Desktop antivirus - it's dead

[What's in a Name?]

After much thought,Virus Guy came up with this jewel:

they could at least be more of an active
participant at discovering and sharing exploits with AV companies.

Tell them what you think. Call it "Google Safe"!
http://labs.google.com/why-google.html
They're always looking for ideas.

max

 

[Michael Arends]

kurt wismer answered:

After much thought,Virus Guy came up with this jewel: [snip]

Swap out your patched vgx.dll for an older one, then try this page:

http://209.85.165.104/search?q=cache:fbdJRQS1FxwJ:zert.isotf.org/testv
ml.htm+testvml.htm&hl=en&ct=clnk&cd=1&gl=ca

It's the google cached version of this:

http://zert.isotf.org/testvml.htm

or this:

http://www.isotf.org/zert/testvml.htm

Which doesn't seem to exist any more, but was designed to trigger the
VML vulnerability.

Presumably NOD-32 should intercept the code before IE is crashed by
it.

I just checked it out (with an unpatched W2K) and Nod alerted and
blocked loading of page! I guess it works!

thanks for the verification... i think it's safe to say now that nod32
qualifies as a first line of defense at the end-point
(http://anti-virus-rants.blogspot.com/2007/04/defensive-lines-in-end-point-anti.html)

I know i'm coming in to the conversation late. But NOD alerted ME too.