Quote:
Originally Posted by Ignitionnet
They're mostly a placebo anyway. Detection rate a month after malware release is about 50%.
|
Well thats the thing. Each and everyone one of them can be bypassed easily but some protection is better than none. Catching the mass spam nasties which get noticed and added to signatures within a day or two has huge benefits though and those are the things that get most normal users.
The corporate scenario has to deal with those plus more bespoke nasty packages which don't get flagged the same way. The targeted ones rarely get detected at the time of infection. It's not just corporate though, if I say targeted Paul M with a spoofed mail+invoice for extra charges from one of his hosting companies, the only safe thing to do is not to look unless you know what you are doing. Disabling macros is not good enough fyi
I wouldn't use a generic bit of Malware or RAT which would get easily seen, it would modified or crypted so it was not recognised. Infecting one person with it means it's likely to get known about by AV vendors. Send it to more people and the chances rise. Same with corporate attacks.