Absolutely the most powerful antivirus?

artek

Level 5
Verified
May 23, 2014
236
I used to be uber-paranoid, hence the "how to setup a layered security strategy" guide imade here, was quite popular; but at the end, i never got even a single threat requiring my security softs to kick in... lol.
At the end, i'm finally using what Windows 10 offers me, and eventually one security soft to toy with.

I haven't seen any piece of malware on my personal use machines in like 10+ years. And the only time in my life that I actually got infected with anything, the malware blew right past my hips program like it wasn't even there.
 
F

ForgottenSeer 823865

Online Armor. Though to its credit I did see all of the outbound connections it had been making for the past six hours after I ran the media file.
Yeah Online Armor was my favorite at that time, but you had to tweak it to make it "almost" bulletproof, unlike what most people think and all those alternative setup guides i saw, there is only one way to use an HIPS properly, use it at its tightest mode (Paranoid Mode or whatever they call it), because HIPS were made to alert about every changes; whitelisting and cloud rep were added for convenience because people can't or are lazy to set them properly via rules.
the worst for me was this Cruel Comodo joke, to be honest, using a HIPS program without using the HIPS...come on...in that case just use a real sandbox LOL
 
Last edited by a moderator:
F

ForgottenSeer 823865

Which is the problem with auto-sandboxes, if the users don't have the skills to differentiate legit from malicious processes, it becomes useless, you are better if with an anti-exe. I don't even talk about sandbox-aware malware.
 

artek

Level 5
Verified
May 23, 2014
236
Yeah Online Armor was my favorite at that time, but you had to tweak it to make it "almost" bulletproof, unlike what most people think and all those alternative setup guides i saw, there is only one way to use an HIPS properly, use it at its tightest mode (Paranoid Mode or whatever they call it), because HIPS were made to alert about every changes; whitelisting and cloud rep were added for convenience because people can't or are lazy to set them properly via rules.
the worst for me was this Cruel Comodo joke, to be honest, using a HIPS program without using the HIPS...come on...in that case just use a real sandbox LOL

I don't specifically remember how I had it set up, but I would usually lean towards the more paranoid settings back then. I did read about a windows zero day vulnerability with media files a few days after this happened but I had wiped the system by that point. I remember as I ran the file I looked at the file size (it was a TV show and the size was only a few megabytes) and I immediately thought it could be malware but what's the worry my hips will notify me. It sketched me out for a while after and I noticed it connecting out when I checked the outbound connections. I felt like the French with their Maginot line.
 
  • Like
Reactions: Venustus and AtlBo

notabot

Level 15
Verified
Oct 31, 2018
703
I don't specifically remember how I had it set up, but I would usually lean towards the more paranoid settings back then. I did read about a windows zero day vulnerability with media files a few days after this happened but I had wiped the system by that point. I remember as I ran the file I looked at the file size (it was a TV show and the size was only a few megabytes) and I immediately thought it could be malware but what's the worry my hips will notify me. It sketched me out for a while after and I noticed it connecting out when I checked the outbound connections. I felt like the French with their Maginot line.

From the sounds of it, you were the victim of an exploit hitting a legitimate app. There's no satisfactory solution to this imo, even today. Ie if an mp4 does a buffer overflow to VLC player and VLC player is a trusted app, no whitelisting will stop this, and from my discussion in another thread with an AV developer it sounded like no BB would realistically catch this either.

If you want to cast the movie (I never watch anything on a laptop anymore), I'm not sure how well sandboxing solutions would work with Chromecast, if someone has tried and chromecast did work for them, that would be an interesting approach, sandboxing the player only for "risky" movies/mp4s etc.

Another solution would be to enforce very strict policies even for legitimate apps but this would be a nightmare to maintain with updates etc.

Probably the best solution to isolate this threat vector would be to run downloaded movies inside a container ( real container, that uses kernel namespaces ) on your media server which can access only LAN IPs and use XWindows on your desktop machine to control the container. It would take something really advanced to take this down eg a kernel exploit on the media server to cross the containerization gap.
For even more security a VM in your media server instead of a container would also be viable ( albeit responsiveness of vt-x VMs is disappointing ).
For less security an AppContainerized player.
 
  • Like
Reactions: Venustus

davisd

Level 3
Verified
Well-known
Jan 27, 2019
107
So what's the strongest #2 after Kaspersky?
Stop with this. It's so misguiding question from all security perspectives to new users, what difference does it make comparing Antivirus suites? None is first and none is last, all are more or less equal default-allow. TAM, HIPS, etc, Application Control like settings which makes some suites stand out in particular has advantage over competitors, but only when tweaked.
 

artek

Level 5
Verified
May 23, 2014
236
From the sounds of it, you were the victim of an exploit hitting a legitimate app. There's no satisfactory solution to this imo, even today. Ie if an mp4 does a buffer overflow to VLC player and VLC player is a trusted app, no whitelisting will stop this, and from my discussion in another thread with an AV developer it sounded like no BB would realistically catch this either.

If you want to cast the movie (I never watch anything on a laptop anymore), I'm not sure how well sandboxing solutions would work with Chromecast, if someone has tried and chromecast did work for them, that would be an interesting approach, sandboxing the player only for "risky" movies/mp4s etc.

Another solution would be to enforce very strict policies even for legitimate apps but this would be a nightmare to maintain with updates etc.

Probably the best solution to isolate this threat vector would be to run downloaded movies inside a container ( real container, that uses kernel namespaces ) on your media server which can access only LAN IPs and use XWindows on your desktop machine to control the container. It would take something really advanced to take this down eg a kernel exploit on the media server to cross the containerization gap.
For even more security a VM in your media server instead of a container would also be viable ( albeit responsiveness of vt-x VMs is disappointing ).
For less security an AppContainerized player.

Yes you could do all of that or just don't run suspiciously small video files. My point was that you can crawl up your own posterior trying to run some perfect security mechanism but all of that goes out the window when the user does something stupid.
 

notabot

Level 15
Verified
Oct 31, 2018
703
Yes you could do all of that or just don't run suspiciously small video files. My point was that you can crawl up your own posterior trying to run some perfect security mechanism but all of that goes out the window when the user does something stupid.

doesn't need to be a small one It could be a big one as well, it could be payload + movie. Containerisation is one of the most effective ways to isolate potentially dangerous processed, including exploited ones. Opening non-trusted files in a container is exactly avoiding doing something stupid
 
  • Like
Reactions: Gandalf_The_Grey

Antus67

Level 9
Verified
Well-known
Nov 3, 2019
413
Currently usiings Malwarebytes Premium their claim antivirus is not needed they have it covered will report back on this issue
 
  • Like
Reactions: Protomartyr

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top