davidh
February 10th, 2010, 07:25 PM
Leaky anti-virus defences letting malware through
Spanky new scanners no longer cutting it
By John Leyden
Posted in Malware, 8th February 2010 11:44 GMT
http://www.theregister.co.uk/2010/02/08/security_scanner_shortcomings/
Even users running up-to-date anti-virus software still get infected with malware, according to stats from an online malware scanning service.
Nearly a third (25,000 out of 78,800) of computers with up-to-date anti-virus software were discovered to be infected with malicious code when users scanned their PC using SurfRight's HitmanPro 3 behavioural scan.
SurfRight's analysis (pdf) is based on 107,435 users who put their PC through its scanner between 10 October and 4 December 2009. Around a quarter of these users (28,608) either had no scanner installed or were running security software that was out of date.
Surfers are much more likely to turn to SurfRight's software if they suspected their Windows PC was running slowly or might be infected with malware, so the figures from SurfRight's audit are bound to come out worse than those from the general web population.
Still, the exercise does illustrate the problem that running the latest version of antivirus software is no guarantee against malware infection, contrary to what the marketing department of many security software firms have historically said.
SurfRight's technology bundles seven different antivirus programmes and offers them through its HitmanPro 3 scanning service. Other vendors, such as Panda, have previously acknowledged up-to-date anti-virus software alone is only a partial defense against malware, but have taken a different approach to tackling the problem. Panda has adopted a cloud-based architecture for security software as a technique for becoming more nimble in responding to the growing volume of malware threats.
I am now evaluating Surfright's Hitman Pro 3.5
It already found 3 files in my XP system32 folder that look a little bit to me like they might belong to the infection that PCTOOLS Threatfire already "cleaned" for me to "save my bacon".
The behavioral scanning of Hitman Pro is apparently DIFFERENT than Threatfire. i.e. it scans the files off of the disk, apparently without actually executing them, unlike Threatfire.
I used to be a little bit embarrassed by appearing to be paranoid. But I think the bad guys have advanced far enough now that there is good reason to be "paranoid".
If this evaluation is good, I may actually spring $20 for 1 year for this.
On demand signature and whitelist based scans by:
Ad Aware
MalwareBytes
Norton free (Insight)
Spybot S&D
Threatfire (on demand, not realtime)
TrendMicro Housecall (ActiveX web based)
Microsoft One Care free (scanned over 500,000 files)
DID NOT find anything :(
Spanky new scanners no longer cutting it
By John Leyden
Posted in Malware, 8th February 2010 11:44 GMT
http://www.theregister.co.uk/2010/02/08/security_scanner_shortcomings/
Even users running up-to-date anti-virus software still get infected with malware, according to stats from an online malware scanning service.
Nearly a third (25,000 out of 78,800) of computers with up-to-date anti-virus software were discovered to be infected with malicious code when users scanned their PC using SurfRight's HitmanPro 3 behavioural scan.
SurfRight's analysis (pdf) is based on 107,435 users who put their PC through its scanner between 10 October and 4 December 2009. Around a quarter of these users (28,608) either had no scanner installed or were running security software that was out of date.
Surfers are much more likely to turn to SurfRight's software if they suspected their Windows PC was running slowly or might be infected with malware, so the figures from SurfRight's audit are bound to come out worse than those from the general web population.
Still, the exercise does illustrate the problem that running the latest version of antivirus software is no guarantee against malware infection, contrary to what the marketing department of many security software firms have historically said.
SurfRight's technology bundles seven different antivirus programmes and offers them through its HitmanPro 3 scanning service. Other vendors, such as Panda, have previously acknowledged up-to-date anti-virus software alone is only a partial defense against malware, but have taken a different approach to tackling the problem. Panda has adopted a cloud-based architecture for security software as a technique for becoming more nimble in responding to the growing volume of malware threats.
I am now evaluating Surfright's Hitman Pro 3.5
It already found 3 files in my XP system32 folder that look a little bit to me like they might belong to the infection that PCTOOLS Threatfire already "cleaned" for me to "save my bacon".
The behavioral scanning of Hitman Pro is apparently DIFFERENT than Threatfire. i.e. it scans the files off of the disk, apparently without actually executing them, unlike Threatfire.
I used to be a little bit embarrassed by appearing to be paranoid. But I think the bad guys have advanced far enough now that there is good reason to be "paranoid".
If this evaluation is good, I may actually spring $20 for 1 year for this.
On demand signature and whitelist based scans by:
Ad Aware
MalwareBytes
Norton free (Insight)
Spybot S&D
Threatfire (on demand, not realtime)
TrendMicro Housecall (ActiveX web based)
Microsoft One Care free (scanned over 500,000 files)
DID NOT find anything :(