LeastPrivilege wrote:What are some things that the anti-virus companies could do to improve detection?
Improving protection is mission critical but already touched apon in this topic.
Time to soapbox about detection...
I have come to the conclusion that most of the commercial companies have more people working in their sales department then they do in active research.
Pluck a figure out the air but 100:1 ratio would not surprise me one jot but that is business..they are more interested in taking your $'s then protecting you.
They for the most all act retrospectively and process submissions after the fact >> They are always playing catch up and they are always getting bypassed today.
Lets face it the bulk of malware is trackable(sources), its not rocket science to compile watchlists which cover a high percentage of current malware installs or to add new sources to existing watchlist.Get yourself a competent team of hopeless addicts to monitor these sources 24/7 and then you have very healthy new malware detection rates!
Yes there is a lot of malware created daily but realistically with a healthy sized research team it is possible to increase detection of malware served that day(protect your users) to a much higher level as opposed to the current model that really sucks.
The amount of times i find new badly detected samples daily and follow their pickup rate by VT databases over the next week it becomes apparent why my clients have a market entry point.
No one cares much for detection rates...only taking your money $'s :(
[/soapbox]
In short how can AV increase detection rates ...employ more malware hunters and turn them into researchers :idea:
Will they do this....no chance ;)
