Admittedly, F-Secure has a vested interest. But he does bring up some valid points, in my opinion. Thoughts?
Jump to content
Posted 10 January 2013 - 08:58 PM
Pretty decent read. I've heard a lot of the "we don't need AV" argument, especially working in a mostly Mac shop. IMHO, it's as silly as not running a firewall for a general use machine. Even for office/business machines, you never know what your users are going to end up doing with their workstations.
I don't run a realtime scanner on my Linux workstation at home, but I do have a cronjob that runs clamav against the disk every night and e-mails me if infections are found. I also use clamav to scan others' hard drives (usually in USB enclosures) when I'm asked to recover data or repair a computer.
Posted 18 January 2013 - 11:31 PM
I'll be the first to admit, Macs are just as prone to Malware as Windows. Windows malware just (still) reaches at least 60% of computer users.
Whenever I find malware I reinstall from a known good source and start over. Linux, Mac, or Windows.... some malware authors are pretty savvy at hiding or bypassing system checks and evading detection.
A few years ago, i did some research on this. I was able to evade every known windows A/V (but not in the same executable). By "packing", encrypting, or something simple as changing the entry-point of the executable. That was just with known threats as well.
There are still real people that code stuff, and keep the signatures of malware away from the A/V companies.
IMO, checking socket connections and mapping them to processes is the best way to go.
edit: but again, that's assuming one is looking at non-tainted socket connections. Really the only way to 100% sure everything is pristine, is to check the hash of EVERY single file on disk.
Edited by tekio, 18 January 2013 - 11:36 PM.
Posted 19 January 2013 - 08:49 PM
BinRev is hosted by the great people at Lunarpages!