I am not quite sure what is on the wild list but we get stuff in our honeypot which is definitely in the wild and compare that against most vendors 60% is pretty accurate. I mean a piece of malware usually is covered by at least one vendor but no one vendor covers most malware that good.
You should also be careful with which files you copy over. I would say if your checking email and someone sends you a file and its non executable that's ok to copy over if you scan it on www.virustotal.com . You really can't trust a machine that is completely exposed for a unknown amount of time. But if you have a vmware image that you know is clean and you start it up and you know you haven't run any rouge processes then that's a lot more trust worthy. Of course its still possible you could have been infected with a worm exploiting a backdoor but chances are very low for that. Oh by the way vmware has free software for desktops now so everyone should be running a vmware session for all their other stuff. Maybe even run a linux desktop and windows in a vmware session. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thane Sherrington (S) Sent: Thursday, March 02, 2006 3:53 AM To: The Hardware List Subject: RE: [H] Antivirus At 12:42 AM 02/03/2006, Mesdaq, Ali wrote: >Oh I love these types of topics. Right off the bat I would say there is >NO AV that gives that great of coverage. Kaspersky(verified) has good >coverage and NOD32(unverified) has good coverage. The bad part is even >of these good AV vendors their coverage is maybe 60%. What is So you're saying that the Wildlist isn't an accurate count of the viruses out there? >always revert your images to a clean state after. And only copy files >over when you're totally sure they are clean How can I be totally sure they are clean if the AV software is only 60%? Do you have some suggestions for looking at all the processes on a computer and finding out what they are? T
