The Perfect Guardian

Ok, time to create one product that does it all. A product that will 100 percent, secure your computer from malware. Of course, first, it has to be able to detect and clean every known and unknown piece of malware.

What else does it need to have and how will it accomplish it. Some aspects of a suite are nice like antispam, some aspects of virtualization to me would be nice. Firewall issues need to be address. Intrusion protection. Restore? What else. Create your own and give it a price.

 

In the real world, this product will never exist nor have 100% detection, but in a fantasy world, of course anything is possible

dja2k

 

make a linux installation and run XP from vmware/virtualbox...there you go..

 

I don't think ONE software is needed, but I would like it, once a function is defined for a security software that it does its job as complete as possible. There is always something missing, which is included in other similar softwares, but these other similar softwares also have something missing. It's never complete.

 

so you want something that can detect and remove all known and unknown malware as well as no fp's so you can use your pc without it deleting your fav app or important document. so ye wake up jeff
" the only safe computer is the one unplugged"

 

A humans' natural curiosity and imperfection, the love of money, and daily advances in science and technology, will make your perfect software unachievable. Truly safe computing is no computing at all.

 

I´ve been fantasizing about this too, so I know what you´re going through trjam. But of course it´s probably not possible to create one. Scanners will never be able to identify all malicious code, so it would be nice if HIPS would get more advanced and smarter, so that they won´t have to rely on user input. I think HIPS should offer at least:

This basically means that even when malicous code tries to perform certain stuff it won´t be able to achieve its goal. I´m not sure if it´s currently possible to protect against all rootkits, with that I mean, let´s say if some tool installs/loads a driver, is it possible to deny this tool from modifing certain parts of the kernel? Perhaps some hypervisor based HIPS can achieve this.

 

Let's just face it, neither the good side or bad side consists of perfect human beings. So, neither side will truly ever "win". Today's security will be bypassed tomorrow, tomorrow's security will be bypassed in the future. No need to give up the fight, just keep in mind nothing has ever been, is now, and never will be "foolproof". IMHO, HIPS will never be "mainstream" until they drop all the techie jargon messages and start popping up saying "Hey, this software has no need to be doing what it's trying to do now, I'd block it if I were you"-types of things.

The guys here at Wilders know what to look for, the people filing in and out of places like Best Buy and going home and plugging their systems into the walls, don't. And, like it or not, you're not going to get such folks to suddenly start trying to read up on these things and knowing what to do themselves, they expect their security software to take care of them and always will.

 

I think it's impossible because antimalware is pretty much a reactive thing. You cover up one hole and another will be found.

 

True, and tech changes on a weekly if not daily basis, for the benefit of both good and bad guys.

 

As long malware only infects my HDD, my recovery solution is strong enough to remove any malware.
Unlike recovery, security isn't so strong, incomplete, holes, false positives, not userfriendly, too vague in protection, ... and the bad guys will never stop inventing new ones, especially the brilliant bad guys.

 

For me i'd just want something that can absolutely protect my base system from unwanted changes. Many of the ISR solutions these days do a good job but they all seem to have their vulnerabilities. Maybe its impossible but if i could get that absolute protection that would be my perfect guardian.

 

The safest solution I know are images and archives, stored on an offline external HDD. They never failed until now.

ISR-softwares are good for daily protection, but they can fail, because they are online and constantly threatened by old and new malware and even good softwares. It's predictable that this sooner or later will happen, that's why I have clean images ready to restore my actual system.

That's why ShadowProtect is #1 and FDISR is #2 in my recovery solution. If FDISR fails, I use SP to fix it. FDISR failed 3 times during 2 years and ATI/SP never failed in 2 years.

 

The PERFECT GUARDIAN will offer MBR/Partition Table protection from tamper (maybe an alert).

Also employed will be an immediate auto-start module if any running process is been closed willfully by malware attack or the occasional Windows CRASH bug, similar to System Safety Monitor's "Keep Process In Memory". This is VITAL!

In truth i would draw up a check on-the-spot to Faronic's if they could somehow integrate these AND script blocking capabilities in addition. Unmoveable self-protection also a prerequisite!

And that folks, would be an ideal front-line defense IMHO.

My wish list ATM.

Samurai has some fairly decent hardening features but needs an update surely.

EASTER

 

Yeh i know about backups and stuff i'm guess i'm referring to ISR software. If i had an ISR solution that offered ultimate protection for my system that would be my perfect guardian.

 

even if they managed to make a patented software like that who would buy it? imagine the price of a software that is ISR+imaging+whitelist/blacklist realtime guard/remover+firewall+hips+whatever else...and how about the performance impact? would make your core2 duo look like a pentium 2

 

Wrong question. How about the ability of using it every day?