What's the killer app?

Discussion in 'other anti-malware software' started by Iangh, Jul 30, 2007.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Hi twl845,

    I would not argue with that.:thumb: I also agree that "If it ain't broke don't fix it."

    I do think that there is some mentality that says, "Fix it till it's broke." :D

    Regards,
    Jerry
     
  2. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    If you have a Seagate/maxtor drive, you can get Acronis true Image for free.

    You still need a defense against info stealers, especially if you don't reboot often.
     
  3. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I am using the free Acronis TI 10 and it's great. The app offers 40% off the full version, but as far as I can figure the only thing the free version is missing is imaging individual files. fine with me. :D
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    I tend to agree with you there.. I love playing with all these apps and have done so for years now, but my actual "needs" are really quite few... :)
     
  5. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    hi, folks: This is how I view HIPS: Toys are designed mostly by adults, if kids are not invited to test pilot models, their products will never get popular; same token can be utilized to say: HIPSs are developed by computer experts, but if average joes/janes never get a chance to try them out, their products will stay on the shelf(or in d/l server). To developers, guru's inputs play integral part of your excellent products, however, it is general guys and dolls who ink your fate. I have seen too many brilliant products sit in storage and get wasted. Good luck and explore some good thinking. Have a nice one.
     
  6. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Oops, I didn't know about it as I'm logged in. This is data from www.virusinfo.info forum, semi-automatical (HJT, AVZ) ITW malware removal center in Russian segment of Internet. So, I've uploaded this image to my site here http://www.softsphere.com/files/virusinfo_info_data/summ_230707.JPG
    Hope, I have violated nothing...
     
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Do you have any real statistics on it?

    http://gladiator-antivirus.com/forum/index.php?showforum=170,http://forums.techguy.org/54-security/,www.virusinfo.info(this one is in Russian).

    Pure hype. Statistics? Tests results? I'm a (former) scientist, I trust in facts only.
     
  8. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,554
    Location:
    USA still the best. But barely.
    It's PCLinuxOS.
     
  9. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    Da, ochen ploho antivirus rabotaet... ;) R Toje znau rooski! :D

    What does the grey bar (pack / crypt) mean?
     
  10. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
  11. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    "от компании MassageLabs" ;)

    If av detection rates are so poor (the best performing av had a combined score of 72.6%) why does av-comparatives.org post such high detection rates?

    Ie in it's On-demand comparative test for February 2007 - the same av (Kaspersky) got 97,89% in total

    I guess the samples must have been much more recent / new than those used in the av-comparatives tests.

    EDIT: Yes, so true.... "Первый нормальный тест, приближенный к боевой реальности" So av-comparatives is misleading in real world conditions!
     
  12. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Just look at ComputerShopper test structure- the highest scores at e-mail malware and really poor at web-based. Why? Because of structure of malware samples capturing my AV companies.

    All of them have e-mail-based honeypots to capture new malware. So, if you send it over e-mail, AV labs get the samples the moment they send it and generates signatures very fast. So, the score is quite high this case.

    In case of web-based malware, infiltrating you via browsers exploits, for instance, we see other picture. AV labs can't identify all the sites that propagates malware, also, in case if malware module start to be detected, their authors modify sample the way AV engines can't identify it anymore within few hours and immediately put them into web. So, this is the reason AV's are really poor this way.

    And the reason why AV tests are almost 100%- malware samples are too old. Even one week- it is a huge period of time as malware can be modified a hundreds time to the moment of the test itself + the signature will be generated by most AV companies to this time.
     
  13. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Hi Ilya,
    [Pure hype. Statistics? Tests results? I'm a (former) scientist, I trust in facts only.]

    My statistics are that 100% of the people I know do not get infected when they keep the AV and Windows updated. That is a fact that I personally know and that I trust. Most do not even use a top rated AV, and their AS programs are AdAware and Spybot. Strange that they continue to operate without infections or problems.

    I have found through the years that I do not need studies to confirm the obvious.:D I also know that some studies and tests are slanted to "prove" a desired conclusion.

    I'll leave it there. Let each do as he sees fit, but I still think that HIPS are not needed for the average user. Just more stuff to put on the system. My AV with its "old" signatures has kept me safe for the 8 years I have owned computers. But who knows, maybe the sky will fall on me some day, and I'll buy a new computer and put some HIPS on it.:D :D

    PS
    If the AV developers see fit to put HIPS as part of their protection, I won't attempt to disable it.
    Regards,
    Jerry
     
  14. THX1138

    THX1138 Registered Member

    Joined:
    Jul 10, 2007
    Posts:
    14
    Location:
    Under Machine Control
    To each to his own ideas,

    For me it's like insurance, yes most likely you will never get hit but definitely you will wish you had insurance the day you did. I was in the same old school of thought, just a good AV, FW and good router w/FW until the day I had my CC # and info taken. I do not tread to the dark side but somehow either via Ebay or Paypal I got taken or a keylogger was setup on my workstation. Can all the security software protect me 100%? No, but it will slow it down or make it harder for the mainstream crook. Sometimes, ignorance is bliss until reality slaps you like an old whore.
     
