Jon's Network

Network Security News, Analysis and Ephemera

Jon's Network - Murrieta, CA

Anti-Virus

  • Do AV and Heuristics Work?
  • Virustotal Ultrasurf Results
  • Sophos Edges Out Symantec and McAfee
  • Analyze Suspicious Files with VirusTotal
  • Antivirus vs. Secunia Exploits
  • Secunia to Help Vendors Improve Signatures
  • Google Found Eset’s Confidential Sophos Comparison
  • Patchlink Changes Name
  • AV Scanning Comparisons Have Little Benefit
  • Nastiest Bit of Malware Ever
  • Latest entries to this category....

    Do AV and Heuristics Work?

    March 11th, 2009 · No Comments

    Another discussion video by Richard Stiennon and friends (Amrit Williams, Martin McKeay and Mike Murray. Someone remarked that heuristics doesn’t work and Alex Eckleberry responded with this interesting post that heuristics do indeed work and most AV companies rely on them to some degree to keep up with the enormous amounts of daily malware. The [...]

    [Read more →]

    Tags: Anti-Virus · Endpoint Security

    Virustotal Ultrasurf Results

    February 26th, 2009 · No Comments

    When you download UltraSurf 9.3, you get a file called u.exe. This file was submitted to Virustotal on 2/26/2009 and the results are here. Only 3 out of 38 companies identified Ultrasurf 9.3 as malware. Fortinet, Prevx1 and Quick Heal of India. Contrast that with this Virustotal scan of UltraSurf 8.8 from 3/13/2008 where 9 [...]

    [Read more →]

    Tags: Anti-Virus · Endpoint Security · Fortinet · Ultrasurf

    Sophos Edges Out Symantec and McAfee

    February 11th, 2009 · No Comments

    Keith Schultz at InfoWorld tested five competing endpoint security suites. Supposedly this was an in-depth test that started last May. Sophos beat the others mainly because of better reporting and management. I went into this review without any preconceived notions as to which product would fare the best, and I was pleasantly surprised to see [...]

    [Read more →]

    Tags: Anti-Virus · Endpoint Security · McAfee · Sophos · Symantec

    Analyze Suspicious Files with VirusTotal

    February 5th, 2009 · No Comments

    You upload or email a file to VirusTotal and it tells you what dozens of AV engines say about it. Free utility. Virus Total

    [Read more →]

    Tags: Anti-Virus · Web Utilities

    Antivirus vs. Secunia Exploits

    November 17th, 2008 · No Comments

    How effective is antivirus software if the computer doesn’t have the latest patch updates? Secunia tested 12 Internet security suites (PDF report) and found them all wanting. Symantec came in first, but it only detected 64 out of 300 exploits. This suggests that McAfee, Norton, Windows OneCare, ZoneAlarm, AVG, CA, F-Secure, TrendMicro, BitDefender, Panda, Kaspersky, [...]

    [Read more →]

    Tags: Anti-Virus · Patch Management · Secunia

    Secunia to Help Vendors Improve Signatures

    September 8th, 2008 · No Comments

    Secunia doesn’t think AV and IDS vendors are writing signatures well enough and plans to remedy the situation by opening up their analyses to a wider customer base with easier “pay-as-you-go” terms. we have also realised that far too many of the other AV and IDS / IPS vendors – including the major ones – [...]

    [Read more →]

    Tags: Anti-Virus · Secunia

    Google Found Eset’s Confidential Sophos Comparison

    October 21st, 2007 · 7 Comments

    If you google Sophos vs Eset the first result is this pdf document hosted at Eset’s site that is basically a common “beat sheet” that all vendors create. Most beat sheets are made for the internal sales teams or resellers and are marked something like “confidental – do not share outside of Company X”. This [...]

    [Read more →]

    Tags: Anti-Virus

    Patchlink Changes Name

    September 10th, 2007 · 3 Comments

    Patchlink took my advice – sort of. I suggested changing their name to SecureLink after acquiring SecureWave and STAT, but they chose Lumension Security instead. Their tagline, “Putting Security in a Positive Light”, is a reference to their endorsement of the positive security model they inherited from SecureWave’s Sanctuary, their “application and device control” solution. [...]

    [Read more →]

    Tags: Anti-Virus · Endpoint Security · Marketing · Patch Management · Patchlink · Positive Security Model · Proactive Security

    AV Scanning Comparisons Have Little Benefit

    August 30th, 2007 · 2 Comments

    The AV Fight Club at LinuxWorld was an interesting AV comparison sponsored by Untangle. ClamAV, Symantec and Kaspersky came out on top at 100%…Sophos caught 94%. There were only 25 viruses in the sample set. The interesting thing is that I have seen other tests with much larger sample sets that show ClamAV near the [...]

    [Read more →]

    Tags: Anti-Virus · Malware · Open Source

    Nastiest Bit of Malware Ever

    August 20th, 2007 · No Comments

    From Chris Mitchell at SophosLabs Blog: Today a piece of malware (Troj/Bancos-BDF) crossed my desk that at first did not look like a Banker Trojan at all. It eventually turned out to be one of the most nefarious and brazen Banker Trojans I have ever analysed and it managed to do it all with only [...]

    [Read more →]

    Tags: Anti-Virus · Malware