Was very astounded!

Well from everything I’ve read…it sure sounds like developers (code writers) everywhere need to come up with a better way of “detecting and disabling” this kind of growing threat that appears to be getting more common as time passes! I don’t know if thats possible but it seems to me if this kind of threat can be developed then it should be able to STOP it before it installs…Yes…No?? :-\

Yeah, I’m sure that’s what they strive for, but I think all the A/V companies are outnumbered by how many teams of people are developing the rogue’s.

With the A/V companies starting to do more work with cloud systems, we might eventually get to a point where a lot of this is caught before it ever gets to end user’s systems, but the framework is still in it’s infancy. It’ll take a bit in order to start seeing real results.

Good point about the number of teams developing this stuff…unfortunately that makes the game a “reactive” one, rather then “proactive”…at this point anyway :wink:

Yeah, it’s unfortunate, but that’s the way things go I guess.

More Malware writers than Anti-malware, more thugs than policemen, more… well, you get the idea.

Things haven;t changed in the time that viruses first came on the scene. Catch-up has always been the game, whilst generic, heuristic, algorithmic signatures and behavioural analysis are trying to combat new malware without a specific signature.

The problem being they have to strike a balance between detecting unknown malware and not detecting legitimate files. Get it wrong and you get too many false positives which can damage a system if a user elects to delete or not catching new malware.

I've managed to keep my wifes pc clean for over a year and she is a major facebook user and I get the rogue using google, lol just very frustrating.
I've read about quite a number of infected pages being near the top of some Google results page, some even sponsored results. You don't need to go to a suspected "dodgy" (porn or warez) site to get what's called a drive by download, you just need default settings on the browser that allow scripts to run. Websites are hacked and infected at an alarming rate. All that is needed is for the web host to be using software with a vulnerability in it. A bit of light reading about how to prevent this [url=http://www.wilderssecurity.com/showthread.php?t=213988]here.[/url]

I believe that a lot of users who download these rogues do so inadvertently, by just visiting the page hosting it.

Good point about the number of teams developing this stuff...unfortunately that makes the game a "reactive" one, rather then "proactive"..at this point anyway
I think it always has been. The rogue antivirus game is worth seriously big money. New variants of the trojans/rootkits/worms that enable installation of these are being developed and released constantly. The only things I'm aware of that prevent them is related to disabling scripting (mentioned above), NOT clicking on what some people would recognize as dodgy links or attachments, the heuristics/behaviour blockers around- some AV's have these - unfortunately they are often a "best guess" type detection, and if turned up high present with a higher percentage of FPs.

Seriously, a layered defense is the way to go, and to guarantee that is beyond the means (and interest) of the average computer user, and for similar reasons, beyond the scope of an AV designed for the average user.

Avast represents what I consider an excellent compromise. Better than most. Additional hardening is important, though, with any AV.

Ah yes the ‘dreaded’ false positive…another great point!

Maybe you should avoid the porn and hacker sites. Hacker sites are probably worse that porn sites for malware.
Joe

for such things you can control with www.urlvoid.org

Any site can host malware.
This is yesterdays thinking, and slightly naive.

hopefully the next version af avast will have a better 0day protection. in this regard avast has to catch up whith the competition.