We're Hiting A Dead End

Where are any new developers left all at?

Are we confined to just the few choices we have on hand now that is been months in ongoing developments?

You would have thought at least some other new security innovators would have surfaced by now, but seems we're limited and at a complete standstill in selections. Not that they aren't excellent or anything of the such, but seems useful security vendors have a DEAD LOCK on their own products and theres nothing at all new to even make a noise to draw some attention or audience anymore.

Is this is? And is this our choices from here on out now?

EASTER

 

Hello,
What are you talking about?
Mrk

 

well a lot of us here with our current security setups are allready bullet proof.

I think what needs to happen is that the dangers of malware needs to increase
on the internet in order for new and existing developers to rise up and start working harder. At the moment there is to much competition in the way of security products which is allready defeating most of the malware dangers on the net.

I know this sounds wrong but in some ways I wish Malware would get worse on
the internet because I need more of a "Challenge"

 

Lets get together to code something nice ourselves. lol

 

I'm waiting for better use of whitelist technology with immediate action, ISR-softwares with more possibilities and without reboots, I want a better internet, ...
I'm looking forward to AEv3 to evaluate its new features.

No new blacklist scanners anymore, no new security suites anymore, we have enough of them already.

 

I have to agree.

Looks like most badware is been efficiently enough aborted by our current security solutions and theres not much else left for them anymore, or maybe they've turned their attention to Vista

At any rate, new solutions exciting as they are so long as they are also effective, likely see no need to re-invent the wheel.

EASTER

 

I don't think so,anti malware writers having a hard time to keep up with the ever evolving malware.

Nossirah from MBAM said that he has barely time to sleep.

Easter also read the thread: ''antivirus is waisting money ''

 

I tend to compromise with that assessment to a point, malware writers are having the worse time ever trying to affect anything useful, at least on NT Systems that include for the most part XP O/S's

But let's for a moment put ourselves in their shoes, with the first onset and introduction of HIPS + Behavioral Blockers, that gave them an enormous hill to climb. Their HIPS unhooking techniques made for some fanfare but thats been all but snuffed out too for them.

New Apps like SandboxIE, DefenseWall, Returnil RVS to mention a few individual innovations have turned them on their ear and run them back again to AV's.

Even the once popular file joiners that i experienced a lot with is no match because they MUST land inside the system someplace and HIPS monitoring for one catches them trying to drop, not to mention AV's still are quite capable to capture their fair share of them.

Bragging rights have certainly shifted sides with the introduction of these new techniques and from what i sen so far they (malware makers) are on their heels not toes in this see-saw contest.

One really good benefit Microsoft left open for everyone on both sides are areas that can be exploited but also very well protected not to mention virtualized IMO.

 

Another idea is an automatic configuration of HIPS (SSM, EQS, ...) during its installation, assuming you have a fresh installed clean system, like AE does. Anything else after that is blocked or requires a user decision.
I would block it of course, I don't need changes after the iniital configuration.
There is no dead end, only new ideas to improve things.

 

Hello,

Ok, now that I have an idea what you meant ...

1. Windows development is pretty stagnant, thus it is not surprising to see a slowdown in new technologies. NT made a revolution compared to what was before, but then it stopped.

It is difficult to reinvent the wheel when you have the same obsolete principles underlying the foundations of security. Leaktests prove that. ActiveX proves that.

The future of technology lies in virtualization, which will get better and better until you run with a shell that can stack layers of OSs in a manner of cards, just shuffle them about.

Then, there's the virtual console, working through your web browser.

Instant recovery and backup software are a cool concept, but they do not serve the purpose that most people here use them for. They are first and foremost for backup and recovery - security testing later.

Anyhow, lots can be done in the world of whitelisting. Abandon blacklisting strategies altogether and move toward a pristine, whitelisted world that fits today's, non-innocent Internet.

This can be done by creating a fully modular OS. Then, independent pieces are stacked together, from the driver level up, when only select, whitelisted products are allowed.

How to achieve this? Public, community repositories. Giving users the chance to whitelist can be dangerous, but it might also work. Naturally, a significant and complicated authentication scheme should be implemented.

Actually, see below

2. You can always branch off to NIX systems and discover a whole new world without ends.

Mrk

 

Great answer. And falls right into line with the trend that now stands, at least untill or unless someone of the caliber and talent of a Nick, Mike, or Ilya and such suddenly rise to attention with something completely new.

Thanks.

As for Nix, thats fully out of my ballpark as is Linux for the foreseeable future but worthy of consideration.

 

Let see it on a larger scale,worldwide,not just the literate Wilders clan,then investigations show that the bad guys are already victorious,if even big corporates are throwing their hands up,at a loss what to do,or accept that compromised networks are an inevitable side effect of doing business these days. WOW.... back to the dark ages !!

