January 2006 Virus and Spam Statistics 115
Ant writes "Commtouch reports the January 2006's virus and spam statistics. Its summary said there were four massive virus attacks (including a multi-wave attack of 7 variants) and the most aggressive attacks penetrated before the average antivirus (AV) solution could even release a signature. The data is based on information continuously gathered by the Commtouch Detection Center, which analyzed more than 2 billion messages from over 130 countries during the month of January 2006..."
Re:Problematic Signature Release Issue (Score:2, Informative)
http://www.grisoft.com/ [grisoft.com]
Re:Problematic Signature Release Issue (Score:3, Informative)
The virus is reported [bbc.co.uk] to have first emerged on the 16th January 2006. Sophos [sophos.com] says [sophos.com] they provided protection from 16:03:20 GMT on that day. So while it may have taken ages for you to find an anti-virus vender with detection or removal, there *were* solutions on the same day. Trend Micro also says [trendmicro.com] their pattern file was release on the 16th, and they give the time when the description on their website was written as 14:23:21 GMT, but they don't say what time their pattern file was released. Mcafee even claims [nai.com] that they detected the virus from 2nd December 2005 - presumably since this was a variation of an existing worm that their existing detection happened to also detect. I don't know how many of the other AV vendors *also* detected it due to happenstance before it even existed.
There was also detection officially available from some other AV vendors on the 17th:
Re:Email Spoofing (Score:2, Informative)
Nope. Not a single credible anti-spam solution out there today pays any attention to the return address on the e-mail (unless it's explicitly in your whitelist). The filtering is done based on the actual origin of the message, or failing that, the first trusted server that handled the message.
The authors of the FA are saying that spam is ACTUALLY coming from gmail.com, which means it is probably being sent by legit gmail.com users (gmail requires a secure login to use their mail gateway).
It would work like this
It would be really, really hard for Google to come up with a solution to prevent spammers from getting out one good bulk mailing before Gmail shuts them down.
Oh yes it is! (Score:3, Informative)
I remember doing some maintenance on a small network once, and discovered that a number of the machines were infected. The boss was surprised. "But they all had anti-virus software!" And what a jolly amount of good that has done...
Yes, there is certainly a limited benefit to AV, as I would imagine that knowledgeable users can sometimes make a mistake. But AV software causes so many problems of their own, from the slowdowns caused by on-the-fly scanning, to the system bogdown whenever it does its scheduled full system scan, to the various slew of compatbility and stability issues that it creates (*cough* Norton *cough*).
Re:Problematic Signature Release Issue (Score:4, Informative)
Re:indemnification against viruses (Score:3, Informative)
Why don't they make an OS that is immune from getting viruses just by clicking on a hot link or opening an attachment?
Because software companies (most notably MS) prefer to sacrifice security to provide increased "ease of use". Or, "it's not a bug, it's a feature". Features sell. Bugs... well they do affect sales, but not to anywhere the same magnitude as new features. Company P.R. can spin the new features as wonderful and huge, and play down or totally ignore the problems.
So if a new feature introduces a security risk, and it's not currently en vogue to exploit that particular feature, they include it. Then next year after that feature has gotten hundreds of thousands of their customer's boxes owned, they sell you another feature of a "more secure" xyz. See, they sell it to you broken, then they sell you the fix for it. And they call this "a good business model". The phishers make money, the software vendors make money, and you my friend, are the one that pays them, both.
There ought to be a law that makes it illegal for a company to make a "feature" in computer software that automatically executes a program that was not "reasonably verified" to be executing with the knowledge and consent of the owner. In a nutshell, if someone sends you something through a public medium, and it contains instructions that can tell your computer to do something without your permission, it should never be allowed to execute.
Antivirus isn't great, or even very useful (Score:2, Informative)
Antivirus isn't great, as it comes with a bunch of issues, such as resource implications, acting as a threat vector itself, and generally being a case of shutting the stable door after the horse has bolted (zero-day exploits).
So add-on antivirus software isn't exactly *useful*, and isn't anything like running a sane operating system with pragmatically chosen security settings - which wouldn't include, by and large, anti-virus or anti-spyware scanning type software.