Battle Which is the most prospective security technology?

Status
Not open for further replies.

bug_in_amber

New Member
Thread author
Jan 21, 2013
8
Signature based detection/Fast Lab's reaction - As new viruses are being created each day, the signature-based detection approach requires frequent updates of the virus signature dictionary. To assist the antivirus software companies, the software may allow the user to upload new viruses or variants to the company, allowing the virus to be analyzed and the signature added to the dictionary. This is the most trustworthy detection technology.

Heuristics/Generic Signatures - Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the wild. Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. MultiCriteria analysis (MCA) is one of the means of weighing. This method differs with statistical analysis, which bases itself on the available data/statistics.

Host Intrusion Prevention System (HIPS) - Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.

Intrusion Detection System (IDS) / Behavior Blocker - Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users. The model of normal or valid behavior is extracted from reference information collected by various means. The intrusion detection system later compares this model with the current activity. When a deviation is observed, an alarm is generated. In other words, anything that does not correspond to a previously learned behavior is considered intrusive. Therefore, the intrusion detection system might be complete (i.e. all attacks should be caught), but its accuracy is a difficult issue (i.e. you get a lot of false alarms).

Auto-Sandbox Technology - In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites. The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

Cloud Security / Reputation - An approach to system security that evaluates the reputations of the files and applications running on your PC on the fly. The security software tracks files and applications and dozens of their attributes including their age, download source, digital signature and prevalence. The attributes are then run through several complex algorithms to determine a reputation of a file.

Default Deny Protection - "Everything, not explicitly permitted, is forbidden"

---------------

Of course, complex protection technology isn't just an isolated security method, but it's interesting to know which technology do you think has the most prospective future. What do you trust the most, guys? :)
 

Gnosis

Level 5
Apr 26, 2011
2,779
I would have voted for HIPS, but a sandbox is more realistic because a novice can surf away while sandboxed, and then shut it down and be 99%-100% malware free, so long as they did not manually elect to let anything out of the box.
Most people will not even fool with training a HIPS even if it is the best security detail, esp. novices that will flip out at every pop-up.
BB would be a close second due to effectiveness without the extensiveness of HIPS training. Learning mode is nice, but it only covers so much.
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
Personally I think Sandboxed and File Reputation system, for the reason that one if a file is unknown it will go to the Sandbox and then will be analysed by the File Reputation to see if it's a bad file or not.
 
I

illumination

Im going to be an odd ball here and state "All of the Above".. Over lapping fields of protection, where one fails, one will prevent/block/detect, as my choice of which i trust. As far as a future, a person could pick one, but it's effectiveness will not be complete without the aid of the others. This is my personal opinion.
 
D

Deleted member 178

:goodpost:

i agree with Illumination

A plane has a lot of sensors & alarms to grant safety to the passengers, so must be a security solution.
 

Gnosis

Level 5
Apr 26, 2011
2,779
I am going to stick with auto-sandboxes, as they allow novices to be protected (less hassle and anxiety) as well as expert users, less one is foolish and allows a suspect program out of the box. But that can happen easily to novices utilizing HIPS, BB's, AV's, etc., and in those cases they don't have a sandbox to protect them before unknowingly allowing a malicious program after being prompted.
The recent ComboFix installer issue makes the auto-sandbox look deficient, but in the grand scheme, it is trump tight because the user still has to willingly let programs operate outside of the box, just as the user has to willingly allow or deny for HIPS, AV's BB's or anything else in the realtime protection market.
Rollback and restore tech is like a sandbox, except your sand box is your hard disk data and OS; that is if you require a HD wipe to ensure you are malware free. LOL In the end, it comes out the same as long as your system image is intact and malware free.
 

Ramblin

Level 3
May 14, 2011
1,014
Gnosis said:
.....but a sandbox is more realistic because a novice can surf away while sandboxed, and then shut it down and be 99%-100% malware free, so long as they did not manually elect to let anything out of the box.

I agree with the above but I like to comment about something:D. Gnosis, for some sandboxes, in particular Sandboxies sandbox, that 99% just don't look right. If a user, novice or not, uses Sandboxie all the time, not only for certain sites or certain files, the percentage next to SBIE is a solid 100%. People using Sandboxie can even make the mistake of letting the wrong file out of the sandbox but wont get hurt as long as it is not executed out of the sandbox.

Isn't that beautiful? People using SBIE can make that mistake but wont get hurt as long as we keep using the sandbox. Thats the beauty about Sandboxie and as you said in post#6, with "less hassle and anxiety". Cant be any better man.

Bo
 

Gnosis

Level 5
Apr 26, 2011
2,779
that 99% just don't look right.

Point taken.
I have heard rumours of vulnerabilities in 64-bit systems with sandboxes. That is why I threw in the "99%". 99% secure is still better than anything out there as far as realtime security goes.
 

Ramblin

Level 3
May 14, 2011
1,014
@Umbra, you don't need all that other soft to cover that 1%, your head would do.

@Gnosis, I was half serious, half joking around about the percentage thing. Serious because based on something that I can touch, something that I have experienced as is using SBIE for a little over four years, I never had any problems with malware, so I know in my heart that the protection is 100%.

Half joking because any program even Sandboxie can be bypassed at one point. That really is a given. As far as I know, it has happened about once or twice in Sandboxies case since Version 1 (June 2004). Thats not bad at all.

Bo
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
illumination said:
Im going to be an odd ball here and state "All of the Above".. Over lapping fields of protection, where one fails, one will prevent/block/detect, as my choice of which i trust. As far as a future, a person could pick one, but it's effectiveness will not be complete without the aid of the others. This is my personal opinion.

True, would be good to have all bases covered but is there an AV that will do that or a program that will do that? Would be handy if it was all in one program.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
As I've continuously experience through cyberworld old traditions must be adapted and in my opinion; A HiPS/Behavior Blocker with system rating and sandbox technology are believe to be in effective way dealing those threats.
 

Gnosis

Level 5
Apr 26, 2011
2,779
As I've continuously experience through cyberworld old traditions must be adapted and in my opinion; A HiPS/Behavior Blocker with system rating and sandbox technology are believe to be in effective way dealing those threats.

I concur. Add some cloud bases detection to all of that and you MUST be bulletproof, one would think.
 

Overkill

Level 31
Verified
Honorary Member
Feb 15, 2012
2,128
Auto-Sandbox Technology is what I chose, you have to love sandboxie and others such as Defensewall it's the future definitely!
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top