Comments on: Antivirus suites fail more often than not http://lastwatchdog.com/antivirus-suites-fail/ on Internet security by Byron Acohido Wed, 10 Mar 2010 13:59:48 +0000 http://wordpress.org/?v=abc hourly 1 By: antivirus express http://lastwatchdog.com/antivirus-suites-fail/#comment-851 antivirus express Tue, 20 Oct 2009 13:31:09 +0000 http://lastwatchdog.com/?p=2861#comment-851 Pretty good post. I just came across your site and wanted to say that I've really liked browsing your posts. I hope you post again soon! Pretty good post. I just came across your site and wanted to say that I’ve really liked browsing your posts. I hope you post again soon!

]]> By: Francesco http://lastwatchdog.com/antivirus-suites-fail/#comment-782 Francesco Thu, 24 Sep 2009 14:26:36 +0000 http://lastwatchdog.com/?p=2861#comment-782 When I say "same thing as behavior analysis", of course, I'm talking about that it is based on actually running the executable, hence it can't be considered something that can be present in every type of AV scanner. I'm not saying that it's the same thing with a different hame. When I say “same thing as behavior analysis”, of course, I’m talking about that it is based on actually running the executable, hence it can’t be considered something that can be present in every type of AV scanner. I’m not saying that it’s the same thing with a different hame.

]]> By: Francesco http://lastwatchdog.com/antivirus-suites-fail/#comment-781 Francesco Thu, 24 Sep 2009 14:05:25 +0000 http://lastwatchdog.com/?p=2861#comment-781 William, what are you saying, exactly? Heuristics? They are not ignored in the detections generated by *any* scanner, be it online or in a real product. If a scanner detects a file through heuristics, it's considered detected in any "test". Period. I don't know what gave you the idea that it isn't. Blacklisting? What? Blacklisting *is* signature-based detection; a very poor type of signature based detection. Whitelisting has *nothing* to do with detecting malicious files. Behavior analysis can't be used in tests because it's based on running the executable, therefore is not suited for general purpose scanners such as gateway scanners. Behavior analysis is also extremely unreliable because if a malware gets the upper hand and doesn't get detected, it may completely disable the AV. Protocol anomaly detection? Huh? Process controls: same thing as behavior analysis. William, what are you saying, exactly?

Heuristics? They are not ignored in the detections generated by *any* scanner, be it online or in a real product. If a scanner detects a file through heuristics, it’s considered detected in any “test”. Period. I don’t know what gave you the idea that it isn’t.

Blacklisting? What? Blacklisting *is* signature-based detection; a very poor type of signature based detection.

Whitelisting has *nothing* to do with detecting malicious files.

Behavior analysis can’t be used in tests because it’s based on running the executable, therefore is not suited for general purpose scanners such as gateway scanners. Behavior analysis is also extremely unreliable because if a malware gets the upper hand and doesn’t get detected, it may completely disable the AV.

Protocol anomaly detection? Huh?

Process controls: same thing as behavior analysis.

]]> By: William http://lastwatchdog.com/antivirus-suites-fail/#comment-767 William Wed, 23 Sep 2009 01:31:52 +0000 http://lastwatchdog.com/?p=2861#comment-767 Really? Someone published Cyveillance's self-promoting and antivirus bashing report? They don't give any detailed information on their methodology, what version of the antivirus software they were running or any other test details. On the most serious note, they continue the myth that antivirus companies are only using signatures to detect attacks still.. MOST of those companies listed use all kinds of new technologies including Heuristics, blacklisting, whitelisting, behaviour analysis, protocol anomaly detection, process controls, and many more. For shame. Really? Someone published Cyveillance’s self-promoting and antivirus bashing report? They don’t give any detailed information on their methodology, what version of the antivirus software they were running or any other test details. On the most serious note, they continue the myth that antivirus companies are only using signatures to detect attacks still.. MOST of those companies listed use all kinds of new technologies including Heuristics, blacklisting, whitelisting, behaviour analysis, protocol anomaly detection, process controls, and many more. For shame.

]]> By: Robert http://lastwatchdog.com/antivirus-suites-fail/#comment-755 Robert Sat, 19 Sep 2009 08:00:58 +0000 http://lastwatchdog.com/?p=2861#comment-755 I am not taking this report serious at all. It all comes down to them trying to sell their own defense system. As long as they not publish a full report about how and what they exactly tested, i'm not buying it. I am not taking this report serious at all. It all comes down to them trying to sell their own defense system.
As long as they not publish a full report about how and what they exactly tested, i’m not buying it.

]]>