Monday, April 18, 2011

[LINUX_Newbies] Re: why does the malware get past the anti-virus program

 

The answer is actually quite simple: most antivirus programs look for characteristic signatures of viruses. Until the signature of a new virus is included in the updated database, the scanner simply does not "see" the new one.

The other form of antivirus is called an heuristic scanner. This looks for certain kinds of activity a virus does and triggers when it finds it. This can catch brand new, previously unknown viruses...but it may also miss some.

Thus, the best antivirus defense is either a scanner that includes both signature- and heuristic-based action or using two products, one of which does a good job with signatures and the other strictly an heuristic scanner.

For some years in my Windows setup, I used the two-product approach--generally a signature scanner (often Avast! as when I tested them it was slightly better than AVG, which others found true as well). For the heuristic scanner, I used Threatfire from PCTools--which absolutely saved my bacon from time to time.

Today, for Windows, the Microsoft Security Essentials product is one I believe has both kinds of scanning and has been well rated by those who have tested it.

I also used scanners for other kinds of malware, normally on a routine basis rather than as a real-time scan.

Of course, a firewall is also an extremely important part of your security setup--and the one Microsoft includes in various Windows iterations isn't too good. I have not reviewed Windows firewall software in some time; for years I used Comodo.

In Linux, the situation is somewhat simpler. A Linux firewall is simply the proper settings for the kernel, and there are various GUI tools for making that setup easier. One that springs to mind is Guarddog. There is also a great script called Bastille that walks you through the various security choices, teaching you why and how along the way.

I have not been seriously bothered with the idea of an antivirus product for Linux. There are a few out there, but so far at least I see little reason for employing them. One reason to consider it might be if you must deal with many downloaded files that will later be sent on to Windows users--then, being able to scan those files for malware is a very good practice.

David

--- In LINUX_Newbies@yahoogroups.com, "Rob" <sun408b@...> wrote:
>
> But why does the malware get past the sanbox and some malware get past anti-virus program when later on the anti-virus program finds it.That so strange later on it finds it!!
>
> Some malware it blocks and other malware it does not but what strange is it finds it later!!
>
> What is wrong with the anti-virus program.
>

__._,_.___
Recent Activity:
To unsubscribe from this list, please email LINUX_Newbies-unsubscribe@yahoogroups.com & you will be removed.
.

__,_._,___

No comments:

Post a Comment