Which is the most prospective security technology?

  • Total voters
    41
Status
Not open for further replies.

bug_in_amber

New Member
Signature based detection/Fast Lab's reaction - As new viruses are being created each day, the signature-based detection approach requires frequent updates of the virus signature dictionary. To assist the antivirus software companies, the software may allow the user to upload new viruses or variants to the company, allowing the virus to be analyzed and the signature added to the dictionary. This is the most trustworthy detection technology.

Heuristics/Generic Signatures - Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the wild. Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. MultiCriteria analysis (MCA) is one of the means of weighing. This method differs with statistical analysis, which bases itself on the available data/statistics.

Host Intrusion Prevention System (HIPS) - Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.

Intrusion Detection System (IDS) / Behavior Blocker - Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users. The model of normal or valid behavior is extracted from reference information collected by various means. The intrusion detection system later compares this model with the current activity. When a deviation is observed, an alarm is generated. In other words, anything that does not correspond to a previously learned behavior is considered intrusive. Therefore, the intrusion detection system might be complete (i.e. all attacks should be caught), but its accuracy is a difficult issue (i.e. you get a lot of false alarms).

Auto-Sandbox Technology - In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites. The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

Cloud Security / Reputation - An approach to system security that evaluates the reputations of the files and applications running on your PC on the fly. The security software tracks files and applications and dozens of their attributes including their age, download source, digital signature and prevalence. The attributes are then run through several complex algorithms to determine a reputation of a file.

Default Deny Protection - "Everything, not explicitly permitted, is forbidden"

---------------

Of course, complex protection technology isn't just an isolated security method, but it's interesting to know which technology do you think has the most prospective future. What do you trust the most, guys? :)
 

Gnosis

New Member
I would have voted for HIPS, but a sandbox is more realistic because a novice can surf away while sandboxed, and then shut it down and be 99%-100% malware free, so long as they did not manually elect to let anything out of the box.
Most people will not even fool with training a HIPS even if it is the best security detail, esp. novices that will flip out at every pop-up.
BB would be a close second due to effectiveness without the extensiveness of HIPS training. Learning mode is nice, but it only covers so much.
 

McLovin

Level 73
Verified
Trusted
Malware Hunter
Personally I think Sandboxed and File Reputation system, for the reason that one if a file is unknown it will go to the Sandbox and then will be analysed by the File Reputation to see if it's a bad file or not.
 
I

illumination

Im going to be an odd ball here and state "All of the Above".. Over lapping fields of protection, where one fails, one will prevent/block/detect, as my choice of which i trust. As far as a future, a person could pick one, but it's effectiveness will not be complete without the aid of the others. This is my personal opinion.
 
D

Deleted member 178

:goodpost:

i agree with Illumination

A plane has a lot of sensors & alarms to grant safety to the passengers, so must be a security solution.
 

Gnosis

New Member
I am going to stick with auto-sandboxes, as they allow novices to be protected (less hassle and anxiety) as well as expert users, less one is foolish and allows a suspect program out of the box. But that can happen easily to novices utilizing HIPS, BB's, AV's, etc., and in those cases they don't have a sandbox to protect them before unknowingly allowing a malicious program after being prompted.
The recent ComboFix installer issue makes the auto-sandbox look deficient, but in the grand scheme, it is trump tight because the user still has to willingly let programs operate outside of the box, just as the user has to willingly allow or deny for HIPS, AV's BB's or anything else in the realtime protection market.
Rollback and restore tech is like a sandbox, except your sand box is your hard disk data and OS; that is if you require a HD wipe to ensure you are malware free. LOL In the end, it comes out the same as long as your system image is intact and malware free.
 

Ramblin

New Member
Gnosis said:
.....but a sandbox is more realistic because a novice can surf away while sandboxed, and then shut it down and be 99%-100% malware free, so long as they did not manually elect to let anything out of the box.
I agree with the above but I like to comment about something:D. Gnosis, for some sandboxes, in particular Sandboxies sandbox, that 99% just don't look right. If a user, novice or not, uses Sandboxie all the time, not only for certain sites or certain files, the percentage next to SBIE is a solid 100%. People using Sandboxie can even make the mistake of letting the wrong file out of the sandbox but wont get hurt as long as it is not executed out of the sandbox.

Isn't that beautiful? People using SBIE can make that mistake but wont get hurt as long as we keep using the sandbox. Thats the beauty about Sandboxie and as you said in post#6, with "less hassle and anxiety". Cant be any better man.

Bo
 

Gnosis

New Member
that 99% just don't look right.
Point taken.
I have heard rumours of vulnerabilities in 64-bit systems with sandboxes. That is why I threw in the "99%". 99% secure is still better than anything out there as far as realtime security goes.
 
D

Deleted member 178

99% with sandboxie, and i fill the 1% left with all the softs of my security setup :D
 

Ramblin

New Member
@Umbra, you don't need all that other soft to cover that 1%, your head would do.

@Gnosis, I was half serious, half joking around about the percentage thing. Serious because based on something that I can touch, something that I have experienced as is using SBIE for a little over four years, I never had any problems with malware, so I know in my heart that the protection is 100%.

Half joking because any program even Sandboxie can be bypassed at one point. That really is a given. As far as I know, it has happened about once or twice in Sandboxies case since Version 1 (June 2004). Thats not bad at all.

Bo
 
D

Deleted member 178

bo.elam said:
@Umbra, you don't need all that other soft to cover that 1%, your head would do.
My head like to download and "test" nasty stuff ^^
 

McLovin

Level 73
Verified
Trusted
Malware Hunter
illumination said:
Im going to be an odd ball here and state "All of the Above".. Over lapping fields of protection, where one fails, one will prevent/block/detect, as my choice of which i trust. As far as a future, a person could pick one, but it's effectiveness will not be complete without the aid of the others. This is my personal opinion.
True, would be good to have all bases covered but is there an AV that will do that or a program that will do that? Would be handy if it was all in one program.
 

jamescv7

Level 61
Verified
Trusted
As I've continuously experience through cyberworld old traditions must be adapted and in my opinion; A HiPS/Behavior Blocker with system rating and sandbox technology are believe to be in effective way dealing those threats.
 

Gnosis

New Member
As I've continuously experience through cyberworld old traditions must be adapted and in my opinion; A HiPS/Behavior Blocker with system rating and sandbox technology are believe to be in effective way dealing those threats.
I concur. Add some cloud bases detection to all of that and you MUST be bulletproof, one would think.
 

Gnosis

New Member
Judging by the way our members voted, we are collectively in touch with ranking the most important security implementations.
 

Overkill

Level 31
Verified
Trusted
Auto-Sandbox Technology is what I chose, you have to love sandboxie and others such as Defensewall it's the future definitely!
 

Spawn

Administrator
Verified
Staff member
I can't decide, even though I've had a long time to think about it. :s
 
Status
Not open for further replies.