Anti-virus: And you thought you were protected
PERMALINK || External link to topic of post
Well here's a bit of refreshing news from the technology world, turns out our anti-virus systems are worthless. According to the Australian Computer Emergency Response Team (AusCERT) "...the top desktop antivirus applications will let about 80 percent of the latest malware slip through."
What the ___?! Why would this outfit not name names?
Which software, which malware? These are critical pieces of information that we all need to know! If the malware is out/already in the wild, then what's the point of all the hush hush? Are they unsure of their findings thereby maybe exposing themselves to litigation if they name names?
We've got debates about the "greater good" being served when researchers "expose" flaws on their own schedule (vs. the vendors'), now we've got a supposed 80% failure rate from security vendors and it's being treated with secrecy??? If that's not a flaw, I don't know what is. **
I would think their credibility as a CERT is in question with this course of action.
**BTW, seems like this statement is being misunderstood, admittedly easily, so allow me to clarify: The context of this statement is to take AusCERT to task, not security vendors.
We all know most security products are reactive, a few are proactive, so I have no illusions of perfection. The point is that if anyone throws a number like 80% failure rate in the top desktop antivirus applications, and then not provide any useful detail in said "report", well, it's not a "report", it's crapola. Here's what this piece of crapola really said, "The sky is falling".
What the ___?! Why would this outfit not name names?
Which software, which malware? These are critical pieces of information that we all need to know! If the malware is out/already in the wild, then what's the point of all the hush hush? Are they unsure of their findings thereby maybe exposing themselves to litigation if they name names?
We've got debates about the "greater good" being served when researchers "expose" flaws on their own schedule (vs. the vendors'), now we've got a supposed 80% failure rate from security vendors and it's being treated with secrecy??? If that's not a flaw, I don't know what is. **
I would think their credibility as a CERT is in question with this course of action.
**BTW, seems like this statement is being misunderstood, admittedly easily, so allow me to clarify: The context of this statement is to take AusCERT to task, not security vendors.
We all know most security products are reactive, a few are proactive, so I have no illusions of perfection. The point is that if anyone throws a number like 80% failure rate in the top desktop antivirus applications, and then not provide any useful detail in said "report", well, it's not a "report", it's crapola. Here's what this piece of crapola really said, "The sky is falling".
posted by EdSF at
3:41 PM
2 Comments:
it's definitely not a flaw unless you think anti-virus software should be all you need (and then the flaw is not with the product but with your thinking)...
anti-virus products miss 80% of new malware... in the anti-malware field new is equivalent to unknown... no one should be surprised that anti-virus products (which are basically known malware scanners) have difficulty with unknown malware...
it's perfectly logical and reasonable for them to miss malware when the malware is still new, known malware scanners are intended to address a different part of the malware problem... new/unknown malware requires different techniques and technologies to address it properly...
By
kurt wismer, at 7:26 AM
Kurt, we all know that vendors' battle plans are mostly reactive, some are proactive.
But if a "report" states a number such as 80% and not provide any details whatsoever, then you've got crapola and not a "report".
Nobody is foolish enough to think that security software is the magic cure. I just need to know more from the people who do know more about these matters, such as CERT, so that we can mitigate risks.
If anyone in this security industry "reports" anything, I would think the minimum required information should include:
1) Attack vectors
2) Mitigating factors
3) Work arounds
Yes, it's Microsoft-style security bulletin reporting. I will not debate about their procedures but once they report such items in the form of bulletins, yeah, it's a pretty good template.
By
Ed@SF, at 8:08 AM
Post a Comment
Links to this post:
Create a Link
<< Home