So to sound harsh but....Don't these recent Mac Trojan outbreaks pretty much prove that iAntivirus is close to worthless for unknown viruses? Please hear me out before you flame me.
We've come to the age where if you have to rely on database updates to catch viruses you've pretty much lost. Any AV researcher(esp the PCtools devs) will admit as much. If your product can't track and model what malicious behavior looks like then your really not protecting the user.
The behavior these recent trojans displayed should have been throwing up red flags in a BIG way.
The crack application then requests an administrator password, launching the backdoor with root privileges. This copies the executable to /usr/bin/DivX, then creates a startup item in /System/Library/StartupItems/DivX. The program checks to see if it has been launched with root privileges, then saves the root hash password in the file /var/root/.DivX. It listens on a random TCP port, and answers requests such as GET / HTTP/1.0 by sending a 209-byte packet, and makes repeated connections to two IP addresses. Next, the crack application opens a disk image which is hidden in its resource folder, in a folder named .data, and proceeds to crack the Photoshop program, allowing it to be
I do think that some protection is better than none. And currently I do use iAntivirus, but I have to say these trojans should have easily been caught by iAntivirus and that really worries me, and not because I'm the type of person who would steal software.
Are their plans to really put the money and research necessary into developing iAntivirus's Heuristic behavior so that it reaches parity with your Windows based Antivirus products?
Results 1 to 2 of 2
02-02-2009, 07:56 PM #1Junior Member
- Join Date
- Feb 2009
Is iAntivirus worthless for unknown viruses?
02-02-2009, 11:29 PM #2Advisor
- Join Date
- Nov 2008
The problem (if you can call it that) is that anti-virus (AV) programs are by nature designed to detect and block viruses, and even unknown viruses if the AV program also features heuristics scanning. Most AV programs aren't programmed to also detect malware and many trojans since malware trojan programs usually don't exhibit any virus-like behavior and are totally different animals altogether. The same can be said for many firewall programs as well. Yet AV and firewall companies have been adding rudimentary anti-malware protection in particular for the most commonly encountered "drive-by" malware which your computer can pick up simply by visiting a malicious web site. Drive-by malware attacks commonly exploit buffer overflow bugs in order to gain access to your computer system. Regardless of what AV, firewall and anti-malware software you use, if you are running Windows then you should also download and use Comodo Memory Firewall since all this program is designed to do is to stop buffer overflow attacks dead in their tracks. The word "firewall" in the product name is somewhat misleading since the program is not a full featured firewall program in the traditional sense of being a program which closes all ports on your computer and only allows traffic to pass through specific ports to either specific programs or to any program.
I am not familiar with iAntivirus, so I can't answer your final question.