Comment Re:Hi I'm Patrick (Score 2) 130
1) Are you saying that the signature does not cover the entire download, and that an attacker could supplement or exchange content of the download without invalidating the signature, and have the injected code execute when the user starts the app?
2) Sounds bad.
3) Sounds bad
4) That a signature-based AV engine is only effective when attacks have been reported, analysed and a has been signature developed is bloody obvious. All an AV engines is good for is herd immunity. Which is sorta ok, except that they are peddled as the most important security product *you* can use. Some AV engines more advanced than XProtect use heuristics (or se they claim) but I have to admit that I am *really* sceptical about the claims of the effectiveness.