Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Webroot Secure Anywhere vs Zero Day Scriptor
Message
<blockquote data-quote="cruelsister" data-source="post: 427128" data-attributes="member: 7463"><p>Actually for a decent sized organization it's more of the 6 figure ballpark. but certainly not for home use.</p><p></p><p>Sent1 is actually a decent product in that it takes advantage of the current trend of Dynamic Analysis (essentially Real-Time Forensics). For those not familiar, in a nutshell when a file is run the specific actions of the file is monitored, and if it fits into a malicious pattern it is immediately stopped (God, that is a very small nutshell- for those that are familiar with DA forgive me- this post has to be less than 100 pages).</p><p></p><p>The issue with Sent1 is that they are doing this without a sandbox, and the reason they give is that some malware are sandbox aware, so wouldn't be caught by those security products based on Virtualization. This is my issue with the product. Although totally true that some malware are indeed Sandbox aware and will slip by the riff-raffy Enterprise virtualization solutions (no names) the higher quality Solutions will use Dynamic Analysis within a sandbox. The point of this approach is that prior to the malware realizing it is within a sandbox, it must first query its environment. This is the point that the malware will be terminated- basically if you open your eyes to see where you are we will kill you.</p><p></p><p>Using Dynamic Analysis without virtualization will also kill any malware that questions its environment, but will not stop anything that as a first action does something malicious (like deleting files). Last year I stopped off at their booth at some conference or other and brought up this point. The answer was that they are working on damage mitigation procedures that will be out real, real soon (in other words, you're screwed). Although to be fair their product does automatically shut down trashed Endpoints very fast (sarcasm).</p><p></p><p>And that AV-TEST award still makes me giggle. It's almost as meaningful as being crowned King of the Hobo's.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 427128, member: 7463"] Actually for a decent sized organization it's more of the 6 figure ballpark. but certainly not for home use. Sent1 is actually a decent product in that it takes advantage of the current trend of Dynamic Analysis (essentially Real-Time Forensics). For those not familiar, in a nutshell when a file is run the specific actions of the file is monitored, and if it fits into a malicious pattern it is immediately stopped (God, that is a very small nutshell- for those that are familiar with DA forgive me- this post has to be less than 100 pages). The issue with Sent1 is that they are doing this without a sandbox, and the reason they give is that some malware are sandbox aware, so wouldn't be caught by those security products based on Virtualization. This is my issue with the product. Although totally true that some malware are indeed Sandbox aware and will slip by the riff-raffy Enterprise virtualization solutions (no names) the higher quality Solutions will use Dynamic Analysis within a sandbox. The point of this approach is that prior to the malware realizing it is within a sandbox, it must first query its environment. This is the point that the malware will be terminated- basically if you open your eyes to see where you are we will kill you. Using Dynamic Analysis without virtualization will also kill any malware that questions its environment, but will not stop anything that as a first action does something malicious (like deleting files). Last year I stopped off at their booth at some conference or other and brought up this point. The answer was that they are working on damage mitigation procedures that will be out real, real soon (in other words, you're screwed). Although to be fair their product does automatically shut down trashed Endpoints very fast (sarcasm). And that AV-TEST award still makes me giggle. It's almost as meaningful as being crowned King of the Hobo's. [/QUOTE]
Insert quotes…
Verification
Post reply
Top