Virus-Test didnt know about this.

I agree with you on the absurd "false positives" omission: if one tests a crappy application that flags almost anything, is it to be considered between the best just because it flagged more? Makes no sense. That said, the "tracking cookies" example is a bad one: aside from the fact that they are an annoyance and a privacy risk, I'm not aware of one AV application that detects cookies.

 

I understand but,
it is just an example you could also read DIALERS here etc.

It is the fact that they count malware which is wrong.
They had to count how many virusses.
And how many Trojans
etc.

Then you had , at least...any idea,
now i am not talking about the other things that makes this that useless.

 

Hmmm... dialers are malware in many cases (easily in in most cases) and good AV applications should most definitely flag them when they are.

 

Spyware then, that is a good thing to add the malware counter

 

wow clamwin beats nod, escan, dr.web, and many other big name antivirus

 

For me - a layman and very basic internet user - its not interesting if the threat is called virus, exploit, malware, hackers or trojan horse or even tracking cookie . I am looking for a protection that is optimal for me and reasonably cost effective and one that I can handle and trust.

For the people who hasnt bothered to look into new products like DefenseWall (noone has yet been able to exploit it) or other sandboxtype of protection I´d suggest you should - to help with the devekopment of these products by reporting bugs etc - I believe they are musts in the layered protection we all need to have.

My DW (btw zero slowdown) - I beleive it offers an extremly good protection from virus. trojans and much more - thats to say it protects my true C:, but virus can be active from within the untrusted zone during a session and to help protecting others from being infected by me I use realtime AV and AT. SoftSphere- DefenseWall also recommends you to do so if I remember right.

All 3 - realtime AV and AT and also the FW will soon be included in all the OSs and the everyday user might feel protectded with that. If he feels need to increase protection - programs like DefenseWall would be the best choise - a more or less set and forget program that btw actually did protect from the WMF exploit.

The companies offering separate signature based internet-security suites will soon follow up with sandbox technique or slowly die because the OS has it all - thats what I think - but I am only a true layman with an interest to protect my computer.

For cost effective I might switch to free ZA instead of payed Outpost but I am used to OP so Ill stick with it for now.

Franklin, I am thinking the same way that you do. When 200.000 signatures has grown to 500.000 or a million we will se slowdown big time. So I have switched to DW as my main man for protection and AV AT are complements only.

Best Regards

 

More than 10000 because some AVs flagged that number? It is well known that the counting algorithm differs depending upon AVs (some may catch it by generic detection, some may catch by a special signature). Besides, what if there are only 10 or so real malware and 10000 files infected with the same malware? And even if there really are over 10000 real malware in there, God knows how many of those may be FPs, or Joke files......

By the above quote, I might just say that the tester may have acquired the files from the Internet. The samples are very much unverified and many of them may even be damaged files. Due to these reasons, one should take this test with a spoon of salt.

 

Franklin, have a look at the DefenseWall homepage:

http://www.softsphere.com/articles/in-the-wild-intrusion-prevention/

As you can see, the WMF exploit itself was *not* stopped, but the malware that the shellcode downloaded and tried to execute afterwards.

So where is the zero day exploit protection here? As I said, the downloaded trojans were detected by the proactive detections of many AV programs anyway (e.g. NOD32). And to block the downloaded parts you could use products like SSM, ProcessGuard or similar.

I wonder what happens if you use the WMF exploit to launch shellcode that tries to especially attack DefenseWall... Or the malware uses entry point vectors in the system that DefenseWall does not virtualize. I doubt they have analysed all the 150k+ malware samples that are floating around...


Oh, to the original poster. That test is nonsense. The malware was not replicated and it was not verified in any way that they contain real, functional and undamaged malware. The major mistake of most "testers" around. Well, actually most of them don't have the knowledge or time to verify their malware collection in order to perform a propper test.

 

Did you actually read the whole page eg:

Naturally, all of them have been erased from my hard disk. According the log, malware modules tried to change my wallpaper, IE start and search pages, default URL's, WinXP Firewall settings, BHO, make themselves autostart and so on, which is typical of malware. All of these attempts failed. The only thing the exploit was able to do was to put nonsense onto my Desktop which I simply deleted.

The In-The-Wild intrusion test passed - 100%!

 

But the executables were actually downloaded to your system and executed. They failed to perform their intended action. But again, the exploit that triggered the whole stuff was *not* blocked as this software claims to be able to.
And can you 100% gurantee that no modification was made to the system that went unnoted? You are easily convinced by some statements on a web page, it seems.

 

It is a work in progress and I have a lot of faith in the author of Defensewall.And for a work in progress it certainly beat the crap out of most AV's in the protection stakes.

Are you saying that Nod 32 protected against all 206 variants from zero day with just heururistics(hard to spell that word)?

If so that's abstolutely amazing.Credit given when credit due.

 

And that's definitive not the way it should be...

 

This list from NOD32-AV shows a VERY small amount of samples detected by NOD32 heuristics without signatures:

http://www.nod32-av.com/heuristics/threatsense.htm

 

They failed to perform their intended action.

My we're getting picky on what we're posting,eh.

Myself included!

 

Still not ok.

My AV 'didn't allow to download AND to execute the nasties.

That's the way it should be.

Period.

Something else.
In a previous post you write:

"And for a work in progress it certainly beat the crap out of most AV's in the protection stakes."

Very radical statement....

