Your browser is obsolete!

The page may not load correctly.

The workshop

Кухня

Other issues in this category (38)
  • add to favourites
    Add to Bookmarks

When armour stops a projectile

Read: 11153 Comments: 2 Rating: 9

Thursday, May 18, 2017

It is common knowledge that the battle between virus makers and anti-virus developers is, in a way, an arms race or, to be more precise, a technology race. For example, because the malware development process has been automated, virus makers can significantly increase their output of malicious programs. The mass media loves stories about targeted attacks, but they fail to mention that attacks involving specially crafted malicious files that remain undetected for months are quite rare compared with other types of attacks. Why waste time writing a high-quality malicious program if, in the event it fails, it will be detected within an hour or two once the anti-virus has gotten its next update?

#drweb

Over 98% of malicious samples (hashes) have a "life expectancy" of 58 seconds or even less!

https://regmedia.co.uk/2016/05/12/dbir_2016.pdf

Sadly, at an information security conference in Novosibirsk, it was stated that companies only ask for their malware incidents to be investigated six months after the incidents actually occurred!

#drweb

Infection discovery percentage, within 24 hours or less.

Why is that? It’s because companies don't want to spend that much on anti-virus security. They use obsolete anti-virus applications (some people believe they’re faster), free anti-viruses (those don't include advanced protection technologies), and simple anti-viruses (these only detect malware programs by their signatures).

Many people also believe that an anti-virus doesn't need anything except virus databases. Is that true? Verizon Data Breach Investigations Report 2016 indicates that most malware strains are encountered just once!

Anti-viruses that incorporate only virus databases simply don't have time to receive the updates that are necessary to neutralise brand new Trojans. That's why to protect a system from the latest threats, Dr.Web incorporates Preventive Protectionwhich enables it to detect malicious files that disappear before their signatures are received as part of the next update.

#Dr.Web_settings #Preventive_Protection

The Anti-virus Times recommends

  1. In Anti-virus Times issues we often remind users that timely updates are important. The number of malicious programs that appear every hour is huge. That's why the importance of anti-virus updates is hard to overestimate. To maintain effective protection, prompt updates aren't enough: an anti-virus should be able to detect threats nobody knows about yet. Here’s what Dr.Web needs Preventive Protection for.
  2. To put it briefly, it is one of the Dr.Web components whose default settings should remain unchanged—let it work the way its developers configured it for you. We strongly recommend that under no circumstances should you change the values for the options "Integrity of running applications" and "Integrity of user files". They must always be set to "Block".

    #drweb

    If you don't quite understand what a certain option does, consult Doctor Web technical support before you change its parameters.

  3. Please don't forget that the Dr.Web Preventive Protection settings are recorded in the Dr.Web log, and our support engineers take them into account when analysing any virus-related computer incident (VCI) you request assistance with. If you have configured Dr.Web in such a way that it missed detecting a malware sample, Doctor Web may decline your request to recover your files if they get compromised by encryption ransomware.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments