|
Posted by Art on September 27, 2005, 8:09 pm
If you were Registered and logged in, you could reply and use other advanced thread options
One kind of test of scanners that seems to be rare is that of their
ability to detect a variety of malware "within" install files.
Catching malware prior to installation is obviously a important
preventative.
I used a list of rogue web sites:
http://kppfree.altervista.org/spylist.htm
to steer me to a number of installation files. Below are just three
results of AV scanning using KAV:
*************************************
http://www.kazaa-download-manager.com
Install file: KDM-Setup.EXE
Trojan-Downloader.Win32.Small.asf data004
AdWare.Win32.WebHancer.351 whAgent.exe
AdWare.WebHancer whInstaller.exe
whsurvery.exe
webhdll.dll
whiehlpr.dll
http://www.mp3musicsearch.net
Install file: mp3ms.exe
AdWare.Win32.NewDotNet WISEOO24.BIN
Server-Proxy.Win32.MarketScore.k WISE0025.BIN
AdWare.Win32.SaveNow.bo WISE0026.BIN
http://www.kazaap.org
Install File: kazaap-3.6.exe
Adware.Win32.MediaBack data002
Trojan-Clicker.Win32.VB.dn data003
Trojan-Downloader.Win32.Agant.jt data005
*************************************
Notice the variety of Trojans and Adware in every install file.
One of the deficiencies of many or most spyware/adware/Trojan scanners
is their inability to scan "within" install files and act as a
preventative. One approach would be to upload install files to Virus
Total. That would only be viable if the file size is small enough. If
you have low upload speed, and/or the server is maxing out, this
approach could be painful :)
Having several free on-demand antivirus scanners on hand is another
approach. The best preventative though is to only download and install
known reputable software from trusted sources.
If your scanner, whatever kind, doesn't alert on at least the three
install files above, you are being short-changed. Demand of your
vendor that they learn to do a better job at preventative type of
scanning.
Art
http://home.epix.net/~artnpeg
| 
XML site map