Battle Which antivirus software do you recommend?

Status
Not open for further replies.
Y

yigido

My recommend is always COMODO Internet Security, it is free and it can give the best protection to you on this market!
Please check it here : Free Internet Security for Windows 10 from Comodo

Todays threats are unknowns. So you cannot let an unknown application run in your PC. Comodo works with Default Deny mechanism. It only allows to run "whitelisted" applications. Your system always safe and secure.
If there is an unknown app, then it goes to automatic sandbox and it won't hurt you and your files.
If it is known malware for Comodo, then it goes to quarantine.
Comodo gives all of these staff for FREE!

I recommend you to do best decision. Stay safe!
yigido,
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
My recommend is always COMODO Internet Security, it is free and it can give the best protection to you on this market!
Please check it here : Free Internet Security for Windows 10 from Comodo

Todays threats are unknowns. So you cannot let an unknown application run in your PC. Comodo works with Default Deny mechanism. It only allows to run "whitelisted" applications. Your system always safe and secure.
If there is an unknown app, then it goes to automatic sandbox and it won't hurt you and your files.
If it is known malware for Comodo, then it goes to quarantine.
Comodo gives all of these staff for FREE!

I recommend you to do best decision. Stay safe!
yigido,
what does Comodo do, to protect from fileless attacks that exploit vulnerable windows processes?
 

Aura

Level 20
Verified
Jul 29, 2014
966
Emsisoft, Kaspersky and ESET are all good choices. They are the 3 I recommend when you want a paid Antivirus solution. Since I know the folks at Emsisoft and work with them, their products is my 1st pick. After that, it would be Kaspersky Internet Security which I used for 7 years and never let me down. And lastly it would be ESET which I never used, but always followed it and found it to be very good.
 
Y

yigido

what does Comodo do, to protect from fileless attacks that exploit vulnerable windows processes?
That point that Comodo should improve itself, it is Anti-exploit. Comodo needs anti-exploit protection layer. Even without this Comodo can protect you against %99 of threats.
On AV-Test result, Comodo gives %100 protection.
But against those kind of threats, your default-allow AV can protect you? It is not just Comodo's fault, if we must to be fair.
Thanks God, questioner has Zemana AntiLogger and I saw some detection of fileless malware from Zemana.
I will ask about it to Comodo.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
That point that Comodo should improve itself, it is Anti-exploit. Comodo needs anti-exploit protection layer. Even without this Comodo can protect you against %99 of threats.
On AV-Test result, Comodo gives %100 protection.
But against those kind of threats, your default-allow AV can protect you? It is not just Comodo's fault, if we must to be fair.
Thanks God, questioner has Zemana AntiLogger and I saw some detection of fileless malware from Zemana.
I will ask about it to Comodo.
thanks
I think that most and maybe all AVs will not protect you very much from this.
The products that do protect you from this kind of thing are mainly in the anti-exe department: NVT ERP, AppGuard, SpyShelter, SecureAPlus, and VoodooShield. Maybe others, too.
Since Comodo's auto-sandbox can be used as a kind of anti-exe, that's why I was asking.
 
Y

yigido

thanks
I think that most and maybe all AVs will not protect you very much from this.
The products that do protect you from this kind of thing are mainly in the anti-exe department: NVT ERP, AppGuard, SpyShelter, SecureAPlus, and VoodooShield. Maybe others, too.
Since Comodo's auto-sandbox can be used as a kind of anti-exe, that's why I was asking.
You can use Comodo as anti-exe with more usability. You can set CIS or CFW to "Block all unknowns" so there will be no running unknowns on your PC but safe ones.
I do not think so that NVT ERP, AppGuard, SpyShelter, SecureAPlus, and VoodooShield give that fileless malware protection? Please correct me if I am wrong. Because you can get infected by fileless malware by clicking an ad on a webpage or visiting a website.
But these fileless malwares are not common I think
 
H

hjlbx

thanks
I think that most and maybe all AVs will not protect you very much from this.
The products that do protect you from this kind of thing are mainly in the anti-exe department: NVT ERP, AppGuard, SpyShelter, SecureAPlus, and VoodooShield. Maybe others, too.
Since Comodo's auto-sandbox can be used as a kind of anti-exe, that's why I was asking.

