Best zero-day protection
- Thread starter Overkill
- Start date
- Mar 15, 2011
- 13,070
They are both different functions so everything is varies, if you want an application to detect suspicious behavior then Mamutu hands down or you want like a user interaction version then go to EXE radar Pro but again its a paid version where the free is limited on features.
- Feb 15, 2012
- 2,128
Umbra Corp. said:
So if you had to choose which one would you use first?
EDIT: I saw you voted for erp, thanks
I figured erp would be stronger because of the type of program it is but was curious about other members opinions
- Jan 8, 2011
- 22,361
Littlebits
Retired Staff
- May 3, 2011
- 3,893
If you depend on any software to protect you from zero-day malware then you need to learn how to safely download and browse the web. Keep UAC on default settings and don't approve unknown processes. Check files for digital signatures and make sure you got them from a trusted source.
Zero-day malware has to be manually downloaded and manually installed by the user. Why would you need a software to stop you from installing malicious files? Just don't download them and you will be fine.
I agree with Earth, I'm totally not concerned about zero-day malware since I never get fooled by them. I have been using the web since 1998 and have never got a zero-day infection. It is also very rare chance to even get one in a bundled installer.
Thanks.
Zero-day malware has to be manually downloaded and manually installed by the user. Why would you need a software to stop you from installing malicious files? Just don't download them and you will be fine.
I agree with Earth, I'm totally not concerned about zero-day malware since I never get fooled by them. I have been using the web since 1998 and have never got a zero-day infection. It is also very rare chance to even get one in a bundled installer.
Thanks.
- Feb 15, 2012
- 2,128
I'm extremely careful...the reasons I am using any BB/HIPS/Anti-EXE is for piece of mind, testing and that rare chance of something slipping through the cracks.
I could have continued using just sbie and would have been fine, but that darn Umbra virus is still in me lol
I could have continued using just sbie and would have been fine, but that darn Umbra virus is still in me lol
- Mar 15, 2011
- 13,070
Assuming even novice/newbie users couldn't generally infect against zero day as first they don't even know the main blacklist sites which not suppose to know it if they will just download.
+ threats generally infected are always commonly and old ones.
+ threats generally infected are always commonly and old ones.
- Sep 30, 2012
- 667
ive got mamutu 3.0 paid version and i love it its great stops alot of nasty stuff and very light on my machine too
- Mar 16, 2013
- 582
DrBeenGolfing said:
not so simple.
- "supposedly safe" infected websites : last event, few days ago, is a chinese servers of many MMORPG infected by a info-stealing malware that spread into the updater of the game, all clients infected when updating.
- "Supposedly safe" infected software: last event is Combofix.
- "supposedly Safe" infected email, picture, wallpaper,etc...
0-days/hours/minutes are by definitions unknown, even by vendors, so no signatures. You can't tell that any executable you run is clean (nobody is Neo). So a behavioral software (BB/HIPS), anti-executable (UAC, ExeRadarPro) or sandbox/virtualization system are the only obstacles to block them.
Now the cases above are rare for cautious users but the risk still exist.
- Mar 16, 2013
- 582
Don't go to Chinese websites. Wouldn't even look at Combofix. Use my own wallpaper. Any download that says unknown will remain so. EXE...forget it. I'd advise everyone to do the same. How many times has your alarms went off in the last year? Mine - zero.
Littlebits
Retired Staff
- May 3, 2011
- 3,893
Umbra Corp. said:
It it much more simple to learn how to use UAC and Windows digital file checking that displays every time to try to run a executable (even on Windows XP) then trying to configure advanced protection software.
It is very simple if a file is not digitally signed when Windows digital file checking displays on execution or displays on UAC then don't allow it to run. Unless you have downloaded the file from a trusted source then run with caution or in Sandboxie.
Combofix is not digitally signed which should be the first sign to not use it. For trusted vendors distributing infected files is extremely rare, I never once encounter this since I have been using the web. If you only download from sites like Softpedia they scan each download with several AV scanners with each program update and check digital signatures.
Something I could never understand about so-called advanced users, they can figure out how to use advanced HIPS products, virtualization, sandboxing, etc. but using UAC, check file digital signatures and trusted download sources seems to cause them to have a mind melt.
Even if you happen to stumble on a hacked website with malicious content, you still will have to allow a file to download and execute in order for an infection to be successful. Malicious files just don't magically appear on your system and execute themselves.
Thanks.
i gave examples...what happened to combofix or the chinese servers may happen to your favorite website or any exe you used to trust.
My first and last infection was 15 years ago, and it was just a backdoor, easily spotable.
The most successful malware infections are those packed in a trusted executable with stolen/fake certificate.
Those that are called "advanced users" that disable UAC are not advanced users
analogy:
You can drive as safely as you can, you can't avoid someone else to hit you.
You can master only things that you have control, the rest is beyond your reach; in real life or cyber world.
My first and last infection was 15 years ago, and it was just a backdoor, easily spotable.
The most successful malware infections are those packed in a trusted executable with stolen/fake certificate.
Those that are called "advanced users" that disable UAC are not advanced users
analogy:
You can drive as safely as you can, you can't avoid someone else to hit you.
You can master only things that you have control, the rest is beyond your reach; in real life or cyber world.
- Status
Similar threads
