Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Worms IT

AV Software Isn't Dead, But It's Not Healthy 162

Posted by Hemos from the i'm-not-dead-yet dept.
dasButcher writes "Is a conventional signature-based antivirus technology dead? Trend Micro CEO Eva Chen says no, but more is needed. Her answer: reputational analysis. Not a bad idea, but many have tried and failed to make this type of approach work. We've seen it all before: RBLs, integrity grading, etc. What will make this different? If we're not careful, Trend Micro might give us all a bad Web reputation. "
This discussion has been archived. No new comments can be posted.

AV Software Isn't Dead, But It's Not Healthy More

AV Software Isn't Dead, But It's Not Healthy

Comments Filter:

  • I read it the other way around (Score:3, Informative)

    by Billly Gates ( 198444 ) on Monday March 26, 2007 @11:47AM (#18488537) Journal
    AV software is alive more than ever thanks to crackers on the internet and buffer overflow malware ads on webpages.

    PRoblem is the software is not healthy indeed and can screw up a whole system. ITs like their approach to neutralizing a hammer is to encapsulate the whole thing. Every i/o transaction is read and maybe even virtualized.

    Does it stop virii? Hell no. I worked help desk at a gaming company which uses the IE sdk for some code on the logon screen. Anyway it wont load if any viruses or keyboard monitoring programs are installing which use the IE sdk. I get many callers saying "WTF. I have norton. What do you mean my system is infected!?". I then clean the system with some cheesy app that is not an antivirus program.

  • This is why reliance on AV software is dangerous (Score:5, Informative)

    by Alioth ( 221270 ) <no@spam> on Monday March 26, 2007 @11:48AM (#18488543) Journal
    Funnily enough, I just wrote about this:

    http://slashdot.org/~Alioth/journal/167405 [slashdot.org] - includes a link to a major study of a piece of malware which went undetected by the AV companies for months.

    Or just go to http://www.secureworks.com/research/threats/gozi/ [secureworks.com] if you don't want to read my crap.

    I've personally witnessed two malware infections where the malware arrived up to a week before the AV companies had updated their definitions.

  • Re:The fewer the merrier (Score:3, Informative)

    by truthsearch ( 249536 ) on Monday March 26, 2007 @11:51AM (#18488571) Homepage Journal
    At the last place I worked, the IT department had their own XP distribution for the corporate desktops (ghost script or whatever). They started the process by deleting one DLL at a time and watching what broke. The problem was when my team created some new custom software we'd sometimes come across some fundametal problems because DLLs were missing. And these errors weren't always easy to track down.

    Now you might say we'd run into this problem with any operating system. But when using Microsoft development tools on a Microsoft OS, the system makes the assumption that every basic dependancy which is built into the OS is there, which is reasonable. If it isn't things get flaky and hard to debug.

    Windows (at least up to XP) simply isn't built for this level of customization. Therefore, if you want security through minimalism, Linux is the better way to go.

  • Re:The fewer the merrier (Score:4, Informative)

    by Intron ( 870560 ) on Monday March 26, 2007 @12:13PM (#18488823)
    Deleting DLLs is not the right way to "minimize the system". What you want to do is turn off unneeded services, not blow holes in your OS. Linux would fail just as badly if to turn off services you started deleting the contents of /usr/lib instead of disabling daemons in /etc/init.d.

  • AV are Dead (Score:2, Informative)

    by smist08 ( 1059006 ) on Monday March 26, 2007 @12:15PM (#18488843)
    I stopped realtime scanning when I realized that over 50% of my CPU was going to scanning virus's. Now that it is turned off, things run much faster. E-mail seems to be the main source of virus's, but most email servers scan for virus's so doing a local realtime scan is just a waste of time. Otherwise just avoid memory keys, and disks which is fairly easy. I find Spyware a bigger problem than virus's but just running Spybot every now and then to clean off things installed by other software like webcams seems good enough. Certainly my PC runs much faster and more reliably with AV turned off. Still do a system scan now and then, but haven't found a virus in like five years.

  • Re:AV Software Isn't Dead... (Score:3, Informative)

    by phoenixwade ( 997892 ) on Monday March 26, 2007 @01:25PM (#18489963)

    ...it's just pining for the fjords.
    it's not pinin'! it's passed on! This software is no more! It has ceased to be! it's expired and gone to meet 'is maker! it's a stiff! Bereft of life, it rests in peace! If you hadn't nailed it to the perch it'd be pushing up the daisies! its metabolic processes are now history! it's off the twig! it's kicked the bucket, it's shuffled off its mortal coil, run down the curtain and joined the bleedin' choir invisibile!! THIS IS AN EX-SOFTWARE PRODUCT!!

    (I love the opportunity to make a Monty Python Reference! Second only to South Park.... oh, yeah:)

    They killed AV Software...... You Bastards!

Slashdot Top Deals

8 Catfish = 1 Octo-puss

Close