AV-Test, which tests anti-malware products, has been tracking the situation closely and has, so far, analyzed 73 variants of malicious WMF files. NOD32, the anti-virus software recommended by and sold by the OnComputers.info team that produces this blog, passes the WMF tests for all 73 variants, and is one of several AV products that you can trust with the WMF problem.
'Nuf said.
Peter,
ReplyDeleteI get the feeling I stepped on some toes. My earlier comments on another thread were not to dismiss NOD32 as an AV (as it is one of the best out there), but just an observation that it did miss a true zero-day sample of the WMF exploit.
See this story at sans.org
The virustotal tests are kept up to date, and include NOD as well as most all other AV's out there. One of the main advertising points of NOD is that it has never missed anything...ever. Well, that simply isn't true anymore.
This doesn't mean NOD isn't a great AV, or that it won't catch all the known variants of the WMF exploit (as you pointed out). It just goes back to what I said before about not expecting an AV to fully protect anyone from this situation, and that just about any AV may, on occasion, stumble.