Battle Which is the most prospective security technology?

Status
Not open for further replies.

bug_in_amber

New Member
Thread author
Jan 21, 2013
8
Signature based detection/Fast Lab's reaction - As new viruses are being created each day, the signature-based detection approach requires frequent updates of the virus signature dictionary. To assist the antivirus software companies, the software may allow the user to upload new viruses or variants to the company, allowing the virus to be analyzed and the signature added to the dictionary. This is the most trustworthy detection technology.

Heuristics/Generic Signatures - Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the wild. Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods. MultiCriteria analysis (MCA) is one of the means of weighing. This method differs with statistical analysis, which bases itself on the available data/statistics.

Host Intrusion Prevention System (HIPS) - Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address.

Intrusion Detection System (IDS) / Behavior Blocker - Behavior-based intrusion detection techniques assume that an intrusion can be detected by observing a deviation from normal or expected behavior of the system or the users. The model of normal or valid behavior is extracted from reference information collected by various means. The intrusion detection system later compares this model with the current activity. When a deviation is observed, an alarm is generated. In other words, anything that does not correspond to a previously learned behavior is considered intrusive. Therefore, the intrusion detection system might be complete (i.e. all attacks should be caught), but its accuracy is a difficult issue (i.e. you get a lot of false alarms).

Auto-Sandbox Technology - In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites. The sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

Cloud Security / Reputation - An approach to system security that evaluates the reputations of the files and applications running on your PC on the fly. The security software tracks files and applications and dozens of their attributes including their age, download source, digital signature and prevalence. The attributes are then run through several complex algorithms to determine a reputation of a file.

Default Deny Protection - "Everything, not explicitly permitted, is forbidden"

---------------

Of course, complex protection technology isn't just an isolated security method, but it's interesting to know which technology do you think has the most prospective future. What do you trust the most, guys? :)
 
D

Deleted member 178

pardeep said:
Signature based detection is the best

It is obsolete, the developers cant create enough signatures to follow the huge number of new malwares that appear every minutes.

Virtualization is the future.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
All AV's are no longer maintaining its traditional signature and everything is adapted too with complement thus response time are not seconds but mostly hourly.
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
Umbra Corp. said:
It is obsolete, the developers cant create enough signatures to follow the huge number of new malwares that appear every minutes.

Virtualization is the future.

The cloud is the way to go as well. Upload everything to it.
 

Littlebits

Retired Staff
May 3, 2011
3,893
Of coarse the best is education and UAC, you learn how to avoid malware with your actions will always do a better job then depending on any software. UAC with user knowledge can stop what the others can't.

For those who do not want to learn then Signature based detection is still the best since it rarely causes false positives, doesn't limit the users ability to have control over their system and doesn't cause any conflicts or doesn't require tweaking or maintenance.

How about adding UAC or education to the poll? I can't vote for the other options.

Thanks.:D
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
From the eyes of other people UAC could be literally useless and today's generation you cannot tell if like us have education in terms of security.

Practical meaning that UAC is a matter if disturbance, some encourage to turn off for it no matter the risk involved.
 

iPanik

New Member
Feb 28, 2011
530
I judge security products by how well it can keep my computer illiterate grandmother secure without any interaction what so ever. From that perspective my vote goes to file reputation services. The other solutions are either too heavy (Signatures) or headache inducing (HIPS, Sandboxes).
My favorite solution is Windows Defender/MSE and Windows SmartScreen because they keep completely out of your way unless you open something truly unknown.
 

Overkill

Level 31
Verified
Honorary Member
Feb 15, 2012
2,128
For noobs, even sbie (for example)can sometimes be a little annoying...my daughter hates it lmao

I have avast free on my mother-in-laws laptop and I haven't heard anything from her, it's very light. All she does is check her e-mail and plays pogo games so it should be fine.
 

Gnosis

Level 5
Apr 26, 2011
2,779
I have avast free on my mother-in-laws laptop and I haven't heard anything from her, it's very light. All she does is check her e-mail and plays pogo games so it should be fine.

Same here. Avast Free (gaming mode) with Windows 7 firewall.
Cannot go wrong with that.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
For most users, they even didn't bother to update for latest signatures/ version in the AV installed so +1 for implementation of automatic updates like Avast.
 
D

Deleted member 178

Overkill said:
I have avast free on my mother-in-laws laptop and I haven't heard anything from her, it's very light. All she does is check her e-mail and plays pogo games so it should be fine.

its Overkill :lolz:
 

Seany007

New Member
Verified
May 3, 2013
36
It has to be an overall Default Deny protection. But with it come other features such as the cloud, sandbox, HIPS, BB, etc. Perfect example? Comodo.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top