also something that really requires that the tester be highly knowledgeable on the subject to get meaningful results. Even if they had done things right, though, they didn't use enough samples to be statistically significant. Lastly, it's true that simple file detection is not enough to keep a system protected, but there's more to antivirus software than simple file scanning.

There's a response article HERE.

[Tinman57]

  Seems that they come out with this about every 6 months.  Wash, rinse, repeat with a little re-wording....

[Renegade]

  Seems that they come out with this about every 6 months.  Wash, rinse, repeat with a little re-wording....

-Tinman57 (January 12, 2013, 07:38 PM)

+1

Perhaps we can propose a nice summary that they can use in the future:

Hackers, viruses, security, OMG! The digital-sky is falling!