Does your a/v product protect against known WMF exploits in use?

  • Thread starter Thread starter Bill Sanderson
  • Start date Start date
Bill, I don't understand the graphic. I have Nortons, and it says 73 out of
73, does that mean Nortons has detected that or what? Sorry if this sounds
like a stupid question, but I'd like to know if certin Anti virus systems are
catching it more then others. Thanx for any input.
 
That is a good result. There's quite a bit of FUD around this issue at the
moment. Different comparison articles in various press articles have had
varying figures for the number of variants to the exploit--73 is the low,
other's have cited "over 100" or 200+. You want a vendor which is detecting
all the known variants.

In this case, Norton's doing the job well.

Yes--some vendors are doing a better job of keeping up with this than
others.

So far, the number of sites hosting code exploiting the vulnerability is
relatively limited, and they are not sites that the average person might
encounter unintentionally. However, there is some chance of hitting one via
a bad search result choice, and there have been reports of WMF file being
spammed in email--notably messages including "new year" or "vandalism" in
the subject header. I can't confirm having seen any of this spam myself,
but I have heard from others that they've seen it.


--
 
PhilGreg said:
==> Yes, Kaspersky AV background and Trend Micro's Sysclean on demand
scanner. Also trojan Hunter background AT scanner and Ewido on demand
scanner.
Click to expand...

Microsoft is claiming 100% detection for Windows OneCare Live beta:

http://windowsonecare.com

and for their online scanner at:

http://safety.live.com

If you believe you have actually been infected via this vector, I would call
Microsoft PSS:

1-866-pcsafety (in the U.S. or Canada)--or the local number for your
Microsoft subsidiary elsewhere in the world. They need the best real-time
numbers they can get about the impact of this issue on their customers.

Scanning with either OneCare, or safety.live.com will also get them that
information.
 
Microsoft is claiming 100% detection for Windows OneCare Live beta:
Click to expand...

Hi Bill

Every vendor which promise 100% detection will soon "eat their hats"
.... ;)

Best practise is "no comments" from all of them.

Maybe they detected all 73 variants fom the AV test.

But to write that they always detects 100% is totally crazy.

IMHO

regards
plun
 
Hi Bill

"Good practise" is just put all them in a virinfo list and let others
test a vendors protection.

"Known viruses"......... is easy to write ;)

Maybe AVG also can write so ?

But this is MS so they use their own "Good practise" rules.

regards
plun




Bill Sanderson presented the following explanation :
 
I believe I've seen a microsoft product on one of the mass a/v scanners
lists--virustotal? recently? But I think that was the Malicious Spyware
removal tool.

I believe a command-line scan of a single file is needed for that kind of
site--and I'm not at all sure that's available with OneCare--the only
currently available implementation of Microsoft's antivirus
technology--other than safety.live.com


--
 
Hi Bill

"If you are a Windows OneCare user and your current status is green or
yellow, you are already protected from known malware that tries to
attack this possible vulnerability."

Antivirus protection for dummies ;) (and beutiful colours)

My colour is yellow today ;)

I have not seen any test with One Care included.

Well, maybe wrong people writes MS advices. Or One Care must be a
sucess !?

Virinfo from vendors which knows about this:

F-Secure

http://www.f-secure.com/virus-info/

TrendMicro

http://www.trendmicro.com/vinfo/

Symantec (on level 3 ! )

http://www.symantec.com


IMHO.


regards
plun


Bill Sanderson explained on 2006-01-05 :
 
Thanx Bill for the info. I think everyone is just going to be extra careful
for a few days till the Microsoft update is out....:)
 
Check WindowsUpdate/MicrosoftUpdate/AutoUpdate. As you noticed from Engel's
message--they've released early.

--
 
Back
Top