Stunning statement

Discussion in 'other anti-malware software' started by Kees1958, Mar 12, 2008.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi

    My father in law is an old IT guy. He said to me "why are you so concerned of zero day threats". The likely hood that you get infected is close to zero.
    I run a decent router with FW and Avast. Because Avast has this nifty VRDB or Virus Recovery Data Base feature the chance of zero day infection are close to zero.

    His common sense o-day protection
    a) run an scan before backing up a new image
    b) force a VRDB update (he has set increments in the Avast INI file to 4 weeks), and he runs this procedure every 4 weeks

    On the same image Avast can repair infected files from a minimum of 8 and maximum of 12 weeks ago. So when I get infected and find it out afterwards, I use VRDB. What is my chance of not getting rid of an zero day infection older than 8 weeks? I always keep two images so in theory I can restore 16 weeks ago. Which zero day manages to stay undetected for 16 weeks.

    He calls it joking CSI-protection (common sense intrusion) :D
     
    Last edited: Mar 12, 2008
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It's a feature for recovering executables infected by uncurable (or difficult to remove) file infectors. It will do nothing against a trojan/spyware/rootkit.
     
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Exactly.

    And file infectors are all but dead. Oh, they still exist, but tuning your defense against them as if they were the primary threat is silly. For what they detect, antivirus software might as well be called antitrojan software these days.
     
  4. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Just out of curiosity, what kind of IT guy is he, exactly?

    I guess not people know about something PC Tools terms as Malware 2.0. To quote,
    In my experience this is true. In some circles malware is released and updated rapidly, but they propagate at a very slow rate within a limited (say, 500-1000) number of users. The problem is that even though individual groups are small, numerous "circles" of these infected users exist, which makes it frustratingly difficult for vendors to catch them all.
     
  5. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    well if u use true image home you can mount the images as logical drives(ati feature) and scan em and delete,then restore to a safe and clean image..well the registry is still a pain but thats still a great deal to clean b4 u restore
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    The ones that programmed assembler on 16kb mainframe, I will tell him about the rootkits/registry changes (I tend not to discuss with him ;) ). Off course he has his image backups as fallback.
     
  7. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Old skool. :thumb: Well, I suppose the VRDB would be a near-impenetrable defense for viruses from that age...
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I like the idea of CSI-protection. I belive that only real protection against good written trojans/rootkits/etc is the human mind and some security knowledge. I know many of you will disagree, but I preffer feeling not secure and being more vigilent, rather than using the latest and greatest HIPS just to feel comfortable. Of course, I'n not defenceless, I use a firewall (Sygate), an AV (Avira) and I also use my brain :)
     
Thread Status:
Not open for further replies.