Re: Trojan horse Downloader.Generic.ML
From: Roger Wilco (yesman_at_yourservice.invalid)
Date: 06/18/05
- Next message: Moe Trin: "Re: Firewall needed behind router?"
- Previous message: Ron Reaugh: "Re: Trojan horse Downloader.Generic.ML"
- In reply to: Jason Edwards: "Re: Trojan horse Downloader.Generic.ML"
- Next in thread: Gabriele Neukam: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Gabriele Neukam: "Re: Trojan horse Downloader.Generic.ML"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Jun 2005 21:11:22 -0400
"Jason Edwards" <none1@invalid.invalid> wrote in message
news:3hfljrFg5spcU1@individual.net...
> Using the current model of anti-virus software I don't see how any
virus
> scanner vendor can be expected to get an update done and distributed
to
> users before malware has executed on their PC.
In some cases they could add detection for exploit code which was
published and have detection in place before some malware author
actually used it in a program. But most often the malware program's
release prompts the creation of the detection update after some time
elapses. This gives active or autoexecuting exploit based worms the time
they need to spread fairly widely - but for the "click required" worms
and viruses it shouldn't be a problem because there is really no good
reason for a user to execute every damned executable they see when they
could wait a reasonable amount of time for the malware fighters to add
detection capabilities to their scanners.
> This is simply not possible unless they turn their efforts to time
travel
> instead of malware detection.
> I cannot recall a virus I came across this year which hadn't executed
and
> done damage to a user's PC BEFORE their virus scanner was updated to
detect
> it. The last one was due to a 12 year old using MSN messenger in an XP
> administrator account. This left the user helpless because task
manager
> wouldn't run and IE wouldn't go to any anti-virus sites. AVG took more
than
> 24 hours to start detecting it and I don't see how they could have
done it
> any faster.
> Is it only me who thinks that there may be something wrong with this
model?
The current model only enables users to get by without proper safe
practices. I like the old model better - you know, the one where AV was
a tool to help you to climb to better security instead of a crutch to
help your muscles atrophy. Too many people depend on AV to protect them
while they engage in risky behavior when a simple change in behavior
would leave little for the AV to do.
- Next message: Moe Trin: "Re: Firewall needed behind router?"
- Previous message: Ron Reaugh: "Re: Trojan horse Downloader.Generic.ML"
- In reply to: Jason Edwards: "Re: Trojan horse Downloader.Generic.ML"
- Next in thread: Gabriele Neukam: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Gabriele Neukam: "Re: Trojan horse Downloader.Generic.ML"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
