If one cannot detect how it can protect/prevent?

[Plexx]

Well, Mr. Stranger, I would like to say that there is no computer on this planet that is 100% safe and clean. If u'r computer is connected to the internet, i hope u do realize that the entire globe has access to u'r system. So, Whether u knw it or not, u'r system might already be infected. Just because u'r AV says SYSTEM CLEAN, it doesn't mean it is. Today's tech is just unreal...we are not even aware of these things. Classic example is STUXNET...So there is no point in thinking tht which AV has higher protection or removal rate etc. The different claims the AV companys' make are just to earn money..They don't care about u'r system and privacy. They just wanna earn money...thts it. So these HIPS,BB,Sandbox are just more ways to make money but still no AV or tech can keep u'r computer 100% safe.

Actually there are computers 100% safe. You can throw in any av solution or security layers + common sense + proper education.

Over and over again for example Littlebits explains such combo.

Earth and I for example have been av-less for quite some time and connected to the internet.

Umbra for example with his layer of security is close to 100% safe.

I believe you do not fully understand how HIPS, BB, Sandbox, IDS, HIDS work.

One thing is saying such components are not top notch on a vendor. Another is saying they simply don't work when they do work at its core ability.

Someone correct me if I am wrong.

 

[Deleted member 178]

i agree with you Biozfear, what vectors can infect a computer:

1- internet & networks
2- USB
3- malicious installers hidden in an legit executable/file

both three can be protected by:

- AV (detecting known malwares)
- HIPS/BB/HIDS/anti-exec (preventing zero-days malwares)
- Full Virtualization (negating any harmful changes on your computer)
- Web Filter (blocking your access to malicious websites)

so if you run for example Sandboxie/Shadow Defender with an AV + HIPS and installing legit and safe apps, the risk of being infected is almost zero.

 

[arsenaloyal]

If it is a stand alone AV,then if it does not detect anything from its signatures or heuristics the only way it can tell us something is wrong is by a hips, but this can be confusing for the average user as they are generally prone to click "YES" or "OK" at every instance of a pop-up being displayed which would not be of any use apart from the fact that AV vendors might gloat that you are the ones who allowed the malware to run in the first place and only manage to make you feel guilty or ignorant. So the question remains how indeed can one detect a malware that a resident AV could not.

The good thing about most malwares in general is that they leave traces whether be it making a PC slow or blocking Internet or asking money for something in short behavior which is uncommon or was not visible before ,hips is useless to the less tech savy they do not want to be bothered by all the pop-us they would prefer if things were automatic.

and this is where tech support comes into picture,the basics for all av companies should be tech support and logs either like hijack this (trendmicro) or sysinspector (ESET) where experts can check them to see if there is any unusual activity and indeed if the need be to manually check using remote assistance which would be the last resort.

Now I am assuming a non tech savy user because they are the majority out there and I am also not assuming a use of third party product like malwarebytes,but making it the sole responsibility of the core AV company and only with the use of its own tools to find if something is undetected and malicious.

thanks

 

[Littlebits]

If it is a stand alone AV,then if it does not detect anything from its signatures or heuristics the only way it can tell us something is wrong is by a hips, but this can be confusing for the average user as they are generally prone to click "YES" or "OK" at every instance of a pop-up being displayed which would not be of any use apart from the fact that AV vendors might gloat that you are the ones who allowed the malware to run in the first place and only manage to make you feel guilty or ignorant. So the question remains how indeed can one detect a malware that a resident AV could not.

The good thing about most malwares in general is that they leave traces whether be it making a PC slow or blocking Internet or asking money for something in short behavior which is uncommon or was not visible before ,hips is useless to the less tech savy they do not want to be bothered by all the pop-us they would prefer if things were automatic.

and this is where tech support comes into picture,the basics for all av companies should be tech support and logs either like hijack this (trendmicro) or sysinspector (ESET) where experts can check them to see if there is any unusual activity and indeed if the need be to manually check using remote assistance which would be the last resort.

Now I am assuming a non tech savy user because they are the majority out there and I am also not assuming a use of third party product like malwarebytes,but making it the sole responsibility of the core AV company and only with the use of its own tools to find if something is undetected and malicious.

thanks

I totally disagree with only HIPS can protect malware not detected by standard AV's. The user can provide better protection then any other means.

HIPS only detect malware if you have already downloaded it and tried to execute it. If you don't download it in the first place then you wouldn't need HIPS to protect against it. I have brought this topic up before here, can anyone give me an example how HIPS would stop an infection that the user didn't manually download the malicious file and try to run it?

