Which of the *mainstream* antivirus apps include either a behavior blocker or a HIPS? Which of the *mainstream* antivirus apps scan primarily in the cloud &, therefore, put little or no signature files on user's computer?
99% of them, because they knew since ages that signature only is doomed to fail. BB: Emsisoft, bit defender, Avast, webroot, etc.. HIPS: ESET, kaspersky, etc... it is faster to mention those who don't have any than those who have. Webroot, Panda cloud
Great topic. HIPS was "it" back on XP's run but 64bit rose up and they were done so AV's picked up that ball and ran with them. I was always partial to BB's too like CyberHawk turned ThreatFire as standalones and they did what was needed well enough IMO. But my answer to question number 2 from some experience, is Panda Cloud-(light as a feather), which for my more modern systems proved lightning quick and all that but as everyone knows, AV's rarely stayed on my systems no more longer than to test their ability/performance locally only.
Same here, there is only 2 AVs i care to eventually install on my systems; Webroot and Emsisoft. For the moment none of them are installed. i'm considering Cylance, but let see its resources impact... i don't need my next AV to be a "jack of all trade" with dozen fancy uber-feature because i use specialized softs that already lock my system more than enough; i may need a simple AV to backup my tools, no tons of features, with decent detection, very light, no local signature.
They do that indeed. Some of the best minds have fashioned a few choice super-locktight security apps. Had a sneak-peek at full Panda Dome and actually have a valid license for it but only did that due to it's supposedly excellent firewall users were raving over when it came out. Realized soon after no matter how superior any AV is-plus it's features with HIPS/BB's, I already moved beyond any interest in any of them to add them to the current mix since WD is steprd up it's game. However with a choice it would be Russian roulette all over again. Panda would be the first choice (cloud)-very lightweight-minimum resource use, then the musical chairs would ensue the first time something poked through which is happened with every single AV I tried except recent WD.
On my PC, Avast is as light as Panda and it's even lighter during boot time. It does download signatures, but the update process doesn't hog the system. It also has BB and cloud check. I chosed the MIN installation (file shield, behavior shield, web shield) to avoid the bloatware and I tuned it for better protection (hardened mode aggressive), lower resources impact and no ads. This is a nice guide for Avast https://malwaretips.com/threads/ava...-protection-and-efficiency.84620/#post-743926
Check out 2017's PCMag review of Webroot Secure Anywhere (WSA). Although I usually take PCMag's reviews with several grains of salt, their review of WSA was actually an educational write-up, instead of the usual laudatory *test results* of a potential advertiser's product. I actually learned several things about WSA (& about security in general) from that excellent article. A couple of the things I learned are: (a) WSA is very VERY much a cloud-based app, (b) WSA is lighter than helium as a result, & (c) WSA is a more-than-worthy succesor to my old favorite PREVX. Shazam!
Wha? Nah man... 2016? I am hundred percent sure I read that they don't have one a while back, but not that far away though.
it has a local decision engine and cloud-based behavioral detection. easy to confirm by reading whitepapers and documentation about APC.
Avira has a cloud based behavioural engine, not a traditional behaviour blocker. Their BB ProActiv is discontinued.
I think most of these AV's are using behavior blockers but they don't work in the same way. Most AV's use some form of behavioral detection pre execution, so before some app is allowed to run. When they can't decide whether it's malware they send it to the cloud. But you also have AV's that block suspicious behavior if some app is already running, Webroot does this via the Identity Shield feature. For example, you won't find this in an AV like Win Defender. https://community.webroot.com/t5/Tech-Talk/Identity-Shield-Deep-Dive/td-p/46422
On this regard, it is not what it appears to me. Many AV's will submit the suspicious process for scanning on their cloud servers. However, the process is not suspended awaiting a reply from the cloud as is done with WD's "block at first sight" and is allowed to execute. This is because the AV servers perform a detailed analysis which could take some time. If the process is deemed malicious, then a blacklist entry is created for it pending full sig. creation. As far as WD's high user interaction rates on AV lab tests, it is proof that a quick cloud scan really is not sufficient to determine most processes malicious activities with high confidence levels. Also this is the difference with the Next Gen solutions in that their AI engines are deployed locally and scan a process in more rapid fashion. However as shown on the AV lab tests, their detection rates are not any greater than conventional AV detection methods.
@ itman -- okay, so do these AVs warn you with a pop-up saying something like: "Analysis of this Application may take some time. Recommend you do NOT install it until our analysis is complete." OR do they just leave you slowly twisting in the wind?
Good point, I also wondered about this, clearly "the cloud" isn't a silver bullet either. That's why post execution behavior blocking is still a must for me. I really don't have any idea, but I believe that Win Def claims it only takes seconds to get a result from the cloud. Webroot is also cloud based so is it really that quick? I'm not sure if they acquired this tech with Prevx, but it's fun to read these type of old articles.
Certainly did!* * @Triple Helix would be able to provide more details on this, but suffice it to say that those of us who came to Webroot SecureAnywhere from Prevx experienced a completely smooth continuum from Prevx 3.0 to first generation Webroot SecureAnywhere with basically exactly the same technology that we had come to know and love, but now at an even more sophisticated level. And though it has of course evolved further since then, it still remains fundamentally the same beast.
Agreed fully and the same developer designed WSA Joe Jaroch or PrevxHelp known on here: https://www.wilderssecurity.com/members/prevxhelp.87864/ https://youtu.be/qy5o2wIwUDk