Your favourite class of anti-malware software

Discussion in 'polls' started by aigle, Aug 18, 2006.

?

My favourite class of anti-malware software is

  1. signature based( most AVs, AS)

    31 vote(s)
    39.2%
  2. behavioural blockers( like CyberHawk, part of KIS)

    5 vote(s)
    6.3%
  3. HIPS( PG, SSM etc)

    22 vote(s)
    27.8%
  4. Virtualization software( like ShadowUser, SS)

    3 vote(s)
    3.8%
  5. Sandbox( GesWall, Sandboxie, DefenceWall etc)

    7 vote(s)
    8.9%
  6. Instant Recovery( RollBackRx, FDISR -- they might have a role)

    5 vote(s)
    6.3%
  7. Imaging( ATI, Terbyte-- might have a role just like above option)

    3 vote(s)
    3.8%
  8. Others( I must have missed some options- pls state)

    3 vote(s)
    3.8%
Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    There are many different types of antimalware software available now a days and infact sometimes it is difficult to choose between many different types of security software in layered defence. Though many of us use layered defence against malware but each one of us has personal preference and liking about the types of anti-malware software he uses. So I constructed this pool to see what is the liking of memebers here. Pls post ur liking and explain why u like it. Pls choose one option u like most.( Pls I don,t mean to ask that what is the most useful class of these antimalwares, I just mean to ask what class attracts u most and looks more promising).
    I personally like sanbox type of security software most. Reasons--

    - zero day protection( can,t be 100% in any way)
    - no frequent updates
    - no frequent pop ups
    - might be less conflicts
    - might be less slow down of system
    - easy to configure and use
    - good for even beginers

    I may be wrong in above points but in any way my favourite class is sandbox type of software and currently I am using GesWall. Install and foreget type of application mainly. I have also used Sandboxie, though sandboxie has more protection but free version does not have function of auto-sandboxing of different aplications, and moreover it is my personal feeling that the more aggressive is the sandboxing, the more conflicts arise and also u might loose a bit more pf the functionality of sandboxed applications.
     
  2. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    I also like the sandbox approach but prefer HIPS (specifically SSM) because it allows me to decide what happens to my system (including when, how, etc.).

    I also like virtualization, not only from a security stand point but it allows me to try many different apps while preserving my system.
     
  3. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    I voted for Others, which stands for firewall, the layer protection.
    Firewall provides zero day protection against Windows vulnerabilities.
    Then, there is no need to have updates since SP2 (except WMF patch).
    Of course, I have all updates, but I do not need to hurry up to instal them.
    I allways wait till AutopatcherXP is released and I can still visit any webpage.
     
  4. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Allthough I like HIPS, Sandboxing and instant recovery I voted for "imaging" since one could only vote for one thing. Imaging with a simple no hassle imaging program built for reliability is the last line of defence and gives the ultimate peace of mind.
     
  5. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Ditto !!
     
  6. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Same thing here...
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i voted signature-based because i just want any sneaky malware to caught and removed. as for the others:

    behavioural blockers - never tried
    HIPS - too many pop-ups and requires user knowledge. prevx1 is great tho. almost no pop-ups.
    Virtualization software - never tried
    Sandbox - ok but i dont rele like them.
    Instant Recovery - never tried
    Imaging - i have ATI but i dont use for anti-malware purposes. any infections i do get (rare) can be cleaned/deleted easily.
     
  8. herbalist

    herbalist Guest

    Of the methods listed, I prefer HIPS, SSM specifically, but not standing alone. IMO, filtering should be on the list. While HIPS can effectively "filter" what is allowed and what isn't, content filtering prevents a lot of problems. Common sense can protect you from most e-mail borne problems. You can avoid the majority of malware by watching what you install. Web pages are an unknown, even ones you know. Web sites themselves are being attacked and exploited more often than ever before. If your favorite trusted site is exploited one day, and you have it in your trusted zone, a lot can happen. Filtering apps like Proxomitron can stop a lot of malicious code from ever getting to your browser.
    Rick
     
  9. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    I personally found that a good HIPS prevented me from ever getting a antivirus popup. I personally have nothing against blacklists other than the fact that they were always one step behind.

    Imaging software is always a good last resort I am starting to find now. [Never had a external harddrive till now.]

    Never did get the Sandbox or any other virtualization to work correctly with this old computer, so I tend to shy away from such options.

    I guess it'll be a good HIPS for me, should I ever use M$ again.
     
  10. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    HIPS for me...Online Armor to be specific.
     