As long as a security solution blocks writes to autorun registry key entries your system will not be persistently infected.

Poweliks and Kovter for example also write to HKCU - which isn't necessary to protect those keys. The encrypted keys will be inert on system but unable to execute.

I know a lot of people can't stand the thought of having inert malware on their systems, but this is how virtually all security softs work - unless you use virtualization or snapshot software.

If you expect security soft to prevent modification of entire system, then you will be greatly disappointed since most security softs don't work that way.

COMODO sandbox won't allow writes to actual system registry - but instead to virtual container registry, same with Sandboxie. Once delete sandbox, everything is gone.

Disable powershell and powershell_ise if you are paranoid about fileless malware.

Fileless malware works predominantly via exploit - so keep softs updated. You can also add anti-exploit. Probability of a successful zero day exploit is miniscule.

Looking for 100 %, perfect security is a pipedream.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
As long as a security solution blocks writes to autorun registry key entries your system will not be persistently infected.

Poweliks and Kovter for example also write to HKCU - which isn't necessary to protect those keys. The encrypted keys will be inert on system but unable to execute.

I know a lot of people can't stand the thought of having inert malware on their systems, but this is how virtually all security softs work - unless you use virtualization or snapshot software.

If you expect security soft to prevent modification of entire system, then you will be greatly disappointed since most security softs don't work that way.

COMODO sandbox won't allow writes to actual system registry - but instead to virtual container registry, same with Sandboxie. Once delete sandbox, everything is gone.

Disable powershell and powershell_ise if you are paranoid about fileless malware.

Fileless malware works predominantly via exploit - so keep softs updated. You can also add anti-exploit. Probability of a successful zero day exploit is miniscule.

Looking for 100 %, perfect security is a pipedream.
so accordingly, Comodo auto-sandbox, and Kaspersky TAM, should provide pretty good protection?
 
Y

yigido

I think you are talking about a different kind of exploit. Yes, the kind you are talking about is rare, and probably won't effect you, if you are using a good, up-to-date browser.
I was talking about certain techniques that malware uses to bypass the standard anti-exe function. They bypass it, and hide from the AV, by using scripts that call windows processes such as rundll32 and others.
The anti-exe products usually have some script protection, but it is prone to FPs and to blocking of valid processes, so it is a tricky thing.
---------------
HOW FILELESS INFECTIONS WORK

Here’s a real-life scenario of how a fileless infection could compromise your computer.
>> You use Chrome that has the Flash plugin installed. It can also be any other browser that supports this plugin or Javascript.
>> Your Flash plugin is outdated, because you haven’t had time to install the updates.
>> You end up on a website that hosts the Angler exploit kit.
>> The exploit kit scans for vulnerabilities and finds one in your Flash plugin. It immediately starts running the payload it in the memory of your Chrome process.
>> If, for example, the payload is a ransomware strain, it will connect to the Command & Control servers controlled by the attackers and get the encryption key.
>> The last step is to encrypt the data on your PC, locking you out and asking for a hefty ransom to give you access to it once again.
As you can see, the payload (the part of malware which performs a malicious action) is injected directly into the process used for the exploitation and run in your computer’s RAM memory.
------------------
as we can see and as @hjlbx states, it uses the out-dated softwares vector to infect you.
I have not much software to update and I keep these a few ones up-to-date.
The article came from Heimdal.
 

hamo

Level 10
Verified
Well-known
Mar 30, 2014
468
First of all, there is no 100% protection, to get 100% protection depend on the user.
-----------------------------------------------------------------------------------------------
You have an excellent PC, SO use the pogrom which many many user hope to use it but, they cannot, cause they don't have PC can deal with.

Kaspersky Internet Security 17

- 1st detection rate with zero false positive .
- "Application Control" prevents dangerous applications from harming your system
- Automatic Exploit Prevention
.
- Security browser provided by "Hotspot.Shield".
- "Software Updater"Update all your PC
- "Installation Assistant"
Helps users while they install programs to ensure only selected programs are installed.
- "Software Cleaner" help you to easily remove the programs you consider inappropriate that you may not want on your computer
.
.
.etc Kaspersky Internet Security 2016 | PC Protection | Kaspersky Lab US

There is no thing every one need didn't in KIS ,
I like it & I am Kaspersky user since 2009.

Hope to find what you look for :)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top