Testing Free English Anti-Malware On Non-English Threats 78
An anonymous reader writes "Brazilian technology news site O Globo posted an interesting comparison on how free anti-malware behaves against non-English threats (Google translation of Portuguese original). By using a database of over 3000 samples from Brazil's Security Incident Contact Center, the numbers are quite different from all US anti-malware reviews. While Avira achieved the best score, 78%, Microsoft Security Essentials stopped less than 14%. This can be a headache for some large multinational corporations, whose IT departments deploy US anti-malware on the entire network, but have network segments outside US with many 'unknown' threats roaming around. I wonder what the results would be in other countries."
Interesting... (Score:5, Interesting)
What does surprise me, though, about these results, is that they suggest a fairly high level of geographic discrimination in the customization and targeting of malware. My (naive) expectation would have been that, aside from trivial stuff like trying to get the language of your spam/phishing/social engineering emails correct, the market for good exploits, well-crafted viruses, and so forth would be a fairly global one. Also, given that some malware attempts to propagate itself, rather than being delivered by a bugged website or other external mechanism, I would expect a fair amount of "splash" from malware spreading to any vulnerable hosts it can find, not bothering with any sort of geolocation, or from expats who live in country A, but still visit websites from home country B.
I would have expected a much more homogeneous(from the perspective of the mechanics of the exploit mechanism, evasion techniques, and payload) worldwide population of malware.
What about the other way around? (Score:3, Interesting)
Even with such a blatant language mismatch most users simply won't notice anything wrong with their systems until it bites them really hard.
Re:They don't even remove the biggest US threat (Score:5, Interesting)
Actually the installer for OS/2 (warp iirc) would do a virus scan before installing and would come up with the messge
"windows found, remove: (y/y)?"
so someone at IBM shares your sense of humor... or maybe it was you?