[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Show me the Virrii! (heuristics)

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Show me the Virrii! (heuristics)
From: S G Masood <sgmasood@yahoo.com>
Date: Mon, 5 Jan 2004 04:17:17 -0800 (PST)

Hi Alex,

Good points.

To add an example, Swen was detected automatically as
"W32.Automat.AHB" by Norton AV before its signatures
were added. When Norton AV detects a new virus based
on heuristics, it usually identifies it as
"W32.Automat.*", with "Automat" probably standing for
"Automatically Detected".

Regards,

--
S.G.Masood




--- starlabs <ashipp@messagelabs.com> wrote:
> > Does anyone have reliable reports of an antivirus
> system firing 
> > off on a heuristic?
> 
> >I'm not aware of ever having seen one; always seems
> to be a
> >signature.
> 
> 
> As part of my job I regularly evaluate antivirus
> products. I have 
> seen plenty of heuristic detections; all the engines
> have different 
> heuristic capabilities, so some detect more new
> malware than others, 
> and of course some also have more false positives
> than others.
> 
> Your experience might be because you are using a
> poor heuristic
> engine, or because by the time you get a sample of a
> real new
> virus, your vendor has released a signature anyway,
> even if they
> detected it heuristically anyway.
> 
> My findings indicate that the state of the art is
> that most 
> new malware can be detected heuristically these
> days.
> 
> Regards,
> 
> Alex
> 
> 
> 
> 
>
________________________________________________________________________
> This email has been scanned for all viruses by the
> MessageLabs Email
> Security System. For more information on a proactive
> email security
> service working around the clock, around the globe,
> visit
> http://www.messagelabs.com
>
________________________________________________________________________
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
http://lists.netsys.com/full-disclosure-charter.html


__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Show me the Virrii! (heuristics)
  - From: "starlabs" <ashipp@messagelabs.com>

Prev by Date: Re: [Full-Disclosure] Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part IV
Next by Date: [Full-Disclosure] Linux kernel mremap vulnerability
Previous by thread: Re: [Full-Disclosure] Show me the Virrii! (heuristics)
Next by thread: RE: [Full-Disclosure] Show me the Virrii!
Index(es):
- Date
- Thread