Why Is Antivirus Software Still a Thing?

Discussion in 'other anti-virus software' started by mood, Nov 14, 2018.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,852
    Location:
    U.S.A.
    Also of note, there is an AV that works by whitelisting. It is PCMatic. Recently they have expanded into the corp. server market.
     
  2. guest

    guest Guest

    Yes PCmatic is more an anti-exe (with big whitelist) disguised as an AV lol.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,392
    Location:
    The Netherlands
    Exactly, I'm personally not a fan of AV's because of the bloat and spying, but I'm afraid they are still needed to protect the average user. Especially on Windows where there is no walled garden, but even on Google Play and the Mac App Store there is malware available.
     
  4. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,889
    AV has never been my first layer, Sandboxie and Shadow Defender should take care of 0 days threats. If I'm hit, I will never know unless I see system strange behaviour, in which case I would restore an image. AVs are still useful to "quickly" check downloads, and to name malware when identified. Very effective for average users which means the majority.
     
  5. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    892
    Location:
    india
    The entire article to me is centered around "AV's still a thing?" I dont see how AV's can be obsolete unless there are still some products using the same old tradational cat and mouse type only simple signature engine based product.

    Most AVs today are using a fine blend of technologies and advancements in other features too that's why AV's are still a thing.HIPS is great and all but it can still be bypassed.There is no one stop shop to bad guys.If the industry migrates so will they.Leaving everything upto the user or a sandbox is dangerous if the man behind the gun isn't smart enough and what happens when legit programs that are whitelisted get infected?

    Malware is just more complicated than what is usually thought.Most malware today that are causing chaos have a infection chain in the way they spread.Even their binaries have stages.Like for example Ursnif.Packed binary>>unpack via self injection or creating new process>>intermediate loader (x32/x64)>>injection module(client.dll or rpvcrt4.dll) >> injected payload into iexplorer.exe.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,852
    Location:
    U.S.A.
    To supplement the above #30 well stated posting, I will add this.

    Despite all the recent disparaging about signature detection being obsolete and the like, it still remains the only 100% positive way to identify malware. Anything else is a best guess approximation. Granted Next Gen machine learning methods show promise in malware detection, they are still quite a way from being 100% reliable if ever they reach that threshold.

    So for the foreseeable future, malware signature detection coupled with supplementary behavior detection methods is the best approach for the majority of PC users.
     
  7. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,154
    Exactly and with all respect for some security enthusiasts, I simple dont see default deny as the solution for home users, it is something for corporate environment that should have a very limited set of applications running.

    I will use myself as a example: Why should I bother with default deny? I am the only user of my machine and if I want to execute a application, I will do it, the only scenario that I see value of default deny in my machine is if it is hit by a advanced exploit (not going to happen anyway).

    Ironically, default deny and "advanced tools" have much more value for average users and most of the time they cant use it properly, so antivirus is here to stay and while not perfect they are optimal for many usage scenarios.

    Some "advanced" security combos that we see often on security forums are more about "geekiness" than security/efficacy, while an antivirus solution usually can offer more for the user (100 % positive way to identify malware).
     
    Last edited: Nov 18, 2018
  8. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    259
    Location:
    Wonderland
    Well put Nightwalker!
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,735
    Location:
    Canada
    It's not that difficult to both set up and maintain a default-deny policy on a typical home machine. The time spent doing so is well worth the benefits of the security it provides. Personally, I don't buy the notion that it's only beneficial for corporate environments. Just my opinion based on experience I've had using the default-deny approach, especially when I was using Applocker on Windows 7 Ultimate.
     
  10. guest

    guest Guest

    I agree. All depends of the willingness of the user and what kind of default-deny mechanism.
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,674
    Location:
    Slovenia, EU
    @Nightwalker I agree. I see situation similar as you. Advanced tools are usually for users that don't need them, those that need them don't know how to use them. If they knew how to use them, they probably wouldn't need them.
     
  12. guest

    guest Guest

    A bit too simplistic view IMO, again all is about the context, taste and stance of the user.
     
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,735
    Location:
    Canada
    Actually, Default-deny can hardly be deemed as "advanced". It's really nothing more than a guest list; if you're not on it, you're not allowed in. The mistake some people probably make is in utilizing hash signatures for files. This works great at keeping out those that don't match, but they make for far more maintenance when software is routinely being changed or upgraded. Path or Publisher (if the latter is available) approach is easiest.
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,674
    Location:
    Slovenia, EU
    Yes it might be simplistic, but my experience so far shows me that it's not far from "truth".
     
  15. guest

    guest Guest

    I know what you mean, we still see it everyday in this forum.

    In my case for example, I could easily live without advanced tools, but i like to and know how to use them, and i need them for various reasons.
     
  16. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,154
    Well said, that's why HIPS and some exotic tools left the market.
     
  17. guest

    guest Guest

    You will find them in corporate markets.
     
  18. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,154
    Yes and this doesnt contradict what I said earlier (post 32), just reinforce it.
     
  19. Spec7re

    Spec7re Registered Member

    Joined:
    Sep 21, 2018
    Posts:
    22
    Location:
    Earth
    I agree @Nightwalker

    AV/AM are still necessary IMHO. Its far easier to use for home users compared to advanced programs/setups. A lot of these advanced programs and or setups (ie: default deny) are really directed towards geeks and the corporate environment. Sure you can take the time to teach someone to use a default deny setup, but for someone like my parents, its way too complicated for them. Believe me, its not that they are not willing to learn how to use such a setup, but I already know that it would be way too much for them and I would have to write everything down. I think it far easier to teach and instill safe computing habits (ie: don't open email attachments, don't click on random links/Ads, etc...) and have an AV/AM running, than to teach them something like default-deny. Having an AV/AM solution and teaching them good habits has kept them malware free and their setup is far simpler to use and is able to meet their needs much more easily. I'm not saying that a default-deny setup is bad or anything, it does its job quite well, but we cannot assume that what may be simple for us geeks, is simple for everyone.
     
    Last edited: Nov 21, 2018
  20. guest

    guest Guest

    In my past life as repair guy, everytime I fixed a customer's pc due to an infection, i gave them a copy of my safe-habits checklist and I install a set&forget AV. Then I barely get calls from them.
     
  21. Spec7re

    Spec7re Registered Member

    Joined:
    Sep 21, 2018
    Posts:
    22
    Location:
    Earth
    It's amazing how much practicing safe habits can help!;)
     
  22. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,080
    Guys, based on your opinions which default deny would be easier for the common users? Default deny based on prompts or default deny that simply blocks?
     
  23. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    3,659
    Location:
    Mexico
    I'm a common user and I like prompts whenever a block occurs cause I need to know what's going on in my pc. In the end the user has to try and decide what suits for him.
     
  24. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,397
    Location:
    USA
    Easier would be default block which Norton, WD, and some others do. However, as I manage some common users I don't like default block, because false positives. I don't think there is a way to win. No software can always determine what is safe and what isn't. Neither can the users. :eek:
     
  25. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    892
    Location:
    india
    Remember that machine learning sauce has been around for a while (AV's have been doing it for longer than what it seems which is only growing) and you simply can't discount it's effectiveness for a security program whether its for generating "simple signatures" or studying malware family behaviours.

    AV in today's world as I said is just NOT a simple siganture engine as I said.Its a combination of different tech + features thats why its realevent and always will be.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.