im finish with avira..... after heavy infection

What I do know is that for me ,backup programs do not work,
kiss you arse goodbye Maricrum reflect.
What I do kown is that A DVD-R copy of my files and the Windows Xp Disk work very well.
Backup boys say 15 mins,my way is at least three hours just reformatting,and
a couple of hours tweaking on BlackViper,Plus downloading programs.
But my way works every time.
Not something I want to do every day,but once a year (average) i can live with it.

 

This might easily get off topic, but if it is intended as the ultimate remedy against ...heavy infection, I think it is pertinent.

I gather you are not happy with backup programs, and if they don't work, you are right, reinstalling Windows is the only alternative. It took me 2 hours installing Vista 64 bit and another hour to update it. Then I spent 2 days reinstalling all my programs and fine tuning the system to my satisfaction. OK, I might be a bit of a slow operator, one could possibly do it in 5 hours.

As soon as I finished my installation I back it up to a USB drive: time 9 minutes. Once the backup finished, I restored the system straight away to test it: time 10 minutes. Now whether you choose my long 3 days or your short 5 hours, you must admit that 10 minutes beats them all.

 

Interesting.

 

It seems that you don't know how your favorite program works by saying this...

Stefan is absolutely right!

 

Doesn't have nothing against Comodo.

With Comodo, if you try to execute an infected file, first it detect if the file is benign/malign/unknown, based on its signatures and other methods.
Only if Comodo doesn't detect nothing malign on file will use its HIPS feature and show you a preventive alert to let you choose what you want to do with it.

So:
First is Detection
Second is Prevention

Am I wrong?

 

ssj100, the problem with HIPS is that they are only for geeks. How is my wife or my mother would answer all the pop-ups?

 

Here are one of my replies from back in January with a similar question:

Development Activities for CIS

 

For geeks and extremely patient persons...

This is why I prefer a well done Behavior Blocker than an annoying and useless HIPS...

 

And for those who are untiringly and eager.

 

I agree that this declaration is very confusion, but not for me since if you use an AV and HIPS, the Detection is always the first.

But this is just my opinion based on what happens on the systems with this configuration, and the way I think it should works.

 

I'm talking about the type of HIPS used, for example, by Comodo.

 

Agreed. I have said that many times in this forum. The ultimate AV is an image that is not infected.

 

The guy is a kibitzer. Has nothing to add- just takes shots at Avira users.

 

Thanks for reviving an old debate finished by PMs, wanting in on the action eh? Le sigh... typical you.

 

Seatbelts and airbags were created for reducing your chances of being injured or killed in an accident. They in themselves weren't made to save your life.

The same goes for AV programs & Firewalls. They both together form the first line of defense against any type of malware, but they are not infallible.

 

Originally Posted by 3xist:

I think we define "prevention" in a different way. Do you mean "prevent an infection to take place at all" or "prevent that a malware can fully activate, stay resident in the system"?

In the house / burglar analogy, I would say: door = av programm, blocks the malware from entering the system. alarm system = someone managed to get in, alarm the owner, prevent the burglar from stealing (everything). Insurance company = clean up (pay) for the mess (backup, restore).

I don't understand why you claim it is better to let the malware run in order catch it (via behaviour monitoring/HIPS) rather than not to allow it to start at all.

 

It can be FP..., especially heuracked detections

 

I'm sure he'll correct me if I'm misquoting him but I drew the inference that he was advocating a default deny approach whereby anything unknown would be blocked from running at all without being implicitly allowed to do so,rather than run then cross your fingers and hope for the best that anything malicious is spotted.

 

That's whitelisting. Which has the problem - how do you know if a program is 100% safe and clean? It's much easier and faster to find out if a program is possibly malicious instead of being 100% sure that a program is safe.

And blocking every unknown application? I don't see how that can work with normal users who try out new software all the time.

 

i 100% agree with ssj100 approach, avs ONLY as stand alone protection is long time over , we need a good HIPS ( in his case D+) to cover new o-days threats .


cheers

 

I'm not particularly advocating either approach over the other,my own preference for a first line of defence is the Sandboxie approach where it doesn't matter if the file is malicious or not.
The key to the usability of a whitelisting approach is a sufficiently extensive database of known good executables to keep things running smoothly.A big task but surely it's easier to add good stuff which after all is in the open and accessible than retrospectively blacklisting malware which is only discovered once it's already causing harm?

 

Whitelisting (HIPS) vs. blacklisting (AV, behavioral blocking) - the two concepts and a long debate.

Personally, I prefer antivirus with a giant database of signatures, exceptional heuristic and a good behavioral blocker. HIPS are too annoying for me.

Let my computer serve me!

 

On the other hand I do understand your point too. Almost every day very easily found malware that can not be detected by at least half of the AVs on Virus Total, for example (including Avira or NOD32).

 

You sir are the reason God made A-2 AntiMalware!

 

If a-squared's anti-malware continues to develop and improve, I'll be one happy customer.