News

Commercial antivirus software rendered useless in hours

By Tim Conneally | Published August 11, 2008, 6:02 PM

At the Race To Zero contest at DEFCON 16 in Las Vegas last weekend, seven sample viruses and three sample exploits were reverse engineered to the point where they could bypass anti-virus software. The task took one team just over two hours.

Race to Zero is a contest where a series of malicious code samples are given that must be modified to be able to circumvent five anti-virus engines, each sample more difficult than the last.

The contest began with the 20-year-old DOS virus Stoned, then followed with Netsky, Bagel, Sasser, Zlob, Welchia, and Virut.

Exploits included three Microsoft vulnerabilities: one for Word, the Vista animated cursor vulnerability, and the SQL database 2000 engine flaw or "Slammer" Worm. The Word exploit was later discarded from play because few contestants actually had a vulnerable version of Windows 2000 to test upon.

A major motivation for holding the contest was to show just how weak signature-based anti-virus software is and how quickly it can be bypassed. Signature-based anti-virus is the original technique that blocks programs that match known malicious signatures, based on pattern matching. While non CPU-intensive, it has reached the point where many consider it obsolete.

In the security community, however, this is a well-covered point, and some -companies already have moved toward more behavior- and rule-based programs.

Comments

View comments by with a score of at least

siryak
Aug 12, 2008 - 2:13 PM

As I always say. If man made it man can take it apart.

Score: 0

|
Post Reply
PC_Tool
Aug 12, 2008 - 10:01 AM

Heuristic scanning ftw. :)

Score: 0

|
Post Reply
ir0nw0lf
Aug 12, 2008 - 11:30 AM

And sadly all the false positives that come from it. I'm sure that will get better as time goes on, but still damn annoying.

Score: 0

|
Post Reply
PC_Tool
Aug 12, 2008 - 1:05 PM

Doubtful. As programs become more complex, they may very likely increase.

Score: 0

|
Post Reply
Tenoq
Aug 12, 2008 - 12:59 AM

Whitelisting ftw?

Or perhaps, common-sense ftw? :p

Score: 0

|
Post Reply
DonGato
Aug 11, 2008 - 9:40 PM edited

While non CPU-intensive, it has reached the point where many consider it obsolete.

The point was reached years ago. I consider most Antivirus useless.
And they even ask money for them. -_-;

Score: 0

|
Post Reply
Floodland
Aug 12, 2008 - 10:36 AM edited

I agree, traditional virus scanning trough signatures is protecting after the virosic code already hit the wild.
Educating the users should be the way, but that is harder than paying for the "illusion of security", right?

Score: 0

|
Post Reply

Latest Firefox 3.6 beta fixes 133 bugs, promises faster page load times

A once-sluggish beta testing process has kicked into overdrive, with astonishing success at finding serious bugs. Will Mozilla be able to fix all the others in time?

Apple invokes DMCA, claims Psystar is 'trafficking in circumvention devices'

In trying to close the book on possibly the last attempt at a Mac clone, Apple cites from its own landmark case...but may actually be misinterpreting it.

The fallacy of Facebook privacy

Carmi Levy | Wide Angle Zoom: If an insurance company learns something interesting about its client through the Internet, is that snooping?

Microsoft 'worked with Apple' for Silverlight on iPhone, says Goldfarb

By not making such a big deal out of trying to stream video to the iPhone, Microsoft got a big deal out of it, revealed the Silverlight product manager.

Confirmed: Office 2010 to ship in June

Two weeks after Microsoft had been expected to draw a clearer roadmap for its principal applications suite, it's finally ready to commit to the end of H1.

New EU antitrust commissioner will oversee Microsoft, Oracle+Sun, Intel issues

As one of Europe's most prominent politicians shifts positions in January, her replacement remains a question mark over technology's biggest issues.

Without its own 'iTablet' yet, is Apple missing the boat?

Steve Jobs is on record as dissing "single-purpose" devices like e-readers. But given their recent popularity, was that a mistake?

Not-so-mobile battery life: Time to force the issue

Carmi Levy | Wide Angle Zoom: If power efficiency is important when you buy a car or even a motorcycle, why shouldn't it matter for a smartphone?

Clicker.com cuts through the Web video chaos

In a world where homemade video and Hollywood movies travel the same pipeline, it's good to have a real search engine to cut through the clutter.

Microsoft's Ray Ozzie: 'Nobody's going to be 100% open'

The mobile apps ecosystems of the world may converge over time, led by apps being ported over across platforms, according to the Chief Software Architect.

A case study in improving software: What Office 2010 can learn from Notion 3

A music composition product gambles with a complete overhaul, in an effort to make headway against two well-known competitors in a tough market.