av – Sorin Mustaca on Cybersecurity

antivirus October 19, 2022

I am worried: AV-Comparatives tests of Business Security products

Av-Comparatives did a long-term test of security Business Products. The details can be seen here: https://www.av-comparatives.org/tests/business-security-test-august-september-2022-factsheet/ Initially, I wanted to write about this test because I was surprised to see how well Microsoft Defender performed. But then, I started to read the details, even if the full report will only be released in December 2022. Read below the things which surprised me: Engines used Information about additional third-party engines/signatures used by some of the products: Acronis, Cisco, Cybereason, G Data, Trellix and VIPRE use the Bitdefender engine (in addition to their own protection features). VMware uses the Avira engine (in addition to their own protection features). G Data’s OutbreakShield is based on Cyren. Of course, most of this is not new … What surprised me was: Cisco is using Bitdefender Watch Guard, Crowdstrike and K7 have own engines Crowdstrike’s ML engine is good G Data is using also Cyren 2) The special settings are not even close to the defaults. It is normal that in business environments, and with business products in general, to be configured by the system administrator, in accordance with vendor’s guidelines and their own expectations. But, this also tells me that there can be huge differences in the detection, performance and FP rate of…

News, security November 30, 2010

“Not all AV software are the same” – CompTIA Security+ 2008

CompTIA Security+ 2008, page 99, Chapter Antivirus Not all AV software is the same. Free AV software that is available for download through the Internet will typically only look for viruses in standard files. However, most commercial AV software will also look for Trojans, worms, macro viruses, and adware in standard files as well as in compressed (.ZIP) files. In which decade are you guys from CompTIA living ? *Any* AV product looks for those malware in all files. Maybe you should update the book 😉

antivirus, News August 23, 2010

Why Intel bought McAfee?

Everybody knows about this acquisition. Now, why did Intel (chip produced) needs a Software Security company ? There are some possible reasons: 1. To enter in a multi-billion market which needs fresh ideas and technologies 2. To produce better security software which makes use of their multi-core processors 3. Both 4. Add AV in the CPU (or on the board) directly(with some help from the “cloud”) 5. Create an AntiVirus Chip -> move from software to hardware (which they know better) Of course, I vote for 3… Both. But also 4 isn’t so bad 😉 Why ? Well, because there is what the so called “Moore’s Law“. And, Intel is preparing for the point when it will stop being valid. So, if they can’t produce better hardware, they would better adapt the software that runs on it so that it works much, much better. Intel is already a major player in the software industry. They produce a lot of good software ranging from drivers and software for the hardware, compilers, code analyzers and integrated development environment. So, what the AV world is missing is software that runs optimized on those cores. We all try to implement our code in such…

antivirus, General, News August 4, 2010

Are the AntiVirus companies writing the Viruses?

Short answer: NO Long answer: a very good one provided by Randy Abrams Thanks for the great article, Randy !

antivirus, distributed systems, p2p February 8, 2008

Why no antivirus for P2P programs ?

I received a nice email with a very good question from Mehdy Mohajery. It is not the first time I am asked the same question. This time I am documenting the answer I always give. Question: I saw you profile on linkedin.com just tonight , and I noticed that you are specialist in both p2p systems and designing security systems. that encouraged me to ask a question from you. As you know, nowadays a lot of viruses are being distributed via p2p networks like KAD & EDonkey. If an anti virus vendor like avira could provide a plug-in for a major p2p2 client (emule) to detect viruses before downloading by their FileID (MD4 Hash) , then a major part of virus traffic on p2p networks can be eliminated. So why nobody on security industry seems to care about securing p2p networks with this method? should I download every piece of scrap to know if it’s infected? I like to know your opinion about this. Dear Mehdy Mohajery, There are several reasons why nobody adds an AV for the P2P programs: 1. Having in mind the “free of charge” nature of the P2P networks, nobody will pay for an Antivirus program….