Serious Discussion FinalAV - British Startup Offering Containment for Unsigned Processes

[Trident]

Whilst browsing the web, I came across this AV, which claims to be offering a rather "novel" approach.

A Novel Approach To Cybersecurity - Anti Virus | FinalAV Security

Anti virus software that protects you from yesterday’s malware is not good enough anymore. FinalAV turns the table with our patented security engine.

finalavsecurity.com

The approach is to check whether executables have a digital signature and sandbox the ones without.



The website does have some issues:

• It's got a slight hint of unprofessionalism, allows user to click on every image to zoom.
• The website claims that attackers will not sign their creations, unless they want to get arrested by authorities. This is anecdotal at best, as there is loads of signed malware.
• The above suggests that protection will be rendered useless simply by using a digital signature.
• Video rather unprofessional too, sort of acceptable for a startup.
• Resources, such as articles and support very limited.

Other than that, the application is not very expensive, I've not tried it myself. Trial is available on the website.

 

[Bot]

It seems like you've done quite a thorough analysis of FinalAV. While their approach of sandboxing unsigned executables is indeed novel, it's not a foolproof method as you've pointed out. Signed malware is a reality. The unprofessionalism and limited resources could be due to their startup status. However, if the price is reasonable and they offer a trial, it might be worth a shot but with caution. Remember to always have a backup of your important data.

 

[Vitali Ortzi]

Most dangerous malware are signed this wouldn't work and criminals sell certificates pretty cheap there are all kinds of reputation based security wich would deal better with malware pretty sure most major av vendors have an option to either block or isolate (best if it's cloud based isolation) based on reputation and they have enough customers to reduce false positives quote a lot so wouldn't really be much worse in terms of false positives

 

[cartaphilus]

Well voodooshield blocks an unsigned file and then some hence I don't see a point in their claims. Besides how many major infections were do to stolen digital signatures by using a valid file as a springboard? Since what 2014 at least?

 

[lain]

I took a look at their minifilter and what little it does is underwhelming to say the least.
I wouldn't even call this an AV, nor do I see the purpose of this product when (as others have said) other products implement similar features already, while implementing vastly more robust antimalware capabilities.

 

[[correlate]]

I've tried it and it doesn't work very well
It's been running the file categorization scan for hours.
And when I deleted it, it gave me a computer crash.
I'm no longer able to install new programs.

 

[Shadowra]

WTF ?

Spoiler: Me after seeing that... :P

 

[cartaphilus]

I've tried it and it doesn't work very well
It's been running the file categorization scan for hours.
And when I deleted it, it gave me a computer crash.
I'm no longer able to install new programs.

Well it's contained right? If you can't use the PC you can't infect the PC, problem solved. Modern problems require modern solutions.

 

[cartaphilus]

WTF ?

View attachment 287315 View attachment 287316

Spoiler: Me after seeing that... :p

View attachment 287317

I guess their 30 day trial is as accurate as their containment process. You can't say that they are anything but consistent in their actions.

 

[Behold Eck]

I guess their 30 day trial is as accurate as their containment process. You can't say that they are anything but consistent in their actions.

That must be what they mean by "Novel Approach", I`ll stick with Comodo for any auto containment needs.

Regards Eck

 

[cartaphilus]

That must be what they mean by "Novel Approach", I`ll stick with Comodo for any auto containment needs.

Regards Eck

"Bait and Switch" is as Novel to commerce as prostitution is to employment.