Linked by David Adams on Fri 23rd Apr 2010 15:58 UTC
Bugs & Viruses A version of the McAfee antivirus software used in the corporate and public sectors misidentified the svchost.exe file in Windows XP systems as malware, sending the affected machines into a loop of restarts. Only users of McAfee VirusScan Enterprise on Windows XP service pack 3 were affected, but the fallout was pretty severe, with hospital and police systems among those taken down.
Permalink for comment 420591
To read all comments associated with this story, please click here.
State of AV today
by moondino on Sat 24th Apr 2010 02:44 UTC
moondino
Member since:
2010-03-27

Buffer overflow exploits via .pdf / .swf (sometimes Java applets, but lesser so) are the current infection points. If you have Adobe Reader and Flash installed and you aren't using Firefox + NoScript, you aren't as safe as you think you are. Adblock helps a bit. NoScript helps a lot, but even that isn't perfect if the top level domain you trust gets hacked and < iframe >'s you to a malicious .pdf file that then loads up a Zeus trojan .exe that no anti-virus can detect. (Zeus toolkits dynamically generate a different .exe and cannot be proactively detected well)

Most anti-virus software today is reactive, not proactive. Only companies investing heavily in HIPS (Host Intrusion Prevention) are going to go anywhere in the future. Instead of looking inside executables, start detecting odd < iframe >s on pages, scan .pdf and .swf files for odd tags, and prevent sudden and unwanted changes to the registry from executables coming from the browser cache unless explicitly allowed.

Congrats to OSNews choosing a content / commenting system that strips the < iframe > tag, btw. Bravo.

Reply Score: 2