av-comparatives new results for sophos

why, because i can still get viruses.

viruses scan corrupt the data of the fresh-install from Rollback if i dont stay protected, i use Rollback only as a last resort or if i simply just want to start from the beginning.

i use my personal details alot during online shopping, credit cards, bank details, of which i cant risk a virus or whatever spreading around, or simply turning my machine into a zombie.

 

In that case, after all the discussion on this board that you've also been a part of, I suppose you'll never understand.

Solutions such as RollbackRX - or any other recovery mechanism you wish to mention (FD-ISR, imaging, drive cloning, full virtualization, light virtualization, etc.) - are just that, a means to recovery. In dealing with malware, recovery is certainly often the most time consuming and difficult component for many users. However, it's not the only facet that one generally needs to address.

It all comes back to usage patterns and exposure. If you download and/or use active content from the Internet, having ready access to some form of expert system to provide an analysis of that media can be quite useful. You can use that in either a demand scan context or as a realtime monitor. There are other approaches that would work as well, but in general they tackle more than just the recovery phase.

Blue

 

Sandboxie locks my data partition automatically, when I start surfing and that means no access, no reading, no writing and no stealing of personal data.
What is a malware going to do in a system partition without personal data ? Stealing my software settings or logs ? Interesting info for an on-line thief.
The only thing it can do is a low level change on my system partition, which will most probably destroy my system partition and my boot-to-restore.
That's not a disaster, because I have my system partition back in 10 minuts.

 

i would be telling porkys if i said i knew much about it, ive never tried it or even taken any interest into it.

personally, i like the tried and tested methods of an antivirus, and i feel no need to ever change.

 

Except the fact that all AV's do an incomplete removal and don't detect unknown malware or brand new malware and that is also proven.

I don't remove malware, I remove changes in my system partition without needing signatures, heuristics and false positives.
My approach is also tried and tested, otherwise my computer would be full of malware already, but scanners can't find anything and that's why I don't run them anymore on a daily base. I'm just running these scanners to verify my approach after living without scanners during six months.
The only one, who makes mistakes on my computer is myself by downloading and installing NEW possible infected objects.

 

glad you have found a setup that works for you, but ive never been infected with my setup of just drweb, and lately ive added prevx to it,which will certainly give me even more protection, because i simply just like the software and the technology that goes into it, also its british and its nice to use some homegrown software for a change

 

Currently, quite correct. No product has a string of 100% detection certificates. My honest reaction is, so what? I'm not exposed to 100% of the malware population.

If you're running scanners to verify your approach, what does that imply regarding the long term viability of how you'll move forward? Specifically where I'm coming from is what I observe as a rough actual exposure frequency - once a year or so, but it could vary to two or three years. If you feel that your approach requires independent verification how, aside from the use of some type of scanner based review, do you propose to accomplish it? One obvious solution - which you've employed - is a configuration freeze, and I'd agree that would work fine. However, if you wish to install an application, what then?

That's true for each and every one of us..., unfortunately we're all in the same boat on that one, regardless of how we approach the problem.

Blue

 

I need some proof first, that my approach fails and I can run these scanners again after 1 or 2 years. I know the weaknesses of my approach and I'm armed to solve it. Again I remove "changes" and malware "change" my system partition, which includes everything.

Regarding new applications, EVERY USER has that problem and I'm trying to figure out what I can do about this. One or three scanners on my system won't solve that problem, I better use VirusTotal or Jotti in case I install a NEW object, because I can't afford 30+ scanners on my computer to do the same job as VirusTotal or Jotti.
But VirusTotal or Jotti, don't really solve this problem either and I can't read the source code either. So this is still a problem, but that is everybody's problem. The only thing, I can do, right now, is downloading softwares with a good reputation from a known source.
My conclusion until now : it's hopeless, but the thinking never stops ...

 

Erik,

Fundamentally, I don't view your approach as intrinsically more (or less) of a problem than the one I use, or many of the other variants out there that one could practice. To me, the weaknesses that you are actively trying to address are in the noise. You already know of the issue with anything new, that's most of the battle.

It's only hopeless if you try to reach something that is only asymptotically approachable. Perfect security is an asymptote, a limit that not achieved. The important thing is appreciating where you are relative to the asymptotic value - I'd say you're close enough to a point of diminishing returns that it's time to not fret as much as you do, but that's just me.

