Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
A Bitdefender Internet Security test
Message
<blockquote data-quote="Wave" data-source="post: 573619"><p>Impossible because we'd end up mixing genuine software which has more risky behaviour (but with perfect explanations) such as creating windows services and starting them (e.g. to load a device driver), adding to start-up, modifying the hosts file (e.g. some less-popular and less-sophisticated ad-blockers will use this method to block the hosts), etc... So for this type of stuff, automatic would not be best and if it used a scoring system then by the time a score is reached to auto-block the program it may already be too late. And when it comes to alerts, if the user downloaded and ran the malware, chances are they'll accept the BB/HIPS alerts (sadly) and become infected anyway.</p><p></p><p>But you already know this, I don't aim this post at you. I just quoted that part to respond to the thread.</p><p></p><p></p><p>Well said! <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> (gonna add some details, hopefully you like/agree with them)</p><p></p><p>Using a Virtual Machine will give you benefits since in the case of infection you can revert back via a snapshot and lose the infection; the down-side is that you may have forgotten to back-up files and you should never copy across files from an infected system to a clean state prior to checking that those documents really are clean (e.g. a virus infection can result in the infection of your documents, therefore once they are executed on the clean environment => infection spreads again when the virus code is executed). A sandbox is good but a Virtual Machine is so much better in terms of protection IMO.</p><p></p><p>Not clicking on unknown/suspicious links will give you benefits since you will reduce your chances of running into a new malicious URL which could potentially attempt to execute an exploit; user-intervention counts as clicking a website link, and the malware authors want to infect you with you providing the most minimal effort for them to do so (makes the job much easier for them), therefore exploitation is slowly becoming more and more common. That being said, exploits can be an entire new dangerous game to play with and can be incredibly hard to create (e.g. a new zero-day exploit) depending on the target, so it is probably rare for anyone here at least to just suddenly run into a zero-day exploit which causes host infection (e.g. the website exploit was executed, resulting in the browser sandbox being bypassed and code execution occurring on the host, usually via shell-code).</p><p></p><p>Keeping the OS/any other software up-to-date will ensure that the latest security patches are applied which is a line of defence for exploit mitigation; removing any software you no longer need/is outdated or not supported is another great method for exploit mitigation since it'll result in lowered attack points for exploitation.</p><p></p><p>Using the hosts file to block known malicious/suspicious hosts from a database is a good idea because it can reduce the chances of you becoming a victim of malvertising - that being said, this also counts for using an ad-blocker such as uBlock Origin/Adguard.</p><p></p><p>Using VPN (Virtual Private Network) can be very beneficial because it can help protect your IP address from falling in the wrong hands - that being said it's not really an "essential" in my opinion, but just an additional line of defence if you are paranoid... Since if an attacker does obtain your IP address, they may potentially use it towards attacks such as DDoS (e.g. via a botnet which has infected many systems) and then this can use up all your internet bandwidth via the packets being sent, resulting in you not being able to use your internet resources properly (basically it'll ruin your evening/s haha!).</p><p></p><p>Regarding artificial intelligence, it's not as reliable as they make out since it's impossible to 100% differentiate between clean and malicious, 100% of the time. In many situations, the monitored behavior can show clear malicious patterns and the AI would be able to tell that the program has a high percentage of being malicious, but you never know these days.</p><p></p><p>List can go on... I just wanted to detail some points!</p><p></p><p>Malware is evolving all the time, the best defence is a layered defence - the first line of defence within this layered defence should be yourself in the end anyway. If you fail then you'll become infected, pretty much. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p></blockquote><p></p>
[QUOTE="Wave, post: 573619"] Impossible because we'd end up mixing genuine software which has more risky behaviour (but with perfect explanations) such as creating windows services and starting them (e.g. to load a device driver), adding to start-up, modifying the hosts file (e.g. some less-popular and less-sophisticated ad-blockers will use this method to block the hosts), etc... So for this type of stuff, automatic would not be best and if it used a scoring system then by the time a score is reached to auto-block the program it may already be too late. And when it comes to alerts, if the user downloaded and ran the malware, chances are they'll accept the BB/HIPS alerts (sadly) and become infected anyway. But you already know this, I don't aim this post at you. I just quoted that part to respond to the thread. Well said! :) (gonna add some details, hopefully you like/agree with them) Using a Virtual Machine will give you benefits since in the case of infection you can revert back via a snapshot and lose the infection; the down-side is that you may have forgotten to back-up files and you should never copy across files from an infected system to a clean state prior to checking that those documents really are clean (e.g. a virus infection can result in the infection of your documents, therefore once they are executed on the clean environment => infection spreads again when the virus code is executed). A sandbox is good but a Virtual Machine is so much better in terms of protection IMO. Not clicking on unknown/suspicious links will give you benefits since you will reduce your chances of running into a new malicious URL which could potentially attempt to execute an exploit; user-intervention counts as clicking a website link, and the malware authors want to infect you with you providing the most minimal effort for them to do so (makes the job much easier for them), therefore exploitation is slowly becoming more and more common. That being said, exploits can be an entire new dangerous game to play with and can be incredibly hard to create (e.g. a new zero-day exploit) depending on the target, so it is probably rare for anyone here at least to just suddenly run into a zero-day exploit which causes host infection (e.g. the website exploit was executed, resulting in the browser sandbox being bypassed and code execution occurring on the host, usually via shell-code). Keeping the OS/any other software up-to-date will ensure that the latest security patches are applied which is a line of defence for exploit mitigation; removing any software you no longer need/is outdated or not supported is another great method for exploit mitigation since it'll result in lowered attack points for exploitation. Using the hosts file to block known malicious/suspicious hosts from a database is a good idea because it can reduce the chances of you becoming a victim of malvertising - that being said, this also counts for using an ad-blocker such as uBlock Origin/Adguard. Using VPN (Virtual Private Network) can be very beneficial because it can help protect your IP address from falling in the wrong hands - that being said it's not really an "essential" in my opinion, but just an additional line of defence if you are paranoid... Since if an attacker does obtain your IP address, they may potentially use it towards attacks such as DDoS (e.g. via a botnet which has infected many systems) and then this can use up all your internet bandwidth via the packets being sent, resulting in you not being able to use your internet resources properly (basically it'll ruin your evening/s haha!). Regarding artificial intelligence, it's not as reliable as they make out since it's impossible to 100% differentiate between clean and malicious, 100% of the time. In many situations, the monitored behavior can show clear malicious patterns and the AI would be able to tell that the program has a high percentage of being malicious, but you never know these days. List can go on... I just wanted to detail some points! Malware is evolving all the time, the best defence is a layered defence - the first line of defence within this layered defence should be yourself in the end anyway. If you fail then you'll become infected, pretty much. :) [/QUOTE]
Insert quotes…
Verification
Post reply
Top