HIPS only protects against your downloading mistakes.

The best example of this is the enormous amount of users who only use a simple AV and Windows Firewall along with good downloading habits who never get infections at all. I choose to educate my customers about how to safely surf the web and download files safely rather then recommend a bunch of security software that most will never understand how to use effectively or even have to interest to learn how to use.

My customers who used the skills that I taught them are now never get infections just using a simple AV and Windows Firewall. This can be achieved by anyone who really wants to protect their system.

It is much easier for users to learn the skills then to learn how to use a bunch of complicated security products.

So don't forget that the user can provide better protection for their system then what any security software can provide if that user has the education and applies the techniques.

All security software has bugs, flaws, vulnerabilities, etc. which can cause failure. There has been known malware samples that can bypass HIPS/BB/SandBox/Virtualization but can be detected by the user since the suspicious files must be manually downloaded and manually executed in order to infect a system. Most users who are educated can spot them very easy.

Thanks.

 

[Gnosis]

It is much easier for users to learn the skills then to learn how to use a bunch of complicated security products.

That really needed to be said. Millions of users out there don't have the capacity for intricacies and tediousness that some of us engage in relative to our real-time security. Some of us take it a step further out of pure interest, like a hobby.

 

[illumination]

I totally disagree with only HIPS can protect malware not detected by standard AV's. The user can provide better protection then any other means.

HIPS only detect malware if you have already downloaded it and tried to execute it. If you don't download it in the first place then you wouldn't need HIPS to protect against it. I have brought this topic up before here, can anyone give me an example how HIPS would stop an infection that the user didn't manually download the malicious file and try to run it?

HIPS only protects against your downloading mistakes.

The best example of this is the enormous amount of users who only use a simple AV and Windows Firewall along with good downloading habits who never get infections at all. I choose to educate my customers about how to safely surf the web and download files safely rather then recommend a bunch of security software that most will never understand how to use effectively or even have to interest to learn how to use.

My customers who used the skills that I taught them are now never get infections just using a simple AV and Windows Firewall. This can be achieved by anyone who really wants to protect their system.

It is much easier for users to learn the skills then to learn how to use a bunch of complicated security products.

So don't forget that the user can provide better protection for their system then what any security software can provide if that user has the education and applies the techniques.

All security software has bugs, flaws, vulnerabilities, etc. which can cause failure. There has been known malware samples that can bypass HIPS/BB/SandBox/Virtualization but can be detected by the user since the suspicious files must be manually downloaded and manually executed in order to infect a system. Most users who are educated can spot them very easy.

Thanks.

I tend to disagree with some of this, as there is more then just downloading habits to contend with on the internet. One right off the top of my head would Scripting. I have seen several people here lately just going to their emails, and getting nailed, this is not clicking on bad emails, this is going into their accounts, one was just trying to get to the page to sign in. Of course the culprits they were hit with were the FBI ransoms and of the sort..

Another would be the network. And of course infected removable media..

Me personally, an average AV will not suffice. I fully believe in multiple layers myself. Thoughts in mind, that if you have 5 layers of prevention/protection, odds decrease rapidly of any type of infection occurring. This of course as you stated, does not sit well with average/novice users.

I have been instructing those i help now to either have a way to back up their system, or to run full suites geared toward novice users with default settings. I have come across so many systems lately, where there was no back up, no disks, and the whole system corrupted beyond being able to fix with out such.

 

[arsenaloyal]

I meant the hips included in the AV or the security suite,we are not talking about alternatives to the protection provided by a particular AV,but rather use whats in the AV or the IS. So if I am a average user I have only eset smart security installed and nothing else for security,so now if eset fails to detect something..... lets say "live internet security" a rouge AV,now this is obviously a ransomware,and even an average user would notice something is out of place,now the AV's signature and heuristics failed to detect it,but it could have been prevented by a hips which could have notified,about changes being made to the system , but again to the average user this would not help unless he knows what the notification means!

 

[arsenaloyal]

All security software has bugs, flaws, vulnerabilities, etc. which can cause failure. There has been known malware samples that can bypass HIPS/BB/SandBox/Virtualization but can be detected by the user since the suspicious files must be manually downloaded and manually executed in order to infect a system. Most users who are educated can spot them very easy.

Thanks.

Yes most users who are educated can spot them very easy,but unfortunately these users are in a minority and most users cannot tell the difference between a rogue file and a normal file.

 

[Littlebits]

One right off the top of my head would Scripting. I have seen several people here lately just going to their emails, and getting nailed, this is not clicking on bad emails, this is going into their accounts, one was just trying to get to the page to sign in. Of course the culprits they were hit with were the FBI ransoms and of the sort..

