Comments on: RIP Anti-Virus (Again) http://www.welivesecurity.com/2011/09/09/rip-anti-virus-again/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: kurt wismer http://www.welivesecurity.com/2011/09/09/rip-anti-virus-again/#comment-3544 Fri, 09 Sep 2011 15:59:19 +0000 http://blog.eset.com/?p=9270#comment-3544 @ken bechtel
it goes a bit beyond that. when you're dealing with targeted attacks you're dealing with an intelligent attacker. no automated tool is a good fit when there's an intelligent attacker involved. intelligent attackers call for intelligent defenders. tools won't do any good without skilled personnel actively looking for the right things.
automated tools may get lucky from time to time and stop malware involved in a targeted attack, but a proper defence against targeted attacks can't be automated.

]]>
By: Ken Bechtel http://www.welivesecurity.com/2011/09/09/rip-anti-virus-again/#comment-3543 Fri, 09 Sep 2011 15:35:34 +0000 http://blog.eset.com/?p=9270#comment-3543 I remember when integrity checkers came out in the early days. People were claiming scanning was dead in the late 80′s early 90′s So I suspect it’s just as Kirk pointed out, unrealistic expectations. Anti-Virus is the current best tool for the specific task of detecting neutralizing and repairing KNOW THREATS. Any professional worth their salt will tell you, you need to perform defense in depth, layered approach, and that doesn’t mean just throwing another software package on the wire and saying you’re protecting something. You need to be comprehensive, integrated, and overlapping (jeez I sound like a marketing buzzword) but if your protection doesn’t work together, cover known gaps, and address multiple vectors, you’re just wasting your money and time. Please use the right tools for the right jobs, and you will be well served by your investments.

]]>
By: Martijn Grooten http://www.welivesecurity.com/2011/09/09/rip-anti-virus-again/#comment-3542 Fri, 09 Sep 2011 14:16:39 +0000 http://blog.eset.com/?p=9270#comment-3542 Possibly the most prominent APT attack this year was the one on RSA. The email was actually blocked and put into quarantine. Then the user was able to take the email out of quarantine and open the attachment. So anti-virus (or anti-spam, I don't know which of the two was responsible for the blocking of the email) did its work. The problem was what the user was then allowed to do.

]]>