mesostinky
02-02-2009, 08:56 PM
So to sound harsh but....Don't these recent Mac Trojan outbreaks pretty much prove that iAntivirus is close to worthless for unknown viruses? Please hear me out before you flame me.
We've come to the age where if you have to rely on database updates to catch viruses you've pretty much lost. Any AV researcher(esp the PCtools devs) will admit as much. If your product can't track and model what malicious behavior looks like then your really not protecting the user.
The behavior these recent trojans displayed should have been throwing up red flags in a BIG way.
From Intego:
The crack application then requests an administrator password, launching the backdoor with root privileges. This copies the executable to /usr/bin/DivX, then creates a startup item in /System/Library/StartupItems/DivX. The program checks to see if it has been launched with root privileges, then saves the root hash password in the file /var/root/.DivX. It listens on a random TCP port, and answers requests such as GET / HTTP/1.0 by sending a 209-byte packet, and makes repeated connections to two IP addresses. Next, the crack application opens a disk image which is hidden in its resource folder, in a folder named .data, and proceeds to crack the Photoshop program, allowing it to be
used.
I do think that some protection is better than none. And currently I do use iAntivirus, but I have to say these trojans should have easily been caught by iAntivirus and that really worries me, and not because I'm the type of person who would steal software.
Are their plans to really put the money and research necessary into developing iAntivirus's Heuristic behavior so that it reaches parity with your Windows based Antivirus products?
We've come to the age where if you have to rely on database updates to catch viruses you've pretty much lost. Any AV researcher(esp the PCtools devs) will admit as much. If your product can't track and model what malicious behavior looks like then your really not protecting the user.
The behavior these recent trojans displayed should have been throwing up red flags in a BIG way.
From Intego:
The crack application then requests an administrator password, launching the backdoor with root privileges. This copies the executable to /usr/bin/DivX, then creates a startup item in /System/Library/StartupItems/DivX. The program checks to see if it has been launched with root privileges, then saves the root hash password in the file /var/root/.DivX. It listens on a random TCP port, and answers requests such as GET / HTTP/1.0 by sending a 209-byte packet, and makes repeated connections to two IP addresses. Next, the crack application opens a disk image which is hidden in its resource folder, in a folder named .data, and proceeds to crack the Photoshop program, allowing it to be
used.
I do think that some protection is better than none. And currently I do use iAntivirus, but I have to say these trojans should have easily been caught by iAntivirus and that really worries me, and not because I'm the type of person who would steal software.
Are their plans to really put the money and research necessary into developing iAntivirus's Heuristic behavior so that it reaches parity with your Windows based Antivirus products?