Another would be the network. And of course infected removable media..

First of all in order to get an infection within your email, you will either have to visit a malicious link, download a file from a malicious site or download an attachment. I'm sorry malware just doesn't magically hit you when you go to your email. It is also possible that those users were on a fake email website. Many users will claim that malware just automatically attacked them when they did nothing wrong which I will call BS on. Most of the time they get tricked into downloading and running a malicious file, after the fact they get embarrassed that they got fooled and try to say the malware attacked them because they don't want to accept the blame for their own actions.

Of coarse they are malicious scripts on infected sites, but if you know how to avoid them then there is really no worry. Most malicious scripts still require the user to manually download a file to be successful or use vulnerabilities in out-dated browsers, flash player or Java.

They are many ways to get a malware infection but most are manually downloaded and run by the user. Other methods are becoming very rare since the fake alert websites have a much better successful rate at fooling users into manually doing all the work for them. A fool is born every minute which makes it very easy for these fake alert websites so successful. And these malicious files mostly go undetected by most AV's.

If you can teach a user how to safely browse the web and safely download files, it will remove most chances for them to be exposed to infections.

Thanks.

 

[Spirit]

Littlebits : Your point is that a computer only get affected when someone download malicious content,I agree in 90% its user fault but infection does caused by usb and browsing.I have sen people get infected by just accidentely clicking an ad on website.Software like java and flash do carry infection and install malicios threat on user computer without his knowledge.

Correct me if I am wrong

 

[Prorootect]

Antivirus software a waste of money for businesses, report suggests : http://news.techworld.com/security/3412999/antivirus-software-waste-of-money-for-businesses-report-suggests/

- 'Poor detection means that free programs offer better value'

'Antivirus software is now so ineffective at detecting new malware threats most enterprises are probably wasting their money buying it, an analysis by security firm Imperva has concluded.'

' “We cannot continue to invest billions of dollars into anti-virus solutions that provide the illusion of security, especially when freeware solutions outperform paid subscriptions.” '

Antivirus programs often poorly configured, study finds : http://news.techworld.com/security/3380737/antivirus-programs-often-poorly-configured-study-finds/

 

[Spirit]

I am not in favour of condeming Paid solution as this is their business and if they satisfy and fulllfill need of their customer than its alright to me but yes I agree to the point that free option in windows security have good and many options.


Thanks

 

[Littlebits]

Littlebits : Your point is that a computer only get affected when someone download malicious content,I agree in 90% its user fault but infection does caused by usb and browsing.I have sen people get infected by just accidentely clicking an ad on website.Software like java and flash do carry infection and install malicios threat on user computer without his knowledge.

Correct me if I am wrong

No I'm not saying that manually downloading malicious files is the only way you can get an infection, I believe there are still several other ways that used but are no longer as common as they used to be. Malware writers have moved to fake alert websites that pretend to offer antivirus, flash player updates, media codec packs to play free porn, system maintenance tools and many other fake software. These sites work very well on novice users who don't know how to download files safely from trusted sources. In the past there were many different methods used by malware writers to get the infection into the system but most methods are now abandoned since many can be blocked by today's browser advancements and the current antivirus available. Other reasons why these methods were abandoned is they take a lot more work to write and they were basically written by young developers. Most young developers now work on writing game programs and other good software that pays them good money. Even more reasons include the punishment for writing malware has got more severe then before. In some countries, malware writers get the death sentence if caught. Other countries will give anywhere from life in prison to 50 years, heavy fines, canning on the back, etc.

These fake alert websites are very simple to setup and the malware hosted on them don't have to use any special methods to infect a system, just fool the user into manually downloading and executing the files is all it takes. Most of the time since they change the malicious setups and url addresses quite often, most antivirus software will not detect them.

I know I read somewhere that about 95% of malware today use these fake alert websites, but I'm thinking the percentage is even higher around 99% now. From my experience with my customers, all they ever get is malware from fake alert websites, it has been that way for about 2 years. I have watched the number increase over the years. The customers that learned better then to be fooled by these fake websites no longer get infections at all which leads me to believe other methods are just not that commonly used anymore. I can remember back when my customers would get all different varieties of malware. Now fake antivirus is the most popular infection that I find on my customer's systems, followed by ransomware, scareware and other rogue software.

Enjoy!!

 

[Spirit]

Littlebits : Your point is that a computer only get affected when someone download malicious content,I agree in 90% its user fault but infection does caused by usb and browsing.I have sen people get infected by just accidentely clicking an ad on website.Software like java and flash do carry infection and install malicios threat on user computer without his knowledge.

