Av Gurus

Level 29
Verified
Trusted
Malware Hunter
The future of security software isn’t just blacklisting. Instead, it will often be something more like whitelisting — shifting from “everything is allowed except known-bad stuff” to “everything is denied except known-good stuff.”
More sophisticated tools should also harden the software we use, blocking techniques attackers use rather than fighting the losing battle of constantly adding new definitions.

Antivirus should be a last-ditch line of defense, not something you rely on to save you. To stay safe online, you should act as if you had no antimalware software on your computer at all.
Antivirus isn’t the cure-all it’s often considered. Don’t have a false sense of security because antimalware software is running on your computer.

Blacklisting Is Fighting a Losing Battle
Antivirus software relies on blacklisting and heuristics — and really, heuristics are just another type of blacklisting. Antimalware companies find malware in the wild, analyze it, and add “definitions” that antimalware software constantly downloads. Whenever you run an application, the antimalware software checks to see if it matches a definition and blocks it if it does.

Antimalware software also incorporates heuristics-based detection. Heuristics check to see if a piece of software behaves similarly to known malware. It can block new pieces of malware before definitions are available for them, but heuristics aren’t anywhere near perfect.

The problem with the blacklisting approach is that it assumes everything is safe by default, and then attempts to pick out the known-bad things. It would be more secure to flip this upside down — assuming everything is dangerous and shouldn’t run unless it’s been more proven to be safe.

Antimalware software still works fairly well against random older malware you might encounter online. But, against newer and smarter attacks, antimalware software often falls flat on its face. Don’t put all your trust in it to protect you.

READ MORE...
 
M

Mr. Tech

"The future of security software isn’t just blacklisting. Instead, it will often be something more like whitelisting" - I agree with this to a point, but yet again you must also look at the point of where technology is heading, computers & mobile devices may just be a myth one day while bio-technology has taken over (as I think it will...) I think a better security precaution should be in place for that, but yet again 40 years from now computers and mobile devices may still be a thing.... who knows...
 
H

hjlbx

All this has been around for ages... it is:

Anti-executable (white-listing)

Add to it:

virtualization
emulation
anti-exploit
good infos that guide user properly
 
Last edited by a moderator:
R

Rod McCarthy

The Future is here PC Matic already advertises it, they are doing it already. Can someone test PC Matic... It must be the best.
 

jamescv7

Level 61
Verified
Trusted
Virtualization is next for the upcoming generations, some business firms are engage on this type of method to ensure none of any threats should retain but of course a realtime protection is there as a sufficient to detect those in common.

Also the power tweaks should always observe, default settings are no longer to be recommend due to providing mediocre protection.
 
  • Like
Reactions: LabZero
The problem with this is:

Just say you have Kaspersky Internet Security 2056 (LOL :p)

Kaspersky uses white-listing for its new 2056 software.

OK, I surf to weirdsite12345.com (some random weird site)

Now I download Free Racing Simulator for PC (just released to the public and is only downloaded from our site above which is not popular.

Kaspersky blocks it saying it was not on the White-list.

User freaks out and starts sweating and asks @Umbra to fix his/her computer.

This will not be good for the software industry for sure as new "indie" developers will be discouraged to make software and games.

TL;DR: If you download a legitimate program that's not popular Kaspersky will block it. Users that are not tech-savvy don't know that it just wasn't on the white list and start asking @Umbra to fix computer.


EDIT Section 2:

Yes this is a very long post but bear with me!

Let's say you go to www.eset.com to download the latest ESET.

OK just say ESET was exploited and eset.com site hacked. since Kaspersky think that ESET was from a legitimate source it will let it through and then poof! computer introduced to malware.

OK, you say, why not just remove ESET from the white-list? Then that's blacklisting, just from the whitelist :D
 
Last edited:

OneDay

New Member
The future of security software is a piece of program that will equip the user with the appropriate knowledge to decide himself. In the way VoodooShield works for example which blocks anything new, but informs you about VirusTotal detections. And even whitelisting shouldn't be something passive, but dynamically reestablished and renewed. And accompanied by an anti-exploit solution, you could easily build a security fortress.

Τhe sooner we get rid of the idea of signature-based antivirus software the better!
 
H

hjlbx

The problem with this is:

Just say you have Kaspersky Internet Security 2056 (LOL :p)

Kaspersky uses white-listing for its new 2056 software.

OK, I surf to weirdsite12345.com (some random weird site)

Now I download Free Racing Simulator for PC (just released to the public and is only downloaded from our site above which is not popular.

Kaspersky blocks it saying it was not on the White-list.

User freaks out and starts sweating and asks @Umbra to fix his/her computer.

This will not be good for the software industry for sure as new "indie" developers will be discouraged to make software and games.

TL;DR: If you download a legitimate program that's not popular Kaspersky will block it. Users that are not tech-savvy don't know that it just wasn't on the white list and start asking @Umbra to fix computer.


EDIT Section 2:

Yes this is a very long post but bear with me!

Let's say you go to www.eset.com to download the latest ESET.

OK just say ESET was exploited and eset.com site hacked. since Kaspersky think that ESET was from a legitimate source it will let it through and then poof! computer introduced to malware.