  11. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    All of the above :D
     
  12. dabruro

    dabruro Registered Member

    Joined:
    Aug 23, 2006
    Posts:
    15
    Location:
    New York, US
    want new type of anti-malware software: a *separate* sandbox for each site I visit

    I run my browser as an unprivileged user I created (runas /user:unpriv "C:\Program Files\Mozilla Firefox\firefox.exe"), which I think helps. I don't think dropping administrator or other rights is as good because all the malware has to do is infect any of your executable user files (which don't require admin rights to change) with code that waits to be run *with* administrator rights and then does whatever.

    For a few critical sites (e.g. for financial transactions), I never visit those as the unprivileged user (which I'll assume could be infected with god-knows-what), but rather under my usual Windows user (with Admin). I guess eventually I'll delete that user account and create a new clean one.

    Of course I have AV and AS which are mainly signature-based but have some behavioral blockers too I would say.

    I've also started experimenting with free browser add-ons like McAfee SiteAdvisor (impressive!), CallingID, and Netcraft within my browser in order to avoid "bad neighborhoods" on the web. Also firekeeper which I would say is a behavior blocker.

    **But what I'd REALLY like**, if it were available, would be a browser that runs in a separate sandbox for each site/domain. I also saw this idea mentioned (but dismissed merely because there needs to be some trusted common component) in an older thread here.

    I've tried sandboxie, but the problem with sandboxes or virtualization is *knowing when to reset/clear them*! If you get some malware in the sandbox, it can for example steal passwords and modify transactions that you enter at other sites browsed in that sandbox from then on. By the time you clear the sandbox it may be too late to prevent that. If you clear the sandbox too often then you may lose downloads/bookmarks/cookies/history/etc. that you wanted to keep using.

    If you could automatically browse each site its own *separate* sandbox, then the malware wouldn't be able to hurt you as you visit other sites.

    I know this probably wouldn't be easy. It's a similar concept to the per-site sandbox that a Java applet runs in, except now we would have to sandbox all of the important parts of the browser, much of which may be implemented in native code rather than something more managed like Java.
     
  13. Uguel707

    Uguel707 Graphic Artist

    Joined:
    Nov 9, 2002
    Posts:
    2,999
    Location:
    San Diego
    I like Process Guard because it can block Malware and Trojan Activities
    at a deep level. The interface is handy and requires minimal user configuration
    and yet I feel that the program offers great protection.:)
    I also added NoScript, McAfee Site Advisor and Netcraft Toolbar to Firefox.;)
     
  14. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,215
    Virtualization + HIPS are likely to protect a computer from any attack theoretically. But how many people at Wilders are prepared to run their system without a good Antivirus?
     
  15. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,515
    Location:
    USA - Back in a real State in time for a real Pres
    I follow my sig. So I voted imaging.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I have to choose HIPS, the ability to block certain things (possible dangerous behavior) is really cool. And I think sandboxing/virtualization also has a great future, but these tools still need to improve a lot. Problem with signature based solutions is that they are still missing a lot of malware, even heuristics can´t solve this problem. This means that just because a file comes up clean, it does not mean it´s not malware, that´s just the said truth. :doubt:
     
  17. marcromero

    marcromero Guest

    Dr.Web anti-virus.
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U should have said signature based then.
     
  19. marcromero

    marcromero Guest

    My mistake, sorry.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Never mind. Just shows ur love to Dr.Web. lol
     
  21. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,674
    Location:
    Philippines, the Political Dynasty Capital of the
    I vote for two...:D

    Signature based as in my anti-virus like CA eTrust or Avast, and antispyware like Ewido.

    And also HIPS..like ProcessGuard and WinPatrol Plus..:thumb:

    Maybe, most firewalls has also this HIPS like feature but they slowed down my pc, so back to some "purebred firewalls". :D :cool:
     
  22. Happy-Dude

    Happy-Dude Registered Member

    Joined:
    Aug 28, 2006
    Posts:
    54
    Location:
    United States of America
    I voted Signature Based due to sometimes that it has great accuracy (though taking longer timing) on detection and sometimes removal. But, HIPS comes close to a second. Optioned and ask for user permissions, etc. etc., making very flexible to use. But, the problem is always the user ... Does the user know exactly what to do ?
     
  23. Badcompany

    Badcompany Registered Member

    Joined:
    Nov 18, 2005
    Posts:
    752
    Location:
    RUNCORN UK.
    Signature Based, Dr.Web Anti-virus.
     
Loading...
Thread Status:
Not open for further replies.