Reactive includes signatures... signatures are worthless against 0-Day malwares.
Reactive also includes heuristics, behavior blocker, virtualization, policy access restrictions, file monitoring, file rating system, etc, etc, etc, etc. Much better at protecting against 0-Day malwares... but still dependent upon user knowledge to a significant extent.
Best reactive protection uses well-integrated, multi-layered approach that incorporates most of the above categories.
For example, Comodo Internet Security:
heuristics, file monitoring (viruscope), virtualization, policy access restrictions, file rating system, HIPS, firewall, good signatures, frequent updates, etc.
Another example, Emsisoft uses all the same above - except heuristics - and integrates most of them into a behavior blocker.
Proactive protection = eliminate\patch any vulnerabilities that malwares might exploit.
Proactive protection is, for the most part, always behind malware\infection trends, types, new methods, etc. This is why Microsoft, Adobe, etc are always patching their softs months after a vulnerability has been discovered and reported... What's worse, some vulnerabilities are not even discovered until years later - or - they are known to exist but the softs vendor(s) choose not to patch them !!! All the big soft vendors are infamous for this sort of thing.
Right now Reactive protection is the predominant, established, best overall protection model... although AV vendors are getting better at incorporating Proactive protection into their products.
For example, Kaspersky has a system vulnerability scan that will search for high-risk system and browser settings... and prompt the user to allow Kaspersky to change those settings to more secure ones.
I don't think the Reactive - Proactive protections will change any time soon.
Reactive also includes heuristics, behavior blocker, virtualization, policy access restrictions, file monitoring, file rating system, etc, etc, etc, etc. Much better at protecting against 0-Day malwares... but still dependent upon user knowledge to a significant extent.
Best reactive protection uses well-integrated, multi-layered approach that incorporates most of the above categories.
For example, Comodo Internet Security:
heuristics, file monitoring (viruscope), virtualization, policy access restrictions, file rating system, HIPS, firewall, good signatures, frequent updates, etc.
Another example, Emsisoft uses all the same above - except heuristics - and integrates most of them into a behavior blocker.
Proactive protection = eliminate\patch any vulnerabilities that malwares might exploit.
Proactive protection is, for the most part, always behind malware\infection trends, types, new methods, etc. This is why Microsoft, Adobe, etc are always patching their softs months after a vulnerability has been discovered and reported... What's worse, some vulnerabilities are not even discovered until years later - or - they are known to exist but the softs vendor(s) choose not to patch them !!! All the big soft vendors are infamous for this sort of thing.
Right now Reactive protection is the predominant, established, best overall protection model... although AV vendors are getting better at incorporating Proactive protection into their products.
For example, Kaspersky has a system vulnerability scan that will search for high-risk system and browser settings... and prompt the user to allow Kaspersky to change those settings to more secure ones.
I don't think the Reactive - Proactive protections will change any time soon.
Last edited by a moderator:
- Jan 8, 2011
- 22,361
Have you come across zero-day vulnerabilities or malware, whilst browsing the web?
While proactive may be better for unknown threats, reactive technologies are still needed.
While proactive may be better for unknown threats, reactive technologies are still needed.
I know what you want, but it is not as simple as providing a list of AVs ranking them by best Proactive and Reactive protections.
I suggest you ask this question: Which AVs perform at an overall, consistently high level over time - using default settings?
Those would be:
- BitDefender
- Kaspersky
- ESET
- Emsisoft
I think you are looking for a free internet security suite. In that case, you can try BitDefender trial or Comodo Internet Security. BitDefender is always offering extended 6-month and 12-month trials.
Comodo isn't on the list above as it is not often tested by the AV test labs. However, you will find, if it is properly configured and you learn how to use it, then it will provide a high-level baseline security.
There's an incredible amount to learn... so just take it one small step at a time... and don't get frustrated.
One warning about Comodo...
It can be overwhelming. It can cause serious issues if you do not know how to use it.
If you install it, then it is best to leave the Internet Security configuration enabled until you learn more about it.
Otherwise you're apt to think it is malfunctioning when it causes problems with Proactive protection enabled - when, in fact - it is working perfectly\as intended.
Comodo will sandbox any Unrecognized file - including legitimate ones from Trusted vendors. This can include drivers - which can cause serious problems. You have to add any legitimate files to the Trusted Files list and this should correct the issue.
It can be overwhelming. It can cause serious issues if you do not know how to use it.
If you install it, then it is best to leave the Internet Security configuration enabled until you learn more about it.
Otherwise you're apt to think it is malfunctioning when it causes problems with Proactive protection enabled - when, in fact - it is working perfectly\as intended.
Comodo will sandbox any Unrecognized file - including legitimate ones from Trusted vendors. This can include drivers - which can cause serious problems. You have to add any legitimate files to the Trusted Files list and this should correct the issue.
What happen when an unknown file is executed which is treated as safe by file rating and lookup in comodo?
