"Anti-virus products fail to protect against attacks"

Discussion in 'other anti-virus software' started by King Grub, Dec 10, 2012.

Thread Status:
Not open for further replies.
  1. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    Interesting perspective and one which i agree with a fair bit - assuming you are thinking of the well clued up wilders type. Good call re MSE. If you are expanding your advice out to the general population - my wife, nan, children etc - that's where your guidance will be a bit technical and fall on deaf ears. My wife/nan/child think drive-by refers to a car shooting incident.

    An AV (preferably one that typically catches 90%+ of malware in tests) is a really important element of protection for the vast majority of computer users.
     
  2. ableright

    ableright Registered Member

    Joined:
    Dec 22, 2012
    Posts:
    2
    Location:
    United States
    "Rage Against The Machine Here" My wife and kids were just victims of the random overflow exploit drive by...*guitar*...they say "look I've got another fake AV" you say oh my!" Uhahah! Ok Comedy Aside.

    Perhaps I agree!! Most people simply don't have enough understanding of the better technologies. I'm thinking of doing a video soon about how effective limited user accounts are though at keeping infections from infecting the computer system wide.

    One thing you can do with the wife and kids using your computer is of course give them their own account. This generally ensures that only that account can be infected and the system itself will remain clean. If their account gets infected it's as easy as removing the account to get rid of the infection lol.

    The only ways this could be bypassed are root exploits but there few root exploits within browsers these days. Also Kernel mode exploits or kernel level exploits will likely defeat ANY of the said techniques even including virtualization like sandboxie and yes AV.

    There's nothing that can stop those kinds of exploits but now we are getting into the realms of theory rather than actual practice. You probably have a better chance of getting struck by lightening "honestly" than running into a drive-by kernel mode exploit in your browser. I do malware analysis and I have yet to run into one.

    Another idea is if you have really young kids that shouldn't be installing any kind of software or changing things to begin with create a guest account. After they log off the computer all changes will be lost (a poor mans sandbox) but this works very well. I look at large schools like the college I'm going to and they use this for all student users whom have to back up their work on a USB NOT on the computer and I don't see them get nailed with petty malware very often at all.

    Use system hardening and what's already built into the system to protect you and other users VS third party products.

    People that say modern versions of windows are more vulnerable to malware than other OS's like Mac I believe are simply wrong. The system itself has been pretty well hardened to stop system wide infections, it's just that there's more malware for windows obviously and more focus on exploiting windows.

    Then users simply seem to have no problems with the UAC dialog boxes popping up saying "Do You Want To Let This Change Your Computer" and they just click YES YES YES YES unknowingly giving code and programs high level root privilages. Windows users actually complain about these prompts being "inconvenient" even though they've been in Mac for a long time now. Unfortunately there is no protecting people that do this except by blocking them from having this option to start with if it's your computer by giving them a LUA or even a guest account.

    If they're using their own computer then there's nothing you can do except try to educate them. If that doesn't work they'll likely learn this the hard way on their own. If they are using YOUR COMPUTER and you need help with this there are simple registry edits or depending on what version of windows you are using you can use your policy editor so in limited user accounts the UAC prompts won't even show in guest and limited user accounts!!

    If one of your kids say then downloads something really nasty like TDL4 rootkit from some random place it simply won't even run at all!!!! If you need help with this or something let me know.
     
    Last edited: Feb 3, 2013
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.