don’t worry , I guess the cis developers are just doing a great and fast job , I just tested 2 of the signed trusted! malwares that i had problems with last week , and they are fixed now and sandboxed when I execute them …
Just want to know the time between these two points;
someone reported a malware with valid signature in TVL (assume it is a true malware),
release of a new TVL with above signature removed for update of CIS in our PC.
And I think the above time should be less than the time required for update of virus database if a new virus were reported. It is because I can still be protected by D+ if the AV missed the virus. However, the protection will totally be bypassed if a malware got a valid signature in TVL.
This example very well :-TU illustrates that TVL feature is flawed (despite it is very convinient), and this is gonna to change only when “trusted vendors” stop sign malware.
even with the Norton Insight technology ( it depends on the file hashes as far as I know ) , still you will find some problems like these
I was testing Norton Antivirus 2011 versus malc0de.com’s malwares and I also found like 4 or 5 malwares that norton reports them as ( safe !) and the system got infected so easily.
you will never get a security software with 100 % protection , but you can get a solid software like the free! cis5 and get yourself used to download only famous and trusted softwares , then u will be safe
I would also like to know the answer to this question, it’s only fair that we are given an answer as to why and how malware gets added to the TVL either on purpose or by accident.
This is why the TVL should not automatically include ALL software from a trusted vendor, but each peice of software tested individually. We cannot even trust trusted vendors…this is scary. :o