While I agree with your sentiment whole-heartedly, I still wonder why antimalware software isnt performing the most basic of checks for common infection breadcrumbs.
I think we are all painfully aware that malware detection must go beyond the basic signature match. Malware and exploits follow a logic process/path. We should also be looking to follow that path in the detection process. I think its high-time that we get away from this stagnant idea of how AV/AM software works. It didn't work for spam. It doesn't work for malware. I personally don't see how the points I have individually raised here would have a negative or detrimental effect on the scanning process. The foot-print is small, and the verification time should be quite limited. -- Espi On Mon, Jul 18, 2011 at 2:48 PM, Stu Sjouwerman <s...@sunbelt-software.com>wrote: > ** > OK, I just could not stay out of this one. Someting like 60-70% of these > infections are > caused by social engineering, so why not prevent this from happening in the > first place? > > Train those users within an inch of their life so that they will have > nightmares even > contemplating clicking on something they should not. Cybercrime is > accelerating, > check out the sophistication level of the current fifth generation. > > http://www.knowbe4.com/resources/five-generations-of-cybercrime/ > > Warm regards, > > Stu > > > ------------------------------ > *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] > *Sent:* Wednesday, July 13, 2011 1:12 PM > > *To:* NT System Admin Issues > *Subject:* Thought on malware cleaning > > Maybe I'm nuts. Maybe I'm sick of dealing with malware. But I have some > very simple questions about things I almost ALWAYS see on infected systems. > Perhaps someone here can clarify something for me that I have yet to see > Microsoft and any antivirus vender directly address. I'm gonna start this > with one point, and then how the conversation goes: > > I almost always see malware injection points in the allusers\appdata > folder. In these instances I *always* see a reference in one of the "run" > registry keys. > > As far as I know; this top level appdata filer should NOT contain files at > all. I repeat: NO FILES AT F'ING ALL. > > Can someone confirm this? Can someone with contacts at Microsoft or other > AV providers confirm why this is completely overlooked when scanning? This > is were 0-day malware live very commonly. This is very easy to check! > > Thank you for your time and any vender reach-outs you can provide. > > I'm currently working on a set of scripts to check what I consider very > foolish things like this. If anyone wants to team-up, please do. > > -- > Espi > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin