Desktop antivirus - it's dead

[George Orwell]

PC World
http://elfurl.com/qympl

Some industry analysts are proclaiming the traditional antivirus method
for detecting and eradicating viruses, trojans, spyware and other
baneful code by matching it against a signature
http://************/crapware to be "dead."

They say signature-based checking can't keep up with the flood of virus
variants manufactured by a criminal underworld that is beating the
antivirus vendors at their own game. And they are arguing it's time for
companies to adopt newer approaches, such as whitelisting or behavior-
blocking, to protect desktops and servers.

"It's the beginning of the end for antivirus," says Robin Bloor,
partner at consulting firm Hurwitz & Associates, in Boston, who adds he
began his "antivirus is dead" campaign a year ago and feels even more
strongly about it today. "...The approach antivirus vendors take is
completely wrong. The criminals working to release these viruses
against computer users are testing against antivirus software. They
know what works and how to create variants."

...Instead of antivirus software, he says, users should be investing in
whitelisting software that prevents viruses from running because it
only allows authorized applications to run.

Whitelisting products are available from SecureWave, Bit9, Savant,
AppSense and CA, the first traditional antivirus vendor to see the
light, in Bloor's view.

[Virus Guy]

George Orwell wrote:

> And they are arguing it's time for companies to adopt newer
> approaches, such as whitelisting or behavior- blocking,
> to protect desktops and servers.

Why aren't we talking about a whole-sale disconnection of the China IP
space so that NS and web-hosts located in China aren't a threat any
more?

Why aren't we talking about ICANN growing some balls and de-listing
the registrars that are giving throw-away domains to spammers and
hackers? (yes, they GIVE them away - it's called domain "tasting").

[Dustin Cook]

George Orwell <Use-Author-Supplied-Address-Header@[127.1]> wrote in
news:8e5d066818cf60589120f30c9e00db49@mixmaster.it :

> PC World
> http://elfurl.com/qympl
>
> Some industry analysts are proclaiming the traditional antivirus method
> for detecting and eradicating viruses, trojans, spyware and other
> baneful code by matching it against a signature
> http://************/crapware to be "dead."

*yawn*


> They say signature-based checking can't keep up with the flood of virus
> variants manufactured by a criminal underworld that is beating the
> antivirus vendors at their own game. And they are arguing it's time for
> companies to adopt newer approaches, such as whitelisting or behavior-
> blocking, to protect desktops and servers.

Behavior blocking isn't new, and for that matter, neither is
whitelisting. They aren't in widespread use due to the annoyances each
option presents. Behavior blockers are bad about blocking legitimate
applications as well, annoying users to the point where they just turn it
off.

Whitelisting is nice n all, but How does one get the software authorized?
Who has control over this autorization? How does the whitelisting system
ensure the programs are legitimately whitelisted, and one of them didn't
add itself?

> "It's the beginning of the end for antivirus," says Robin Bloor,
> partner at consulting firm Hurwitz & Associates, in Boston, who adds he
> began his "antivirus is dead" campaign a year ago and feels even more
> strongly about it today. "...The approach antivirus vendors take is
> completely wrong. The criminals working to release these viruses
> against computer users are testing against antivirus software. They
> know what works and how to create variants."

This is very deceptive and shady. Virus scanners have always been tested
by the other guys, Both sides know this. It's called knowing thy enemy.
Your just trying to scare people with this recycled crap of yours.

> ..Instead of antivirus software, he says, users should be investing in
> whitelisting software that prevents viruses from running because it
> only allows authorized applications to run.

This will not prevent all viruses from running. Trojans, rootkits, etc.
It's a very misleading comment and may lead users into a very real false
sense of security.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - V2.2
web: http://bughunter.it-mate.co.uk - email:
bughunter.dustin@gmail.com.removethis
Pad: http://bughunter.it-mate.co.uk/pad.xml

[Virus Guy]

Far Canal wrote:

> Snip the same old bollocks you've posted before.
>
> Here's a clue, we ain't interested

What's your problem?

The article is right. AV software is not catching exploits as they
enter the typical system via browsing, and they are not able to keep
up in real time with new varients. The best they can do now is alert
you to the odd miscellaneous leftover files that got onto your system
->a month ago<-, and more and more they either can't get at access to
them to get rid of them, or they come back at your next start-up.

