mixture
18th Oct 2011, 12:25
Picking up on a comment from Mike-Bracknell in another thread ...
if you pay for your package you need to understand that the virus definitions are likely to have been gleaned from others who will have paid for their package....and given that the FAR greater number of people who DON'T pay for their package are the ones who will be providing the free AV vendors their definitions, you can see why it would be better (and cheaper) to go free.
This is not necessarily true, particularly for zero-day emerging threats that require more than just the correct hash signature to be in the AV database.
I thought it would be good to show a real-life example.
Case in point, I received a suspicious attachment in by inbox today.
First scan at around 08:00 UTC revealed only 4/43 anti-virus packages picked up the virus, four hours later at 12:00 UTC, we're only up to 7/43 packages.
At 12:00 UTC, all of the packages that pick it up continue to be commercial products :
Commtouch
F-Prot
Fortinet
K7
Kaspersky
Sophos
Symantec
None of the common free ones picked it up as a virus on their latest definitions as of 12:00 UTC.
The moral of the story is, be careful out there. The second moral of the story is that mike's assumption of safety in numbers is wrong.
Edit:
For the technically inclined who want to know what to look out for....
SHA1(Delivery_Information_No#7082.zip)= 2565b27b881bebb94fb60d21d0bc170556f58b8
MD5(Delivery_Information_No#7082.zip)= 6bd53a62c768f7ce8663310ed404b89c
Its a trojan that installs a backdoor (hey... we were talking about this the other day.... a way to bypass NAT.... :E)
if you pay for your package you need to understand that the virus definitions are likely to have been gleaned from others who will have paid for their package....and given that the FAR greater number of people who DON'T pay for their package are the ones who will be providing the free AV vendors their definitions, you can see why it would be better (and cheaper) to go free.
This is not necessarily true, particularly for zero-day emerging threats that require more than just the correct hash signature to be in the AV database.
I thought it would be good to show a real-life example.
Case in point, I received a suspicious attachment in by inbox today.
First scan at around 08:00 UTC revealed only 4/43 anti-virus packages picked up the virus, four hours later at 12:00 UTC, we're only up to 7/43 packages.
At 12:00 UTC, all of the packages that pick it up continue to be commercial products :
Commtouch
F-Prot
Fortinet
K7
Kaspersky
Sophos
Symantec
None of the common free ones picked it up as a virus on their latest definitions as of 12:00 UTC.
The moral of the story is, be careful out there. The second moral of the story is that mike's assumption of safety in numbers is wrong.
Edit:
For the technically inclined who want to know what to look out for....
SHA1(Delivery_Information_No#7082.zip)= 2565b27b881bebb94fb60d21d0bc170556f58b8
MD5(Delivery_Information_No#7082.zip)= 6bd53a62c768f7ce8663310ed404b89c
Its a trojan that installs a backdoor (hey... we were talking about this the other day.... a way to bypass NAT.... :E)