3 replies to this topic

[Bit Viper]

http://www.f-secure....s/00002482.html

 

Admittedly, F-Secure has a vested interest. But he does bring up some valid points, in my opinion. Thoughts?

[systems_glitch]

Pretty decent read. I've heard a lot of the "we don't need AV" argument, especially working in a mostly Mac shop. IMHO, it's as silly as not running a firewall for a general use machine. Even for office/business machines, you never know what your users are going to end up doing with their workstations.

 

I don't run a realtime scanner on my Linux workstation at home, but I do have a cronjob that runs clamav against the disk every night and e-mails me if infections are found. I also use clamav to scan others' hard drives (usually in USB enclosures) when I'm asked to recover data or repair a computer.

[tekio]

I'll be the first to admit, Macs are just as prone to Malware as Windows. Windows malware just (still) reaches at least 60% of computer users.

 

Whenever I find malware I reinstall from a known good source and start over. Linux, Mac, or Windows.... some malware authors are pretty savvy at hiding or bypassing system checks and evading detection.

 

A few years ago, i did some research on this. I was able to evade every known windows A/V (but not in the same executable). By "packing", encrypting, or something simple as changing the entry-point of the executable. That was just with known threats as well.

 

 

There are still real people that code stuff, and keep the signatures of malware away from the A/V companies.

 

IMO, checking socket connections and mapping them to processes is the best way to go. 

 

 

edit: but again, that's assuming one is looking at non-tainted socket connections. Really the only way to 100% sure everything is pristine, is to check the hash of EVERY single file on disk.

Edited by tekio, 18 January 2013 - 11:36 PM.

[systems_glitch]

Yeah, I go with full reinstall as well. A lot of people don't want to hear that they need to reinstall applications, but scorched earth is the only sure measure.