Eighty percent of new malware defeats antivirus????!!!!

[Guest]

[Melih]

http://www.zdnet.com.au/news/security/soa/Eighty_percent_of_new_malware_defeats_antivirus/0,2000061744,39263949,00.htm

Interesting reading.

The point that is being raised in this news article is that people use AV mostly and anti spyware is yet to penetrate the market.

One of the major reasons why Anti-Spyware products come as a seperate product is because vendors are looking for ways to charge extra for this. At Comodo we decided to turn our AV engine to also catch spyware hence we called it CAVS (Comodo Anti Virus/Spyware). Hence I believe our strategy is right and our strategy will help fight malware better, cos majority of people still think just AV will be enough and don't bother with Anti spyware.

Read the article and let me know your thoughts please.

Thanks
Melih

[kail]

Based on that article, I think we should keep CAVS very quiet & not tell any more people about it.

Hmm.. I believe there's a slight flaw in that thinking.  :

Seriously, I think your strategy is correct & certainly is best for the user.

But, the article does make a valid point. The more popular any product becomes, then there more likely it will be that virus/trojan/malware writers test their latest thing against that product. That is, as the article indicates, indeed a worrying trend.

[Laurence]

Hi Melih,

It certainly sounds to be a wise course of action alright, to integrate antispyware and antivirus together; and scanning in such a way, so as 1) first and foremost, as much as possible, prevent same from entering one's system, 2) should it enter, catch same before it does harm, and 3) preferably clean/disinfect/eradicate it once found; barring that, at least quarantine suspicious files.

And from what I read on rootkits it sounds like they remain a real problem and growing concern. I am hopeful that CAVS, combined with a successful firewall (such as CPF), eventually proves itself to be up to the task of protecting those who use computers and traverse the Internet, providing end users with that warm and fuzzy feeling which can come from truly knowing that one is being protected by the best.

So, continue to press on, making our CAVS (and other Comodo products of course) the very best there is, and then we won't have to be numbered among that 80 %. ;-)

Laurence

[Melih]

Based on that article, I think we should keep CAVS very quiet & not tell any more people about it.

Hmm.. I believe there's a slight flaw in that thinking.  :

Seriously, I think your strategy is correct & certainly is best for the user.

But, the article does make a valid point. The more popular any product becomes, then there more likely it will be that virus/trojan/malware writers test their latest thing against that product. That is, as the article indicates, indeed a worrying trend.

Yes worrying indeed!
Blacklisting technologies that work on signatures and algorithms that detect behaviour are always there to be broken. This is why at Comodo we supplement all these technologies with safelisting approaches which is not susceptible to what the author has described.

Melih

[pandlouk]

That article has some truth but it makes me wonder why he don't give any information about the programs he used and/or at least a catalog of the malware that he used for the test. It sure lacks of credibility since it just throw some percentuals and nothing more (not a number of the malware, not types of malware, etc.)

ps. This information is not new. It reminds me of blaster ( I think it was him), 2 years ago,  that the first thing he did when infected a system was to disable the AV engine of the most known antivirus (norton,mcafee,etc.) and the second was to mutate his signature. It gave a great headache at the AV companies for more than 8 months.

[campart]

80% sounds very high...like possible exageration. I have been using Spyware Blaster up until now. Can I safely switch this off with CAVS in use? I noticed that on my previous PC I had Spyware Blaster and Spybot both loaded. Spybot had fewer updates and since its scans never detected any intruders I assumed that Blaster stopped everything from even getting to me. I should add that I use ThunderBird and Firefox so I don't have the usual MS security holes.
CPF and CAVS both working perfectly for me. Thank you Melih (and team).

Thank you mOngOd for your comments, I will keep Spyware Blaster up and running while CAVS evolves.

[m0ng0d]

I has Spyware Blaster and Spyware Guardian (both by the same company) loaded.  Spyware Guardian interferred with CAVS installing correctly (as it silently stops things), so I had to uninstall it.

