http://www.computerwoche.de/knowledge_center/it_security/1848636
(in german language)
every AV products today has many holes.
Can a HIPS or SandBox solution help out there? And How?

http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf
here is an english document, talk about the same thing, but an different article.

Thanks for the links Testsoso (to google too for its funny translation ;D )

{QUOTE-> Revisiting_Anti-Virus_Software.pdf[/url]
here is an english document, talk about the same thing, but an different article. <-QUOTE}

not trying to sell anything are they?!!! oh look it seems they are!

Yes, they're trying to sell their product, but these bugs exists and are well documented.

There's bugs in almost every software.
But what better way to try and sell their product then the scare tactic.

{QUOTE-> There's bugs in almost every software.
But what better way to try and sell their product then the scare tactic. <-QUOTE}
True there are bugs in pretty much every piece of code, but scare tactics are the best look at what the US gov accomplished with scare tactics [/Sarcasm]

Again the best protection for computer users is education....

{QUOTE-> Yes, they're trying to sell their product, but these bugs exists and are well documented. <-QUOTE}
Yes we know that,but they are using the publics paranoia to try and sell their product,reminds me very much of when Prevx was launched,but at least they were offering a free solution!

{QUOTE-> http://www.computerwoche.de/knowledge_center/it_security/1848636
(in german language)
every AV products today has many holes.
Can a HIPS or SandBox solution help out there? And How?

http://www.nruns.com/ps/The_Death_of_AV_Defense_in_Depth-Revisiting_Anti-Virus_Software.pdf
here is an english document, talk about the same thing, but an different article. <-QUOTE}

YES! A HIPS will drastically improve your chances not to mention artificial environments like SandboxIE + Power Shadow/Returnil + DefenseWall etc.

AV's are easily targeted, they are also greatly mass cracked/hacked with relative ease plus need system energy (resources) to monitor ALL files in it's coverage, not to mention a mountain of a signature base. I dropped them completely for HIPS and have not regretted it a single moment in years. Plus i also haven't been bothered with worry from something malicious forcing entry that AV's been compromised. Don't need the hassle and definitely not the cleanup as in reformat.
I still use NOD32 as an On-Demand but even in all it's wonderful technology, it fails to 100% completely "clean" infected files. Thank Goodness for image apps and rollback archives.

{QUOTE-> but even in all it's wonderful technology, it fails to 100% completely "clean" infected files. <-QUOTE}
Most Virut variants are really buggy and they corrupt executables. It's technically impossible to clean these broken executables.

{QUOTE-> Most Virut variants are really buggy and they corrupt executables. It's technically impossible to clean these broken executables. <-QUOTE}

True enough

Try as they may, some craftier coded viruses must also fashion their mischief where even the best of the best AV's cannot fully remove all the injected code inserted in some executables. I do have to hand it to them though, at least some AV's are able to salvage enough executables to make them operable again, but thats little consolation on today's systems with literally thousands of exe's all with different functions or supporting functions. If a main breaker trips on a Power Transformer, the whole grid connected goes down with it.

{QUOTE-> every AV products today has many holes. <-QUOTE}
Every software in the world has bugs. Especially, highly complex security-related ones.

{QUOTE->
Can a HIPS or SandBox solution help out there? And How? <-QUOTE}
Yes, it can. http://wiki.castlecops.com/Different_classes_of_security_software

{QUOTE-> Every software in the world has bugs. Especially, highly complex security-related ones.
{QUOTE->

Can a HIPS or SandBox solution help out there? And How?
<-QUOTE}

Yes, it can. http://wiki.castlecops.com/Different_classes_of_security_software <-QUOTE}

Since every software has bugs, that would mean HIPS or sandbox solutions would have bugs too. It seems to me that HIPS or so less complex then Antiviruses with all that kernel hooking and whatnot...

I have seen this guy claim that running Online Armor leaves you open to even more serious vulnerabilities and who know he might be right.

How then can we protect ourselves from bugs and holes in sandboxes and other HIPS?

EDIT : I just re-read the pdf. Never mind.

The best solution is not to use Microsoft if you dont want any "holes"... (many OSs have holes in them probably as well, some discovered, MANY undiscovered I would have thought)

{QUOTE-> The best solution is not to use Microsoft if you dont want any "holes"... (many OSs have holes in them probably as well, some discovered, MANY undiscovered I would have thought) <-QUOTE}
Best solution is not to use a PC!(or a Mac):-pen and paper have no known malware probs!(lol)

{QUOTE-> Best solution is not to use a PC!(or a Mac):-pen and paper have no known malware probs!(lol) <-QUOTE}
also, if you cut off the electricity, gas, you could also go back in time to the stoneage. ::)

lol :P

{QUOTE-> Best solution is not to use a PC!(or a Mac):-pen and paper have no known malware probs!(lol) <-QUOTE}

Aren't chain letters the pen and paper equivalent of a worm?
Somehow they've never been completely irradicated either... 8)

{QUOTE-> Aren't chain letters the pen and paper equivalent of a worm?
Somehow they've never been completely irradicated either... 8) <-QUOTE}

yes but they need the interaction of some idiotic operator to propagate?:-wait a minute doesn't most PC malware also require the interaction of an idiotic operator?(lol)