Virus-Test didnt know about this.

Discussion in 'other anti-virus software' started by Loqka, Jan 20, 2006.

Thread Status:
Not open for further replies.
  1. Happy Bytes

    Happy Bytes Guest

    As i said already it was not intended to offend somebody. The problem in these days is that almost everybody who owns a handful of worms becomes a "antivirus expert" and that everybody who knows how to install and how to use Firefox matches all requirements to be a "internet security expert". I mean of course you can have personal oppinions about malware based on "what you read" but you should take a closer look to the posters/authors. There are many "useless" and security-malware-related flawed statements all over the internet from people which think that they just found the stone of wisedom. Most of the experts do not try to argue with such peoples because it's just a waste of time in the most cases. (This has nothing to do now with this thread, i mean this more from a generic view) The result of this is that a lot of flawed things (and technically untrue facts) circulating around which becoming "professional and true" if many people quoting this or linking to it.
    Hope you understand what i'm trying to say :)
     
  2. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    I understand what you say. The laymans need the experts here on Wilders and I am so stupid to belive the experts need the laymans some times. If the experts dont even bother to talk to us and argue with us - OK it says more about them than about the laymans. I said argue - not talk down to.

    What I have been trying to point out - how much or little expert you ever might be - if you crash down on a software you have not even tried out you are - imho - devaluating your own reputation. So please back to arguments. If you say your an expert and therefor knows best - I am not impressed by that. So many experts in so many areas during my life (I am 57) has proven to be incompetent - so I am hard to impress by titles. Facts and function is interesting.

    So Stefan K, Happy Bytes, tuatara and all you others - how many of you have really tried out DW. If you havent - honestly - why are you trying to talk the pogram or the concept down. It might be innovative and truly good - it might even be better than AVs at zero-day - we dont know. It might be that Rabinovich is a truly talented and innovative programmer - maybe an true expert in his field? We dont know yet.

    So - a question - once again; will we need to clean up the deactivated malware that DW leaves behind - they will not take up much space on the harddrive - so we could leve them there - or? If we can leave them and still be safe - would we need AVs at all?

    This is one thing that interests me to hear your opinion about - experts are wellcome - laymen - are wellcome.

    Best Regards
     
  3. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    The problem with "layered strategy" is that it is almost never explicitly defined and even if it is, one must accept that the definition should be fluid towards the situation. Even when it's defined, it's usually in terms like "assess your likely attack vectors", which, when you get right down to it, is a foreign language to the majority of users and doesn't clarify the solution. Operationally, layering is nothing more than plugging known holes/product deficiencies and having an articulated plan "B" (C/D/E/F...., some of us do get carried away), at least the way I approach it.

    As for suites, they have an important commercial role for many users, though their implementation is sometimes questionable.

    Blue
     
  4. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    BUFFER OVERFLOW EXPLOITS! .WMF exploit is not a buffer overflow at all! It is MS .WMF format feature! You are security expert, you MUST know such the things!

    If you would know nuclear physics (I'm a nuclear physicist by the official education) it would be very easy to guess, that _possibility_ is always exists, the question is how big it is!

    Good luck with it!

    Heuristics are just something very interesting in work. If you set high level of it- it starts to blame normal modules as malware, if it is "normal"- many malware pass throught it.

    Wrong. All the "regular", "well known" AV's were unable to recognize .WMF exploit within a day at least! The screens with the results of this research is somewere there, at Wilders, I don't remember the exact thread.

    First of all- it won't work. I'm not stupid. Just test you method and make sure it will fail.

    In fact, it depends on the professionalism of the user. For example, for me DW is the AV replacment tool, but for the regular user AV can not be replaced with the any sandbox HIPS solution.

    It just block it.

    No.

    I cooparete with the guy who program anti-spyware tool. He has all the latest ITW malware modules and tests.

    OK.
     
  5. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    You see, if you have great knowlege, you time costs a lot! It is obvious!

    Well, I'm one of the "advanced professionals" at forum. But I'll PM you, I'm very interested in making DW as good as podssible!

    100% right. But I'm always tell it! Sendbox HIPS is the tool to protect zones AV and firewalls can't!
     
    Last edited: Jan 24, 2006
  6. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    To kill driver form the ring3? Well, good lack with it! I'm not so tought!

    File infection is forbidden for the untrusted. The result would be the same, even better= it would be no need to manually clean up hard disk!

    I can even say something more tought- idiots even have AV or don't update AV databases! The only wey for the idiots to be secured- do not have computrer at all, it is not for them!
     
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Well, not exectly. The way they protect users are different, they have different featureset.

    Not exactly. People just tell what thay think. You can always tell what you think. And I don't pay people for it- I just have no money to do it!

    Heuristics are not the "silver bullet", it is just a tool. Also, i'd like to say, that unpacking engine within the KAV is signature-based!
     
  8. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Omg, stop the quoting spree. It's killing me.
     
  9. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    c'mon man were not here to attack your software, no way

    just putting some facts right ;)

    no sandbox can ever protect you from social engineering ;)
     
  10. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    775
    Quote:
    Originally Posted by tuatara
    Perhaps it is better to compare DW with tools like ...


    Well, not exectly. The way they protect users are different, they have different featureset.

    Of course, but i think this comparisation is more honest,
    then with Av's don't you agree ?

    And regarding the featureset, yes you are right, Tiny Personal Firewall
    and Regrun have the same feature set and more.


    Quote:
    Originally Posted by tuatara
    I think it is good to mention these as well, otherwise it might look like an
    advertisement thread for DW here.



    Not exactly. People just tell what thay think. You can always tell what you think. And I don't pay people for it- I just have no money to do it!

    Of course the are allowed to do so,
    but please read the whole thread, if it was done out of advertisement purposes, it could not be done better
    .

    Quote:
    Originally Posted by tuatara
    Another thing is that real AV's these days like Kaspersky and NOD32 don't fully rely on the sigs anymore.

    There is something called heuristics as well.



    Heuristics are not the "silver bullet", it is just a tool. Also, i'd like to say, that unpacking engine within the KAV is signature-based!

    I've never told so, but i think it is a bit too simple to say that AV's fully depend on their sigs.
    And we didn't even discussed the Security Suites here.


    Rember i did not say anything negative about your product,
    but i still think it is a bad thing to compare this product with a AV.

    One thing though if you are using a HIPS
    (Host Intrusion Prevention System)

    And you ( a end-user) want to install new, unkown software,
    and that software wants to have access to certain system resources?
    it is always the human that has to decide to allow or not allow this.
    OR TRUST OR NOT TRUST it.
    But does this mean that every person has te knowledge to decide if his/hers decision here, is correct?
    And if the software that he/she want to install is completely free of malware?
    Example: If the software wants to change something to IE like a BHO is this allowed?
    No? and what about Acrobat reader then? or a webtranslation tool?

    ;)

    This problem is complete solved, in TPF, Regrun and Shadowstor, and Online Armor, etc, they can roll back to a previous system state.
    if you made a mistake.

    And ...
    A good AV knows and can determine if this software contains
    malware or not.
     
    Last edited: Jan 24, 2006
  11. Right on man!

    I mean I have no doubt the guys here are expert on AV analysing how malware work, but maybe it has made them shortsighted or brainwashed into thinking that such conventional defenses are the best and/or are necessary. If you spend 15 years using only a hammer, everything starts looking like a nail.

    Maybe what we need is a fresh way of looking at things.

    Something like Shadowuser maybe.
     
  12. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    715
    Location:
    Blasters worm farm
    Somewhere in your post I sense sarcasm, but for the most part you're correct.

    The AV companies claim the market, they control the money, the media, the hype and parinoia. Their pay checks depend on it. Without the need their eduction becomes no more important than the grandma who learns knitting. Once the genie's leave their altar...ooops office, and interact in real life they too become half filled ash trays.

    You don't need to be "security expert" to be secure, nor do you need to be doctor to stay heathly.

    Sheep bear wool, they'll always be at mercy of wolves, never will they enjoy comfort of shepards camp.

    BTW Happy Bytes, if I buy NOD32 does that include ash tray cleaning service ?
     
  13. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    Weaknesses of scanners is an evidence: it does not require to be a programmer to know that, it's just logical!
    And zero day malwares (or unknown ones) is a real problem for AV publishers, and is also difficult to solve without a multi-layered strategy (adding HIPSs and rollbacks protection for home users).

    I've wrote (2 weeks before this thread) an article about the subject:
    http://kareldjag.over-blog.com/article-1649851.html

    My point of view is not scanners/AVs VS Proactive solutions/HIPS.
    In fact, each product can be affected by bugs, flaws, vulnerabilities: McAffe Entercept HIPS is designed to protect against Buffer Overflow, and BO has been found many times for this product: the first criteria is the poularity of the product, and only after knowledge and time.

    As said someone (Bruce Schneier?): Software is not security.

    A software is composed of piece of codes,
    but any piece of code can be theorically broken,
    Therefore any software can be theorically defeated.

    The security subject must be seen globaly, not only with an eye of dev/programmer, security analyst, network manager and so on.
    And most of all, there's a WhiteHat/security business, but there's also a BlackHat/In-Secure business: societies specialised in vulnerabily research and audit (Eeye, ImmunitySec, HSC, IDefense, HSC and so on) have their own business to defend.

    Limits of security systems are often shown by audits, as here with Imperva:
    http://www.imperva.com/application_defense_center/papers/how_safe_is_it.html

    Running with a firewall + AV+2 HIPS (for detection like AntiHook and white list prevention like X or Y) + rollback disk protection is more efficient that deploying only firewall + AV or firewall + HIPS.
    A Task Force of Multi-layered strategy and technology is a piece of good sense: Unseen here (by the scanner), blocked there (by the HIPS)!

    Some searchers have discovered the possibility to spy someone only by the sound of keyboards.
    I'm sure about one thing: Human being can really be genius for doing bad things.
    So who thinks that he is really "100% secure" with or without an Antivirus? NOT me.

    Tks for the test, mister guest.

    Regards
     
  14. Here's sarcasm..

    If I had said...

    "Wow the super expert FastGame says I'm mostly correct, I'm so honored". LOL.

    or

    "Fastgame thinks AV sucks.. What a surprise!"

    But I said neither.
     
  15. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    715
    Location:
    Blasters worm farm
    The sensed sarcasm comes from your past history "Something like Shadowuser maybe."

    I use AV, surprised ?
     
  16. Learn to read, I said if i said "fastgame think AV sucks", I didn't say you dont use them.

    The paranoid here uses everything even if they don't think it's necessary.

    But from your ash tray comments you think it sucks. And that's it's hype and paranonia that makes us use AVs

    Let's recap again

    Yep, sounds like someone who loves his AVs lol
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.