Sunday, September 21, 2008

After Trend now Kaspersky...killing Windows Vista

After Trend Micro now Kaspersky...both vendor released updates to their antivirus products that identified valid (not infected) Windows Vista system files as infected files and deleted or quarantined them. As a result users got stuck with after a reboot with the famous blue screen. The latest signature files should address the issue...questions comes up where we are heading with the signature based anti-virus approach? It slows systems down more and more due to the constantly increasing number of virus signatures that it needs to check against and how much longer before we run the issue of valid files (maybe we have reached that point already) being identified as infected? A signature is only a few bytes long and some vendors have some other methods to check for an infection but one thing that we learnt out of those two incidents is that it is not fool proof.

For the German speaker here is a link to Kaspersky's German forum with lots of "stressed" users:

1SSA - Security consulting, training and products: