Can your antivirus handle a zero-day malware attack.?

Discussion in 'other anti-malware software' started by The Red Moon, Aug 23, 2013.

Thread Status:
Not open for further replies.
  1. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    No Antivirus can handle all zero-day malware attacks. That is why some sort of virtualization is needed (Sandboxie, Shadow Defender, Deep Freeze, etc.).
     
  3. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Heuristics, isolation and HIPS.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    behabiour blocker :)
     
  5. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,697
    Location:
    Zagreb, Croatia
    anti-executable
    :D
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  7. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,697
    Location:
    Zagreb, Croatia
    Very true, my friend!
    :thumb: ;)
     
  8. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    HIPS, Isolation/Virt, Heuristics/BB.
    Of course I have all three. Comodo HIPS, sandboxie and Qihoo360/comodo sandbox/BB.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    even better with all these arsenal:D :thumb:
     
  10. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    :eek: I'll be looking forward to your reports on compatibility.
     
  11. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    I'm psyched that comodo firewall now works with sandboxie. I even ditched WSA for qihoo 360. I figured that the HIPS and sandbox would keep me pretty safe other than WSA. Qihoo 360 detection is far better than WSA.
     
  12. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Threw you through a loop with that one, didn't I? ;)
     
  13. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    I don't mind admitting that you have. (Though I of course know that cruelsister is high on the Comodo/360 combo.)

    Do the two sandboxes coexist or have you turned off functionality in Comodo's?

    I've never tried CFW after 5.12 so this is all new to me.
     
  14. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Everything seems to be working well. I have both of them running. The only issue I've noticed is that files download to my sandboxed folder instead of in the shared space folder. Not a huge problem. Also the virtual kiosk doesn't seem to be working well for me. Not sure why. Not a big problem. I don't really plan on using it much. I didn't see much need for WSA with all the things I have running at the moment. Technically I could just run Comodo and qihoo and be ok.
     
  15. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
  16. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    I'll be interested in hearing how it "tests" if you get a chance to put it through its paces.

    I know that Qihoo wasn't scanning within the (Sandboxie supervised) sandboxed browser. Have you confirmed that whether it's doing so now under the new setup with either the Eicar download or URLs? (How about within the Comodo sandbox?)

    Thanks for any info you can supply on this.
     
  17. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    I've been testing it on VM and it's worked great. I haven't had any problems with it. Qihoo doesn't work in sandboxie. I haven't tested it with comodo sandbox. I'm sure cruelsister may have though. It does scan in my sandbox folder. Which is all I care about.
     
  18. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    Just wondered if comodo firewall 6 users have conducted a shields up test recently.?
    I have and noticed that port 0 reports that it is in a closed state rather than stealthed which is what usually comodo does with this port.
     
  19. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Can your antivirus handle a zero-day malware attack.?

    I doubt it, considering it's a technology from the 80's, and it hasn't changed a bit since then....apparently :rolleyes:
     
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
  21. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  22. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,093
    Location:
    Netherlands
    Yes, to limit it to the ones I have tested with real zero-days

    WSA: has HIPS and whitelisting option (only allow programs which have been seen by a large portion of the community)

    CIS 6.0: with D+ disabled has an option to fully virtualize programs from non-whitelisted vendors

    But there are more like Avast 2014 with new (WSA) like hardened mode or SecureAge+ (with whitelisting)
     
  23. guest

    guest Guest

    Lol, put you arm-cannon down now. :D

    I don't use AV myself ATM since I always get problems when using one and ended up in having to find a replacement, just so I can replace it again. Yeah, I know, my computer is racist. :rolleyes:

    BTW, I think an AV can handle most (not all) fresh malware if they have some extra boost, which is pretty common nowadays. And let the party begin... :cool:
     
  24. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    As much as 0-day malware is real, same goes for it being an overrated phrase.

    The AV we have nowadays is not just based on signature-based detection....and no, we're not living in the 80s despite the fact that going retro is considered hippy and trendy in some parts of the fashion world.

    When you can acknowledge that malware evolves and tries to evade detection, you know that 0-day malware detection will be a hit or miss scenario just like any other tests. It's range of effectiveness will vary from a percentage to another depending on sample set. It's like tossing a coin and getting heads or tails...

    Against a targeted attack against a specific brand, the probability falls flat to 0 within a time frame (until it gets an update or signature). Just like any other thing.

    To complicate things further, when you consider your chances of getting across a 0-day malware in a period of time (which differs from 1 person to another), it really becomes too minimal an issue to fret over because of a single digit.

    So, don't worry too much about it. If you're still single and readily available (if you're of the female gender, PM me), try your luck on finding a partner. You might be luckier there.;)
     
  25. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    OK. But the facts come from the "experts" in the industry, just so you know :D
     
Loading...
Thread Status:
Not open for further replies.