Can traditional av still protect us?

General Topics
1

It is known that over 80% of malware does not live longer than one hour before it is either dead (no longer responding) or has been taken down.
70% of malware only appears once as a unique sample. Read on this subject: http://www.fireeye.com/blog/corporate/2014/05/ghost-hunting-with-anti-virus.html (link article author Zheng Bu)
So a lot of virus tracking has become ghost hunting, and signature driven detection can cope when rolled out only with only a fraction of malware to-day.
Still it is good to analyze these short-lived exemplars, because malware is often embroidering on the same (behavioral) patterns (see herd protect and other initiatives) also there should be more room for early IDS detection. But a good conclusion is we have to come to think outside the old paradigms now.
Daily updated av is useless. Maybe -midnight was right there , when she alarmed in a posting when she did not get her first streaming update for the first Mayday. ;D, because we are becoming more and more dependent on the streaming updates and cloud protection.

polonus

2
we are becoming more and more dependent on the streaming updates and cloud protection.
There's obviously a good reason for depending on streaming updates. Once per day updates are only good if received just before you go on line and don't stay there very long. Under normal computer use, streaming updates give you the latest protection available for newly discovered attacks. Combine that with good heuristic protection and you [b]might[/b] just stay safe. :)
3

In my experience, I have come to believe it’s “a lot” to do with Internet use/knowledge and attitude when surfing. Read, Read, Read before you click!
Keep software updated and all that other stuff you learn to watch for when you have a good knowledge base to work from.
I have been using Avast long before streaming updates and have been virus free.
Doesn’t matter what protection you run, if you’re going to make risky decisions then risky results are more likely to ocurr. :slight_smile:

4

The new malware that lives for only an hour, but can be based for new malware is absolutely true. Take example for Zekos. Commonly known as Blackbeard now. Has always followed the track of infecting rpcss.dll and making another svchost.exe. I’m going off nothnig. But it’s probably 1 reason why AV’s can actually detect this. Is because it’s the same pattern, just modified a little bit every single time.

5

The avast! view from their blog

“Antivirus, as customers know it, incorporates firewalls, intrusion detection, heuristics, virtualization, sandboxes, and many other layers of protection and not just antivirus. It is far from dead.” ~Vince Steckler, CEO

quote taken from → http://blog.avast.com/2014/05/06/the-death-of-antivirus-has-been-greatly-exaggerated/ article author = DEBORAH SALMI

Next to safe hex practices the best protection you can get, kept me secure for over 10 years now.
The best that came to avast i.m.h.o. was the fabulous avast! Shields protection!

Damian