Discovering Myself

Well, let’s take a look. The way that Anti Virus programs work is that they create a “signature” which is a hash of the virus. From this hash, the anti-virus program will match the malware hash with it’s database and if there is a match it will block it.

Now, let’s take a look at polymorphism in viruses.

Definition of a Polymorphic Virus:
A virus that changes its virus signature (i.e., its binary pattern) every time it replicates and infects a new file in order to keep from being detected by an antivirus program.

So there you go, it changes it’s signature EVERY time that it infects a computer. So there is no anti-virus that can catch everything using that mechanism. They are starting to get better with heuristics, which is a method of detecting an infection by what it does rather than what it looks like.

So, that is why it doesn’t stop everything!

I’ve seen this all over!

In large organizations you can’t always “lock down” workstations due to productivity loss and irritating employees that could and will go elsewhere.  It’s surprising how hard it is to implement solutions that will protect corporate and personal data just because they can’t install their little widget that makes little pictures fly across their screen.

Well Symantec decided to reclassify My Web Search Bar as a Downloader which totally screwed my reporting the other day.  We showed like a bazillion infections.

I researched this and found the file to be innocuous.  Symantec’s solution?  To tell me the file was innocuous and to ignore it.

Well anyway, I have to deal with this and other malware in ASIA due to keygens and other shananigans that people don’t realize are on their USB storage or what not. Oh well, at least it keeps me in a job.

I’m currently working on getting the Symantec Endpoint Protection tested and implemented globally.  That’s a huge endeavor on 13,000+ workstations and servers.  I’m a little leary of installing on servers at this point because I don’t know the impact on applications yet.  It does some new funky things and i don’t want anyone yelling at me.

I personally like the product, they’ve fixed many things in the MR2 release.  We’ll see how this whole project pans out.