Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: AV that supoprts spy/adware

from [Valdis Shkesters] Network Security [Permanent Link]
Subject: Re: AV that supoprts spy/adware
Date: Fri, 6 May 2005 12:34:17 +0300 
It does sound pretty promising, but what is the reality?
Have you read the ICSA Labs test report? I did.
By the way, it is available here:
http://www.icsalabs.com/services/lab_reports/Panda_Public_Evaluation.PDF

The behaviour-blocking components mainly are used to
detect new and unknown malicious code, and they complement
the traditional signature solution. After having read the ICSA Labs
test report, I was rather surprised (and disappointed by this testing group)
that they have used long-known malicious programs to test the TruPrevent's
blocking abilities. ICSA Labs lists the viruses they have used: Sircam,
Nimda, PrettyPark, Klez et cetera. It's all old stuff and classics of
computer virus history. All malicious programs listed in the test
report had been known long before this test took place and some of
them - even before the TruPrevent had been developed.

As a matter of fact, the virus defence components
without signatures also are updated when new threats emerge.
Therefore, it's not clear why a product developed for protection
mainly from new malicious code was tested on the old one.
The only aim of doing this might be to prove that it works at all.

I encourage you to read this
(http://www.pcmag.com/article2/0,1759,1727662,00.asp).
It looks more realistic: TruPrevent detects 2/3 of new malicious
programs. This is closer to my own experience. Interestingly,
the best signature scanners for detecting malicious code almost
provide this rate (Retrospective/ProActive Test, November 2004,
http://www.av-comparatives.org).

Best regards,

Valdis Shkesters

----- Original Message ----- From: "Roger Padilla Jr " <ropadill@calpoly.edu>
To: "'Dave'" <wintermutecx@gmail.com>; <focus-virus@securityfocus.com>
Sent: Thursday, May 05, 2005 9:24 PM
Subject: RE: AV that supoprts spy/adware


Panda Software has a bundled solution as well.  Actually they use a
technology called TruPrevent that uses a behavioral approach to defend
against malware in general.  Here is a link to a review I just read --
sounds promising.

http://www.pcmag.com/article2/0,1759,1808169,00.asp

------------------------------------------------
Roger Padilla, Jr.
California Polytechnic State University
San Luis Obispo, CA
ITS/PS3
Network Analyst
Office: (805) 756-5294
Email: mailto:ropadill@calpoly.edu
------------------------------------------------ 


-----Original Message-----
From: Dave [mailto:wintermutecx@gmail.com]
Sent: Thursday, May 05, 2005 10:00 AM
To: focus-virus@securityfocus.com
Subject: AV that supoprts spy/adware

Anyone have a list of AV that detects spyware? We are currently using eTrust
with spybot and the MS beta antispyware. I'd like to get something that's
integrated. Thanks.


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: AV that supoprts spy/adware, Matti Haack
Next by Date:  RE: AV that supoprts spy/adware, David Philpotts
Previous by Thread:  RE: AV that supoprts spy/adware, Roger Padilla Jr
Next by Thread:  Re: AV that supoprts spy/adware, Shane B. Milburn
Indexes:  [Date] [Thread] [Top] [All Lists]