Correct me if I am wrong

No I'm not saying that manually downloading malicious files is the only way you can get an infection, I believe there are still several other ways that used but are no longer as common as they used to be. Malware writers have moved to fake alert websites that pretend to offer antivirus, flash player updates, media codec packs to play free porn, system maintenance tools and many other fake software. These sites work very well on novice users who don't know how to download files safely from trusted sources. In the past there were many different methods used by malware writers to get the infection into the system but most methods are now abandoned since many can be blocked by today's browser advancements and the current antivirus available. Other reasons why these methods were abandoned is they take a lot more work to write and they were basically written by young developers. Most young developers now work on writing game programs and other good software that pays them good money. Even more reasons include the punishment for writing malware has got more severe then before. In some countries, malware writers get the death sentence if caught. Other countries will give anywhere from life in prison to 50 years, heavy fines, canning on the back, etc.

These fake alert websites are very simple to setup and the malware hosted on them don't have to use any special methods to infect a system, just fool the user into manually downloading and executing the files is all it takes. Most of the time since they change the malicious setups and url addresses quite often, most antivirus software will not detect them.

I know I read somewhere that about 95% of malware today use these fake alert websites, but I'm thinking the percentage is even higher around 99% now. From my experience with my customers, all they ever get is malware from fake alert websites, it has been that way for about 2 years. I have watched the number increase over the years. The customers that learned better then to be fooled by these fake websites no longer get infections at all which leads me to believe other methods are just not that commonly used anymore. I can remember back when my customers would get all different varieties of malware. Now fake antivirus is the most popular infection that I find on my customer's systems, followed by ransomware, scareware and other rogue software.

Enjoy!!

That means in current scenario Mse is more then enough,I think most of this types of rogue software even give miss to software like kaspersky.
Free Mse+Mbam+Firewall is good enough

 

[Deleted member 178]

For the average user, yes. For some of us who enjoy to play with malwares/keygens we need more. it is why now i focus more on virtualization; HIPS and apps that can rollback harmful changes.

 

[illumination]

It is also possible that those users were on a fake email website.

When i stated "just going to their emails" this would be the assumption, question is, how did they get to the fake email?

Many users will claim that malware just automatically attacked them when they did nothing wrong which I will call BS on.

My first infection came from doing a goggle search for AT&T, clicking the first link in the search, and i got nailed, now if i had known of link checking this probably would not of happened, but of course, at the time i did not, i relied on just an AV, and well, it did not protect me that day.

Of coarse they are malicious scripts on infected sites, but if you know how to avoid them then there is really no worry.

Advanced users would know how to avoid these, but novice users do not, and if the AV does not detect it, then what?

They are many ways to get a malware infection but most are manually downloaded and run by the user

Key word here is "most" it is the point i was trying to make.

And these malicious files mostly go undetected by most AV's.

This is another point..

If you can teach a user how to safely browse the web and safely download files, it will remove most chances for them to be exposed to infections.

Once again "most" stands out here...

The reason i bring this up is just this, when i first started into learning about security i did so, because the computer "tech" shops in my area, were charging a mint to fix things on my system, i remember them telling me all i need was simple protection, yet time and again, that simple protection was not enough.

I had a guy last week, that believed he needed no security what so ever, someone had convinced him as long as he didnt download anything, he would be fine. Well, he came to me with his computer that he uses for logging his runs "truck driving" unable to connect to the internet, and with many infected objects on his system, said he didnt understand how it happened.. I fix it of course and offered to help him secure it, and again, he stated, that he doesnt want security, because he didnt need it, i just shook my head, and asked him ,didnt you just bring me that computer to fix for that very same reason?

So you see, when someone tells me, it is always user error, and that all you need is simple AV, i call BS myself...

 

[Littlebits]

It is also possible that those users were on a fake email website.

When i stated "just going to their emails" this would be the assumption, question is, how did they get to the fake email?

Many users will claim that malware just automatically attacked them when they did nothing wrong which I will call BS on.

My first infection came from doing a goggle search for AT&T, clicking the first link in the search, and i got nailed, now if i had known of link checking this probably would not of happened, but of course, at the time i did not, i relied on just an AV, and well, it did not protect me that day.

Of coarse they are malicious scripts on infected sites, but if you know how to avoid them then there is really no worry.

Advanced users would know how to avoid these, but novice users do not, and if the AV does not detect it, then what?

They are many ways to get a malware infection but most are manually downloaded and run by the user

Key word here is "most" it is the point i was trying to make.

