Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV & Updates


  • Please log in to reply
13 replies to this topic

#1 nCharge

nCharge

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 13 March 2013 - 12:56 PM

Hey ,

 

When a new malware/variant appears (not when it is being recognised !) how long will it take for AV vendors to update their product in order to detect the freshly appeared malware ?

(In average ?)



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 13 March 2013 - 01:21 PM

I don't think there are statistics to answer this question, as it is very hard to find out when malware was initialy released.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 JamesFrance

JamesFrance

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:05:28 AM

Posted 13 March 2013 - 01:43 PM

So you need protection which does not rely on blacklisting or you will probably be infected sooner or later unless you are very careful.


James

#4 nCharge

nCharge
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 13 March 2013 - 01:58 PM

Ok , I'll try this instead : When a malware is discovered (not released !) how much time does it take to have the Vendors to update their product ? (In average)



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 PM

Posted 13 March 2013 - 02:59 PM

As Didier Stevens already noted...there are no statistics which we are aware of to answer that question.

No doubt the time will vary from one security vendor to vendor. The malware must first be reported to the vendor, then a sample submitted to their lab and analzed....if confirmed as malware, it is named and added to their definition databases in the next update release.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 nCharge

nCharge
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 13 March 2013 - 03:01 PM

Roger that.



#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 13 March 2013 - 05:08 PM

I remember one study that explained that it would take up to 6 days for most vendors to update their signatures once 1 vendor had included a signature for new malware.

And that if your vendor had not updated within 6 days, it was statistically very unlikely that you would ever get an update for that malware.

 

Unfortunately, I can't find back references to this study.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 nCharge

nCharge
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 14 March 2013 - 07:37 AM

Man , that is crazy ! Not having an update for new detections...



#9 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 14 March 2013 - 11:29 AM

You understand that even if this kind of info was public, there would be no one answer about which company finds new malware strains first.



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:28 PM

Posted 16 March 2013 - 10:28 PM

This is why some programs like Malwarebytes Anti-Malware update about 10 times per day (on average). It is for this reason that almost all forums will advise to use the program during cleanup of infections, and always add "Be sure to Update the program first" -

 

A 2012 quote from Wiki stated - ""In 1985, there were 11 known computer viruses.  Today, there are more than 70,000 and new threats are detected every day.""  - Always update your virus / malware definitions before performing a scan.

 

Even sUBs (ComboFix developer) now spends more time working for Malwarebytes to keep up with the latest definitions -

The current update for MBAM is 2013.03.17.03 which means their third update already for today, so far.

EDIT -

Study: If your antivirus doesn't sniff 'new' malware in 6 days, it never will
This may be one of the articles Didier Stevens refers to in post #7 -
 


Edited by noknojon, 16 March 2013 - 10:42 PM.


#11 nCharge

nCharge
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 17 March 2013 - 08:09 AM

The worst case is being infected by a new virus and trying to scan with the most recent virus database thinking that 0 day malware will be detected ...



#12 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 17 March 2013 - 09:32 AM

We know what you want. There is no foolproof way to prevent infection. If there was, don't you think we would all use it?



#13 JamesFrance

JamesFrance

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:05:28 AM

Posted 17 March 2013 - 12:15 PM

Comodo CIS 6 is probably the strongest at prevention and it now has their cleaning program included in case someone is already infected before installing CIS.   I just did my annual MBAM scan which found nothing as usual.


James

#14 midou1994

midou1994

  • Members
  • 251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 17 March 2013 - 01:09 PM

Hi,

Kaspersky Users Have a Personal cabinet to submit malware on 2 rare occassion when I submitted a files i got a response withing 8 hours in the first case and 14 hours in the Second


Midou




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users