I haven't seen any piece of malware on my personal use machines in like 10+ years. And the only time in my life that I actually got infected with anything, the malware blew right past my hips program like it wasn't even there.
Absolutely the most powerful antivirus?
- Thread starter SpectraShadow83
- Start date
I haven't seen any piece of malware on my personal use machines in like 10+ years. And the only time in my life that I actually got infected with anything, the malware blew right past my hips program like it wasn't even there.
F
ForgottenSeer 823865
Comodo?
Online Armor. Though to its credit I did see all of the outbound connections it had been making for the past six hours after I ran the media file.
F
ForgottenSeer 823865
Yeah Online Armor was my favorite at that time, but you had to tweak it to make it "almost" bulletproof, unlike what most people think and all those alternative setup guides i saw, there is only one way to use an HIPS properly, use it at its tightest mode (Paranoid Mode or whatever they call it), because HIPS were made to alert about every changes; whitelisting and cloud rep were added for convenience because people can't or are lazy to set them properly via rules.
the worst for me was this Cruel Comodo joke, to be honest, using a HIPS program without using the HIPS...come on...in that case just use a real sandbox LOL
Last edited by a moderator:
Qihoo,I believe... or were they just caught cheating on AV Comparitives?
F
ForgottenSeer 823865
propagated home made malware, because they created it, only them had the signature lol
I've tested Common Sense IS time and again, and it only works against dodgy websites. It's powerless against compromised, legitimate sites, which comprise most of today's threat landscape anyway. Lesson: don't use Common Sense IS by itself. It needs a companion.Common Sense IS 2020
F
ForgottenSeer 823865
Which is the problem with auto-sandboxes, if the users don't have the skills to differentiate legit from malicious processes, it becomes useless, you are better if with an anti-exe. I don't even talk about sandbox-aware malware.
I don't specifically remember how I had it set up, but I would usually lean towards the more paranoid settings back then. I did read about a windows zero day vulnerability with media files a few days after this happened but I had wiped the system by that point. I remember as I ran the file I looked at the file size (it was a TV show and the size was only a few megabytes) and I immediately thought it could be malware but what's the worry my hips will notify me. It sketched me out for a while after and I noticed it connecting out when I checked the outbound connections. I felt like the French with their Maginot line.
From the sounds of it, you were the victim of an exploit hitting a legitimate app. There's no satisfactory solution to this imo, even today. Ie if an mp4 does a buffer overflow to VLC player and VLC player is a trusted app, no whitelisting will stop this, and from my discussion in another thread with an AV developer it sounded like no BB would realistically catch this either.
If you want to cast the movie (I never watch anything on a laptop anymore), I'm not sure how well sandboxing solutions would work with Chromecast, if someone has tried and chromecast did work for them, that would be an interesting approach, sandboxing the player only for "risky" movies/mp4s etc.
Another solution would be to enforce very strict policies even for legitimate apps but this would be a nightmare to maintain with updates etc.
Probably the best solution to isolate this threat vector would be to run downloaded movies inside a container ( real container, that uses kernel namespaces ) on your media server which can access only LAN IPs and use XWindows on your desktop machine to control the container. It would take something really advanced to take this down eg a kernel exploit on the media server to cross the containerization gap.
For even more security a VM in your media server instead of a container would also be viable ( albeit responsiveness of vt-x VMs is disappointing ).
For less security an AppContainerized player.
So what's the strongest #2 after Kaspersky?
Stop with this. It's so misguiding question from all security perspectives to new users, what difference does it make comparing Antivirus suites? None is first and none is last, all are more or less equal default-allow. TAM, HIPS, etc, Application Control like settings which makes some suites stand out in particular has advantage over competitors, but only when tweaked.
oh and on ebay like 20 years ago someone hacked my account believe it was the King whatever name believe we all know him from ebay
and no anti virus going to stop that,,,
and no anti virus going to stop that,,,
Last edited:
Yes you could do all of that or just don't run suspiciously small video files. My point was that you can crawl up your own posterior trying to run some perfect security mechanism but all of that goes out the window when the user does something stupid.
doesn't need to be a small one It could be a big one as well, it could be payload + movie. Containerisation is one of the most effective ways to isolate potentially dangerous processed, including exploited ones. Opening non-trusted files in a container is exactly avoiding doing something stupid
I'd say norton mostly bacause of SONAR and their signatures
Currently usiings Malwarebytes Premium their claim antivirus is not needed they have it covered will report back on this issue
You may also like...
-
Antivirus vs. Common Sense — What Really Keeps You Safe in 2025?- Started by Bot
- Replies: 105
-
AI-Powered Antivirus: The Future of Cybersecurity or Just Hype?
- Started by Bot
- Replies: 10
-
Do Antivirus Products Spy on You More Than They Protect You?
- Started by Bot
- Replies: 11
-
Are Firewalls Still Relevant in 2025 — Or Just Legacy Bloat?
- Started by Bot
- Replies: 6