malwares trigger what first in a multi-layer protection?

as title said .

multi layer protection: AV, AS, firewall, HIPS

2 scenarios :

1. malwares from web

2. malwares in PC

 

There are lots of malware that try to disable Windows Firewall in order to be easy for a hacker to flood that computer with pest.

The other depends on the malware itself . Some are made to search for special software , first disable/destroy them and then work ... Some years ago almost all new worms were made to seek for top products like Norton/McAfee/Kaspersky/Panda/Trend and first destroy them . A few years later , the situation is different - worms are not so widespread , there are many other products than the top one.

Nowadays , lots of threats just try to be invisible to the security software (trojans/rootkits) . They are on the PC , the user has his false sense of security , the malware writter is happy ... why should the malware disable the security software when it can simply pass-by it,do the same job and when everything appears fine nobody is going to search more deeply for it (the malware) . The 21st century malware is created for money => no malware,no money

 

True.

Can you imagine what would happend if these worms were destroying systems making them not bootable

 

I think the OP is asking which software is the first to detect the malware, not which one is more likely to be terminated by malware.

 

I understand it in another way . Anyway , in both cases :

Firewall only block intrusions (not malware) .
If the antivirus/antispyware can detect the malware , it will first catch it (no matter from web/PC?).If not detected by them (if HIPS can) , then the HIPS comes . Firewall with outgoing protection may warn about malware file wishing access .

 

I think the OP had in mind the question as to with the current crop of AV, etc, which application will probably detect malware as the first responder. Obviously, the better the detection rates, the more likely the AV is to catch malware first.

It is my impression that the AV does that in most cases. The couple of times that a trojan attempted to infect my system the AV caught it, and the Anti-Trojan did not. In answer to my question responses were that the AV would nearly always catch it before the AT. However, the ATs generally do better at removal.

AVs in general are not oriented toward pure spyware, and may not show well in a test that is primarily a spyware test. Some malware is not that harmful, such as tracking cookies, and an AV or some AS applications such as SAS do not do well at detecting those.

If the above is not correct then please get us straight.

Regards,
Jerry

 

IME, the "Anti-trojans are better at removing" is a myth.............and why (realisticly) would they be?

Most of it is rehashing of whats been said in forums for a number of years and repeated over & over, but rarely has any credible test been made and the moment Andreas Clementi did an AT test....................................which showed all to be not that great and one to withdraw when they got the results, he was then discredited in some forums mainly by followers of the AT's in the test.

An AT is IMO only a layer in your protection and most are just wasting your CPU. Just my 0.02.

 

Hi Don,
Thanks for the information. I have often wondered whether or not an AT or even an AS application is necessary if the AV is one of the top at detection. In the tests I have seen, the best AVs detect more trojans than the AT.

However, layering might be a very good thing if running with an AV that is not strong at AT detection. Although his tests are now at least 2 years old, Firefighter ran some tests with AVs, and then AVs in combination with Ewido or a-squared. His results indicated that top AVs that had a high detection rate did not improve, but those that were not so good improved significantly. Avast was one that did improve running with Ewido.

If two programs do not conflict I personally want to run a good AS along with my AV, no matter how good the AV is. BUT I must admit that I have never had an AS/AT type program catch anything but minor spyware like cookies or some traces, so maybe my thinking on layering is not correct.

Frankly, I wonder if we get various speciality programs, like UnHackMe, and sandboxes, and others too many to name, if we are just wasting space and money.

Regards,
Jerry