Network and Computer Security

Just as if we needed that, a new polymorphism technique allows viruses on AMD-64 processors to be even harder to detect.

“The virus, dubbed W64.Bounds, is not spreading in the wild, but was submitted as a proof of concept to antivirus researchers. The program is not easy to detect because it encrypts itself using a new algorithm and exploits a Windows feature available only on AMD64 systems to control execution”, Peter Ferrie, senior antivirus researcher for Symantec, said.

See the full article on SecurityFocus.

It’s no news that no antivirus is 100% safe.

It has always been that way and will always be. The answer is simple: there are actually very few antiviruses sharing the biggest market share (the top 5 AVs most likely represent more than 95% of the installed base). So the virus writters can very quickly check their “lastest,not-released-in-the-wild-yet” virus and see which antivirus applications detect it as a malware and modify it accordingly.

ZDNet just published a good paper on the subject: Why popular antivirus apps ‘do not work’?

We’re all wondering which antivirus is the best one to protect our servers.

The guys from Nephentes wondered the same thing and took the time to submit a sample of 4987 viruses to 14 antivirus softwares running on *nix platforms (some free some not).

The full study is here, but if you’re impatient here’s the summary:

(Note: the ‘Trend’ percentage is the variation between the current test and the previous one)

In december, Nessus 3.0.0 has been released bringing major evolutions compared to the Nessus 2 branch. It’s hard to memtion all the changes, but basically Nessus 3 is a fully rewrite of Nessus 2 and as a result performances got a huge boost. However during those major changes some new problems creep in. Nessus 3.0.1 fixed most of them and the newly released Nessus 3.0.2.

• Why upgrade to Nessus 3 ?
• Nessus FAQ
• Download Nessus 3.0.2!