The next challenge - warning messages with risk assessment

Discussion in 'other anti-malware software' started by Kees1958, Dec 29, 2011.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Aigle's wish for more informative warning messages, triggered this post.

    I have seen some good initiatives like NovaGuard, Primary Response Safe Connect, Buster's Sandbox analyser, Online Armour, SpyShelter, ThreatFire, PrevX and HitmanPro, each with smart ideas to assess risk and impact, but never seen an application which made it simple for the security enthousiast to determine whether to allow or deny actions of a 'new' program.

    When I may cherry pick the goodies of some security applications, I would like to know:

    a) whether the program is signed and/or from a trusted vendor (e.g. Online Armor), and what the origin is of the program like Internet, USB (PrevX heuristics adjustments)

    b) whether the program showed some intrusion characteristics (e.g. Buster's Sandbox Analyser explained in terms Primary Safe Response used to have) like
    - collects data (keyboard, print screen etc)
    - connects to internet
    - changes process flow (debugging, dll-injection, process manipulaton)
    - messes with the Windows rights/policies/autority system
    - changes system configuration (registry keys/loading driver/starting service/registring a dll)
    - survives reboot (driver/service installation, autorun registry manipulation)


    c) Smart forensics (HMP, PrevX) explain whether this sequence of events matched the typical behaviour of say a key-logger, trojan, rootkit, etc. and like NovaGuard these intrusions had accumulated a malware-risk score (before development stopped, NovaGuard had the option to add specific 'malware' points to intrusion categories listed at b).

    Is this so hard (PrevX and TF allready track file, registry and process changes) to realise or is the potential market that small (only me :oops: )

    Regards Kees
     
  2. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    A. Sounds like a wish list of behavioral monitor with intrusion interception.

    B. I would buy it when life time fee < 30 Euro

    C. Probably to hard for to little potential customers

    :p
     
  3. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    It's a great idea for security enthusiasts,however we're relatively few in number so I doubt there's much commercial value in this.After all most users just want a simple "yay or nay" from a security product.
     
  4. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    I'm one of those users :D .......
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I've also been looking for solutions that list high-level behavior of programs. What solutions do we currently have? I know of Buster's Sandbox Analyser.
     
  6. wat0114

    wat0114 Guest

    Testing in a vm seems from my experience to be by far the best way to check unknowns, including the trialing of legitimate software. MS should allow their license, no matter which O/S version, to be used not only on the host machine, but also in a guest vm. Perhaps there should even be included the option to install their vm during the installation of the O/S? Just a thought ;)

    You're probably right. Actuially on that note, most users would probably not even utilize a vm, if available, for checking unknowns.
     
Loading...
Thread Status:
Not open for further replies.