[Dustin Cook]

Virus Guy <Virus@Guy.com> wrote in news:4617AC38.A74116A0@Guy.com:

> Far Canal wrote:
>
>> Snip the same old bollocks you've posted before.
>>
>> Here's a clue, we ain't interested
>
> What's your problem?
>
> The article is right. AV software is not catching exploits as they
> enter the typical system via browsing, and they are not able to keep
> up in real time with new varients. The best they can do now is alert

Your right, Av usually doesn't catch exploits as they enter? the system...
Why would they?



--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - V2.2
web: http://bughunter.it-mate.co.uk - email:
bughunter.dustin@gmail.com.removethis
Pad: http://bughunter.it-mate.co.uk/pad.xml

[Virus Guy]

Far Canal wrote:

> Exploits/viruses don't come from casual browsing of 'normal'
> websites. They come from wank/warez sites & spam mail.

Why are you so ignorant and stupid?

Many "normal" web sites have been, and currently are hacked and do
serve up exploits.

The Asus website is one current example.

http://isc.sans.org/diary.html?storyid=2582

[Dustin Cook]

Virus Guy <Virus@Guy.com> wrote in news:46190076.8BB40BD2@Guy.com:

> Far Canal wrote:
>
>> Exploits/viruses don't come from casual browsing of 'normal'
>> websites. They come from wank/warez sites & spam mail.
>
> Why are you so ignorant and stupid?
>
> Many "normal" web sites have been, and currently are hacked and do
> serve up exploits.
>
> The Asus website is one current example.
>
> http://isc.sans.org/diary.html?storyid=2582

Exploits are not viruses. They are holes in the operating system and/or
applications. Why do you feel it's the job of the antivirus now to ensure
your computer doesn't have system level flaws?




--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - V2.2
web: http://bughunter.it-mate.co.uk - email:
bughunter.dustin@gmail.com.removethis
Pad: http://bughunter.it-mate.co.uk/pad.xml

[kurt wismer]

Virus Guy wrote:
> Far Canal wrote:
>
>> Snip the same old bollocks you've posted before.
>>
>> Here's a clue, we ain't interested
>
> What's your problem?
>
> The article is right. AV software is not catching exploits as they
> enter the typical system via browsing,

if they have a signature for it, they'll catch it when it's written to
disk...

> and they are not able to keep
> up in real time with new varients.

it's true that they often can't detect new/unknown malware, but novelty
is one of the few advantages malware can have that expires over time...

> The best they can do now is alert
> you to the odd miscellaneous leftover files that got onto your system
> ->a month ago<-, and more and more they either can't get at access to
> them to get rid of them, or they come back at your next start-up.

the problem here is that of mismatched expectations... people have, for
quite some time, operated under the delusion that known virus/malware
scanning was the be-all and end-all of anti-malware... however just
about every single anti-virus professional to have participated in
alt.comp.virus (and that includes a number of company heads like dr.
solly and frisk) has made it clear that known-virus scanning alone was
not complete protection and that people would be better off using
multi-layered approaches...

the people perpetuating the ridiculous notion that av was supposed to
protect you from everything are shifty-eyed marketroids and hack
reporters like the author of that article...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

[cbgerry]

On Apr 6, 3:45 pm, George Orwell <Use-Author-Supplied-Address-
Header@[127.1]> wrote:
> PC Worldhttp://elfurl.com/qympl
>
> Some industry analysts are proclaiming the traditional antivirus method
> for detecting and eradicating viruses, trojans, spyware and other
> baneful code by matching it against a signaturehttp://************/crapwareto be "dead."
>
> They say signature-based checking can't keep up with the flood of virus
> variants manufactured by a criminal underworld that is beating the
> antivirus vendors at their own game. And they are arguing it's time for
> companies to adopt newer approaches, such as whitelisting or behavior-
> blocking, to protect desktops and servers.
>
> "It's the beginning of the end for antivirus," says Robin Bloor,
> partner at consulting firm Hurwitz & Associates, in Boston, who adds he
> began his "antivirus is dead" campaign a year ago and feels even more
> strongly about it today. "...The approach antivirus vendors take is
> completely wrong. The criminals working to release these viruses
> against computer users are testing against antivirus software. They
> know what works and how to create variants."
>
> ..Instead of antivirus software, he says, users should be investing in
> whitelisting software that prevents viruses from running because it
> only allows authorized applications to run.
>
> Whitelisting products are available from SecureWave, Bit9, Savant,
> AppSense and CA, the first traditional antivirus vendor to see the
> light, in Bloor's view.

