Malware threat lists slammed as 'useless'

PC Tools questiond the usefulness of threat lists.

Security vendor PC Tools has questioned the usefulness of the threat lists used by many security companies to warn of current malware attacks.

The problem, according to the Melbourne-based company, is that the lists -- which are now regularly issued by almost every security software company -- measure volumes rather than the underlying danger of a particular type of malware.

PC Tools, itself an anti-malware vendor in the same space, dismisses them as being "of no practical use for the security industry or consumers," and, not surprisingly, advocates its own ThreatExpert analysis system that cross-references volume with other factors such as the design complexity of a threat, its innovation, and its payload.

Examples of threats that regularly turn up on some lists but which pose relatively little danger include the four year-old Netsky, and the packer NSAnti, which itself is merely a means of hiding malware, and shouldn't even appear on such lists at all, the company said.

"Threat analysis is highly complex. There was a time when volume alone was an acceptable indicator of the level of threat. But the threat landscape has changed significantly and there are a number of additional parameters, besides volume, which are equally, if not more important in identifying and classifying top threats," said PC Tools CEO, Simon Clausen.

The underlying problem highlighted by the PC Tools blast is an interesting one. There is little independent security data that can be quickly understood by even experienced users. Typically, information lies in the hands of self-interested security vendors, who use it for marketing purposes.

There are a few exceptions to the rule such as third-party security information providers such as Danish outfit Secunia, but they focus on new threats. Working out which pose the greatest risk still requires a means of cross-checking real-world volumes with sophistication analyzed by looking at source code.

And then there is the dark suspicion many malware watchers have that the most dangerous attacks are the ones you never or rarely hear about until the criminals are long gone.

The company puts forward its own suggestions for the malware that the average user -- which is to say moderately protected user -- should worry about right now. These include the bot-builders Kraken/Bobax, Srizbi, Cutwail/Pandex as well as the ubiquitous Storm family.

Other popular and current threats include the fascinating MBR-infector Mebroot, which has attracted plenty of attention from industry insiders who see it as a clever throwback to virus techniques thought long dead, and social engineering infectors such as Zlob, which masquerades as a legitimate anti-spyware program.

Carole Theriault of Sophos took issue with the PC Tools assessment of threat lists in the strongest terms.

"I don't know of any reputable security company that only publishes top threat info without giving context or explanations. Talking about why a threat is more prevalent than any other is a great way to get the message out to computers users about the importance of security," she said.

"The mere fact that Netsky is still hammering away and infecting systems is VERY important. It shows that there are a large numbers of computers out there that have completely inadequate or nonexistent computer security."

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E. Dunn

Techworld.com

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?