 

Virtualization is a RECOVERY solution, that's good, but recovery is not the same as security.
If you use virtualization only, any malware is able to install itself and do its evil job, unless security stops it.
You need recovery (virtualization) and security to kill malware immediately and certainly not with blacklist based security, but with whitelists, hips, isolation, whatever.
I prefer rather whitelists, based on my installed softwares, than community databases with whitelists and blacklists, like Prevx and DriveSentry.

 

And that is exactly the project and solution i am aiming for, which is to mothball so to speak having to rely on ISR's and such as Virtual Systems to confront malware in a heads up duo where they experience the confusion and waste of time instead of the user.

And my quest is only beginning because i know this can be accomplished with minimal interaction in due time.

EASTER

 

I know that it is your goal. Instead of reading posts about scanners, I prefer to read your posts and any other post regarding ISR-softwares and non-blacklist security softwares.
I'm working on this, since I have my new computer, unfortunately I have to use softwares that are still not good enough.

The basic idea started for me, when I was still a member at SWI, after reading a post about ShadowUser written by Spy1 (Pete), who is also a member at Wilders. His post didn't get any attention at SWI, but it changed everything for me.

 

I concur,only thoroughly tested and trusted executables !

 

Besides community databases require an internet connection, while I prefer to install softwares without internet connection as much as possible.

 

I still shy away from direct connection community protection because i rather my PC tap into a downloadable local database to draw on and not a "live" setup. Besides, i don't like the delay of waiting for a distant server to run thru it's search phase from the internet as a means to detect from a BlackList.

So yeah, it's whitelist for me too and i want everything to originate from my machine not a server except normal internet interaction from surfing.

 

I also have doubts about the quality of a community database because of the huge quantity.
Don't forget that a community database requires double work and has to maintain blacklists and whitelists world-wide.
Which people are verifying these blacklists and whitelists ?
How is the verification of blacklists and whitelists done ?
The idea and intention is good, but can they handle the huge quantity of the double work ?
There is no way for me to verify this and they can tell me whatever they want, so I better do it myself, because the quantity of my personal whitelist is very small and all the rest is considered as bad.

 

I must say that lately the security landscape has gotten very boring, that´s why I haven´t posted in a while, there is no true innovation at the moment, I had hoped to see some new smarter/better looking products, but I haven´t seen any, so for now I will stick to my setup.

Also, now that I am a bit less fascinated with security tools (for how long will it last? ) it´s also funny to look at all of this from "the other side" and ask myself: what are all these people worried about? To my surprise it has gotten even more crowded on the forums.

But I must also say that I almost never install any new apps anymore (one worry less), and I´m not that worried about drive by attacks at the moment. This, combined with the lack of interesting new products has made it all quite boring. So I don´t think I will post that often anymore, who would have predicted that at the beginning of the year.

 

I agree, it wasn't too long ago that I was in here looking for and downloading software that did it all, blocked intrusions, blocked this, blocked that, told me when the computer was running a fever and just on and on. After dealing with "such and such.dll is injecting this and that into blah blah blah" and things like Threatfire popping up messages about so-called "intrustions" then just asking to block or allow without even telling me what the hell it found suspicious, I grew tired.

My Avast Web/P2P realtime scanner keeps off viruses, Firefox with Noscript and AdBlock Plus keep bad scripts, web bugs, malicious "ads" and the like away, and Sandboxie protects IE since if you try to disable anything in it, IE and the web become damn near pointless. I keep Returnil around for when I'm feeling frisky. Other than that, screw it. I'm tired of worrying about rootkits from hell that get past this and that, trying to determine what the hell dll injecting even means let alone trying to figure out why.

I'll cover the basics and let my brain do the rest, and friggin use my computer for what I bought it for, which was music, movies, and surfing, not trying to build a military defense system. If all these HIPS guys think we're at so damn much risk and want us to use their products to protect us, they need to come up with messages that DON'T require Google and experts to interpret them.

 

Indeed!

 

FINALLY someone who sums up what I've thought myself this entire time I've been apart of these forums!

People, like this guy said,USE your computers for what they were meant to be used for! It amazes me,so many people on these forums are wasting their time away,daily,tryin to find a security setup that will stop every type of malware,etc. It's like wow,get outside,enjoy life,quit tryin to build a military defense system for your computer.

 

Making a study of malware and anti-malware is a hobby/work of many members here, while others solve crossword puzzles or collect stamps. I don't see any difference.
And I have my defense system and have a much better life on my computer than in the past.
My computer cleans and repairs itself automatically, while I do nothing.

 

The trouble is, to use today's internet and/or just to exercise your interest to download programs, it's an absolute neccessity to construct a Military-Like Defense System just to be able to surf in confidence and the system stable & trouble-free, as well as keep mandatory backups for that occasional super intruder that comes along briefly to steal the show like sometimes happens.