- Status
Hungry Man
New Member
- Jul 21, 2011
- 669
Hopefully they don't do it too soon. I want to write my own security product and it would be a shame is someone else beat me to it =p
This isn't anything new. Signatures haven't been able to keep up for years. This is why HIPS and sandboxing products are important.
HeffeD said:
You are right, this is not anything new, but enforces the need for layered security to the users..
AyeAyeCaptain
Level 1
- Feb 24, 2011
- 585
Hungry Man said:
Please tell us more in another thread?
Yeah HIPS + Sandbox (full virtual...) is way forward now to keep up with such a thing I think too.
Hungry Man
New Member
- Jul 21, 2011
- 669
AyeAyeCaptain said:
I posted a bit about what I consider to be the necessities for a security product in another topic. I've written up a bit in my free time about it and I'm learning to program every day =p I would prefer not to go into too many details. It'll do some things with heuristics that other AV companies aren't doing - it'll extend the Windows security model/ work within it - it will include partial virtualization and other sandboxing techniques - it will require little to no user knowledge/ input.
Unfortunately we can not and should not depend on antiviruses. One, antiviruses because of their nature, using definitions, are not a reliable tool for prevention and two, when they start adding HIPS, Behavior blockers, Firewalls, Web guards and 25 other layers or shields or whatever they call it, they then become bloated and make computers feel as bad as if they are infected. Even though scanners are not useless, we should not depend on them, in my opinion.thewolfsmith72 said:
Totally agree. I remember 3 years ago when I heard the words "Zero day threats" for the first time and started reading about how to prevent from that kind of threat, HIPS, Sandboxing and Behavior blockers is what usually came up.HeffeD said:
I remember having a hundred programs in front of my face, all claiming, "We are the greatest" but somehow I was able to pick a little program that did not say much but it has turned out to be a program that "Speaks softly and carries a big stick". That program is Sandboxie. I was lucky, as Sandboxie was the second program that I tried to be used for protection against Zero day threats. I did not have to go through 22 installations to get to Sandboxie.
We can use Sandboxie alone, like I do or use the layered approach which should work as long as the programs that are used don't conflict with each other. I think that's the key to making a layered security setup work. Have to find a good balance, using Sandboxie alone I don't have to find that balance.
Bo
Hungry Man
New Member
- Jul 21, 2011
- 669
The problem with most HIPS is that they're "loud" and rely on the user. That's not too good in the case of a socially engineered malware or an exploit in a trusted program. If CIS pops up and say s"Hey, Chrome needs access to some area" I'm gonna be like "hey, why not, I know Chrome's legit!" and there we go I'm infected.
Sandboxing is ideal security. It is fundamentally what security has always been about - access restriction and strong policy.
BB's aren't too bad either when they're used as restriction tools.
Sandboxing is ideal security. It is fundamentally what security has always been about - access restriction and strong policy.
BB's aren't too bad either when they're used as restriction tools.
Hungry M, I want you to know that I am very happy that you are using Sandboxie. Why? The answer is simple, you are always letting your imagination fly high and when somebody like you uses Sandboxie, usually comes up with new ways of using the sandbox. HM, I am waiting
Bo
Bo
Hungry Man
New Member
- Jul 21, 2011
- 669
Haha, unfortunately it isn't working with win8 but I've read up on how it works and it's definitely a program I want to look into further when it gets ported.
Littlebits
Retired Staff
- May 3, 2011
- 3,893
I believe most of you failed to notice that this article doesn't apply to home users.
The fact: viruses no longer target home users.
I have been running my small computer business since 2002.
I watch virus infections dramatically decrease of the over on home systems.
Most of my customers are about novice as you can find and they usually use only a free AV solution like Avast, AVG or Avira. I have not seen one single virus infection on any systems since 2005, all I ever find now is rogueware which has to be manually downloaded and manually installed by the user.
Ever time I read an article about how bad viruses are getting, I just laugh.
What is getting bad is rogueware, ransomeware, scrareware, etc.
Of coarse virus still might be bad for enterprise, businesses, etc. not for home users which most of us are.
Thanks.
Hungry Man
New Member
- Jul 21, 2011
- 669
"The fact: viruses no longer target home users."
I'm pretty sure this isn't a fact lol I'd actually say it's the opposite. Direct attacks are more common on an enterprise whereas the typical malware we see is targetting home users.
Rogueware, ransomeware, scareware, these all apply to users. These are all forms of malware.
I'm pretty sure this isn't a fact lol I'd actually say it's the opposite. Direct attacks are more common on an enterprise whereas the typical malware we see is targetting home users.
Rogueware, ransomeware, scareware, these all apply to users. These are all forms of malware.
Hungry Man said:
Have to agree with you here.. I pull trojans almost on a daily basis off of home users computers as well as a variety of other malware. Most of them running just simple AV's.
Hungry Man
New Member
- Jul 21, 2011
- 669
I see pleeeenty of infected computers. Botnets don't discriminate between a home user and an enterprise user. Most trojans are aimed at home users as well.
Most enterprise computers are running old XP 32bit but they have sysadmins to deal with malware, usually VPNs, enterprise AV's, and if something suspicious pops up the admins can take care of it. And in an ideal world work computers are only used for work.
Most enterprise computers are running old XP 32bit but they have sysadmins to deal with malware, usually VPNs, enterprise AV's, and if something suspicious pops up the admins can take care of it. And in an ideal world work computers are only used for work.
