[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

Re: OT: Going without Norton



Patricia notes that
≪... that some AV products make use of heuristic
algorithms to catch brand new, not-yet-reported viruses simply by
their patterns or behavior. I believe Kaspersky is especially
good at this. ≫
AV scanning is a cat and mouse game. The crackers are always one step ahead. For every heuristic algorithm, there is an anti-heuristic algorithm to defeat it. Some viruses, for example, rewrite the DNS server address your pc uses to locate Internet sites; your pc then logs on to the cracker's server and reports what version of AV software you are using; then the cracker's robot uploads the appropriate malicious code and you're buggered. There are highly-paid professional criminals who take every AV scanner apart bit by bit to find out how they work in order to defeat them; this is a major industry, in some places with state support.
I don't mean to say that AV software is useless. I just mean that it is
very late in the game to be implementing security measures. If an
unauthorized person gets into the Pentagon with a camera, a serious
security breach has occurred, even if the intruder has not yet had the
opportunity to photograph any classified documents. The same applies to
electronic security: if malicious code arrives on your hardisk, the
bastion has already been breached, even if the code has not yet
executed. An AV scanner should be the last resort. Better to keep the
malicious code from getting past the router (firewall), or, failing
that, past the network card (ZoneAlarm).

Cheers,