Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Kaspersky
Is this normal - definitions are old
Message
<blockquote data-quote="MacDefender" data-source="post: 879058" data-attributes="member: 83059"><p>One concern being implied is that many AV engines have lower static scanning performance offline vs online, most likely because their cloud lookups are either using larger databases that they consider proprietary, or to reduce the bandwidth/space requirements of the offline signature database that they have to continuously update:</p><p>[ATTACH=full]238668[/ATTACH]</p><p></p><p></p><p>Though for the reasons I mentioned earlier, I don't think this is a problem for the average home user who is constantly connected to the Internet. As [USER=32260]@Andy Ful[/USER] said, with such AVs, the bigger thing you lose is that the online lookup service gives you a much more comprehensive scan which may help with both zero-days and with ancient malware that they no longer consider worth putting in the signatures. An attack taking advantage of this would require sophisticated malware that either waits for an opportune moment of network downtime to unpack their real payload, or somehow manage to knock out the network without being caught by a behavior blocker.</p><p></p><p>I kind of wish security software would have a paranoid mode where if they don't have the cloud lookup for a brand new binary, they simply refuse to execute it until you can get back online (or prompt you about it). Basically, a TAM-while-offline mode.</p><p></p><p></p><p>Still, these kinds of threats are not the ones I would waste time worrying about. Between the recent Ransominator POC, the fun.bat samples, and similar techniques, we've seen that with not too much coding effort there are plenty of ways of defeating an AV suite. It's just one piece of layered protection.</p></blockquote><p></p>
[QUOTE="MacDefender, post: 879058, member: 83059"] One concern being implied is that many AV engines have lower static scanning performance offline vs online, most likely because their cloud lookups are either using larger databases that they consider proprietary, or to reduce the bandwidth/space requirements of the offline signature database that they have to continuously update: [ATTACH type="full" alt="1588538439686.png"]238668[/ATTACH] Though for the reasons I mentioned earlier, I don't think this is a problem for the average home user who is constantly connected to the Internet. As [USER=32260]@Andy Ful[/USER] said, with such AVs, the bigger thing you lose is that the online lookup service gives you a much more comprehensive scan which may help with both zero-days and with ancient malware that they no longer consider worth putting in the signatures. An attack taking advantage of this would require sophisticated malware that either waits for an opportune moment of network downtime to unpack their real payload, or somehow manage to knock out the network without being caught by a behavior blocker. I kind of wish security software would have a paranoid mode where if they don't have the cloud lookup for a brand new binary, they simply refuse to execute it until you can get back online (or prompt you about it). Basically, a TAM-while-offline mode. Still, these kinds of threats are not the ones I would waste time worrying about. Between the recent Ransominator POC, the fun.bat samples, and similar techniques, we've seen that with not too much coding effort there are plenty of ways of defeating an AV suite. It's just one piece of layered protection. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