Hungry Man said:
Yes, that is the nature of HIPS.
I've always said that if you don't want to be bothered with popups, then a HIPS product isn't the right security solution for you.
Littlebits
Retired Staff
- May 3, 2011
- 3,893
Many things have changed in malware seen.
1. Viruses and Worms no longer target home users, only corporations, government and business systems. It is actually very rare for a home user to get a virus or worm infection.
Many Anti-virus vendors mislabel malware, giving them the title of virus, worm or trojan when they are actually rogueware. Of coarse there are still viruses and worms in the wild, but most AV are very effective at blocking them. Some times it is hard to tell what type of malware infection you have when all of the vendors give the exact same malware a different label. If you do your own research, most malware now days labeled as viruses and Trojans are actually rogueware.
2. About 85% or more malware infections on home user systems are rogue security products, ransomware, scareware and other rogueware. These infections have to be manually downloaded and installed by the users, they use trickery to make the users think that they are downloading and installing something that they need. Rogueware doesn't automatically install or find vulnerabilities in the OS or web applications, it is totally the users actions that allows them to function. Rogueware are notorious for getting past most AV's detection.
3. Adware and spyware are no longer automatically installed through vulnerabilities in web browsers. They are bundled with many free programs and usually only optional, users can usually opt out. Most have a privacy policy that is attached to the installer. Once again the user is at fault for installing adware and spyware, many security vendors have removed detections of adware and spyware since they are no longer forced upon the users. Other adware and spyware that don't follow the guidelines are easily blocked by most AV's.
4. Trojans and rootkits are not much a threat for home users either, but are still more common than viruses and worms. However most respectful AV's usually can block them. Trojans and rootkits are commonly bundled in illegal cracks and keygens for activating paid products. Just watching what you download can keep you from getting an infection.
So if they was a malware testing site that only used samples that infect home users, then Malwarebytes Anti-Malware would have the highest detection rate since it has the best detection of rogueware and rogueware slips by most respectful AV's.
For malicious malware that causes severe damage to a system like viruses, they are very rare for home users systems. The samples are available but not widespread, usually only used in testing not distributing. I'm sure if you check out Youtube for malware testing, you can watch a lot of videos about these malicious malware. Some have been out for many years but still no reports of home users getting infected except for those users testing the samples and getting an accidental infection.
Of coarse some types of malware are regional like Asia for example the viruses are more common for that area.
Like I said I have about 300 or more customers that come into my shop weekly that have malware infections, I haven't seen a real virus infection since 2005. These customer mostly just use a free AV and Windows default firewall.
This observation is in the central USA based up on my customers, other places may have different results. I'm still waiting for that customer to come in with a real virus infection that will give me some kind of challenge. I'm tired of GreenAV, Windows7Defender, My Security Shield, System Guard 2010, etc.
Good day.
1. Viruses and Worms no longer target home users, only corporations, government and business systems. It is actually very rare for a home user to get a virus or worm infection.
Many Anti-virus vendors mislabel malware, giving them the title of virus, worm or trojan when they are actually rogueware. Of coarse there are still viruses and worms in the wild, but most AV are very effective at blocking them. Some times it is hard to tell what type of malware infection you have when all of the vendors give the exact same malware a different label. If you do your own research, most malware now days labeled as viruses and Trojans are actually rogueware.
2. About 85% or more malware infections on home user systems are rogue security products, ransomware, scareware and other rogueware. These infections have to be manually downloaded and installed by the users, they use trickery to make the users think that they are downloading and installing something that they need. Rogueware doesn't automatically install or find vulnerabilities in the OS or web applications, it is totally the users actions that allows them to function. Rogueware are notorious for getting past most AV's detection.
3. Adware and spyware are no longer automatically installed through vulnerabilities in web browsers. They are bundled with many free programs and usually only optional, users can usually opt out. Most have a privacy policy that is attached to the installer. Once again the user is at fault for installing adware and spyware, many security vendors have removed detections of adware and spyware since they are no longer forced upon the users. Other adware and spyware that don't follow the guidelines are easily blocked by most AV's.
4. Trojans and rootkits are not much a threat for home users either, but are still more common than viruses and worms. However most respectful AV's usually can block them. Trojans and rootkits are commonly bundled in illegal cracks and keygens for activating paid products. Just watching what you download can keep you from getting an infection.
So if they was a malware testing site that only used samples that infect home users, then Malwarebytes Anti-Malware would have the highest detection rate since it has the best detection of rogueware and rogueware slips by most respectful AV's.
For malicious malware that causes severe damage to a system like viruses, they are very rare for home users systems. The samples are available but not widespread, usually only used in testing not distributing. I'm sure if you check out Youtube for malware testing, you can watch a lot of videos about these malicious malware. Some have been out for many years but still no reports of home users getting infected except for those users testing the samples and getting an accidental infection.
Of coarse some types of malware are regional like Asia for example the viruses are more common for that area.
Like I said I have about 300 or more customers that come into my shop weekly that have malware infections, I haven't seen a real virus infection since 2005. These customer mostly just use a free AV and Windows default firewall.
This observation is in the central USA based up on my customers, other places may have different results. I'm still waiting for that customer to come in with a real virus infection that will give me some kind of challenge. I'm tired of GreenAV, Windows7Defender, My Security Shield, System Guard 2010, etc.
Good day.
- Status
Similar threads
