A forum for reverse engineering, OS internals and malware analysis 

Anti-Virus Software

All off-topic discussion goes here.

Anti-Virus Software

 #1878  by LeastPrivilege
 Mon Aug 09, 2010 7:22 pm
Hello all,

What is your general opinion of anti-virus software these days?

1. Recognition (ability to detect malicious code)
2. Prevention (ability to block malicious code)
3. Deletion (ability to competently purge malicious files)
4. Performance (os speed and av scan speed)
5. Stability (av driver conflicts with other software)

Do you think they have lost the ability to recognize most new malware?

Does anti-virus software alone offer enough protection anymore?

What do they need to do to improve detection?

Re: Anti-Virus Software

 #1883  by EP_X0FF
 Tue Aug 10, 2010 5:16 pm
This is very philosophic / marketing and pointless discussion.

Classical antiviruses are dead.
Signatures are dead because of malware server-side polymorphism.
Checksum calculators are legalized fake AV's.
Does anti-virus software alone offer enough protection anymore?
Was it enough before?

Re: Anti-Virus Software

 #1888  by ssj100
 Wed Aug 11, 2010 6:10 am
EP_X0FF wrote:This is very philosophic / marketing and pointless discussion.

Classical antiviruses are dead.
Signatures are dead because of malware server-side polymorphism.
Checksum calculators are legalized fake AV's.
Does anti-virus software alone offer enough protection anymore?
Was it enough before?
For whatever it's worth, I completely agree with you. However, if you asked "Antivirus" experts, they will tell you otherwise. Why? Well, for 2 main reasons:

1. Marketing/employment - they want to sell their product(s) and/or keep their job(s) haha
2. Antivirus programs are better than nothing for the "noob" user

Re: Anti-Virus Software

 #2050  by LeastPrivilege
 Wed Aug 18, 2010 3:28 pm
This is not a pointless discussion. If it was then people would not continue to upload malware samples to antivirus scan sites like virustotal to test unknown files. They would find another means for testing.

Re: Anti-Virus Software

 #2184  by Buster_BSA
 Sun Aug 22, 2010 6:10 pm
LeastPrivilege wrote:This is not a pointless discussion. If it was then people would not continue to upload malware samples to antivirus scan sites like virustotal to test unknown files. They would find another means for testing.
Most people don´t know enough to understand the results produced with products like Buster Sandbox Analyzer, Anubis, Joebox, Threat Expert, etc. They just understand "infected" or "clean".

That´s why classic antivirus will be popular (more than other products) for a long long time.
 Return to “General Discussion”