|
|
|
|
|
|
by thirsteh
5025 days ago
|
|
|
I'm going to guess that a lot of these were the fake AV and similar rogueware. Most of these were pretty good at changing regularly to avoid naïve signature detection, and most vendors acted really slowly because it wasn't "malware." They're not really special in any way that requires a fundamental change to allow detection, though. I'm not going to dispute that AV vendors have become complacent recently, but 10-15% is on the low side. Most families of widespread malware are detected by most solutions within a few months (yes, that slowly.) It's probably around 80-85%, but, at the same time, 90%+ of the really dangerous (and especially targeted) malware is more often than not in the remaining 15-20%. Ultimately, what this article and your comment insinuate is that you can uninstall antivirus and be "just as safe." That is not true (except in rare cases where the AV software itself is vulnerable and provides a way to escalate privileges.) I'm all for getting rid of shoddy blacklisting, but we need a replacement, such as innovations in OS security models (a la Chromium OS.) |
|
|
> "Ultimately, what this article and your comment insinuate is that you can uninstall antivirus and be "just as safe." That is not true..."
Agreed, but at the same time it's hard to recommend paid AV solutions that don't really work for what people perceive as 'a virus'. What I've come to do is:
* de-emphasize the importance of AV to my clients; tell them it may help but don't count on it
* recommend running the free AV of their choice
* emphasize the importance of updates
* emphasize Chrome + 'Click to run' as the primary protection approach: http://www.pcstrikeforce.com/taking-chrome-security-next-lev...
> "I'm all for getting rid of shoddy blacklisting, but we need a replacement, such as innovations in OS security models (a la Chromium OS.)"
right on