Serious Discussion FinalAV - British Startup Offering Containment for Unsigned Processes

Trident

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,351
Whilst browsing the web, I came across this AV, which claims to be offering a rather "novel" approach.

A Novel Approach To Cybersecurity - Anti Virus | FinalAV Security

Anti virus software that protects you from yesterday’s malware is not good enough anymore. FinalAV turns the table with our patented security engine.
finalavsecurity.com finalavsecurity.com

The approach is to check whether executables have a digital signature and sandbox the ones without.



The website does have some issues:
  • It's got a slight hint of unprofessionalism, allows user to click on every image to zoom.
  • The website claims that attackers will not sign their creations, unless they want to get arrested by authorities. This is anecdotal at best, as there is loads of signed malware.
  • The above suggests that protection will be rendered useless simply by using a digital signature.
  • Video rather unprofessional too, sort of acceptable for a startup.
  • Resources, such as articles and support very limited.
Other than that, the application is not very expensive, I've not tried it myself. Trial is available on the website.
 
  • Like
  • Applause
Reactions: Miravi, SeriousHoax, simmerskool and 2 others
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,315
It seems like you've done quite a thorough analysis of FinalAV. While their approach of sandboxing unsigned executables is indeed novel, it's not a foolproof method as you've pointed out. Signed malware is a reality. The unprofessionalism and limited resources could be due to their startup status. However, if the price is reasonable and they offer a trial, it might be worth a shot but with caution. Remember to always have a backup of your important data.
 
  • Like
  • Hundred Points
Reactions: roger_m and Trident
Vitali Ortzi

Vitali Ortzi

Level 23
Verified
Top Poster
Well-known
Dec 12, 2016
1,290
Most dangerous malware are signed this wouldn't work and criminals sell certificates pretty cheap there are all kinds of reputation based security wich would deal better with malware pretty sure most major av vendors have an option to either block or isolate (best if it's cloud based isolation) based on reputation and they have enough customers to reduce false positives quote a lot so wouldn't really be much worse in terms of false positives
 
Last edited:
  • Like
Reactions: roger_m, simmerskool and Trident
cartaphilus

cartaphilus

Level 10
Verified
Well-known
Mar 17, 2023
496
Well voodooshield blocks an unsigned file and then some hence I don't see a point in their claims. Besides how many major infections were do to stolen digital signatures by using a valid file as a springboard? Since what 2014 at least?
 
  • Like
Reactions: Trident and simmerskool
lain

lain

Level 1
Jul 12, 2022
12
I took a look at their minifilter and what little it does is underwhelming to say the least.
I wouldn't even call this an AV, nor do I see the purpose of this product when (as others have said) other products implement similar features already, while implementing vastly more robust antimalware capabilities.
 
  • Like
  • +Reputation
Reactions: roger_m and Trident

Similar threads

Trident
    • Like
    • +Reputation
    • Thanks
Serious Discussion Decoding the Trend Micro Components and Protection Model
Replies
24
Views
2,898
Other security for Windows, Mac, Linux
Mahesh Sudula
Mahesh Sudula
eroniko
    • +Reputation
    • Like
Serious Discussion Looking for Help with YARA Rules for My Open-Source Antimalware Scanner
Replies
4
Views
393
General Security Discussions
eroniko
eroniko
Trident
    • Like
    • Applause
    • +Reputation
  • Poll
Serious Discussion Pre-execution vs post-execution protections explained
Replies
6
Views
1,032
General Security Discussions
Trident
Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top