Full Disclosure mailing list archives
Re: Show me the Virrii! (heuristics)
From: S G Masood <sgmasood () yahoo com>
Date: Mon, 5 Jan 2004 04:17:17 -0800 (PST)
Hi Alex, Good points. To add an example, Swen was detected automatically as "W32.Automat.AHB" by Norton AV before its signatures were added. When Norton AV detects a new virus based on heuristics, it usually identifies it as "W32.Automat.*", with "Automat" probably standing for "Automatically Detected". Regards, -- S.G.Masood --- starlabs <ashipp () messagelabs com> wrote:
Does anyone have reliable reports of an antivirussystem firingoff on a heuristic?I'm not aware of ever having seen one; always seemsto be asignature.As part of my job I regularly evaluate antivirus products. I have seen plenty of heuristic detections; all the engines have different heuristic capabilities, so some detect more new malware than others, and of course some also have more false positives than others. Your experience might be because you are using a poor heuristic engine, or because by the time you get a sample of a real new virus, your vendor has released a signature anyway, even if they detected it heuristically anyway. My findings indicate that the state of the art is that most new malware can be detected heuristically these days. Regards, Alex
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com
________________________________________________________________________
_______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Show me the Virrii! Richard Maudsley (Jan 04)
- Re: Show me the Virrii! S G Masood (Jan 04)
- RE: Show me the Virrii! Steve Wray (Jan 05)
- Re: Show me the Virrii! (heuristics) starlabs (Jan 05)
- Re: Show me the Virrii! (heuristics) S G Masood (Jan 05)
- RE: Show me the Virrii! Nick FitzGerald (Jan 07)
- RE: Show me the Virrii! Steve Wray (Jan 05)
- Re: Show me the Virrii! Nicob (Jan 07)
- Re: Show me the Virrii! Nick FitzGerald (Jan 07)
- Re: Show me the Virrii! Valdis . Kletnieks (Jan 07)
- Re: Show me the Virrii! Nick FitzGerald (Jan 08)
- Re: Show me the Virrii! S G Masood (Jan 04)
- Re: Show me the Virrii! Richard Maudsley (Jan 04)
- RE: Show me the Virrii! Richard Maudsley (Jan 05)
- RE: Show me the Virrii! Nick FitzGerald (Jan 07)