If a file rated as Trusted in Comodo Cloud then it is not Unrecognized\Unknown; someone at Comodo has manually analyzed the file and made a Trusted verdict.
If you mean, what happens when a malicious file is treated as Trusted in Comodo - that is a rare occurrence in Comodo Cloud as Comodo uses "Old School" manual file analysis. But to answer - it is allowed to run...
Even malware analysts make mistakes...
The reason why I asked this is I was using Comodo for some time and I used to download some samples from MalwareTips for testing in which say out of ten samples some detected by on demand scan and some detected by lookup check but some are rated as safe by file rating and lookup check which was actually a malware and this I tested so many time with different samples from malware and the result was same and that executes Comodo's hips,autosandbox and viroscope will allow it Right?If a file rated as Tted in Comodo Cloud then it is not Unrecognized\Unknown; someone at Comodo has manually analyzed the file and made a Trusted verdict.
If you mean, what happens when a malicious file is treated as Trusted in Comodo - that is a rare occurrence in Comodo Cloud as Comodo uses "Old School" manual file analysis. But to answer - it is allowed to run...
Even malware analysts make mistakes...
I've only seen this happen with Virussign samples...
Yes. If a file is rated as Trusted then it should not generate HIPS alert and then be autosandboxed using default settings.
Malicious files rated as safe is a very rare occurrence with Comodo - in my experience.
To be honest without the actual sample it is difficult to know exactly what happened - let alone why it happened.
I have Comodo configured for antiexecutable\default-deny. This means any file not already rated as Trusted in the File Rating database will be blocked... whether it is malicious or not - whether it is from a Trusted vendor or not. So if it's not already on my system - then it is blocked - for any and all files not white-listed on my system.
I regularly review file ratings on my system... so I know what is up. I admit that is a time intensive, laborious process.
Plus I use VooDooShield on one system and NoVirusThanks Exe Radar Pro on the other.
If malware can get past all that then I tip my hat to the author...
- Mar 31, 2014
- 467
which is better VooDooShield or NoVirusThanks Exe Radar Pro ? what different?
please share your experience.
which is better VooDooShield or NoVirusThanks Exe Radar Pro ? what different?
please share your experience.
VDS and NVT EXP both do the same thing - and both are excellent.
VDS has automatic Virus Total query for any Unrecognized\Unknown files.
NVT EXP has better user interface (re-sizable), logging and some advanced features.
VDS is currently undergoing extensive upgrade - with significant security improvements - and is still in beta but stable.
NVT ERP is about to be released as new stable version - but their betas are always stable as well.
I like both... use VDS on AMD W8.1 with Comodo and ERP on Intel W8.1 with Comodo and PhrozenSoft Virus Total Uploader.
Both VDS and ERP are extremely light on system resources... cannot tell they are present on system by staring at Task Manager.
It is hard to choose between the two... it comes down to personal preference.
Everyone should use an AE...
- Mar 15, 2011
- 13,070
Well if we analyze the term 'zero day' its been brought and exist very fresh within less than 24 hours so admit that signatures are not registered.
Proactive is a good choice where reinforcement are not yet arrived at all but what components are dealing with these? HIPS, BB, Generic/Heuristics detection, Application Control should be enough; even Cloud may help it to provide AI detection.
But it need a handle by a user knowledge in order to prevent something suspicious cause Reactive where contains signature may not arrived immediately to blacklist immediately,
Let's compare in a war game mode:
Proactive: Let say 50 units are deployed on an area for a critical mission and the mission is to confirm the information about the enemy, so they need to explore and check everything, however they engage in a heavy fire so relying with limited ammunations and equipments to make a counter attack.
Reactive: A soldier will make a contact to their outpost about the heavy fire situation and order a reinforcement to help in such situation ASAP.
Now both of them needed in the field of computer security, one of them is a plan B when Plan A does not work.
Proactive is a good choice where reinforcement are not yet arrived at all but what components are dealing with these? HIPS, BB, Generic/Heuristics detection, Application Control should be enough; even Cloud may help it to provide AI detection.
But it need a handle by a user knowledge in order to prevent something suspicious cause Reactive where contains signature may not arrived immediately to blacklist immediately,
Let's compare in a war game mode:
Proactive: Let say 50 units are deployed on an area for a critical mission and the mission is to confirm the information about the enemy, so they need to explore and check everything, however they engage in a heavy fire so relying with limited ammunations and equipments to make a counter attack.
Reactive: A soldier will make a contact to their outpost about the heavy fire situation and order a reinforcement to help in such situation ASAP.
Now both of them needed in the field of computer security, one of them is a plan B when Plan A does not work.
Sinu...
Use the graph only as a guide. You just might find out that reality on your specific system doesn't correspond to the graph...
Just consider everything - especially what you see on your specific system - that's all I'm suggesting.
Use the graph only as a guide. You just might find out that reality on your specific system doesn't correspond to the graph...
Just consider everything - especially what you see on your specific system - that's all I'm suggesting.
Similar threads
