Re: Browser hijack
From: E. (bellyup_at_thebar.now)
Date: 07/04/04
- Previous message: Curtis Blofeld: "Trent Saunder Eats Cold ***"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 04 Jul 2004 08:14:59 GMT
Melvin Klassen wrote:
> On Mon, 28 Jun 2004 10:04:55, "E." <bellyup@thebar.now> wrote:
>
>
>>>If the Symantec software has "quarantined" the files,
>>>then the Symantec software is already capable of identifying the files.
>>>Therefore, there's no need for you to send the files to Symantec.
>>
>>Symantec (and other AV's ) will often detect some of the files 'dropped'
>>by malware but will not remove the cause.
>
>
> True.
>
>
>>As a lot of the stuff uses random filenames and signatures
>>it would be next to impossible for *any* program to detect it by signature,
>
>
> Nonsense.
> Most signatures are based on the *CONTENT* of the file, not on the
> *NAME* of the file.
> Some signatures are based on heuristics -- if it looks like malware,
> it probably is the latest variant of malware.
Re-read: random filenames *and* signature, hence: content.
Even if we a we are both right and wrong, everyone is still behind the
8-ball as signatures and hueristics rely on known malware.
>>much less in real time.
> Nonsense.
> Most anti-virus packages *DO* perform "real-time" scanning;
> when a file is "opened", the anti-virus software scans that file,
> before allowing the application to access the contents of the file.
> (Trying a file-to-file copy of a virus-infected file -- your
> anti-virus software
> should detect that the source-file is infected. Try using FTP to get
> a virus-infected file -- when your FTP-client "closes" the file,
> after writing the file to your hard-drive, the virus-scan should scan
> the "new" file.)
That works great with a known virus or chunk of malware. Truly random*
malware cannot be detected by signature. You could possibly stop an
outbreak such as a mass mailout, but the chances of sw auto-id'ing the
cause is remote.
E.
*even though in reality true random doesn't exist in computers.
- Previous message: Curtis Blofeld: "Trent Saunder Eats Cold ***"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
