Computer Security News Categories
Check the latest global news related to computer security.
ESET ThreatBlog
February 7, 2010 9:06:56 PM CET
NOD32 Antivirus for Mac: Some Questions
These are a few questions relating to ESET's antivirus scanner for OS X, which is currently in beta, that I was asked in response to a post at Mac Virus. (If you want to take the beta out for a spin, you can still download it at http://beta.eset.com/macosx.)
As these questions are very ESET-specific, I thought it was more appropriate to answer them here rather than at Mac Virus.
1. You mentioned at the Eset blog in response to one of my comments that you where running EAV for Mac, on your Mac. So I am just wondering what the average Memory and CPU usage is for EAV on a Mac?
Yes, I'm running ESET's beta scanner on one of my Macs. I haven't looked at performance metrics, and I probably won't even if it starts to look anomalous. I don't have the time and resources to do accurate performance testing here at the moment, and I don't know that it would be useful anyway. The product is still liable to drastic change, as pre-release products tend to be.
2. Also wondering why Eset don’t show how many malware’s records that’s in your database? Not that it is very important that I know how many, but why not?
Do you mean how many "signatures" do we have, or how many individual items of malware we detect? The two figures don't actually correlate in a way that would be useful: I don't know how many individual detections we have, but to give that number would be misleading, since there isn't a single detection to every malicious binary.
Note that this is true of all mainstream AV vendors: because virus labs receive tens of thousands of unique binaries to analyse every day, the emphasis has to be on the most effective way of detecting as many of them as possible, not on precise classification, which is why malware information databases tend to be fairly generic nowadays.
ESET's detections are highly generic (meaning that a whole family or families, variants and subvariants might be picked up by a single detection) and/or heuristic (malware is detected by its characteristics or behaviour rather than by exact or near-exact identification): INF/Autorun, for instance, detects an enormous range (and volume) of malicious programs with two characteristics in common: (a) they try to exploit AutoRun (b) they're malicious! .
3. I know that the Mac version of NOD32 is crossplatform and detects Mac,Linux,and Windows malware. But does the Windows version detect Windows, Mac, And Linux malware as well?
Yes, ESET scanners for Windows detect malware OS X and Linux malware.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or http://twitter.com/ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macvirus.com/
» Read more
Previous News
February 6, 2010 12:45:57 AM CET
Firefox Add-ons Infected – Perhaps you read the Mozilla blog at http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/ where it was revealed that two add-ons for Firefox were infected with Trojans. In this case the distribution was very small, so not many users were infected, but this type of attack is likely to grow. A large part of the time I worked at Microsoft I was [...]
February 5, 2010 3:22:00 PM CET
14% of searches for trends lead to malware – Websense reveals 225% surge in malicious websitesNearly 14 percent of all searches for news trends on Google or buzzwords on Yahoo lead to malware, says Websense.
February 5, 2010 1:33:00 PM CET
Firefox browser add-ons contained malware – Mopzilla suspects up to 4,600 users were infectedMozilla has confirmed that a pair of add-ons for its Firefox browser contained malware and may have infected up to 4,600 users.
February 5, 2010 1:11:47 PM CET
Mac Virus Resurgent – No, I'm not talking about a newly-discovered and virulent OS X upconversion of SevenDust or AutoStart 9805. Mac Virus is a site founded by Susan Lesch in the 1990s, when pre-OS X Mac-specific malware was still a serious issue - AutoStart in particular caused significant damage back then – and cross-platform macro viruses were also a major problem. [...]
February 5, 2010 10:41:00 AM CET
Research: iPhone security claims exaggerated – Sandboxing permissions are "way too loose"Apple's claims about the security of the iPhone privacy have been exaggerated, says software engineer and security expert Nicolas Seriot.
February 5, 2010 10:25:00 AM CET
Brits use banking login details on other sites – 73% use online banking password on different siteFar too many web users rely on the same login details for multiple websites, says Trusteer.
February 5, 2010 9:54:00 AM CET
Hackers use fake Firefox update to spread toolbar – Hotbar app successor to Zango spyware toolbarA security firm is urging web users to be wary of fake Firefox updates that instead install a toolbar, which is the successor to the notorious Zango spyware toolbar.
February 5, 2010 9:46:00 AM CET
Microsoft to patch 26 flaws, 5 critical – Record Patch Tuesday for Windows and OfficeMicrosoft will deliver a record 13 security updates next Tuesday. The massive batch of patches aims to fix more than two dozen vulnerabilities in Windows and Microsoft Office.
February 5, 2010 9:29:32 AM CET
Patchday ahead: 13 Bulletins announced – For the Tuesday to come Microsoft announced to release 13 Security Bulletins. They close 26 security holes according to Microsofts Security Response Center (MSRC). While 11 of those bulletins affect Windows, 2 deal with security issues in Office. 5 bulletins are rated critical, 7 important and 1 moderate. The MSRC also mentions the recently detected information [...]
February 4, 2010 6:05:23 PM CET
The PUSHDO Puzzle—DDoS or Not DDoS? – The PUSHDO botnet has been in the news lately as the culprit in a distributed denial-of-service (DDoS) attack against a variety of well-known websites. Some publications even documented this recent attack extensively. After spending some months last year studying and monitoring the PUSHDO/CUTWAIL botnet and after checking the latest samples, we can affirm that this [...]Post from: TrendLabs | Malware Blog - by Trend MicroThe PUSHDO Puzzle—DDoS or Not DDoS?
