Is the idea of having a product that does one thing very well lost in these 'suites'?

Discussion in 'other anti-malware software' started by apathy, Jun 10, 2009.

Thread Status:
Not open for further replies.
  1. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    Re: Is the idea of having a product that does one thing very well lost in these 'suit

    ther are lots of security software that collect annonymous information about threats for "research" only, its not a new concept for cloud security software alone. its just in order for the cloud approach to work, u HAVE to participate cuz if no one does, it becomes useless since that is how cloud works.

    Outpost has the ImproveNet that gives u the option to join or not and its a similar principle to what Norton does with comunity watch, it gathers info from the community about setups and rules to be make it easier for everyone etc.
     
  2. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Firzen771, yes, I understand the principle of the community in a cloud architecture. With respect to mandatory participation, for some products (e.g., Prevx) it is literally a requirement of using of the application -- i.e., there is no “opt-out” choice offered to the user. In contrast, with applications that do offer the choice, an individual who is concerned about privacy can circumvent the criticism that “there's no way I'd ever trust my data to cloud based software” by withholding participation.

    To return to the topic of the thread, the privacy objection against cloud-based security applications is real for some -- but not for all -- solutions in the marketplace. Thus, the migration toward security suites incorporating the “cloud benefit” will, in my opinion, continue (leveraging their comparatively large userbase); and standalone applications, most of which lack this capability, will be disadvantaged as a result.
     
  3. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Survival of the fittest? :D


    HKEY1952
     
  4. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Actually, to properly quote Charles Robert Darwin:

    "It is not the strongest species that survive,
    nor the most intelligent,
    but the ones most responsive to change."​

    :)
     
  5. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Most awesome thing ever. :D
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Re: Is the idea of having a product that does one thing very well lost in these 'suit

    By that time, Microsoft will be phased out of my system, except for one, my old 98 workhorse. :thumb:
    It'll be interesting to see how cloud based/assisted security apps hold up when someone hits them with a big DDOS attack.

    I'm probably old school in how I view this, but it seems to me that migrating to cloud based security apps won't improve the users security. It's just another way to keep users paying for an outdated and inefficient security concept, detection by identification. Updates for AVs and signature based security apps are a source of steady income for security app vendors. They can enhance it with cloud computing to make the detections more complete and get the updates faster, but no matter what they do to enhance it, signature based detections are reactive by nature. There are several security options that are pro-active that will do a much better job, and won't need to be supported by their cloud based system. There's sandboxing the attack surface, virtual operating systems, reboot to restore systems, and my favorite, a default-deny security policy.
    That only applies to natural selection. The opposite applies here. This is not an example of responding to change. It's repackaging the same old thing with some enhancements and making it appear to be change. A true pro-active security system would be a real change, but security app vendors keep clinging to their cash cow, AVs and subscriptions to the update signatures. AVs are part of the reason for the trend to security suites, a way to keep that money component in the picture. Users who want to keep paying will buy those suites. Those that are tired of obsolete security concepts have options, no matter what the industry does.
     
    Last edited: Jul 28, 2009
  7. stanmonday

    stanmonday Registered Member

    Joined:
    Jul 27, 2009
    Posts:
    8
    I'm for the security suits; some of the extra features may be really helpful and most are user friendly, which is important for users like me, who cannot say that they are advanced;)
     
  8. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Noone_particular, one of the interesting points that will benefit users is the interaction between a heuristic detection engine and an in-the-cloud reputation database (e.g., Quorum with Norton Internet Security 2010). When these technologies are combined, the heuristics can be ‘throttled up’ to be substantially more aggressive without the downside risk of creating false positives, because the latter are mitigated by way of checks to the in-the-cloud reputation database. Thus, standalone heuristic solutions will likely deliver inferior protection performance as compared to a “heuristics + cloud” approach (see post #144 in this thread).

    Noone_particular, I am surprised that you view the cloud-based advancements in security as more of the “same old thing.” While “the cloud” has undoubtedly received quite a bit of “marketing hype,” an instantaneous community-based view of malware threats provides real value.

    For example, if Symantec’s in-the-cloud advancements in Norton Internet Security 2010 were just more of the “same old thing,” then one would expect the performance of the 2009 and 2010 editions of NIS to be quite similar. Early tests, however, show substantial improvements:

    Norton's performance was absolutely stellar. It scored 8.0 of 10 points for malware removal, beating previous top scorer Panda Internet Security 2010. It also set a new record on the malware blocking test: 9.6 points, trumping Prevx 3.0, the previous champion and our Editors' Choice for standalone anti-malware. (see here)​
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I can see where they'd learn about new malicious code sooner but that doesn't translate into instant signatures or removal data. The vendors still have to make detection signatures and removal data, and that has always been the slow part. Cloud based enhancements should speed up their reaction time, but it's still a reactive approach to security, an AV. As far as I can see, it's just a faster version of the same base technology but with even more dependence on the vendors servers. Those servers are going to be a very tempting target.

    We definitely have different opinions here. I'm quite disgusted with security software vendors and their unwillingness to move to a more proactive system. Counting variants, there's somewhere around a million different pieces of malicious and undesirable code. In addition, we're dealing with malware kits that can crank out custom malware on a moments notice in almost unlimited quantities. We have to get past this outdated idea that we need to identify every lousy one of them in order to deal with them.
     
  10. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Noone_particular, while it’s true that in-the-cloud technologies do speed the responsiveness of anti-malware vendors to emerging threats, it’s more than a quantitative change -- it’s qualitative, too. In particular, reputation ratings -- distinct from signatures -- aid in identifying untrustworthy files. Determining the “reputation” of a file in a rapidly evolving threat landscape requires a view of the prevalence (plus other characteristics) of the file across a broad user community. It’s difficult to see how such a step could be readily accomplished in the absence of an in-the-cloud technological architecture.

    Additionally, as described in post #59, even heuristics benefit by leveraging knowledge from the in-the-cloud database.

    Noone_particular, in my opinion, the scenario you describe is one in which the in-the-cloud reputation ratings provide substantial benefit. In the limiting case in which every instance of malware is unique, the reputation rating will be very low and thus each will be easily classified as malware. A signature-only based approach, in contrast, might miss a proportion of any one class of malware (i.e., a set of related variants); and a heuristic-only approach would be challenged, too.

    Thus, in total, I must respectfully disagree that the in-the-cloud secruity advancements are simply “more of the same” (only faster).
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    We'll just have to agree to disagree on this one. There is just no way I'd ever go back to relying on an AV based system. Relying on a detection based security package again would be a big step backwards. No matter how they "improve" it, it's still an AV based system that's going to miss detections and have false positives. They might be able to reduce these problems but they won't eliminate them.

    This dependence on "the cloud" has privacy implications that I find completely unacceptable. What control does the user have over outbound traffic/data? How does the user know what data is going out to this "cloud"? This "cloud" is comprised of computers. Where does the users stand if something on their end gets compromised?

    For almost 4 years I've enjoyed the bulletproof protection of a well enforced default-deny security policy and a system that stays unchanged no matter who uses it. It doesn't need constant access to some vendors servers and isn't dependent on regular updating. It'll remain effective for as long as I want to use it, and at no cost.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.