Real-time Protection

Discussion in 'other anti-virus software' started by Derek0027, Jun 3, 2009.

Thread Status:
Not open for further replies.
  1. Derek0027

    Derek0027 Registered Member

    Joined:
    Jun 3, 2009
    Posts:
    3
    Hello,

    Does anyone know why new (undetected) malware is able to slip by most anti-virus real-time protection?
     
  2. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    because they do & can, nothing is 100% perfect...
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,054
    Because until the AV companies get it and add signature, they can't detect it.
     
  4. Derek0027

    Derek0027 Registered Member

    Joined:
    Jun 3, 2009
    Posts:
    3
    So the protection modules don't have the ability to recognize unknown malware files by themselves? That seems very risky. How can I protect my system if the AV can't analyze an unknown malicious file?
     
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Most AVs have heuristics, which enable them to detect many (not all) of the malwares for which they do not yet have signatures.

    In addition to using AVs, some users (myself included) also use HIPS applications, such as Mamutu (a behavior blocker) and Malware Defender (a "classical"), which can further alert users to malware which gets by their AV.

    However, IMO the "ultimate protection" is to periodically image your system drive.
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    That's why many users here adopt a default deny policy based on whitelisting,whereby only known good executables are allowed to run and everything else is treated with suspicion.
     
  7. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    This is why apps like Returnil and Shadow Defender, not to forget Sandboxie are superior for prevention.
     
  8. Derek0027

    Derek0027 Registered Member

    Joined:
    Jun 3, 2009
    Posts:
    3
    Based on your comments, it sounds like an AV is not enough anymore by itself no matter what brand it is. I wonder why it is still the dominent method in determining if a file is rogue. For example, there are many virus upload sites like VirusTotal that use several name brand AV programs that scan the file(s) for recognition. Sometimes you'll see 2 or 3 that detect, other times more, other times zero. It seems that this is still the security model being used to find out if a file is bad.
     
  9. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    It's not the only method, but you have to remember scanning sites like virustotal often use older scanning engines and cannot be compared to having the actual product installed on your system which will use newer scanning engines and incorporate other technologies too.
     
  10. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
Loading...
Thread Status:
Not open for further replies.