powerfull antispyware

Its comparable to the situation when the first process killers spread. There are a lot of vendors that didn't implement termination protection at those days simply cause they don't see any reason to do so. Sure that nasty can terminate my guard but my guard won't let it start to begin with. It will never get the chance to terminate my application so why should I add termination protection even though its easy to implement?

Its the same with rootkits. Almost all applications will block the installation of Rustock. So why should they bother detecting him ones its active? It will take some time until they all will implement rootkit detection. Not because they think they need it. Its because the competition has it so I am forced by the market to include anti rootkit technology themselves.

Yeah but PrevX was BUILD to prevent and not to detect. Thats why its call PrevX and not DetectX .

 

OK AH I'm getting your point to some degree but lets widen the field and include Wincom32 malware that made its appearance in January07.

I bagged my first copy of the trojan c/o CWS type infection 3 days before it was mass propagated by *the storms* email attack.The whole AV industry was caught with their pants down judging by the activity at SANS and rushed to get out new defintions out targeting the worm.

The worm got soon nailed and tracked for new variants as they emerged but how many of the AV's that got bypassed by *unaware* users opening the email attachment could detect the loaded wincom32 payload....Put it another way how many compromised machines are still unknowingly backdoored as part of the Nuwar botnet ?

This is where i totally disagree with your opinion of ARK abilities of softwares being due to one upmanship between marketing departments.If you study the trends of the emerging malwares and proliferation then ARK capability is must have for any blacklist anti malware scanner.

 

Dude, you don't have to convince me regarding anti rookit features. I never said they are useless. I just told you that:

1. Rustock is a bad sample to judge about the ARK functions of any software simply cause its easy to detect.
2. Told you why vendors might not see the immediate necessity of implementing ARK features.
3. Pointed out that the way you tested PrevX stays in contrary to its purpose.

I actually think ARK features are helpful but not as important as behaviour blocking abilities for example. Rootkit detection is the same old cat and mice game as signature scanning. So stopping it at its root by limiting what is allowed to run in kernel mode and what not is the only reliable protection.