  15. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, folks: From viewpoint of an average joe, I am afraid to echo Jerry's remarks. HIPS is NOT a MUST for mild-educated pc users, because they do not know how does HIPS function, plus, compatibility issues have scared them, configuration difficulties have kept their heads spinning. If developers ,one day, can discover or unearth a HIPS which is so easy to use and so simple to understand, and comes with longer period of trial time, perhaps, just perhaps some folks will try it for the sake of curiosity. Until that possibility comes by , the wide acceptance of any HIPS by general pc users will be remained as cloudy and muddy as it can be.. Developers can lecture audience with highly intelligent knowledge, if folks on the floor can not even comprehend a single word, they will think your concept is for the next generation. Sorry to say this, but this is what I have seen from tea cup leaves. Have a nice thinking.
     
  16. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I can see now why we differ. From my point of view Ebay and Paypal ceased to exist several years ago - not exactly the dark side but I can live without them.
     
  17. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I'm not a scientist. But I'm not surprised that detection rates are only around 70% in certain testbeds, I expected lower actually, considering that this is antiviruses we are talking about.

    But I think it might be a jump to go from Antiviruses can detect only 70% to hence, users have a 30% chance of getting infected or even thence users will be infected and need HIPS.

    After all, it's not like all users are going to execute every piece of nasty out there.

    The more interesting data I'm looking for is hard to get. How many fully patched (defined in whatever way you want) users get nailed by a zero day exploit?

    While we are at it, the number of people who get infected via exploits (whether fully patched or not).

    If these two figures are high, then I think we might have some evidence that HIPS might be useful, contingent on the fact that we have data that HIPS prevent such intrusions of course.

    Sandboxes have advantages over "classic" (i hate that word) HIPS, but the reverse is true as well.
     
  18. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Then nothing will happens. Know why? Because nobody will understand that it need them. Only when big companies start moving towards non-blacklisting technologies, the world will change.
     
  19. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,161
    Hi, Ilya: Waiting fat guys to change the world? not always. You can do it, I will tell you why and how: You have an excellent app named DefenseWall? I and most members here do believe it is a grade AAA beef. And you can stir up the pot by offering everyone, yes everyone who even has slight interests, ONE YEAR free trial. I can assure you that your email box will be full and cellphone will ring off the belt(assuming you clip it onto your waist belt),if the number is made public by your followers. Have a nice thinking.
     
  20. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Now that sounds like a winner to me. Even I am willing to try it if there is a guarantee that it will not conflict with any program I am using, will not worry me to death with warnings, and will prevent my CC from being compromised on the web. The security applications I use are shown in my signature.

    I must say that as I have read the various posts on different forums, I have seen many more problems with conflicts between programs than infections of any kind. Many of the infections turn out to be FP.

    I truly would like to know what percentage of users throughout the world or the US get infected/compromised when a HIPS application would have prevented it. I would suspect that no one knows the answer to that even reasonably close. That would be a fact that I could latch on to.

    But if the above guarantees could be met I would try one.

    Regards,
    Jerry
     
  21. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    849
    Location:
    Melbourne, Australia
    Thanks for all the comments.

    Before posting my views I would like to segment myself in marketing terms: I'm your average Joe who believes in security so I visit forums and although I know what the programmes do I frankly am not interested in why and how.

    I have two teenagers who care less about why and how than I do.

    In a way I reckon I represent the two main market segments from a security supplier's perspective.

    Firstly, I have to echo JerryM in that we never get infected so from a probability point of view we are safe surfers (When googling we use siteadvisor to help us decide whether a site is safe). With that in mind and with regard to zero-day effects I suggest I could say the probability of us getting hit by a zero-day is less than that of getting a known virus. I assume zero-day starts in the dark-side and migrate.

    Secondly, would I like a HIPS? Yes, I would actually but....

    I like apps to be light and not effect my browsing speed.

    As a reference we currently have the Avira suite on trial and on this site http://www.numion.com/Stopwatch/ I can usually get Excite in 8.5s with Avira guard scanning all files and medium heuristics.

    The paradox of HIPS is even though they don't rely on a signature they do in a way because the user has to say whether the programme is trusted or not. Your typical informed user will check the credibility of the site through siteadvisor or reviews, or upload to VirusTotal/Jotti but the final decision rests with the user unless I have missed something. Note, I said informed user.

