# # Are A/V vendors really this clueless?
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Are A/V vendors really this clueless?

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© April 2015 Anthony Lawrence

According to "Botnet that enslaved 770,000 PCs worldwide comes crashing down", this "Simda" botnet was very stealthy, because it "morphed into a new, undetectable form every few hours, allowing it to stay one step ahead of many antivirus programs.".

Well, polymorphic viruses are nasty little beasts, so I suppose it's great that they did manage to finally control this. We can all breathe a little easier and sleep more soundly thanks to the truly brilliant efforts of A/V researchers.

But hold on a minute. According to that article:


The malware modified the HOSTS file Microsoft Windows machines use to map specific domain names to specific IP addresses. As a result, infected computers that attempted to visit addresses such as connect.facebook.net or google-analytics.com were surreptitiously diverted to servers under the control of the attackers. Often the booby-trapped HOSTS file remains even after the Simda backdoor has been removed.


What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server? For real? Such a basic and obvious check is not done?

Wow. That's disturbing.


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Are A/V vendors really this clueless?

2 comments


Inexpensive and informative Apple related e-books:

Take Control of iCloud

Take Control of Apple Mail, Third Edition

Take Control of iCloud, Fifth Edition

Take Control of Preview

Photos: A Take Control Crash Course





More Articles by © Anthony Lawrence







Wed Apr 15 13:51:38 2015: 12662   Alexi

gravatar


> What? You mean that A/V software never looks at hosts files and never bothers to check its entries against a presumably safe DNS server?

I wouldn't be surprised if some meddling busybodies in $MANAGEMENT decided, in a misguided attempt to improve benchmarking performance, to "deprioritize 'legacy' vectors" and instead focus on "the heuristic analysis of emergent trends"






Wed Apr 15 13:53:53 2015: 12663   TonyLawrence

gravatar


I love the way you put that :)

------------------------


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Better to fight for something than live for nothing. (George S. Patton)




Linux posts

Troubleshooting posts


This post tagged:

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode