Tuesday, April 07, 2009

Briefly on Confickr

Not that I am trying to restart the “AV is dead” frenzy (everybody is sooooooooooo tired of it, anyhow), but, pray tell, me how come Confickr was such a “remote detection/scanning” issue and not a “malware/anti-malware” issue?

confickr-vm-malw

I am definitely impressed by the Honeynet Project work, but how come that after having AV deployed and updated on [supposedly] 98%+ systems out there, “scan for Confickr” was HOT!, but "your AV will protect you” was NOT?

Just a thought…

3 comments:

kurt wismer said...

because "your av will protect you" is never hot anymore, even when it's true...

people adored the remote scanning for conficker for the same reason they adored the conficker eye-chart - because it's novel and people (especially those in technology) are novelty-obsessed...

Anton Chuvakin said...

You know what? You are probably right.

which is kinda sad.

But then again - why would "Attackers launch a worm - but AV just KILLS IT DEAD" not be news? :-)

kurt wismer said...

why would it not be news? because historically that's what normally happens...

the events that caught the public's eye, the times when worms got a chance to get big - those are outliers...

it's not outside the realm of possibility for a person to name all the malware that av has failed to prevent growing to epidemic levels, but it is outside the realm of possibility for that same person to name all malware - the respective counts are that different...

Dr Anton Chuvakin