Category: av

  • Security vendor’s “top-threat” list proof for their less-than-perfect performance?

    Here is something I’ve been thinking about lately: most (all?) security vendors publish their “top-threats” periodically. Those lists are made up by centralizing numbers reported by their clients. While it is safe to assume that the majority of the enumerated threats are blocked straight-away – before they can execute a single piece of code – […]

  • A missed opportunity

    The theory of capitalism (and I’m greatly oversimplifying here, I know) says that, even is we all follow just our own self interest, a global “good” will somehow emerge. This is what F-Secure is doing in their blogpost where they write about a specific ransomware which – if you get infected with – encrypts your […]

  • Congratulation to AV-Comparatives!

    AV-Comparatives is an independent, well-known and well respected testing organization in the AV/Anti-Malware field. They recently published two reports and one meta-report: Whole Product Dynamic Test Performance Test Summary Reports Go read them if you have questions like “which product is the best for me?”. Thank you Andreas for providing a great and impartial service. […]

  • What VirusTotal is not

    Since its inception VirusTotal has been used by people to compare different AV products (just in case you don’t know: VirusTotal is great free service which scans the uploaded file with 40 AV engines currently and reports back the results). The AV industry has objected to this practice because of a couple of reasons, some […]

  • The importance of false positives

    An interesting paper was bought to my attention recently by this blog post: The Base Rate Fallacy and its implications for the difficulty of Intrusion Detection. The central question of this paper is: if we have a flow of N packets per day and our network IDS has a false-positive rate of X, what is […]

  • SMOG button removed!

    Almost a year ago I added a SMOG button to each blogpost, which (in a more or less serious manner) evaluated the “reading level” needed to understand the blogpost. However, today the site used for this service came up with a warning from Google saying that it might be malicious. I’ve looked into it, and […]

  • The myth of the cognitive quantum jumps

    Update: see this presentation given by Scott Berkun at Google, which which explains my points much more eloquently. Very often media (and I’m using the word “media” here in its most comprehensive way – including things like blogs, Slashdot, etc) tells us the story of some uber-hyper-mega-cool new-unseen-until-now method of performing X. This leads many […]

  • Creating a closed standard

    After reading on Graham Cluley’s blog that the IEEE came up with a new standard [PDF] for malware interchange, I had to check it out immediately. As always, being a cranky old man, I found several problems with the proposed standard: Even though the presentation has a section abou “Re-Inventing the Wheel”, it fails to […]

  • Those who know, do it

    There is an old joke, which I might have referenced in the past (my memory is almost non-existing :-P), which goes something like this: Those who know how to do X, do it. Those who don’t, teach it. Those who can’t even teach it, supervise it. I assume that journalists come in somewhere in the […]

  • Sunbelt Software VIPRE Antivirus review

    Full disclosure: for several years I worked in the AV industry for a company which can be considered a competitor to Sunbelt Software. However I don’t any more. Sunbelt Software started out as an anti-spyware company, however a few years ago they re-oriented themselves towards the more general anti-malware market, which is a really nice […]