Interesting read on Effectiveness of an AV solution

[Ramblin]

Unlike products like Comodo, Sandboxie, Online Armor, etc. that prompt you or auto decide, block or sandbox a process that may not even be trying to change your system's configuration. I never understood why any security software would try to block a process that doesn't try to make system changes unless the security product is not able to tell.

Hi Littlebits, Sandboxie doesn't block processes when you run your browser or programs in a default settings sandbox. If you decide to use a restricted sandbox where only some programs are allowed to run, then yes, processes that are not allowed get blocked.

Whats the reason to sandbox a process?: programs that run under Sandboxie, run "in an isolated space which prevents them from making permanent changes to other programs and data in your computer". Sandboxing processes keeps the system intact.

You ll find the quote at the top of the link.

http://www.sandboxie.com/

Bo

 

[Littlebits]

Unlike products like Comodo, Sandboxie, Online Armor, etc. that prompt you or auto decide, block or sandbox a process that may not even be trying to change your system's configuration. I never understood why any security software would try to block a process that doesn't try to make system changes unless the security product is not able to tell.

Hi Littlebits, Sandboxie doesn't block processes when you run your browser or programs in a default settings sandbox. If you decide to use a restricted sandbox where only some programs are allowed to run, then yes, processes that are not allowed get blocked.

Whats the reason to sandbox a process?: programs that run under Sandboxie, run "in an isolated space which prevents them from making permanent changes to other programs and data in your computer". Sandboxing processes keeps the system intact.

You ll find the quote at the top of the link.

http://www.sandboxie.com/

Bo

Yes Bo I know this, I have been using Sandboxie for many years just not in real-time only run unknown programs in it. I wasn't talking about Sandboxie in general since it is a different kind of a product then the other products that use sandboxing. I meant to say sandboxing and accidentally typed Sandboxie.

What I was trying to say is these types of security products can not tell if a process is trying to make system changes. In return they will block, sandbox, auto-decide on many harmless processes that don't try to make system changes, in other words create false alerts. With UAC (default settings) it only prompts you when a process tries to make system changes which creates not as many false alerts because some safe processes will make system changes.

Now for example if Comodo or Online Armor had a way to be able to tell when a process was trying to make system changes and added that feature, it would drastically reduce the number of false alerts and these products would be much more user-friendly.

Thanks.

 

[Ramblin]

What I was trying to say is these types of security products can not tell if a process is trying to make system changes. In return they will block, sandbox, auto-decide on many harmless processes that don't try to make system changes, in other words create false alerts. With UAC (default settings) it only prompts you when a process tries to make system changes which creates not as many false alerts because some safe processes will make system changes.

Agree. By the way, even though I don't like pop ups with questions, for some reason UAC doesn't bother me at all. So I use it in W7.

Bo

 

[Ink]

An AV solution provides less than 30% (guestimate) of protection for any PC. That's why I dismiss comments claiming an AV can give you X% of protection.

Just my opinion of what I think of how Effective an AV solution is.

 

[Ramblin]

An AV solution provides less than 30% (guestimate) of protection for any PC. That's why I dismiss comments claiming an AV can give you X% of protection.

Just my opinion of what I think of how Effective an AV solution is.

In my "opinion", your "opinion" is about 100% correct.

Bo

 

[illumination]

An AV solution provides less than 30% (guestimate) of protection for any PC. That's why I dismiss comments claiming an AV can give you X% of protection.

Just my opinion of what I think of how Effective an AV solution is.

It seems to me, the AV is the front line of a PC's protection, whether through the web filters/guards to the actual scanning. I would think, if the AV did not stop the malware, and you had to rely on something else at that point, the provided protection of the AV would still be a little more then 30%

Of course this is my perspective from watching AV's in action now days. What ever makes it through most web filters/guards "if the product has, which most do", and it makes it past the signatures/Heuristics before something else has to step up. I have seen very few of the AV's fail that badly to be considered this low of an over all guesstimate of their Role providing protection. In real world scenario's, most malware is typically stopped at the AV level.