Friday, August 26, 2005

Improvements to heuristic viral detection methods

PC Magazine has posted an article about AV-Test, an ongoing project researching into the behaviour and performance of various anti-virus products. In their latest test against last week's MS05-039 PnP vulnerability, it was found that 11 of 36 anti-virus products managed to detect at least one of the six attacks conducted, even without having the appropriate signature update.

This demonstrates a significant improvement in heuristic detection methods in current generation virus scanners and present a possibile future where anti-virus products are able to intelligently detect new viruses without having to first be updated with the latest virus definitions.

Disappointingly, popular anti-virus products Norton Antivirus, Trend Micro and AVG were not among the 11 to pass the test. Neither did industrial-strength Sophos Antivirus. They were able to detect the attacks quickly enough with updated virus profiles, but apparently their heuristic detection programs were not good enough to proactively detect the attacks otherwise.

No comments: