What anti-virus will YOU use?

Discussion in 'other software & services' started by alien51, Jun 6, 2005.

Thread Status:
Not open for further replies.
  1. alien51

    alien51 Registered Member

    Joined:
    Jun 6, 2005
    Posts:
    9
    These two articles provide some very interesting insights on hacker trends.
    Stealth virus warning sounded again
    Triple-Barreled Trojan Attack Builds Botnets

    In summary, organized crime will dominate the virus scene to create zombie networks for profit. This is really not new, but their tactics are thought-provoking.

    In an attempt to foil anti-virus technology, largely based on signature recognition, they are infecting smaller sets of computers each with it´s own variant. This makes the task of hunting down signatures very hard as samples are less likely to be reported to anti-virus companies. When Sasser and Blaster hit the internet, anti-virus companies can respond swiftly since the attack is highly publicized. Not so with 5000-10000 infected computer sets.

    This trend shows that next generation anti-virus will have to rely more on heuristic techniques. Kaspersky and NOD32 are among the top anti-virus products available today but the comparatives at AV-comparatives show that their strong points are different. Kaspersky has an unparalleled database of threats that are updated within hours thanks to a commited and highly skilled staff. NOD32 excels in detecting new/unknown viruses, probably due to advanced heuristic engine. As the war gets tougher who will you bet to keep you protected?

    I just wished they were both one product! :D
     
    Last edited: Jun 6, 2005
  2. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    While early detection of malware will have to be considered the first line of defense, I think that the best way to go is to create a protective shield that prevents unauthorized programs from ever executing - e.g. ProcessGuard, WormGuard, and similar. Even products such as RegDefend and Prevx, while offering protection, are still "after-the-fact", that is the malware has already begun to execute. It should be interesting to watch how security products in this category of "system sentries" evolve.

    Rich
     
  3. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    Indeed. Particularly as any such application has to tread a very narrow path between alerting the user to threats and ensuring that the computer is still usable. There's little point in protecting against malware with apps that in reality generate more pop-ups than the worst adware... People will disable them only to become vulnerable or to replace them with less stringent protection which bothers them far less often, but then leaves them open to attack.

    Getting that balance right isn't always easy - I got fed up with Jetico which is, after all, an excellent firewall, but pops up far too many alerts.

    Just something to consider whilst pondering the "next generation" of malware defences.
     
  4. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    Hey Rich, you're starting to sound like a broken record (LOL). Are you working for DiamondCS now? :D

    I'm hearing what you're saying, though, and I know how strongly you believe in both the product and the approach, and I applaud the helpful and informative posts that you provide. I guess I just found it kinda funny that you seem to slip "Process Guard" into nearly every topic these days, even when someone asks about AV. Oh well, just messin't with ya.....have a good one ;)
     
    Last edited: Jun 7, 2005
  5. Pollmaster

    Pollmaster Guest

    And don't forget KAV :)


    Well nothing wrong with that. We all have our favourites. There are worse products to be hung up on, though I personally doubt if PG will protect you from the threats mentioned in the article (if you are vulnerable at all, which is a big IF).

    The problem is, in many cases, such threats would fall into the "authorised processes" category (an attachment you chose to open for example or a trojanised freeware program you ran)

    Evil 'unathorised' processes are much rarer ,then people would have you think.

    The nice thing about 'antiX' products as Rmus calls them is that you can slip it into any discussion about any malware threat.

    Of course, that alone should warn you to be suspicious of how useful that measure is. An answer that applies to all questions, isn't really much of a question.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,058
    Hi Rich

    Not sure I agree about Prevx. I like the extra layer it provides in that it warns when something trys to even drop an exe, or dll file in place. That gives me an extra chance to say no.

    Pete
     
  7. Pollmaster

    Pollmaster Guest

    Some are hung up on the idea of catching things as early as possible.

    The problem is if your scanner does not recognise the malware, and you are commited to running the program, you will have to let the program run, and this is where the other behaviourial monitoring heuristics kicks in and warns you of suspicious behaviour.

    That in many cases can be extremely useful, if you are in the habit of trialing lots of new programs.

    PG's execution protection is useful in the following cases

    1) You accidently start a program you don't want to
    2) Some malware utilising a zero day exploit/bug in your email client,browser etc runs spontanously (very rare)

    However for the more common case of software you run yourself , the "catch it as early as possible" routine doesn't work , you must run it at least "a bit" , and watch it's behaviour for it to tip it's hand..

    This is where PG comes into it's own by watching hooks, driver installation etc IMHO. Regdefend, PrevX has its points as well and so do many other products which monitor various things.

    Such measures are typically considered "proactive" because they don't rely on signatures and can help alert users to malware without updates.

    Proactive doesn't mean only execution protection , it certainly doesn't mean catching malware as early as possible in the execution stream.
     
Loading...
Thread Status:
Not open for further replies.