Free Microsoft Antivirus - Page 21

Agent_24 · 14-07-2010, 06:45 PM

The only way you can really be sure is to use a HIPS such as Comodo D+ or Threatfire, and then use whitelisting to only ever allow applications which have been independently reviewed and certified as OK.

Only problem is that would be incredibly inconvenient...

Speedy Gonzales · 14-07-2010, 06:47 PM

Or check and see what it is / and does before you install something

gary67 · 14-07-2010, 06:53 PM

Noticed in the current Aus PC user mag MSE is listed as an anti malware program and not an AV

Agent_24 · 14-07-2010, 07:05 PM

Quote:

Originally Posted by Speedy Gonzales

Or check and see what it is / and does before you install something

That doesn't work for drive-by download attacks on browsers though

Speedy Gonzales · 14-07-2010, 07:09 PM

Well keeping things up to date might fix that

KiwiTT_NZ · 14-07-2010, 07:12 PM

It appears "AV Security Suite" is installed via a compromised website.

I might go back to AVAST ... that seems to have a Webfilter to intercept JScripts.

Agent_24 · 14-07-2010, 08:14 PM

Quote:

Originally Posted by Speedy Gonzales

Well keeping things up to date might fix that

There's usually at least a couple of days between malware release and detection\definition update however. There will always be people who get infected before their antivirus\browser\whatever gets updated.

That is why a block all unknown is better, because it does not matter what the malware is, it will always be blocked because it is not certified as OK (and never will be!)

Speedy Gonzales · 14-07-2010, 08:21 PM

If you say so

Agent_24 · 10-08-2010, 11:51 PM

Quote:

Originally Posted by Speedy Gonzales

If you say so

The basic facts of how the virus detection updates happen always means the virus scanner will be behind the virus writers:

1) The virus writer creates a virus

2) The virus is released out into the internet

3) X amount of time later (which could be anything), someone notices a virus which isn't detected, and submits it to an antivirus vendor.

4) The AV company gets the sample, analyses it, and writes a new defintion file. (I wonder how many AV companies will share this discovery with the others? Or do they keep it to themselves to make their product look good with higher detection rates?)

5) Another arbitrary amount of time later, the new virus definitions are pushed out and those with automatic updates, their PCs on, and their internet connected get them.

As you can see, during this cycle, there is a certain amount of time where computers can (and do) get infected before the new definition files are out.

As a side note of personal experience when I still had Norton AV (and yes, we know how bad it is, so this shouldn't surprise anyone)

I had a file which I quarantined because I knew it was a virus. It looked and acted exactly like a virus, yet Norton didn't detect it. It wasn't until 2-3 WEEKS later that a new virus definition update finally made NAV realise that the file was indeed a virus.

What's worse, I even submitted the file to Norton the same day I suspected it as being dodgy.

I don't know if this is a testament to how bad Norton is, or a good example for my argument, but I know I no longer trust definition-based antivirus as my first line of defense.

Chilling_Silence · 11-08-2010, 06:45 PM

Yeah Agent_24's on the money there. In fact, some AV / Anti-Malware companies even just copy off of each other.

I remember back in the day that Spybot was being copied, they found out by deliberately putting a spelling mistake in their database in a few places.