Discussion in 'other anti-virus software' started by rothko, May 25, 2005.
interesting and scary reading:
Thanks for the link to the article. All the more reason to have some pro-active defense on a system (e.g. ProcessGuard) that does not rely on heuristics or signatures.
I don't like the usage of term "virus". Viruses are file infectors,in these days we're dealing mostly with worms,trojans,backdoors or hybrids of any these 3.
One more pointer about how heuristics and pro-active defense are important part of the security nowadays.
Well not so much heuristics since they apparently scan all the files beforehand... meaning it should bypass the heuristics of all the known AVs. (and since it's for money, they probably will be thorough, leaving out only a few obscure ones)
Another good reason to have a good imaging tool with regular system backups.
The word stealth seems to be misleading. They don't seem to be doing anythign technically special. The key is that they don't spread widely enough to appear on the rader screen of antivirus vendors.
As for malware that are prescanned to ensure they arent detected by any of the AVs,ATs, it's nothing new, I thought??
PG actually relies on heuristics (in a broad sense), it monitors suspicious behaviour likeglobal hooks . More importantly, the strength of PG's heuristics
difer from user to user, because it ultimately depends on the user's knowledge and experience to decide what to run!
I'm sure Rich's heuristics are far superior to mine for example.
Another good reason to run a limited account. Better yet, Linux or a Mac.
Yeah, I've been thinking of doing that. Can you still update your AV and other programs when running such an account?
If PG uses heuristics, it is some of the dumbest heuristics I've ever come across.
HEURISTICS - This describes a set of rules developed to attempt to solve problems when a specific algorithm cannot be designed.
PG is rather straightforward and blunt. It stops all program executions that it can trap. Not very smart, but darm efficient. Of course, the user's "heuristics" then has to decide whether to let it execute or not. My own personal heuristics are actually pretty dumb also. I always answer NO, until I thoroughly research any new program that pops-up on my screen. Nowadays, the only new software that may be legitimately introduced is security software or Windows Updates. I just cross my fingers that my Windows Updates source is "trustworthy".
Separate names with a comma.