 

That statement is nonsense. You are comparing technologies that are complementing each other, not replacing each other. You cannot replace normal AV programs with virtualizing or sandboxing. Nor can AV scanning proactively (!) detect buffer overruns, unless the file format is known for weaknesses and parsed in order to find overruns.

Which 206 variants of zero day exploits you speak about? Oh and don't forget that DefenseWall did *not* block the WMF exploit, but only the "normal" malware that was loaded afterwards.

Well, being exact is a problem for you?

Again, DefenseWall claims they protect against zero day exploits. They failed to block the WMF exploit as they state on their own homepage. They blocked the downloaded malware after it got executed. So the user was protected, but you surely see that this approach is flawed and dangerous? Giving the malware the chance to execute gives it the chance to disable/exploit DefenseWall itself and largely increases the risk of something executing that is not wanted by the user.

After working with malware for almost 15 years I certainly don't feel comfortable with such a solution, knowing that if there is a weak spot, the malware authors will eventually find and exploit it. Let's see, the new program you just downloaded contains a date triggered trojan that will get active 1 month after you run it first time. You start to use the software, eventually move it into the list of DefenseWall's trusted software - and then... boom.
And there are smarter approaches to bypass this kind of protection.

So please, why do so many people fall to the marketing claims of security companies that claim they found the 100% solution to all security risks, past, current and future - and are of course *muuuuuuuuuuuuuch* better than any other competing product. Seriously. Yeah. Duh... Anyone remembering Zvi Netiv, Invircible?

 

My AV 'didn't allow to download AND to execute the nasties.
Before or after siggy updates.

"And for a work in progress it certainly beat the crap out of most AV's in the protection stakes."

Very radical statement.... Your point of view and it's welcome.
Factual statement,and I'll stick by it.

DW new version 1.20 released.Have I convinced you enough to give it a whirl.

 

If this argument doen't make sense to Franklin, you can't save him anymore for the ineluctable consequences

 

Before

Comment superfluous

No thanks, i prefer to protect my machines in a effective and secure way

 

ineluctable \in-ih-LUCK-tuh-buhl\, adjective:
Impossible to avoid or evade; inevitable.

Hey fair go Smokey,chop out the obscure words.LOL

 

GLOSSARY OF ESOTERIC WORDS

http://a1709.g.akamai.net/7/1709/2537/v0001/www.babylon.com/images/pixel.gifhttp://a1709.g.akamai.net/7/1709/2537/v0001/www.babylon.com/images/online_bullet.gif ineluctable

Impossible to avoid or evade; inevitable.

*California's vision of itself as a car culture grew out of the impracticality of mass transit in reaching most of its scenic wonders, the innate restlessness of its inhabitants and the ineluctable attraction of an open road. --"From the Land of Private Freeways Comes Car Culture Shock," New York Times, October 16, 1997
*Linnaeus' classification scheme became popular not because it captured some ineluctable truth about nature. Rather, by the botanist's own admission, the system divided species based more on intuition than science, much as an art historian might group paintings into schools. --"Cultivating a New Tree," Los Angeles Times , September 25, 1999

 

Stefan K wrote; And there are smarter approaches to bypass this kind of protection.

OK - do it - show us the flaws of Defensewall. Ive been a user since beta and I am very interested if you can show that DW can be bypassed.

To me - as a total layman - I am protected as long as my true C: is protected. If surfing from a vitualized zone means virus can enter the zone but not my true C: - I am protected. To me it beats heuristics an signatures until proven otherwise.

You want the bad guys blocked on the step up to the porch - I can allow them on to the porch if that helps me defeat them and defend the house.

The Author of DW proofed a flaw in Bufferzone.

Now I am looking forward to you proofing the flaw of DefenseWall! Less talk and more shop.

Have you thought of that it just could be a truly good program even though you dont like the concept?

If you manage to break DWs defense - I will have to buy one if these fullproof - never failing - always at 100% in AV-Comparatives - AVs that there seem to be so many of.

I found DW when in search for better protection - and so far I am convinced I have found it.

Best Regards

 

Ok.

Now i like it to see some independent, trustable reviews of Defensewall.

Please convince me in that way i'm wrong, and Defensewall is a great, reliable piece of software that will protect the user in a acceptable, effective and secure way.

I have seen these testimonals on DefenseWall's home site:

"Excellent software. Very simple, easy to use, and elegant. I forget it's even there, yet it offers greater protection than any anti-virus and anti-spyware scanner can provide on their own. A must-have for anyone that wants or needs something to set-and-forget. - A.B. USA"

"I have been using DefenseWall almost since its conception and the protection it affords is great. Easy to install, setup and use and support is very responsive as well. Chris W., USA"

"DefenseWall is a very powerful and unobtrusive approach to protecting your computer from malware. Todd, USA"

IMHO these are no testimonals.
Correct me if i'm wrong.

"A.B. USA", "Chris W., USA", "Todd, USA", never hear of them.
Anybody else did?

Convince me with real, reliable and provable testimonals and reviews and i will be the the first to admit my DW attitude is extravagant skeptic and not right.

 

Stephan is right in that DW is an excellent compliment to AT's and AV's. that being said, If I could only have my AT or AV or DW running on Day zero with that exploit - It would have been DW.

Now this "Again, DefenseWall claims they protect against zero day exploits." - Someone point me to that claim. Honestly, I can't find anywhere. It will protect you from damage an actual OS exploit may cause.

 

To all:

Discussion is welcome, trolling/bashing is not. Trolls and attempts to initiate debates on moderation will be removed without further comment.

Blue