"Commander Kinsey" wrote
| So-called
| zero-days -- malware that's not yet known -- can get
| past AV. It was designed for a different time, when there
| were just a few bugs and the file could be identified.
|
| A different time?!
|
When AV first came out it updated "definitions" once
per month. There was a file of a couple of MB that
contained byte patterns to identify known virii. I think
there were something like 30K known bugs. It worked
well. Today there are millions and the definitions are
updated multiple times daily. It's a tremendous resource
hog, yet many attacks won't be using a bug that's in
their definitions.
And many attacks are complex. I was reading that
the most common now is spam. I'm guessing that's
mostly spam that gets people to click a link and then
run a 0-day. Like you did with your PDF. Luckily it
probably didn't install malware. I run no sych risk
because I'd never click that link with script enabled.
And I know what to look for more than most people.
If you don't mind the bloat then AV can be helpful insofar
as it watches for suspicious activity. I install it for friends.
It's better than nothing. But it's not nearly as good as
being careful. Of course you'd have to be a moron and
incredibly dumb to use AV, and even dumber to use MB,
but maybe you're one of those halfwit teacher types?