funsec mailing list archives
Re: today in the news
From: Drsolly <drsollyp () drsolly com>
Date: Tue, 25 Jul 2006 22:08:08 +0100 (BST)
On Tue, 25 Jul 2006, Florian Weimer wrote:
* Dude VanWinkle:"At the point we see it as a CERT, which is very early on -- the most popular brands of antivirus on the market ⦠have an 80 percent miss rate. That is not a detection rate that is a miss rate.(")80% seems fairly low, but it depends on how you count.
If you're writing a commercial malware, then you don't want the most popular AV products to detect it with their heuristics. So, you deliberately make it so that they don't, and you keep modifying it until that's the case. That's why 80% sounds right to me.
"So if you are running these pieces of software, eight out of 10 pieces of malicious code are going to get in," said Ingram.If you've got up-to-date OS patches and your AV software blocks the most widely used downloaders, the numbers are better. Of course, it's still far away from risk-free porn surfing (or ad-clicking--has anyone notice ErrorSafe ads on Dilbert?), but I suppose you are unaffected by significantly more than just 20% of the malware floating around.
If you read the original research, they found an 80% non-detection rate for new malwares (the heuristisc scored 20%), when testing just three AV products. Other AV products did a *lot* better. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- today in the news Paul Vixie (Jul 24)
- Re: today in the news Dude VanWinkle (Jul 25)
- RE: today in the news Larry Seltzer (Jul 25)
- Re: today in the news Florian Weimer (Jul 25)
- Re: today in the news Drsolly (Jul 25)
- Re: today in the news David Lodge (Jul 25)
- <Possible follow-ups>
- today in the news Paul Vixie (Aug 28)
- RE: today in the news Richard M. Smith (Aug 28)
- Re: today in the news Dude VanWinkle (Jul 25)