![]() ![]() ![]() They stand to gain the most from Windows being stable and not infected with malware. Microsoft has by far the world's largest network of "sensors", hundreds of millions of windows machines. No AV is going to be effective against that. The spear-phishing attacks that target your company are laced with these 0-days. Cyber mafias buy them from independent criminal researchers. Government spy agencies buy these from specialized companies like British/German FinFisher, the French company Vupen, and the Italian Hacker Team. And as we recently saw, even AV engines themselves are riddled with 0-days. These 0-days are spread over dozens of popular apps. The actual problem is that there are many hundreds of unknown zero-day threats out there, that NO antivirus engine can protect against. Then they do their testing and scoring, but sadly it is a matter of the blind leading the blind. AV-test and Virustotal are relying mostly on a collection (or zoo) of known and new strains out there, and these are normally gathered using all AV engines (around 40-ish) and see who catches a sample first. The next issue is that the "testing" organizations also only have a partial look at the whole universe of malware out there. Unfortunately, from where the most of us are sitting (inside an organization), it is practically impossible to determine the quality of AV engines. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |