Stunning statement

Hi

My father in law is an old IT guy. He said to me "why are you so concerned of zero day threats". The likely hood that you get infected is close to zero.
I run a decent router with FW and Avast. Because Avast has this nifty VRDB or Virus Recovery Data Base feature the chance of zero day infection are close to zero.

His common sense o-day protection
a) run an scan before backing up a new image
b) force a VRDB update (he has set increments in the Avast INI file to 4 weeks), and he runs this procedure every 4 weeks

On the same image Avast can repair infected files from a minimum of 8 and maximum of 12 weeks ago. So when I get infected and find it out afterwards, I use VRDB. What is my chance of not getting rid of an zero day infection older than 8 weeks? I always keep two images so in theory I can restore 16 weeks ago. Which zero day manages to stay undetected for 16 weeks.

He calls it joking CSI-protection (common sense intrusion)

 

It's a feature for recovering executables infected by uncurable (or difficult to remove) file infectors. It will do nothing against a trojan/spyware/rootkit.

 

Exactly.

And file infectors are all but dead. Oh, they still exist, but tuning your defense against them as if they were the primary threat is silly. For what they detect, antivirus software might as well be called antitrojan software these days.

 

Just out of curiosity, what kind of IT guy is he, exactly?

I guess not people know about something PC Tools terms as Malware 2.0. To quote,

In my experience this is true. In some circles malware is released and updated rapidly, but they propagate at a very slow rate within a limited (say, 500-1000) number of users. The problem is that even though individual groups are small, numerous "circles" of these infected users exist, which makes it frustratingly difficult for vendors to catch them all.

 

well if u use true image home you can mount the images as logical drives(ati feature) and scan em and delete,then restore to a safe and clean image..well the registry is still a pain but thats still a great deal to clean b4 u restore

 

The ones that programmed assembler on 16kb mainframe, I will tell him about the rootkits/registry changes (I tend not to discuss with him ). Off course he has his image backups as fallback.

 

Old skool. Well, I suppose the VRDB would be a near-impenetrable defense for viruses from that age...

 

I like the idea of CSI-protection. I belive that only real protection against good written trojans/rootkits/etc is the human mind and some security knowledge. I know many of you will disagree, but I preffer feeling not secure and being more vigilent, rather than using the latest and greatest HIPS just to feel comfortable. Of course, I'n not defenceless, I use a firewall (Sygate), an AV (Avira) and I also use my brain