Comments on: AVs prove less-effective http://michaeldaw.org/news/news-042407 Weekly humour Thu, 07 May 2009 20:09:50 +0000 http://wordpress.org/?v= hourly 1 By: david.kierznowski http://michaeldaw.org/news/news-042407/comment-page-1#comment-26481 david.kierznowski Sat, 05 May 2007 14:59:57 +0000 http://michaeldaw.org/news/news-042407/#comment-26481 Kurt, can you send me the version info and i'll update the list :) kk, can't comment for Julio, don't really know much about VirusTotal. However, the debate of whether AV engines should detect malicious code is already being done. The debate is more "what" signatures should be added - it seems to be done by risk and personal preference at the moment. This really requires a post on its own. Thanks for your guys feedback. Kurt, can you send me the version info and i’ll update the list :)

kk, can’t comment for Julio, don’t really know much about VirusTotal. However, the debate of whether AV engines should detect malicious code is already being done. The debate is more “what” signatures should be added – it seems to be done by risk and personal preference at the moment. This really requires a post on its own.

Thanks for your guys feedback.

]]> By: Kurt Grutzmacher http://michaeldaw.org/news/news-042407/comment-page-1#comment-25623 Kurt Grutzmacher Mon, 30 Apr 2007 17:14:05 +0000 http://michaeldaw.org/news/news-042407/#comment-25623 Looks like the latest Symantec AV-10 picks up on CFEXEC.CFM now. It can probably be modified to bypass heuristics. :) Looks like the latest Symantec AV-10 picks up on CFEXEC.CFM now. It can probably be modified to bypass heuristics. :)

]]> By: kk http://michaeldaw.org/news/news-042407/comment-page-1#comment-25622 kk Mon, 30 Apr 2007 17:09:08 +0000 http://michaeldaw.org/news/news-042407/#comment-25622 Not only are the AV engines in VirusTotal different (perimeter, host, ..) which make "comparing" rather unscientific, but also it's questionable if these scripts (which anybody can change its contents completely) should be detected by AV signatures or other technologies such as web app IDS/IPS or even web server configuration/filters. This study is not serious, not scientific and, worse of all, not relevant and a waste of time. Spend your time on more useful stuff. Not only are the AV engines in VirusTotal different (perimeter, host, ..) which make “comparing” rather unscientific, but also it’s questionable if these scripts (which anybody can change its contents completely) should be detected by AV signatures or other technologies such as web app IDS/IPS or even web server configuration/filters. This study is not serious, not scientific and, worse of all, not relevant and a waste of time. Spend your time on more useful stuff.

]]> By: david.kierznowski http://michaeldaw.org/news/news-042407/comment-page-1#comment-25212 david.kierznowski Sun, 29 Apr 2007 19:53:37 +0000 http://michaeldaw.org/news/news-042407/#comment-25212 Julio, don't really get what your saying? pp, what is difficult to read, the site in general or a particular post? Julio, don’t really get what your saying?

pp, what is difficult to read, the site in general or a particular post?

]]> By: pp http://michaeldaw.org/news/news-042407/comment-page-1#comment-22790 pp Wed, 25 Apr 2007 07:48:33 +0000 http://michaeldaw.org/news/news-042407/#comment-22790 White on black is difficult to read. Use black on white. White on black is difficult to read. Use black on white.

]]> By: Julio Canto http://michaeldaw.org/news/news-042407/comment-page-1#comment-22718 Julio Canto Wed, 25 Apr 2007 05:35:17 +0000 http://michaeldaw.org/news/news-042407/#comment-22718 Usint VirusTotal for this kind of things is not serious. Usint VirusTotal for this kind of things is not serious.

]]>