Malware "best practices"
Mark Gelinas
wanthred at comcast.net
Thu Jul 27 11:14:01 EDT 2006
On Wed, 26 Jul 2006 13:05:39 -0400, Chris Brenton
<cbrenton at chrisbrenton.org> wrote:
> On Sun, 2006-07-23 at 21:41 -0400, Ben Scott wrote:
>>
>> Despite all the talk about heuristics, virus detection is still
>> almost entirely dependent on recognizing signatures of know viruses.
>
> With good reason. AV vendors make most of their money off of
> subscription services. So why "fix" something that is not broken in that
> its keeping their bottom line in the black. ;-)
>
>> That's why practically every new virus yields an immediate signature
>> update from everyone. So new viruses are not recognized by 80% of AV
>> software? No shit. I'm very surprised it's that good.
True. Which is why many experts are now suggesting taking a different tack,
and instead of being reactive (current AV methodology, with endless updates
and significant performance degradation) and instead become proactive (with
system hardening, which closes the holes the malware hopes to exploit).
<plug follows>
I've been using preEmpt from PivX Solutions (http://www.pivx.com/) for a
while
now, with great results. It does system hardening to block malware. It
creates
a virtual registry for IE and other apps to protect against unauthorized
changes.
Viri that ride in on email/shared files are disabled, so cannot spread.
Since installing it, I haven't had a single piece of malware hit my system
and
survive. I've actually turned off the active virus scanning (hello
performance!)
and just scrape off the dead malware *on my terms*.
</end plug>
Mark
More information about the gnhlug-discuss
mailing list