[LINK] Web malware a 'loosing battle'
Alastair Rankine
arsptr at internode.on.net
Thu Dec 20 09:01:24 AEDT 2007
stephen at melbpc.org.au wrote:
> Malware flood driving new AV
>
> Symantec researchers say number of malicious applications is rapidly
> outpacing the volume of legitimate programs, forcing a rethink of AV
> defense tactics By Matt Hines. December 14, 2007
>
As Coding Horror recently pointed out, AV software is basically a fancy
blacklist, and blacklists just don't work. Detection rates are currently
somewhere between 33% and 80% for recently-discovered exploits, see:
http://www.codinghorror.com/blog/archives/001009.html
I'd love to see figures on the false positive rate too. Wasn't there a
case recently where a Symatec AV product got a false positive hit on
itself? With a bit of data and Bayes' theorem it would become apparent
just how useless AV software is.
To me, the Infoworld article reads like Symatec trying to justify the
pathetic performance of their software by pointing the finger elsewhere
instead of at their deeply flawed attempt at a solution.
I only have one Windows box these days but I've been running it without
AV software for ages. Any tech-savvy person (including all Linkers)
should be doing this same IMHO.
More information about the Link
mailing list