Re: Malware detection

[haZard0us <hazard0us.pt () gmail com>]

A 27/07/2012, às 00:13, Glenn Duquette escreveu:

> Just to be clear,  did you have MSSE and another anti-malware product installed and running on the same machine at 
> the same time?   I was under the impression this was not recommended and could cause issues with proper detection.

No. I had MSSE installed and then uninstalled it in order to proper functioning of ZoneAlarm.

> I'll also throw my experience with MSSE in there:  When it was first released, it actually proved to be very 
> effective at detection and removal of known malware, appeared to run with very little resources, and was cost 
> effective (in ForeFront format) for business who had site licenses with MS as well as for home users.  Overall it was 
> a decent anti-malware product that I recommended for both home (MSSE) and work (ForeFront).
>
> Fast forward a few years to now.  MSSE is still pretty effective at detecting and removing the *well known* variants 
> of malware and still does not use a lot of system resources that I have seen, and is still cost effective.  The 
> problem is that the malware field has changed drastically.  We are seeing far more malware that MSSE/Forefront does 
> not detect because the 'bad guys' have simple ways to make a slightly different variant that thwarts detection.  
> Signature based detection can only get one so far (as has been said in a few other replies) and it is only possible 
> when the signature can be made.  When the malware kits allow you to generate a simple variant that MSSE and a few of 
> the other major anti-malware software does not detect one has to rely on other means like heuristics, behavior, 
> white/black listing, etc (when relying on client side software as a layer in the defense).  I have not found MSSE v1 
> or v2 strong in anything but signature detection.  I no longer recommend MSSE for home or work users because it's 
> poor performance outside of signature based scanning.

That was my experience, too (regarding home use). No budget means no paid solution. But gladly ZoneAlarm has a free 
version.

> As a fun test, try the following on a malware lab desktop/VM:  Install your version of windows with MSSE - and make 
> sure they are fully updated.  Download a smattering of malware examples from one of the well known malware sites and 
> see how many of them actually get past MSSE.  In my tests, a good 50 to 60% install their payload without MSSE making 
> a peep.  Do the same, but this time remove MSSE and install an anti-malware tool like Kaspersky or BitDefender and 
> see how it compares.  In my tests the commercial products have done far better due to their faster updates of 
> signatures, heuristic, and behavior analysis.  Obviously it is not a scientific test, but effective enough for this 
> example.  FYI - Zeus variants always seemed to get by MSSE particularly effectively for me.

I guess I'll give it a try :)

> Glenn

Cheers and thanks for the answer! :)
--haZ
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------