I think Spyware Blaster is a wonderful companion product to keep installed as it is more about "training" IE / Firefox with regards to Ads, Restricted Sites, and ActiveX install control.... I only foresee CAVS possibly depricating Spyware Blaster's ActiveX controls... but there are 2 other function that Spyware Blaster can still perform for you (until COMODO makes new products that incorporate those functions).

[DoomScythe]

I think it is possible for this (80% new malware defeats antivirus) to happen, considering most anti-virus softwares are using the blacklist approach. I think this will continue to be a trend until some geniuses came up with a new method on which the AV software could work on. Playing catchup is always on the losing side.

Erm Melih, I don't get you when you said you were using the whitelist approach. Do you refer to the CPF or CAVS? I certainly think that it is the CPF, right? No way you could create a whitelist for the CAVS.......


Yours truly,
DoomScythe

[TheFireKnight]

I used to use Kerio PF to help in catching some rootkits when they tried to connect to the internet. Mostly it was because I could see all the information of what comes in and goes out.

Guess what? I've had MUCH greater success with CPF when it come to doing the same thing.

Sure a good firewall like CPF doesn't get rid of the rootkits, and generally I haven't really seen any AV/AS program being able to remove them, but at least I can sure tell when one is installed.

Removal usually turns out to be a manually done job.... but oh well....

Hopefully CAVS will collaborate with CPF enough to have a better chance of removing these nuisances.

Besides that, you'd need a program that does thread tracing to be able to catch many/all rootkits (thread tracing=very time consuming - maybe do-able when AMD releases their 4x4 initiative).

Edward

[Melih]

I think it is possible for this (80% new malware defeats antivirus) to happen, considering most anti-virus softwares are using the blacklist approach. I think this will continue to be a trend until some geniuses came up with a new method on which the AV software could work on. Playing catchup is always on the losing side.

Erm Melih, I don't get you when you said you were using the whitelist approach. Do you refer to the CPF or CAVS? I certainly think that it is the CPF, right? No way you could create a whitelist for the CAVS.......


Yours truly,
DoomScythe

Give me 2 months to show you what i mean :-)

Melih

[Júštiñ™]

Give me 2 months to show you what i mean :-)

Melih

 

[DoomScythe]

Give me 2 months to show you what i mean :-)

Melih

Alright Melih, now you got me really curious. Hehe


Yours truly,
DoomScythe

[andyman35]

I used to use Kerio PF to help in catching some rootkits when they tried to connect to the internet. Mostly it was because I could see all the information of what comes in and goes out.

Guess what? I've had MUCH greater success with CPF when it come to doing the same thing.

Sure a good firewall like CPF doesn't get rid of the rootkits, and generally I haven't really seen any AV/AS program being able to remove them, but at least I can sure tell when one is installed.

Removal usually turns out to be a manually done job.... but oh well....

Hopefully CAVS will collaborate with CPF enough to have a better chance of removing these nuisances.

Besides that, you'd need a program that does thread tracing to be able to catch many/all rootkits (thread tracing=very time consuming - maybe do-able when AMD releases their 4x4 initiative).

Edward

The only effective method for removing these threats is by a comparison scan between the windows environment and a BARTPE or similar ,based bootable cd scan.

[-[NHATZ_JADE]-]

http://www.zdnet.com.au/news/security/soa/Eighty_percent_of_new_malware_defeats_antivirus/0,2000061744,39263949,00.htm

Interesting reading.

The point that is being raised in this news article is that people use AV mostly and anti spyware is yet to penetrate the market.

One of the major reasons why Anti-Spyware products come as a seperate product is because vendors are looking for ways to charge extra for this. At Comodo we decided to turn our AV engine to also catch spyware hence we called it CAVS (Comodo Anti Virus/Spyware). Hence I believe our strategy is right and our strategy will help fight malware better, cos majority of people still think just AV will be enough and don't bother with Anti spyware.

Read the article and let me know your thoughts please.

Thanks
Melih

HE!!O MELIH

A combination of FIREWALL / AV / ANTISPYWARE in One package will be the best I think.

[3xist]

HE!!O MELIH

A combination of FIREWALL / AV / ANTISPYWARE in One package will be the best I think.

Hey Lewis,

It's in the making

Cheers,
Josh

[Tags:]