    I tried Online ArmorAV and I think this is moving to the ideal from the average user point of view. Now being a marketing man I have assumed that OA wants to target the mass-market. It is a nice mix of HIPS, whitelist, blacklist and AV. However, it stop watched at 10.5s and I noticed web-pages load slower in that images took their time to build. Also, I use ERUNT to backup the registry every daily start-up and OA blocked this. Could not figure out how to make this go away although it was logged in events. BTW, Mike, may be worth you checking your forum registration as I tried last night and received nothing. I used my personal email which is hosted on Google so that might be the problem. Price is 104AUD (I assume the site pricing is in USD) with 81AUD for ongoing years.

    My next option was to tack Defensewall alongside Avira. Sop watch of 10.5s, again. Plus, similar experience with images. Some people will say why not get rid of Avira and just run Defensewall? Well, as I said, HIPS by itself is signature-based in a way in that relies on me to say I trust the programme so I like the idea of having anti-virus running alongside. Defensewall is incredibly light but I can't get used to running Firefox as trusted to get updates/extensions. Excellent, bullet-proof programme if you are prepared to adopt new habits. I think it would be more user-friendly if it checked the download site and Defensewall automatically allowed updates from the whitelist. I feel this programme is attuned to the informed user who knows what they want and are happy to change their habits. To me it's too fiddley for your average Joe. Again, I am being presumptive in assuming Ilya is targeting the mass-market. Price is 110AUD (3 licences) and 40AUD ongoing. Avira is 95AUD ongoing.

    I have also tried Geswall and had a HP printer problem which Brian solved instantaneously. My son had a alert from Messenger that popped up and although I am sure Brian would have given me the solution straightaway it was not as user friendly as I would have liked.

    I have to say that the support from Brian, Ilya and Mike is amazing!!!! If you do have a problem with any of those programmes you get an answer quickly.

    I have also tried Prevx but didn't find it as stable as the other two but I do like the concept.

    For the average Joe you need something that works out of the box and does all the fancy things in the box out of sight of the user. How many know users that don't realise the importance of updating antivirus definitions? There's still quite a few around. Your typical average user relies on the likes of people that visit Wilders et al to set-up the PCs and install security etc. Back in the UK I had 3 houses within 50m of my house for which I was tech support. I still get calls from them even though I am in Australia! How many friends/relatives do you look after? And guess what, as I'm doing it for free I won't recommend programmes that will result in support calls.

    I want HIPS but I want a friendly HIPS. OnlineArmorAV is the closest. Prevx is up there as well.

    Ilya, if I may be so bold, for the mass market Defensewall needs to be less hands-on.

    To the HIPS manufacturers stop trying to be different to each other. To increase take-up you should market the same type of HIPS which I term hybrid A-V/HIPs because they rely on signatures and white/blacklists. Assuming you are after the mass-market, of course. Keep it easy for the punter. They know what anti-virus is. Before getting them to differentiate between your different companies you would be better off jointly selling the new concept. After the market is established then you can focus on beating each other. To increase your probability of acceptance start by marketing the same thing because that's the only way your (collective) voice will be heard.

    If you are not after the mass-market then there are users who want more control but their segment is a lot smaller.

    For now, I intend to buy Avira. If Online ArmorAV didn't effect my browsing speed that would have been the buy (assuming my ERUNT problem is solved).

    BTW, I have tried KIS, NIS and FIS. Recently, I have had so many programmes on my PC it is now tired and has requested that I do not install any more security programmes before others make suggestions.

    Ian
     
  22. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Yes. That does seem to be the concensus.

    Wow. How can Defensewall be less hands-on? The problem with sandboxes is that the concept might be difficult to grasp.

    Are they really that different? SSM,ProSecurity,EQsecure,Online Armor,AntiHook etc (in most respects) are really clones of one another feature wise, though the interface looks quite different and the terminology is sometimes different.

    Similarly Sandboxie,BufferZone, and GesWall,DefenseWall are very similar.

    Standardisation would be nice though.
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Thats the reply we have at our disposal. It might be a cat and mouse game they use but the cat always has the variety of advantage. They always stay focused on any target that threatens their existence and they always come up with an answer to meet any challenges. Its always been in their nature to survive.

    A cat has nine lives, a mouse doesn't.
     
  24. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    Ah ! That is the question. Do I really need a defense against info stealers ?

    Like most on this list I have tried out an almost endless list of Killer apps - none of which upon reflection seem to have actually ever done me any good. Everyone raves about Nod32 so I tried it the other day - found nothing. Hips are supposed to help - ran ProSecurity for a while -- nothing.

    Basically in the last 11 years I have not seen a virus nor suffered from ant spyware. I have been plagued with false positives but never the real thing.

    I no longer run any on line anti-virus, antispyware, Hips, ......... just a hardware firewall and a bit of safe surfing and common sense with the mail.

    So have I been incredibly lucky or is it just possible that the threat is not as bad as some would have us believe ?
     
  25. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I assume your house has never burned down, but you bought fire insurance, right? And if your smart you have at least 2 smoke alarms on your ceiling. But what are the odds you'll need them?:D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.