Is AD and RD the future?

Discussion in 'Ghost Security Suite (GSS)' started by berng, Dec 5, 2005.

Thread Status:
Not open for further replies.
  1. berng

    berng Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    246
    Location:
    NJ, USA
    Very interesting and candid article by Eugene Kaspersky on the current state of the virus industry -
    http://www.viruslist.com/en/analysis?pubid=174405517

    "Today, malicious programs propagate so quickly that antivirus companies have to release updates as quickly as possible to minimize the amount of time that users will potentially be at risk. Unfortunately, many antivirus companies are unable to do this - users often receive updates once they are already infected.

    Let's assume that the virus manages to penetrate the victim machine, and the antivirus solution installed on the victim machine doesn't detect any suspicious activity. (This might be because of the quality of the solution itself, or because the user has been careless, and not downloaded the latest updates to the antivirus databases in good time.) Sooner or later, updates which detected the virus will be released - this means that the virus will be detected, but not necessarily defeated. To get rid of the virus once and for all, the infected files have to be carefully deleted from the victim machine. “Carefully” is the key word here, which brings us to the third problem connected with antivirus programs.
    Problem #3

    The third problem faced by the antivirus industry is deleting malicious code detected on the victim machine. Very often viruses and Trojans are written in a way which enables them to hide their presence in the system and/ or to penetrate the system so deeply that deleting them is a complex task. Unfortunately, some antivirus programs are unable to delete malicious code and restore the data which has been modified by the virus without causing further problems. "



    This tells me that products like AD and RD are absolutely required.

    Right now in the popular press we hear all the time about virus products and protection. I wonder if 5 years from now the emphasis will be on application and registry protection products?
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Hi berng

    I agree with your conclusion 100%, and have adjusted my protection approach accordingly.

    Pete
     
  3. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia

    Hi Berng,

    Interception security applications are one of the best ways currently to securely handle malware on an end-users machine. There are still issues however in the way these applications work compared to Anti Virus applications which will be a major factor in getting more people over to this side. Mostly it is to do with ease of use and understanding what is going on.

    When grandma gets an AV alert, its simple enough to click "Disinfect" and hope it does its job, usually it doesn't which means she goes to ring son or grandson to help clean up her computer. However an Anti Virus in a lot of cases can clean up the more benign malware without much more than a single alert.

    Come along to software like mine, and there would probably be around 5 alerts to very suspicious behaviour when malware is trying to run. All of which grandma clicks allow to, because she isn't sure what "is trying to install a rootkit" means. Not to mention that clicking 5 alerts for every new installation gets tiring for her anyhow.

    There needs to be a balance reached between "user interaction" and effectiveness of product. That is the goal I am working towards anyhow.
     
  4. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Yup Jason_R0 that's the problem. People ask me for a ''set it & forget it'' solution. I say there isn't one. I recommend older people or people that don't want to take a role in protecting their computers to get win98se.
     
  5. Hey Berg , this decision is pretty much old hat to the people here.

    Still did you read the whole article? Near the end he talks about problems of other technology like behavior blockers.

    Of course Appdefend and Regdefend I think are slightly different from the behaviorial blockers described here. But I think it kind of fits
     
  6. Hello

    Use 98SE? Well then who will help them poor poeple when their system crashes?

    Is there something special that they would need to do to stop it from crashing?

    Yes I have been preaching proactive and was guessing protecting vitural memory would be good too.
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    All AV/AS/AT/AK scanners have the same problems, because they are all based on what the bad guys do and that's the problem. Bad strategy.
    AD and RD the future ? I prefer ShadowUser.
     
  8. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I totally agree with this post. I have been saying all along what you really need is good inbound protection and process protection, period. Until leaks dont exist in firewalls and exploits dont exist in AV's, they are pretty much worthless for 0 day exploits. Also, if and when the day does arrive when these products exist, they will bog down the OS so badly, that it will not be worth to run.

    I have been running a Fortigate 60 and process protection only for months, not running a software firewall or software AV, and I am so much happier. System runs better and I have had no trojans, worms, greyware, ect. I have done scans monthly in safe mode to check.
     
  9. I prefer vmware.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  11. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    yes, vmware me too a little bit more fun only prob I encounter is the activation of my official serial

    find it weird cause what if you have M$'sr own VirtualPC...

    take care y'all
     
Thread Status:
Not open for further replies.