VirusTotal, Useful Engines, and Useful AV

In a recent blog on whether security professionals really don't use anti-virus (sorry, but quite a few of us do!) I mentioned a paper by myself and Julio Canto on the use and misuse of multi-scanner sites like VirusTotal.  Especially the (Virus-)totally inappropriate use of VT reports as some sort of substitute for real comparative testing.

I presented it at a forensics conference in the UK a while ago, but since quite a few people have expressed an interest in it, it's now on the ESET white papers page: Man, Myth, Malware and Multi-Scanning.

 Another Really Useful Engine*

 As it turns out, the argument as to whether or not anti-virus is worth anything continues to rage. Well, perhaps it's better described as mild peevishness rather than rage.

  • In the latest issue of SC Magazine, there's a debate between Jeremiah Grossman and myself as to whether Anti-virus is essential. I guess you could call it a draw, since my view is that it isn't always essential and his seems to be that it is essential but not worth paying for. ;-) (And if you read it in the print edition of the magazine, no, I haven't changed my name to Hartley: it's a typo.)
  • Paul Ducklin also weighed in today, discussing the proposition that Anti-virus is no good.
  • Simon Edwards explained Why even experts need antivirus just a few days ago.

I have a feeling I'm going to have to come back to this, but not tonight: it's the VirusTotal/multi-scanner paper I want you to read right now. :)

* Photograph by permission of Small Blue-Green World

David Harley CITP FBCS CISSP
ESET Senior Research Fellow

 

Author David Harley, ESET

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.