AT vs AV, a 12 round bout for control of your security.

Some interesting analysis there - any idea as to the significance of Sep 2004? (a look at Kaspersky's Aug 2004 list has Netsky/Mydoom at the top and Microsoft reported that JPEG vulnerability).

 

Paranoid2000,

I have absolutely no idea, maybe it reflects the proliferation of all those worms (NetSky, Bagle, Sober, etc.) recently as you note. I didn't look into it in detail, only the broad implications for someone trying to keep current with signatures - which are not good.

Blue

 

It looks like Online Armor is making big steps in this direction. I am observing them and all the other products carefully.

I am not sure who is going to take the lead on this since it seems like many companies are going to build in behavior blocking, including maybe DCS.

The winner will probably be the one that can make the product the most user friendly for the masses while also providing expert settings to attract the "bleeding edge" users that will promote the product in HJT forums and to their friends and family.



Starrob

 

It seems this discussion has come full circle. My original supposition was the greater dangers of trojans and the need for AT scanner as a must have. I still believe simple signature scans are needed and always will be, but I pity the poor schmuck that gets hit with the first of its kind trojan. It would be like hitting the lotto.

Ewido's current incarnation uses heuristics, and I wouldn't be surprised if it didn't include some kind of IDS with a future release. Hopefully they won't be so intrusive that a user won't want to use them. I for one stand firmly in the ease of use, minimalist approach.

Someone should do an experiment with the various (one at a time) ATs on a PC and browse every porn site, questionable download site, hacker and cracker site and p2p. It may give some valuable insight into how long the AT holds up or how long before the PC becomes unusable. Perhaps do the same with IDS software.

Regards,
Jaws