we all hope AI , BB, HW solutions etc will help to reach the 100 % detection one day.
Impossible because we'd end up mixing genuine software which has more risky behaviour (but with perfect explanations) such as creating windows services and starting them (e.g. to load a device driver), adding to start-up, modifying the hosts file (e.g. some less-popular and less-sophisticated ad-blockers will use this method to block the hosts), etc... So for this type of stuff, automatic would not be best and if it used a scoring system then by the time a score is reached to auto-block the program it may already be too late. And when it comes to alerts, if the user downloaded and ran the malware, chances are they'll accept the BB/HIPS alerts (sadly) and become infected anyway.
But you already know this, I don't aim this post at you. I just quoted that part to respond to the thread.
guys the first security layer is the user , test files in vmware , sandboxie ,autosandbox , use separate environment for work don't click on unknown links , use updated hosts block sources , keep system updated this for the experienced user , can a regular user get the same protection automatically ? with a product which use Artificial intelligence even if the PC is not connected to internet ? if there is no such product there no 100% shielded system
Well said!
(gonna add some details, hopefully you like/agree with them)
Using a Virtual Machine will give you benefits since in the case of infection you can revert back via a snapshot and lose the infection; the down-side is that you may have forgotten to back-up files and you should never copy across files from an infected system to a clean state prior to checking that those documents really are clean (e.g. a virus infection can result in the infection of your documents, therefore once they are executed on the clean environment => infection spreads again when the virus code is executed). A sandbox is good but a Virtual Machine is so much better in terms of protection IMO.
Not clicking on unknown/suspicious links will give you benefits since you will reduce your chances of running into a new malicious URL which could potentially attempt to execute an exploit; user-intervention counts as clicking a website link, and the malware authors want to infect you with you providing the most minimal effort for them to do so (makes the job much easier for them), therefore exploitation is slowly becoming more and more common. That being said, exploits can be an entire new dangerous game to play with and can be incredibly hard to create (e.g. a new zero-day exploit) depending on the target, so it is probably rare for anyone here at least to just suddenly run into a zero-day exploit which causes host infection (e.g. the website exploit was executed, resulting in the browser sandbox being bypassed and code execution occurring on the host, usually via shell-code).
Keeping the OS/any other software up-to-date will ensure that the latest security patches are applied which is a line of defence for exploit mitigation; removing any software you no longer need/is outdated or not supported is another great method for exploit mitigation since it'll result in lowered attack points for exploitation.
Using the hosts file to block known malicious/suspicious hosts from a database is a good idea because it can reduce the chances of you becoming a victim of malvertising - that being said, this also counts for using an ad-blocker such as uBlock Origin/Adguard.
Using VPN (Virtual Private Network) can be very beneficial because it can help protect your IP address from falling in the wrong hands - that being said it's not really an "essential" in my opinion, but just an additional line of defence if you are paranoid... Since if an attacker does obtain your IP address, they may potentially use it towards attacks such as DDoS (e.g. via a botnet which has infected many systems) and then this can use up all your internet bandwidth via the packets being sent, resulting in you not being able to use your internet resources properly (basically it'll ruin your evening/s haha!).
Regarding artificial intelligence, it's not as reliable as they make out since it's impossible to 100% differentiate between clean and malicious, 100% of the time. In many situations, the monitored behavior can show clear malicious patterns and the AI would be able to tell that the program has a high percentage of being malicious, but you never know these days.
List can go on... I just wanted to detail some points!
Malware is evolving all the time, the best defence is a layered defence - the first line of defence within this layered defence should be yourself in the end anyway. If you fail then you'll become infected, pretty much.