========================>

They mean "heurisitics" in all descent antivirus paid protection ?
Duh.... heurisitics. This is activated meaning real time protection in
paid subscription antivirus software programs. Heurisitics is the
ability to identifiy the malware threat by typical behavior without
having the definitions yet written for removal and blocking of the
particular threat - worm, virus, many trojans.

""QUOTE""
> They say signature-based checking can't keep up with the flood of virus
""UNQUOTE""

....and it never did and never will. For newbies these idiot editors
are writing to (and I am not the only one recognizing this) - for
newbies / novice information here, the writer is calling a system scan
with your antivirus as "signature-based checking" - like duh a-hole.
Why would you do a scan, find and remove malware and then turn around
and say that the PC was protected in the beginning as "signature-based
checking" ??? How the h*ll was the PC ever protected by "sinature-
based checking"?"?? Duh !!!

So where's the distinction that something is or did die ???? Idiot
Editors playing with new people's minds. Malicious bad information
even intentionally. I have caught some of the4se creeps before giving
out bad information and responded to it.

""QUOTE""
they are arguing it's time for companies to adopt newer approaches,
such as ... behavior- blocking
""UNQUOTE""

....You mean BUY some antivirus protection ??? to activate real time
protection - - Duh !!!

This is the result of trolls, criminal elements, idiots, plain
newbies, and bragging rights malicious persons giving the constant
idea of freeware security as your silver bullet. That is absurd and
even for the most new person. Anybody new to computers instantly
realizes that the software business is a multi-million and multi-
billion dollar industry. You can't even miss that one on TV News
always informing the public of the amount of trade done over the
internet if you are not a computer owner/operator. I believe it is in
the neighborhood of 16 billion dollars yearly or more. So point is the
"newbie" knows better and are taking their chances and they know it.
They know you are only getting what they pay for in the worst
ignorance of software or computers.

A little knowledge spread around stops all of this in a very, very
great degree.

[cbgerry]

On Apr 7, 10:35 am, Virus Guy <V...@Guy.com> wrote:
> Far Canal wrote:
> > Snip the same old bollocks you've posted before.
>
> > Here's a clue, we ain't interested
>
> What's your problem?
>
> The article is right. AV software is not catching exploits as they
> enter the typical system via browsing, and they are not able to keep
> up in real time with new varients. The best they can do now is alert
> you to the odd miscellaneous leftover files that got onto your system
> ->a month ago<-, and more and more they either can't get at access to
> them to get rid of them, or they come back at your next start-up.

==========================>

Do you know what "heurisitics" is in antivirus ? For the early years
of 2000 on, Norton antivirus hjas always been kinown for this feature
and as part of it's selloing feature and track record for blocking
virtually all viruses and worms. All descent antivirus (paid
subscription) has this and is knwon for it as whether it is rated well
and trusted by consumers for protection choices.

If you don't know what this is, perhaps the next time you may see the
pop up "your antivirus has just blocked or quarantined such and such
threat" - - - when you are browsing the web - it is a very good chance
that is exactly waht just ocurred. Your paid antivirus protection
using heurisitics (detecting unknown threats) has just caught and
either deleted the severe threat as unable for it to be cleaned or
caught and instantly deleted what serves no purpose but malicious
intent such as a trojan.

That can also happen when downloading email. Not the regular cleaning
emails of threats and reports - but when there is a specific threat
activated by simply downloading the email to your computer. That was
"heurisitics" 99 percent of the time quarantining or immediately
deleting the virus/worm/trojan - and that is what the pop up message
was again - "your antivirus deleted or quarantined such and such a
threat".

In other words heurisitics in antivirus is half of the real time
protection at all times 24/7 - even when the computer is shut down.