Malware threat lists slammed as 'useless'

PC Tools questiond the usefulness of threat lists.

Security vendor PC Tools has questioned the usefulness of the threat lists used by many security companies to warn of current malware attacks.

The problem, according to the Melbourne-based company, is that the lists -- which are now regularly issued by almost every security software company -- measure volumes rather than the underlying danger of a particular type of malware.

PC Tools, itself an anti-malware vendor in the same space, dismisses them as being "of no practical use for the security industry or consumers," and, not surprisingly, advocates its own ThreatExpert analysis system that cross-references volume with other factors such as the design complexity of a threat, its innovation, and its payload.

Examples of threats that regularly turn up on some lists but which pose relatively little danger include the four year-old Netsky, and the packer NSAnti, which itself is merely a means of hiding malware, and shouldn't even appear on such lists at all, the company said.

"Threat analysis is highly complex. There was a time when volume alone was an acceptable indicator of the level of threat. But the threat landscape has changed significantly and there are a number of additional parameters, besides volume, which are equally, if not more important in identifying and classifying top threats," said PC Tools CEO, Simon Clausen.

The underlying problem highlighted by the PC Tools blast is an interesting one. There is little independent security data that can be quickly understood by even experienced users. Typically, information lies in the hands of self-interested security vendors, who use it for marketing purposes.

There are a few exceptions to the rule such as third-party security information providers such as Danish outfit Secunia, but they focus on new threats. Working out which pose the greatest risk still requires a means of cross-checking real-world volumes with sophistication analyzed by looking at source code.

And then there is the dark suspicion many malware watchers have that the most dangerous attacks are the ones you never or rarely hear about until the criminals are long gone.

The company puts forward its own suggestions for the malware that the average user -- which is to say moderately protected user -- should worry about right now. These include the bot-builders Kraken/Bobax, Srizbi, Cutwail/Pandex as well as the ubiquitous Storm family.

Other popular and current threats include the fascinating MBR-infector Mebroot, which has attracted plenty of attention from industry insiders who see it as a clever throwback to virus techniques thought long dead, and social engineering infectors such as Zlob, which masquerades as a legitimate anti-spyware program.

Carole Theriault of Sophos took issue with the PC Tools assessment of threat lists in the strongest terms.

"I don't know of any reputable security company that only publishes top threat info without giving context or explanations. Talking about why a threat is more prevalent than any other is a great way to get the message out to computers users about the importance of security," she said.

"The mere fact that Netsky is still hammering away and infecting systems is VERY important. It shows that there are a large numbers of computers out there that have completely inadequate or nonexistent computer security."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E. Dunn

Techworld.com
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?