AntiVirus feature prediction thread (let's look ahead and see who's guestimate is close to reality)

LOL.... ya think?

It's as if Webroot is religion.

When Webroot is questioned, the defensiveness and reactiveness immediately comes out.

And then the usual song & dance...

"....You don't understand it, testers can't test it, nothing else is the same, there has never been a problem in Webroot history...."

And then they all drink more Webroot Kool-Aide and go to their Webroot gathering in Guyana.

Good Times

 

This thread is one of the more interesting ones, I would like to think. Let's not start another war and get this one closed. I have a feeling it's on the verge.

 

Fair enough

 

@Frank the Perv

About Webroot being religion for some of us: I hate to be labelled with that so I will just answer that point and this will be my last comment on this thread.

I react because my experience of Webroot is so different than what has been said here. Also, two AVs were being particularly praised here and they happened to be the very two I had been using (not at the same time, of course!) previous to Prevx/Webroot. And I found that they were letting malware through. I changed to Prevx/Webroot in 2006 and since then I have never (knowingly) been infected.

Granted, this is my personal experience and it is possible that other posters here have had different experiences with Webroot/Prevx (and of course with the two AVs in question). But I think, given my experience, it is normal that I should “react”, and my reaction was to “defend” Webroot. If this makes me a cult follower, well long live cult-experiences!!! Bring them on!!

 

If we are done with the software I am using is better than yours part (And I think we should be done since it will lead to a locked thread). I'll share what I believe will happen:

• Blacklisting will be (and is) moving from being the main focus to a secondary layer and white listing will be (is becoming) the new star.
• Several software offer sandboxes for unknown or vulnerable processes already they will develop on that and others will add some kind of a sandbox (be it restriction based or full virtual)
• IP or domain blacklisting will continue as another form of complementary protection, even if the method is dated it still works quite well.
• Any remaining HIPS modules in software will slowly die down (get replaced by automatically deciding bb modules)
• Banking/purchase protection will become a stronger emphasis
• Anti-malware software will unfortunately keep bundling online storage, junk cleaners, etc.
• PuPs will still be a point of discussion

 

We all know whitelisting is better for the sake of security, but I highly doubt any popular AV adopt it as a default setting. It will trouble many people than some guys think, and we shouldn't forget security is not the 1st priority for most people.
The assumption novice user only install famous software is wrong. I more than once came across novice's PC where plenty of freeware were on it, most of them are well-known but some are dubious. They asked me to help them to address supposedly PUP infection (I'm not a IT professional, they asked just because I know security better), but there're also other problems. I recomended recovery/re-install OS, but they refused it and even refused uninstall unneeded software, saying those are needed, while obviously those crapware causes performance delay and other problems.

BTW, I don't want to be involved Webroot related discussion more, but I think Webroot's approach is nearer to whitelisting than other's. Cloud reputation works somewhat like whitelising, but it's still blacklisting, thus there're misses. I always use Norton with all settings being aggressive, but it's not hard to find malware which pass through Norton protection, some of them are used below 5 people and found within a week. I'm also using TrendMicro InterScan as a web gateway, but I still can find malware which pass this double protection (though relatively hard and need effort).

While introducing whitelisting causes lots of problems for many user, only Webroot achieved this by an idea of greylisting. This is why I think it's different than Norton or Trend, even if those vendor internally have greylisting still it's not complete because they don't have real-time transaction protection (Webroot's one is real-time and transparent. This is big difference from other banking protections).

 

Blacklisting is indeed not good enough, never has been, never will be, even with a cloud system. I think sandboxes are the way to go. What do you mean with self deciding BB, is that even possible?

 

The bbs I have encountered up to now work like streamlined hips, singular suspicious will produce an alert in hips whereas a combination of suspicious behavior will yield the same result for a bb. For example classical hips will display a popup for an unknown executable creating an autorun entry whereas a bb will display a popup when the executable does a combination of creating an autorun entry and starting a service. What I mean by automatically deciding is simply creating a nested if tree. A.exe is watched, if it does X and Y and act like Z, block it instead of displaying a popup.

 

What was you doing that got you infected previously?

 

I may have got the gist of the title of this thread wrong,but why are folk worrying/predicting about what techniques av products may employ in the future?I don't believe in astrology/Mystic Meg etc,I just prefer to wait to see what surprises(or lack of them)betas hold,can any of you predict next weeks lotto number for me?that would be far more interesting if you can!

 

We are not worrying about anything,man. We are talking about security products and their futurre. Isn't it the purpose of this forum ?

 

not really ,unless you're thinking the views expressed may have an effect on the way some vendors progress towards their future products,which I very much doubt,I can understand discussions about ideas mooted by vendors,but that is looking at things in the opposite way,that would be discussing what things are likely to be implemented not guessing at what may be if we had our say

 

Get with the program, will ya.

The whole purpose is so that in future years people can quote this very thread and point a finger at whoever and go na na nanna you were
totally wrong.

Regards Eck : )

 

I don't need to have a say in AV industry, wish I had one, though. We look at the current and past trends and predict what is coming and people discuss about these here, we don't make these ideas out of our a**es like fortunetellers. My views don't need to have an effect on the industry, but many AV vendors frequent this forum and may be they will have a tiny little bit of impact, maybe not.

P.S. Also for any other similar answers, my next response will be "whatever".

 

that was my initial thought,have you seen how hostile some of posts are on here nowadays and even in this thread where folk even argue about what may be implemented sometime n the future,be glad when some of the younger members discover women,they can cause some real arguments!

 

Nothing like a good old lively debate to get your teeth into in a constuctive way of course.

People have their favourite apps that work well for them so if there`s any kind of negative remarks real or imagined they go into hyper-protect mode.

No matter which is your favourite program there is a general idea here that the layered approach is and still will be the way of computer security for some time to come imo.

Just don`t say anything bad about Webroot or good about Comodo and everyone will get along fine.

Regards Eck

 

That is the truth, for sure. Anytime a user mentions either of the two, I cringe and get ready for another informative thread to get destroyed and polluted, unfortunately.