Move along, nothing to see here

by Volker Weber

As I was listening to our virus expert during Tuesday's presentation, I could not help shaking my head. Update the signatures at least once a day, better every six hours. A six digit number of known Windows malware programs.

Do you remember last week's news when yet another antivirus vendor claimed they had a Mac virus. None of the other vendors could concur since they did not have it. They so much want a Mac virus, or a whole lot of them, since their business on the Mac is not doing too well. Yes, there are antivirus programs for the Mac, but the only thing they do is flag Windows malware that does not even affect the Mac. Unless you installed Microsoft's VirtualPC of course.

As I was shaking my head, I gave Snoopy an extra hug. And please, continue to buy PCs while vowe's magic flying circus upgrades to Tiger. The world needs your help. Especially the antivirus vendors. And the people who 0wn bot nets.


After buying my first Mac some months ago, it came as a shock to me that no antivirus software needed to be installed. It is kind of crazy to get so used to a mainstream OS being unsecure, that one takes it for granted.

Thomas Fleischer, 2005-04-28

Oh, it's way worse than that over here in 'doze land. We are living in the new era of the in zero day exploit...

No amount of signature updates is adequate - once a day, every 6 hours, every 6 minutes - it makes no difference. Windows malware is now morphing so massively that no AV vendor detects it all.

We regularly see some new piece of malware stroll right past well maintained and fully up to date signature based AV at the email gateway just because it is new. Sometimes our second AV system at the OS filesystem can detect these but often it can't for at least 6 hours. We keep new malware from users by banning Windows portable executables from all email.

Signature based AV, reacting to something that already happened, has had its day. Time for a new, more proactive approach.

Or ditch Windows (nope, just don't see that happening).

Chris Linfoot, 2005-04-29

Old archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe