Anti-virus software is losing the battle, and the war

[Virus Guy]

And I shake my head at the abortion that is the NT-line of Windoze
operating systems, as I type and post this from my win-98 system.

----------------------------------------

Anti-virus software is losing the battle, and the war

http://www.theinquirer.net/inquirer/news/2025421/anti-virus-software-losing-battle-war

Secure USB keys are not so secure
By Asavin Wattanajantra
Thu Feb 10 2011, 08:07

ANTI-VIRUS SOFTWARE is fighting a losing battle against malware, and
there's nothing that can be done to turn the tide, according to a
security testing firm.

NSS Labs, an independent security product and certification test lab,
looked at 10 anti-virus products on the market. It found that the
effectiveness of the software was variable, to say the least, with some
products more effective at protecting against malware on USB keys than
in email, and vice versa.

"It tells us that the anti-virus engine is not applied uniformly across
all the attack vectors," said Rick Moy, president of NSS Labs. "That's
generally a flaw in the product architecture. There's not one product
which gets malware the same across different vectors. Anti-virus is
losing the battle. It's losing the war."

He added, "I know the bad guys are doing their own testing on anti-virus
products. Every AV product can be circumvented. Hackers can get in
easily, because you can download them for free for 30 days, and create
your own test lab."

"You keep making the viruses and the malware, until one gets through.
Once it gets through, you put it on the Internet. You can write
software, until that gets automatic. The bad guys, in some cases, are
doing better testing than the good guys."

'Secure' USB keys that are advertised by vendors to offer mobile
protection were also shown to be pretty ineffective. Moy said that NSS
Labs did work with banks on the products using the technology, and broke
into everything that it tested.

"Some of that is private testing we haven't published yet. In some cases
we're trying to work with the vendors. But secure USBs are not as secure
as you think." µ

 

[Dustin]

And I shake my head at the abortion that is the NT-line of Windoze
operating systems, as I type and post this from my win-98 system.

Win9x is inferior on many levels, but it's a waste of time to even
bother. If you want to run an OS that's basically a shell on top of
MSDOS, you are welcome to do so.

He added, "I know the bad guys are doing their own testing on
anti-virus products. Every AV product can be circumvented. Hackers
can get in easily, because you can download them for free for 30
days, and create your own test lab."

Hackers can get in where? AV products have been freely tested by Vxers
(not necessarily, "hackers) for years now. Nothing new here. I wonder
how long he's "known" this uber secret? heh.

"You keep making the viruses and the malware, until one gets
through. Once it gets through, you put it on the Internet. You can
write software, until that gets automatic. The bad guys, in some
cases, are doing better testing than the good guys."

You just keep making them until one gets thru? really? I don't recall
it being like that. In fact, you'd write the virus (not some lame ass
trojan that you typically find these days) and scan it against the
public and well known AV scanners; tweak your code as needed to avoid
any hueristics alarms. I know this from 1st hand experience, not that
of a pesky news reporter who doesn't have his information right.

You know what? It wasn't a big deal 10+ years ago. This is ALL old
news.

'Secure' USB keys that are advertised by vendors to offer mobile
protection were also shown to be pretty ineffective. Moy said that
NSS Labs did work with banks on the products using the technology,
and broke into everything that it tested.

I'm not sure I'd give NSS any credit; they could have easily used
passware's software and just taken undeserved credit.

"Some of that is private testing we haven't published yet. In some
cases we're trying to work with the vendors. But secure USBs are not
as secure as you think." µ

of course; Why don't you save the publication for when you can keep the
correct terminology in the paragraphs? Virus writers aren't necessarily
hackers and vs versa. viruses and malware? LOL..

Everything mentioned in this article aside from the insecure usb memory
sticks (what moron actually thinks it's secure to begin with?) is all
well documented, and well known by professionals and experts and has
been for a very very very long time. NSS labs must be trying to drum up
business in the form of paranoia?

 

[Tecknomage]

And I shake my head at the abortion that is the NT-line of Windoze
operating systems, as I type and post this from my win-98 system.

----------------------------------------

Anti-virus software is losing the battle, and the war

http://www.theinquirer.net/inquirer/news/2025421/anti-virus-software-losing-battle-war

Secure USB keys are not so secure
By Asavin Wattanajantra
Thu Feb 10 2011, 08:07

ANTI-VIRUS SOFTWARE is fighting a losing battle against malware, and
there's nothing that can be done to turn the tide, according to a
security testing firm.

NSS Labs, an independent security product and certification test lab,
looked at 10 anti-virus products on the market. It found that the
effectiveness of the software was variable, to say the least, with some
products more effective at protecting against malware on USB keys than
in email, and vice versa.

"It tells us that the anti-virus engine is not applied uniformly across
all the attack vectors," said Rick Moy, president of NSS Labs. "That's
generally a flaw in the product architecture. There's not one product
which gets malware the same across different vectors. Anti-virus is
losing the battle. It's losing the war."

He added, "I know the bad guys are doing their own testing on anti-virus
products. Every AV product can be circumvented. Hackers can get in
easily, because you can download them for free for 30 days, and create
your own test lab."