And these malicious files mostly go undetected by most AV's.

This is another point..

If you can teach a user how to safely browse the web and safely download files, it will remove most chances for them to be exposed to infections.

Once again "most" stands out here...

The reason i bring this up is just this, when i first started into learning about security i did so, because the computer "tech" shops in my area, were charging a mint to fix things on my system, i remember them telling me all i need was simple protection, yet time and again, that simple protection was not enough.

I had a guy last week, that believed he needed no security what so ever, someone had convinced him as long as he didnt download anything, he would be fine. Well, he came to me with his computer that he uses for logging his runs "truck driving" unable to connect to the internet, and with many infected objects on his system, said he didnt understand how it happened.. I fix it of course and offered to help him secure it, and again, he stated, that he doesnt want security, because he didnt need it, i just shook my head, and asked him ,didnt you just bring me that computer to fix for that very same reason?

So you see, when someone tells me, it is always user error, and that all you need is simple AV, i call BS myself...

How did they get to the fake email? very simple, they either mistyped the url to their email address, enter the wrong term into a search engine and clicked the link to the fake email website. Click on a custom search link within their email or an ad in their email website.

Malicious scripts on infected sites can not always be avoided even by advanced users, if your AV doesn't detect them, your browser, browser add-ons or you don't don't recognize them then they can lead to an infection. However there has been a decline in using malicious scripts since many browser advancement can block most of them if you are using an current browser. Malicious scripts usually take the advantage of a vulnerability in browser plugins like flash player, Java or PDF since most browser can block the others. Because keeping them updated is a must.

You always need at least an antivirus installed, who ever told him that he didn't need it should go back to learning school. Some users don't understand what download means. When he dialog pops up on their browser mostly IE, they will choose to run. Not understanding the concept of the file is actually downloading into their temp folder and then executing automatically. You have to teach them that this is downloading sometimes before they will understand. I had some customers that said they never downloaded files, the same ones with the fake alert malware which is impossible. They were downloading files but wasn't aware of what they were doing. This guy probably was doing the same thing but not aware that he was downloading files.

Once again "most" stands out here... We all know that there is nothing you can do to block every single malware infection on the web. But if you can block most of them by simply using good downloading skills without adding a ton of advanced security products, don't you think it would be worth it? Until some kind of magic solution comes that is novice user friendly. Most is the best that can be done.

Thanks.

 

[Prorootect]

Thoughts on Anti-Malware Product Comparison Testing: by Mikey: http://voiceofthepublic.com/thoughts.html

Why I Hate Conventional Scanners : by Mikey: http://voiceofthepublic.com/hatescanners.html

Well, two 'common sense' good reads.

 

[Plexx]

Thoughts on Anti-Malware Product Comparison Testing: by Mikey: http://voiceofthepublic.com/thoughts.html

Why I Hate Conventional Scanners : by Mikey: http://voiceofthepublic.com/hatescanners.html

Well, two 'common sense' good reads.

I have read both sites and:

I have yet to see a real viable comparison test/benchmark. IMO, the methodology to perform a real comparison does not exist. Also, I believe that 99% of the so called tests published to date are simply advertising ploys and have absolutely no truth to them. I believe the other 1% are just done by well meaning folk who just simply don't have the understanding or expertise required in order to perform such testing.

Ask yourself; Why doesn't any two published comparison testings report the same results?

Not fully agreeing with the statements. Sure most professional tests need to be taken with a pinch of salt but they still provide some data. It is up to the reader to draw their own conclusions. Advertisement consists of Selling a product to using specific techniques. Simply saying Brand A scores high on Detection and Prevention is not fully advertising to a stage where the consumer will buy. Sure there will be readers who will draw the conclusions to buy, but the true advertisement to push specific brands requires way more data than the one shown on the tests and publications.

PC Magazines are the ones doing most advertisements with their reviews and tests results, which normal user will jump and buy but then we still have to consider PC Magazine for example (unless I got the wrong name for the UK version), one article gave BD a high score and recommendation but with this foot note: Beware that scan speed is the slowest of all products reviewed in this issue.



1% of the users statement is also basically putting down anyone else who does tests as a hobby/legit tests etc. The author himself is using a rather superiority approach versus legit users.

Sure it his opinion but still rather debatable in my eyes.

As for the question: Why doesn't any two published comparison testings report the same results?

Since when 2 different comparison testing documents consist on the exact samples, system etc carried by different companies? If they were done by different companies on the same exact day with same exact definitions and exact testing data and system, then the results will be identical.

As for the other website of HateScanners, only comment I have is: Nothing nor no one is Perfect.