OK, you say, why not just remove ESET from the white-list? Then that's blacklisting, just from the whitelist :D
@Chromatinfish 123

You illustrate the primary problem of file rating systems generally - at least the way they are currently implemented, administered and maintained by security soft vendors today.

The vendors will have to clean up their act - and get much more accurate overall plus very tough on PUPs\PUAs - for white-listing to really work. Plus they will need infrastructure and personnel in-place to make it work effectively and efficiently.

The alternative is to use an anti-executable and rate files yourself; e.g. everything on a clean system is white-listed, system is then locked-down, and nothing new is intentionally introduced to\installed on system. This method does not rely upon vendor file rating but instead user verdict of file. This method is extremely effective at protecting system.

Will users accept white-listing ? They won't if it seriously limits or interferes with what they can do on system and\or it is even perceived as too inconvenient or troublesome. They are dead wrong...
 

Kuttz

Level 12
Verified
Signature based Anti Virus softwares is reaching its limits considering the ever growing clever malwares. At one point conventional technologies cant cope any more and alternate technologies had to arrive.
 
  • Like
Reactions: LabZero
D

Deleted member 178

Assuming everything is dangerous and shouldn’t run unless it’s been more proven to be safe.
the article's author just literally unconsciously quoted the approach of Appguard :D
 
  • Like
Reactions: XhenEd

jamescv7

Level 61
Verified
Trusted
This is why there should be a reference chec that uses detection alongside of whitelisting scheme, because changes happen time to time.

And speaking of changes then considerate suppose to be fully active Behavior Blocker that can calculate already the possible suspicious changes.
 
D

Deleted member 178

All this has been around for ages... it is:

Anti-executable (white-listing)
exactly, deny-default or virtualization apps exist since ages.

the author seems to have limited knowledge, because he mentioned MBAE that has nothing to do with what he talked... MBAE protect apps from exploits, not the system from malwares. He should have mentioned NVT ExeRadarPro, Appguard , Bouncer, even Applocker (delivered in Windows Pro versions).

i guess he wants a free license for MBAE :D :p
 
  • Like
Reactions: XhenEd and Azure

Azure

Level 24
Verified
Content Creator
exactly, deny-default or virtualization apps exist since ages.

the author seems to have limited knowledge, because he mentioned MBAE that has nothing to do with what he talked... MBAE protect apps from exploits, not the system from malwares. He should have mentioned NVT ExeRadarPro, Appguard , Bouncer, even Applocker (delivered in Windows Pro versions).

i guess he wants a free license for MBAE :D :p
For an article that supposed to promote the usefulness of whitelisting the lack of mentioning of this products, plus others like VoodooShield and SecureAPlus, is a little disappointing.
Regarding the mentioning of MBAE, at the very least the didn't say it was antivirus like a certain other website implied to some time ago.
 
L

LabZero

The biggest problem to solve about whitelisting, in my opinion, will be false positives.

I believe that the future of antivirus will be the sandbox.
The attack is done in this completely isolated area where the virus acts normally. The antivirus does not then attempts to neutralize the malware by deleting it from the system, but try to make it safe by restricting the possible action area and therefore the possible negative effects (leaving it free to infect non-essential part of the system).

In the sandbox a routine executes a secure dynamic analysis and subsequently an algorithm decides whether the code is really malicious or not.
 
D

Deleted member 178

In the sandbox a routine executes a secure dynamic analysis and subsequently an algorithm decides whether the code is really malicious or not.
the term "virtualization" is more adapted than sandbox (since sandboxing IS virtualization).

Returnil is doing what you are describing, it isn't popular because the engine is not very strong.

btw , CIS also do what you are saying ^^
 
M

MalwareT

Since i use CIS,there's no way that i will switch to another security software :)
 
  • Like
Reactions: XhenEd
The Future is here PC Matic already advertises it, they are doing it already. Can someone test PC Matic... It must be the best.
Meh are you kidding me:

The Future is here PC Matic already advertises it, they are doing it already. Can someone test PC Matic... It must be the best.
Meh are you kidding me?

Look at this post
hey guys we can close the forum and go vacations : PC Matic is our savior !!!!! :rolleyes:
/scam /scareware /crapware


Panda has a rival !

bwahahahaha rofl trololol :D
Please please tell me this is a joke

Wait... even this cr*p can be advertised on TV !? :eek::eek::eek:

EDIT: So PCMatic does use whitelists but not very carefully...in order to have whitelisting it will need a huge amount of developers, testers, and user base to introduce, and verify would-be whitelisted programs and websites.

EDIT 2: Read the reviews on Amazon:

http://www.amazon.com/PC-Pitstop-LLC-PCM-102-Matic/dp/B0046ZLW1G/ref=cm_cr_pr_product_top?ie=UTF8

Many reviews are 5-star but notice the helpful counts... 0 of 6, 1 of 10, etc.

Which means that they are probably sponsored.

Then you see the most helpful reviews and they are just one star/two star reviews.
PC Matic "Support" tries to trick everybody into being scammed again by commenting on as many most helpful reviews as possible.

Forget about Super Shield. More like Scam Shield
 
Last edited:
  • Like
Reactions: XhenEd and frogboy