Jump to content


Photo
- - - - -

Why you still want AV on the desktop


  • Please log in to reply
3 replies to this topic

#1 Bit Viper

Bit Viper

    SCRiPT KiDDie

  • Members
  • 28 posts
  • Country:
  • Gender:Male

Posted 10 January 2013 - 06:33 PM

http://www.f-secure....s/00002482.html

 

Admittedly, F-Secure has a vested interest. But he does bring up some valid points, in my opinion. Thoughts?



#2 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,640 posts
  • Gender:Male

Posted 10 January 2013 - 08:58 PM

Pretty decent read. I've heard a lot of the "we don't need AV" argument, especially working in a mostly Mac shop. IMHO, it's as silly as not running a firewall for a general use machine. Even for office/business machines, you never know what your users are going to end up doing with their workstations.

 

I don't run a realtime scanner on my Linux workstation at home, but I do have a cronjob that runs clamav against the disk every night and e-mails me if infections are found. I also use clamav to scan others' hard drives (usually in USB enclosures) when I'm asked to recover data or repair a computer.



#3 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,095 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 18 January 2013 - 11:31 PM

I'll be the first to admit, Macs are just as prone to Malware as Windows. Windows malware just (still) reaches at least 60% of computer users.

 

Whenever I find malware I reinstall from a known good source and start over. Linux, Mac, or Windows.... some malware authors are pretty savvy at hiding or bypassing system checks and evading detection.

 

A few years ago, i did some research on this. I was able to evade every known windows A/V (but not in the same executable). By "packing", encrypting, or something simple as changing the entry-point of the executable. That was just with known threats as well.

 

 

There are still real people that code stuff, and keep the signatures of malware away from the A/V companies.

 

IMO, checking socket connections and mapping them to processes is the best way to go. 

 

 

edit: but again, that's assuming one is looking at non-tainted socket connections. Really the only way to 100% sure everything is pristine, is to check the hash of EVERY single file on disk.


Edited by tekio, 18 January 2013 - 11:36 PM.


#4 systems_glitch

systems_glitch

    Dangerous free thinker

  • Moderating Team
  • 1,640 posts
  • Gender:Male

Posted 19 January 2013 - 08:49 PM

Yeah, I go with full reinstall as well. A lot of people don't want to hear that they need to reinstall applications, but scorched earth is the only sure measure.




BinRev is hosted by the great people at Lunarpages!