"You keep making the viruses and the malware, until one gets through.
Once it gets through, you put it on the Internet. You can write
software, until that gets automatic. The bad guys, in some cases, are
doing better testing than the good guys."

'Secure' USB keys that are advertised by vendors to offer mobile
protection were also shown to be pretty ineffective. Moy said that NSS
Labs did work with banks on the products using the technology, and broke
into everything that it tested.

"Some of that is private testing we haven't published yet. In some cases
we're trying to work with the vendors. But secure USBs are not as secure
as you think." µ

First off.... "The Inquirer" as an authoritative source on this
issue?!!! Example, NOT providing a link to the actual NSS Labs test
so readers could judge.

Looking at just 10 anti-virus products, AND not listing which they
looked at?!!!

Otherwise, the truth has ALWAYS been that it cannot be totally
stopped. It is a *race* between identifying/stopping malicious
software and the purveyors/hackers.

The Inquirer article MAY be referring to: (the link they SHOULD have
provided)

"NSS Labs Finds Most Endpoint Security Products Lack
Vulnerability-Based Protection"
(the below link is ONE line)
http://www.nsslabs.com/company/news...ucts-lack-vulnerability-based-protection.html

 

[FromTheRafters]

First off.... "The Inquirer" as an authoritative source on this
issue?!!! Example, NOT providing a link to the actual NSS Labs test
so readers could judge.

Looking at just 10 anti-virus products, AND not listing which they
looked at?!!!

Otherwise, the truth has ALWAYS been that it cannot be totally
stopped. It is a *race* between identifying/stopping malicious
software and the purveyors/hackers.

The Inquirer article MAY be referring to: (the link they SHOULD have
provided)

"NSS Labs Finds Most Endpoint Security Products Lack
Vulnerability-Based Protection"
(the below link is ONE line)
http://www.nsslabs.com/company/news...ucts-lack-vulnerability-based-protection.html

It was not historically ever the job of antivirus to address the vector
by which viruses might enter the system, it was their job to detect the
virus once you have the possibly infected program. You have snort and
firewalls and IPSs to address the exploit based malware.

Thanks for this post, at least that article is by those whom understand
what they are writing about.

I also like the fact that they address the issue that VG seems to be
oblivious to, that addressing the vulnerability is better than
addressing a specific exploit that leverages the vulnerability. It is
silly to claim W98 is not vulnerable to exploit just because the
published exploits don't work on it.

 

[Virus Guy]

FromTheRafters used poor internet style by unnecessarily full-quoting:

It is silly to claim W98 is not vulnerable to exploit just because
the published exploits don't work on it.

It's a known fact that the NT-line of OS, particularly XP, has more
"services" running than win-9x does, even some arcane and unnecessary
services for commercial or enterprise use that are turned on by default
even for the Home version of XP, including printer and file sharing.

XP was clearly more vulnerable than win-9x right out of the box.

When you look at how many vulnerabilities were identified in XP-SP0,
SP1, SP2, when you look at the rate at which new vulnerabilities were
identified and leveraged between XP's introduction (Sept 2001) and the
practical end-of-life of Win-98 (the end of 2004) it's a no brainer that
hackers found a treasure in XP.

Win-98 was still in heavy use in the most vulnerable setting imaginable
(the home, on a broad-band internet connection) during 2004 and arguably
into 2005, and as such it made a good target for hackers. Except
hackers made little use of it BECAUSE they found few vulnerabilities
they could leverage.

Instead, XP SP0/SP1 was an absolute paradise for hackers and spammers.
Go to secunia.org and look at the number of vulnerabilities disclosed
for XP for the years 2001 through 2005 and compare that to Win-9x.

Spam exploded during 2004 exclusively because XP was overtaking win-98
in the home, and XP came complete with a raft of vulnerabilities and
utterly unnecessary services running by default that turned XP into a
defacto botnet platform.

 

[FromTheRafters]

FromTheRafters used poor internet style by unnecessarily full-quoting:


It's a known fact that the NT-line of OS, particularly XP, has more
"services" running than win-9x does, even some arcane and unnecessary
services for commercial or enterprise use that are turned on by default
even for the Home version of XP, including printer and file sharing.

XP was clearly more vulnerable than win-9x right out of the box.

When you look at how many vulnerabilities were identified in XP-SP0,
SP1, SP2, when you look at the rate at which new vulnerabilities were
identified and leveraged between XP's introduction (Sept 2001) and the
practical end-of-life of Win-98 (the end of 2004) it's a no brainer that
hackers found a treasure in XP.

Win-98 was still in heavy use in the most vulnerable setting imaginable
(the home, on a broad-band internet connection) during 2004 and arguably
into 2005, and as such it made a good target for hackers. Except
hackers made little use of it BECAUSE they found few vulnerabilities
they could leverage.

Instead, XP SP0/SP1 was an absolute paradise for hackers and spammers.
Go to secunia.org and look at the number of vulnerabilities disclosed
for XP for the years 2001 through 2005 and compare that to Win-9x.

Spam exploded during 2004 exclusively because XP was overtaking win-98
in the home, and XP came complete with a raft of vulnerabilities and
utterly unnecessary services running by default that turned XP into a
defacto botnet platform.

Probably all true, but irrelevant to the point I was making.