Blue

 

I'm not going to discuss the many other variants, but I like to protect my computer
- in an easy way (reboot) and time-saving way (I know the scanner way already) and
- with a minimum of security softwares and
- without guarding my computer like a hawk and
- without looking at malware.

The low level changes are solved by ShadowProtect and I never had such malwares on my computer since I use computers. That type of malware is only usefull to scare users and IF it ever happens, I know what to do.
I'm not going to install a bunch of security softwares to protect me against what never or hardly happens.

As long it works, I'm going to keep it that way. I need something stronger, than personal opinions to convince me, I'm wrong.

 

You're not. Plenty of people do it the way you do. You just happen to take every opportunity you can to advertise your approach, almost as if you think you're a pioneer about it, or something.

 

and there are plenty of ways to accomplish that, including what you're doing.

I don't believe I implied or stated you should change your approach. I do stand by my point that the additional tweaks/measures that you've described in a number of recent and past postings may be at a point of diminishing returns. They're probably not needed. I could really care less whether I could convince you of that or not.

Blue

 

I don't advertise my approach, I don't even like my approach, because it is still not good enough. The softwares I want, don't exist.
Why would I be happy, if I don't have what I really want.
Give me something better and I drop my approach immediately.

 

I wonder how often ErikAlbert reboots daily adding to the
early demise of his HDD ? Maybe look at one of the Linux
distros and not have to worry so much.

Compliments of the season !

 

Not that much as you might think.
I only reboot, when I have a problem, which is usually caused by my experiments. I never spend time on solving problems, my reboot fixes them.
The normal reboots are caused by switching between my off-line and on-line snapshot.
My off-line snapshot has no security and that's where I do all my work and hobbies without the problems of internet, nothing happens there except bugs in programs.
My on-line snapshot has all the misery of internet, malware, anti-malware and requires sometimes troubleshooting.

 

I ran F-Secure AntiVirus 2008

It took 17 minuts to scan my system partition.
Viruses: 0
Spyware: 0
Riskware items: 3

What the hell is Riskware ? I only know goodware and badware, not goodbadware. ? Is that the so called greyware ? I consider those as badware.

The so called Riskware items according FSAV are :
1. ShadowProtect Desktop.iso
2. Desktop SP2.iso (also ShadowProtect)
3. ShadowProtectDesktop20_Evaluation.zip (evaluation install files of SP)
These are stored on my data partition and I use these files to create my Recovery/Installation CD of ShadowProtect.
Again 3 false positives.

Now Fortinet, the one with f/p's.

EDIT :
Not clear enough, where to download FortiGuard Anti-Virus. Time is up.

 

http://www.f-secure.com/sw-desc/riskware.shtml

 

usually RW means software which may be abused if You not aware of it

e.g. remote desktop solutions ,packet sniffers, various system tools etc.

 

Blackcat and Dwarden,
Thanks for revealing the secrets of riskware.

 

British slang?

 

Sort of.

"Cockney" rhyming slang; pork pies (porkies) = lies.

 

Scanning with Autoruns and/or RkU is certainly faster than your boot-to-restore

 

Can you explain this a little more, because I do this in 2 minuts.
- removal of malware AV/AS/AT/AR/AK/...
- registry cleaning
- history cleaning
- junk cleaning
- boot into Windows.
Which means back to its original fresh unused installation state.

How faster with Autoruns and/or RkU and doing the same job of course ?

 

Well the boot to restore software is quite good for registry cleaning, history cleaning and junk cleaning. But it was never designed for removal of malware. I'm sure a good AV and smart behavior blocker does a good job of keeping malware off in the first place.

 

It wasn't designed for malware or cleaning either. It is the NATURE of any ISR-software to remove any "change" in your system partition during reboot.

An ISR-software doesn't know it is removing malware, because it doesn't know how to recognize malware, like scanners do and it doesn't know it is cleaning registry, history and junk either.

An ISR-software removes "changes" and that's what malware do, they "change" your system partition in order to do their evil job. The same with registry, history and junk, they are all "changes" that are removed.
That's why ISR-softwares are so good, they remove everything that changed, even unknown malware.