Home page logo
/

basics logo Security Basics mailing list archives

Re: Malware detection
From: Vic Vandal <vvandal () well com>
Date: Thu, 26 Jul 2012 08:31:28 -0700 (PDT)

This product comparison published this month supports Raghav's comments on some level, and brings into question the 
comments made by Kartik and Eric.  However for added report credibility such product testing should have been repeated 
on a variety of different occasions within weeks or months.  So like many things you have to take the report's results 
with a grain of salt.
http://www.av-comparatives.org/images/docs/avc_beh_201207_en.pdf

As for this note from Kartik:
Some people feel honored bashing Microsoft and it's products. It is a fashion

I pretty much stopped bashing MS rampantly after Win-2K was released and it supplanted the atrociously unreliable 
Win-NT, and have professionally touted the many benefits of leveraging the robustness and features of Active Directory 
within common operating environments filled with Windows servers and workstations.  
That doesn't mean I won't give an unbiased opinion when one of their products is lacking though.

-Vic
CISSP, SSCP, HIJKLMNOP, etc. 
(I may as well jump on the bandwagon where some people think adding letters behind their name means something beyond 
the acknowledged fact that they understand some basic InfoSec terms and technology definitions - I'm absolutely not 
bragging but to drive home that point I passed the CISSP exam with zero studying and zero course attendance, on an 
extreme hangover, way back when they had 6 multiple choice questions instead of 4 and the cert #s were 4 digits - and 
the only times I put those letters behind my name is as a joke - I'm not bashing ISC2, but over the years I've seen a 
LOT of people pass that test after attending an expensive course who are still quite clueless about InfoSec in general 
- experience is what really counts, not acronyms - PSA over)

----- Original Message -----
From: "Raghav Pande" <kaelsunstrider.raghav () gmail com>
To: "kartik netsec" <kartik.netsec () gmail com>
Cc: security-basics () securityfocus com
Sent: Wednesday, July 25, 2012 12:22:05 PM
Subject: Re: RE: Malware detection

probably those many occasions were when, malware was made by kiddies. :)
MSSE is very bad at detecting stuff. and if you think MSSE takes
action against new malwares then see those malware's timestamp, first
4 bytes which will tell you about compiler and other stuff which says
VB6 or .NET or 1999 or made by kiddie.
a properly made crypter or malware always bypasses MSSE.
Try KIS proactive defense combined with system watcher is best
protection you can get.
#fail exploit
#fail malwares

On Wed, Jul 25, 2012 at 10:32 AM,  <kartik.netsec () gmail com> wrote:
"Also, on many occasions we have seen MSSE detect and successfully remove new malware that other products didn't even 
detect until their signatures included these programs - sometimes days later."

I second with Eric's comment. I have experienced this a lot many times in my environment wherein MSSE detects and 
takes the corrective action against new malware whereas the market leaders like Symantec and McAfee detected it only 
when ticket was raised and samples were sent to them.

Some people feel honored bashing Microsoft and it's products. It is a fashion :D

Thanks,
Kartik
CISSP, CISM





-- 
Regards
Raghav Pande


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]