Very interesting and candid article by Eugene Kaspersky on the current state of the virus industry -
http://www.viruslist.com/en/analysis?pubid=174405517

"Today, malicious programs propagate so quickly that antivirus companies have to release updates as quickly as possible to minimize the amount of time that users will potentially be at risk. Unfortunately, many antivirus companies are unable to do this - users often receive updates once they are already infected.

Let's assume that the virus manages to penetrate the victim machine, and the antivirus solution installed on the victim machine doesn't detect any suspicious activity. (This might be because of the quality of the solution itself, or because the user has been careless, and not downloaded the latest updates to the antivirus databases in good time.) Sooner or later, updates which detected the virus will be released - this means that the virus will be detected, but not necessarily defeated. To get rid of the virus once and for all, the infected files have to be carefully deleted from the victim machine. “Carefully” is the key word here, which brings us to the third problem connected with antivirus programs.
Problem #3

The third problem faced by the antivirus industry is deleting malicious code detected on the victim machine. Very often viruses and Trojans are written in a way which enables them to hide their presence in the system and/ or to penetrate the system so deeply that deleting them is a complex task. Unfortunately, some antivirus programs are unable to delete malicious code and restore the data which has been modified by the virus without causing further problems. "


This tells me that products like AD and RD are absolutely required.

Right now in the popular press we hear all the time about virus products and protection. I wonder if 5 years from now the emphasis will be on application and registry protection products?

-{ Quote: "
This tells me that products like AD and RD are absolutely required.

Right now in the popular press we hear all the time about virus products and protection. I wonder if 5 years from now the emphasis will be on application and registry protection products?" }-

Hi berng

I agree with your conclusion 100%, and have adjusted my protection approach accordingly.

Pete

-{ Quote: "Very interesting and candid article by Eugene Kaspersky on the current state of the virus industry -
http://www.viruslist.com/en/analysis?pubid=174405517

"Today, malicious programs propagate so quickly that antivirus companies have to release updates as quickly as possible to minimize the amount of time that users will potentially be at risk. Unfortunately, many antivirus companies are unable to do this - users often receive updates once they are already infected.

Let's assume that the virus manages to penetrate the victim machine, and the antivirus solution installed on the victim machine doesn't detect any suspicious activity. (This might be because of the quality of the solution itself, or because the user has been careless, and not downloaded the latest updates to the antivirus databases in good time.) Sooner or later, updates which detected the virus will be released - this means that the virus will be detected, but not necessarily defeated. To get rid of the virus once and for all, the infected files have to be carefully deleted from the victim machine. “Carefully” is the key word here, which brings us to the third problem connected with antivirus programs.
Problem #3

The third problem faced by the antivirus industry is deleting malicious code detected on the victim machine. Very often viruses and Trojans are written in a way which enables them to hide their presence in the system and/ or to penetrate the system so deeply that deleting them is a complex task. Unfortunately, some antivirus programs are unable to delete malicious code and restore the data which has been modified by the virus without causing further problems. "


This tells me that products like AD and RD are absolutely required.

Right now in the popular press we hear all the time about virus products and protection. I wonder if 5 years from now the emphasis will be on application and registry protection products?" }-


Hi Berng,

Interception security applications are one of the best ways currently to securely handle malware on an end-users machine. There are still issues however in the way these applications work compared to Anti Virus applications which will be a major factor in getting more people over to this side. Mostly it is to do with ease of use and understanding what is going on.

When grandma gets an AV alert, its simple enough to click "Disinfect" and hope it does its job, usually it doesn't which means she goes to ring son or grandson to help clean up her computer. However an Anti Virus in a lot of cases can clean up the more benign malware without much more than a single alert.

Come along to software like mine, and there would probably be around 5 alerts to very suspicious behaviour when malware is trying to run. All of which grandma clicks allow to, because she isn't sure what "is trying to install a rootkit" means. Not to mention that clicking 5 alerts for every new installation gets tiring for her anyhow.

There needs to be a balance reached between "user interaction" and effectiveness of product. That is the goal I am working towards anyhow.

Yup Jason_R0 that's the problem. People ask me for a ''set it & forget it'' solution. I say there isn't one. I recommend older people or people that don't want to take a role in protecting their computers to get win98se.

-{ Quote: "Very interesting and candid article by Eugene Kaspersky on the current state of the virus industry -
http://www.viruslist.com/en/analysis?pubid=174405517

This tells me that products like AD and RD are absolutely required.
" }-

Hey Berg , this decision is pretty much old hat to the people here.

Still did you read the whole article? Near the end he talks about problems of other technology like behavior blockers.

-{ Quote: "Let's take the example of the behaviour blocker, which is a competitor to traditional antivirus solutions which are based on virus signatures. These are two completely different approaches scanning for viruses, which are not necessarily mutually exclusive. A signature is a small piece of code which can be compared to files, and the antivirus solution checks to see if the two are identical. A behaviour blocker, on the other hand, tracks application behaviour on launch, and will terminate programs if suspicious or known malicious behaviour is detected. Both methods have their advantages and disadvantages.

Behaviour blockers offer benefits in that they are able to detect even unknown malicious programs. On the minus side is the possibility of false positives; the behaviour of today's viruses and Trojans is so diverse that devising a single set of rules which encompasses all possible behaviours is simply impossible. This means that the behaviour blocker is certain to fail to detect some malicious programs, and will periodically prevent legitimate applications from functioning.

Behaviour blockers have another inherent disadvantage; they are unable to combat conceptually new malicious programs. Let's imagine that Company X has developed a behavioural antivirus AVX, which detects 100% of current malicious programs. So what will the hackers do? Of course, they will invent new types of malicious programs. And then of course it will be necessary to update the behavioural rules. And then update them again, because the hackers and virus writers aren't going to give up that easily. And then update them again and again and again. At the end of the day, we arrive at a signature scanner, except the signatures will be behavioural, and not pieces of code. " }-

Of course Appdefend and Regdefend I think are slightly different from the behaviorial blockers described here. But I think it kind of fits

Hello

Use 98SE? Well then who will help them poor poeple when their system crashes?

Is there something special that they would need to do to stop it from crashing?

Yes I have been preaching proactive and was guessing protecting vitural memory would be good too.

All AV/AS/AT/AK scanners have the same problems, because they are all based on what the bad guys do and that's the problem. Bad strategy.
AD and RD the future ? I prefer ShadowUser.

I totally agree with this post. I have been saying all along what you really need is good inbound protection and process protection, period. Until leaks dont exist in firewalls and exploits dont exist in AV's, they are pretty much worthless for 0 day exploits. Also, if and when the day does arrive when these products exist, they will bog down the OS so badly, that it will not be worth to run.

I have been running a Fortigate 60 and process protection only for months, not running a software firewall or software AV, and I am so much happier. System runs better and I have had no trojans, worms, greyware, ect. I have done scans monthly in safe mode to check.

-{ Quote: "All AV/AS/AT/AK scanners have the same problems, because they are all based on what the bad guys do and that's the problem. Bad strategy.
AD and RD the future ? I prefer ShadowUser." }-

I prefer vmware.

-{ Quote: "I prefer vmware." }-
Too expensive for a home user.
http://www.vmware.com/request_processor?nextPage=/vmwarestore/newstore/category.jsp&action=CATALOG.GETGROUPS&application=store&ProductGroupCodes=EXT-STORE-WKST-WIN,EXT-STORE-WKST-LX

yes, vmware me too a little bit more fun only prob I encounter is the activation of my official serial

find it weird cause what if you have M$'sr own VirtualPC...

take care y'all