Posted by: David Harley | March 16, 2011

The truth about AV software?

SANS isn’t the biggest fan of the AV industry, and has from time to time been misleading in its assessment of what AV actually does, so it’s a relief that the latest issue of its OUCH! security awareness newsletter, which focuses on Understanding Anti-Virus Software, shows a little more understanding  of  anti-malware technology.

Well, since guest editor Lenny Zeltser is SANS’ lead instructor on malware, it would be pretty depressing if it didn’t. And in fact, while the description of signature detection doesn’t acknowledge that AV signatures are a lot more than static patterns, it is at least followed by a high level summation of behaviour analysis.

It does kind of suggest that the only alternatives available are seriously limited, strict static signatures, or high volumes of false positives, however. I can’t deny that the security industry has its problems with FPs from time to time, but I don’t think the picture is quite that bleak.

Still, the tips section at the end contains some advice worth repeating.

Connection with testing? Links to a couple of sites that SANS apparently considers “trusted sources”: one is a link to an article by Neil Rubenking (who is a member of the AMTSO advisory board) on what he considers to be The Best Security Suites for 2011, and the other is a link to some advice from Consumer Reports, which is not represented in AMTSO.

David Harley 


  1. […] The truth about AV software? ( #dd_ajax_float{ background:none repeat scroll 0 0 #FFFFFF; border:1px solid #DDDDDD; float:left; margin-left:-120px; margin-right:10px; margin-top:10px; position:absolute; z-index:9999; }jQuery(document).ready(function($){ //put content div class, when scroll beyond this y, float it var $postShare = $('#dd_ajax_float'); if($('.dd_content_wrap').length > 0){ var descripY = parseInt($('.dd_content_wrap').offset().top) – 20; var pullX = $postShare.css('margin-left'); $(window).scroll(function () { var scrollY = $(window).scrollTop(); var fixedShare = $postShare.css('position') == 'fixed'; //make sure .post_share exists if($('#dd_ajax_float').length > 0){ if ( scrollY > descripY && !fixedShare ) { $postShare.stop().css({ position: 'fixed', top: 16 }); } else if ( scrollY < descripY && fixedShare ) { $postShare.css({ position: 'absolute', top: descripY, marginLeft: pullX }); } } }); } });jQuery(document).ready(function($) { if($(window).width()> 1280){ $('#dd_ajax_float').show() }else{ $('#dd_ajax_float').hide() } $(window).resize(function() { if($(window).width()> 1280){ $('#dd_ajax_float').show() }else{ $('#dd_ajax_float').hide() } }); }); […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: