Security Basics mailing list archives
Re: Malware detection
From: Vic Vandal <vvandal () well com>
Date: Thu, 26 Jul 2012 08:31:28 -0700 (PDT)
This product comparison published this month supports Raghav's comments on some level, and brings into question the comments made by Kartik and Eric. However for added report credibility such product testing should have been repeated on a variety of different occasions within weeks or months. So like many things you have to take the report's results with a grain of salt. http://www.av-comparatives.org/images/docs/avc_beh_201207_en.pdf As for this note from Kartik:
Some people feel honored bashing Microsoft and it's products. It is a fashion
I pretty much stopped bashing MS rampantly after Win-2K was released and it supplanted the atrociously unreliable Win-NT, and have professionally touted the many benefits of leveraging the robustness and features of Active Directory within common operating environments filled with Windows servers and workstations. That doesn't mean I won't give an unbiased opinion when one of their products is lacking though. -Vic CISSP, SSCP, HIJKLMNOP, etc. (I may as well jump on the bandwagon where some people think adding letters behind their name means something beyond the acknowledged fact that they understand some basic InfoSec terms and technology definitions - I'm absolutely not bragging but to drive home that point I passed the CISSP exam with zero studying and zero course attendance, on an extreme hangover, way back when they had 6 multiple choice questions instead of 4 and the cert #s were 4 digits - and the only times I put those letters behind my name is as a joke - I'm not bashing ISC2, but over the years I've seen a LOT of people pass that test after attending an expensive course who are still quite clueless about InfoSec in general - experience is what really counts, not acronyms - PSA over) ----- Original Message ----- From: "Raghav Pande" <kaelsunstrider.raghav () gmail com> To: "kartik netsec" <kartik.netsec () gmail com> Cc: security-basics () securityfocus com Sent: Wednesday, July 25, 2012 12:22:05 PM Subject: Re: RE: Malware detection probably those many occasions were when, malware was made by kiddies. :) MSSE is very bad at detecting stuff. and if you think MSSE takes action against new malwares then see those malware's timestamp, first 4 bytes which will tell you about compiler and other stuff which says VB6 or .NET or 1999 or made by kiddie. a properly made crypter or malware always bypasses MSSE. Try KIS proactive defense combined with system watcher is best protection you can get. #fail exploit #fail malwares On Wed, Jul 25, 2012 at 10:32 AM, <kartik.netsec () gmail com> wrote:
"Also, on many occasions we have seen MSSE detect and successfully remove new malware that other products didn't even detect until their signatures included these programs - sometimes days later." I second with Eric's comment. I have experienced this a lot many times in my environment wherein MSSE detects and takes the corrective action against new malware whereas the market leaders like Symantec and McAfee detected it only when ticket was raised and samples were sent to them. Some people feel honored bashing Microsoft and it's products. It is a fashion :D Thanks, Kartik CISSP, CISM
-- Regards Raghav Pande ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Malware detection, (continued)
- RE: Malware detection David Gillett (Jul 26)
- Re: Malware detection haZard0us (Jul 26)
- Re: Malware detection haZard0us (Jul 26)
- Re: Malware detection Jeffrey Walton (Jul 26)
- RE: Malware detection Glenn Duquette (Jul 26)
- Re: Malware detection haZard0us (Jul 27)
- Re: RE: Malware detection Raghav Pande (Jul 25)
- Re: RE: Malware detection Ansgar Wiechers (Jul 25)
- Re: RE: Malware detection Kurt Buff (Jul 26)
- Re: Malware detection Vic Vandal (Jul 26)
- RE: RE: Malware detection Chris Seppala (Jul 27)