onHacks

Do AntiVirus products detect bots? Stuart Staniford said less than 60%. I guess that is a “NO” for most of us. Surprise? Not really. If you are into the malware field, this is old news. Well, I am just a hobbyist.

Stuart used the VirusTotal and FireEye’s findings as a source of malware. How accurate is that? Stuart admitted the data being imprecise, and I am not in the field with data to tell a very precise one about VirusTotal either. Let me try to deduce, if anyone can submit a sample to VirusTotal, it is possible there are significant number of samples that never got out far enough to reach more than a small population, or some people wrote their own and submitted up there, with no victims. For his company’s source of malware, I will assume it is very real as the collecting appliances are deployed on real production boxes. I have no idea what boxes are they though. This is my thoughts to justify the accuracy of his findings. So, I assume only a portion of it concerns the majority of us. So it might not be less than 60%.

After reading Stuart’s post, I got to know some numbers of what’s going on. I do not believe in the ability of the signature matching ( and this is not byte-to-byte matching! ) alone, but I think AVs are still OK to detect a good number of those popular roaming malware your father or mother is being infected with. For some new detection, especially “nasty root of all evil” the rootkits, there is behavioral analysis that Tim Fraser developed that looks interesting. Though, if you ask for perfect detection, no way.