cancel
Showing results for 
Search instead for 
Did you mean: 

Heuristic AV detection?

Stef
Grafter
Posts: 247
Registered: 13-08-2007

Heuristic AV detection?

Having been recently burned by the splurge of fast mutating viri (was it 10 different versions of Mytob or Sober / Hour?) it was somewhat depressing watching the different AV vendors trying to play catch-up :-(

(As I heard someone else say - It was a bit like providing the condoms the morning after sex !) Shockedops:

I can't see that signature based AV can possibly keep up.

Has anyone had positive experiences of Hearistic/Predictive AV products?

Thanks, Stef
12 REPLIES
N/A

Re: Heuristic AV detection?

Quote
Has anyone had positive experiences of Hearistic/Predictive AV products?


Not the most popular as I see very little written about it but on my wifes computer "F-Prot for Windows" did a pretty good job of keeping up with them, at one stage there were 2 updates in one day....... it is also quite inexpensive.Myself I have used from the F-Prot for DOS days.
N/A

Anti Virus etc

Hi stef,

Of course I agree with your sentiments entirely but we are all caute in a cleft stick as it were by the virus situation. Yes! the virus software industry and virus software vendors always have to play actch up. This much is true! but if you look at the global situation what other alternatives for accurate detection do we have. Heuristic detection and learning within AV software still doesnt seem accurate enough to be a major technique for catching viruses. Its a very difficult subject virus,worm,trojen,malicious scripts etc.

**Apart from keeping local anti virus programs constantly updated as soon as possible, making sure your own system/s are as secure as they can reasonably be made, and having an AV & anti spam filtering service at ISP level I think there are few really successful services beyond that. Possibly with the exception of MessageLabs global (top level) internet AV & Spam dectection service which most ordinary users wont be able to afford.

**In other words THERE ARE no simple answers as far as I can see?

Ivan

--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
Your Forum Your Voice,Get Involved!
Stef
Grafter
Posts: 247
Registered: 13-08-2007

Heuristic AV detection?

I think that 'multi-layered' security *is* the only way at the moment and I think that it is crucial also to include:-

* User training &
* Procedures (i.e. "Dont open...")

However some of the new SPAM/Viri combinations are compellingly psychologically enginered...

"You really, really, really want to open this? Don't you? :twisted: "

:-(

However I suppose all will be well again when we have fully authenticated email....


... I've really been scratching my head seeing some of the stuff arriving in our mailboxes recently, its really fiendish!
N/A

Heuristic AV detection?

well then, run ur email client on a box that has

a) no axx to ne other box on ur network
b) can be rebuilt if it does have a virus in
c) use a comandline email viewer such as pine to read the emails so nothng can come of it on the box.

therefor, if you do somehow manage to get a virus on the box, just rebuilt it, i sugest u install all the stuff...

XP // linux
Mail client

then make an image of it, then just have that so it takes about 10mins to redo.

or use a Virtual image, using VirtualPC or VMware.

This box, can be reeaaaaaaaaly old, run such OS as openbsd, and all u do to check ur email is

telnet the_email_box

adn then check it

buz
N/A

Heuristic AV detection?

I'd like to see mail clients have a java style sandbox in which suspect attachments can be opened and viewed but if they try executing any code will only be able to affect the sandbox - if it does any thing nasty just terminate the sandbox and destroy the mail....
Stef
Grafter
Posts: 247
Registered: 13-08-2007

Heuristic AV detection?

Quote
well then, run ur email client on a box that has

a) no axx to ne other box on ur network
b) can be rebuilt if it does have a virus in
c) use a comandline email viewer such as pine to read the emails so nothng can come of it on the box.

therefor, if you do somehow manage to get a virus on the box, just rebuilt it, i sugest u install all the stuff...

XP // linux
Mail client

then make an image of it, then just have that so it takes about 10mins to redo.

or use a Virtual image, using VirtualPC or VMware.

This box, can be reeaaaaaaaaly old, run such OS as openbsd, and all u do to check ur email is

telnet the_email_box

adn then check it

buz


Thanks for reminding me that there are alternatives to Microsoft
(I've had SuSE Linus sitting on my shelf for 12 months... May be I'll get round to it...)

Lifelooks far more rosy after a glass of Vino!

(Hic) Cheesy
N/A

Replying Ivan

Hi,

I agree with your sentiments & I do think that perhaps the best form of preventation as you said yourself is USER EDUCATION!!. Yes! also agree the virus writters use nasty tricks to fool the naive user, appeal to our weakness's or curiosity, almost any pyscological trick to get a user to click on OPEN the file. yes! agreed its pretty low life dirty fiendish stuff but these people are just that nasty low life or even worse words which I wont use here for obvious reasons but you get my drft I'm sure.


Ivan
--------------------------------------------------
F9 FOL Forum Moderator
F9 Broadband Premier 2MB User
Your Forum Your Voice,Get Involved!
Stef
Grafter
Posts: 247
Registered: 13-08-2007

Heuristic AV detection?

Looks like it's all coming from Hampshire! :shock:

http://www.postini.com/stats/

(Click on the Flash Map, When larger click on it again and then pan over to UK !!!)

Maybe we should severe all telecoms links with Hants!
or tow it into the channel?

Cheesy

(Didn't Verizon blacklist Europe at one stage!)
N/A

Re: Heuristic AV detection?

Quote


Has anyone had positive experiences of Hearistic/Predictive AV products?

Stef


Yes - http://www.nod32.com/home/home.htm
N/A

Heuristic AV detection?

Yep I would second that, NOD32 has one of the best hecuristic engines on the market.

It scans all e-mail and HTTP traffic for viruses, trojans etc.
neutrino
Newbie
Posts: 7
Registered: 06-09-2007

Heuristic AV detection?

The following independent report certainly seems to confirm that NOD32 has by far the best heuristics engine in the business (and excellent signatures too)

Select "on-line results", then Item 6. - MAY 2005 Report

http://www.av-comparatives.org/

Alan
N/A

Heuristic AV detection?

Kaspersky is very good as well, and their latest beta version has HTTP scanning included.

Kasperksy are well known for having amongst the best signatures and detection rates going.

I've been using NOD32 for a while now, and this latest beta version is certainly food for thought.