Avast WEBforum

Other => General Topics => Topic started by: Lisandro on August 17, 2006, 02:30:27 PM

Title: Latest generation of security threats & avast development suggestions
Post by: Lisandro on August 17, 2006, 02:30:27 PM
In Gizmo's Support Alert Newsletter Issue 136, Free Edition, 17th August, 2006 is examinated the question of how well computer security programs protect against the latest generation of security threats. The results were not that good, and a lot of programs could be easily terminated by hostile malware.
It's know that new avast 5 will have the AntiKill feature that could be beta tested right now.

We know that signature scanners are not designed to detect things like process injection or registry changes. These, it would be argued, are best left to intrusion detection and protection systems. But, we're asking Alwil from quite some time to improve avast features toward antyspyware and other kinds of malware. I'm trying to discuss the same here.

However, shouldn't avast protect us from rootkits? In Gizmo tests, only WebRoot SpySweeper passed.

Gizmo stated that it's pointless focusing on whether one security program is better than another when, in fact, all the security programs flunked. The reality is that it's not possible to secure your PC against a malware program that is allowed to run on your PC with full admin privileges. Thank Windows for this. Layering your defenses can clearly help. It doesn't solve the problem though. And the cost in complexity, inconvenience and processing power usage is high.

And for solution suggested: run your PC in a virtualized environment whenever connected to the internet. It's simpler and more effective than any other option. Remember though, virtualization is in addition to your normal security defenses. It doesn't replace them; it just makes their job easier.

The full results are here: http://www.techsupportalert.com/security_scanners.htm. I just try to make a summary of them bellow to avast users. Credits are all to Gizmo, not me, of course.

In the table below, the first column shows whether the security product could detect process injection. That's a technique used by malware to hide inside legitimate programs that are current running on your PC. Once inside these processes, they acquire the rights and privileges of the host process. If the host process has the right to communicate with the internet, the malware automatically gets that right, too.

The second column shows whether, independently of signature recognition, the security product could detect a malware program creating an autostart entry. In other words, could it detect an unknown program starting automatically with Windows? To pass the test the security product had to warn or prevent changes in the Startup folder as well as startup locations in the Registry.

The third column shows whether the security product protects your PC against drive-by infections. I tested each product at three hostile sites. To pass the tests, protection must have been provided against all three.

The final column show whether the security product can detect rootkits. I used two rootkits: Hacker Defender and FuTo. To pass, the product had to detect both.

Detect Process injection  Detect malware startup  Protect drive-by download  Detect rootkits 
Ad-Aware Pro V1.6FailFailFailFail
Avast! Home V4.7FailFailOKFail
AVG Anti-Virus Free V7.1FailFailOKFail
BitDefender Pro V9.095FailFailFailFail
CounterSpy V1.5FailFailFailFail
CounterSpy V2.0.122 be-taFailFailFailFail
Ewido v3.5FailFailFailFail
Ewido V4 be-taFailFailFailFail
Kaspersky AV V6.0.0FailFailOKFail
NOD32 V2.51FailFailOKFail
Norton Antivirus 2006FailFailOKFail
SpyBot S&D V1.4FailFailFailFail
Spyware Doctor V3.6FailFailFailOK
Trojan Hunter V4.5FailFailFailFail
WebRoot SpySweeper V4.5FailFailOKOK
Windows Defender V1.1.1051FailFailFailFail
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Lisandro on August 17, 2006, 10:03:36 PM
Not a comment at all  :'( :-[
Title: Re: Latest generation of security threats & avast development suggestions
Post by: DavidR on August 17, 2006, 10:43:18 PM
I don't think that there is anything there that we didn't already know.

The one that surprises me is that ewido failed the process injection one, I though that was one of its strengths.
Title: Re: Latest generation of security threats & avast development suggestions
Post by: drhayden1 on August 18, 2006, 02:13:42 AM
Hi Tech ;D

Comment No.2
Thanks for the Info :o
Avast! Home V4.7   Fail   Fail   OK   Fail
Avast did better than most of them(6 out of 16)
And on the tests-spy sweeper 4.5 was used-wonder how the new 5.0 would of done ::)
And Ewido was also the older version as it looks liks some of the others were too!
Title: Re: Latest generation of security threats & avast development suggestions
Post by: polonus on August 18, 2006, 10:54:54 AM
Hello posters in this thread,

Isn't this something that we already have known for a long time now? The fact that security can only be guaranteed by a whole range of measures and attitudes known as "layered protection and secure practices". The days that your computer was aptly protected by an av solution and a software fw, these days, my good friends, are long gone, and are never to return. We have to try and live with this factual situation. So laments about an av solution not offering full protection should be a thing from the past, we can only ask for the best possible protection.

polonus
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Lisandro on August 18, 2006, 01:47:58 PM
Quote from: polonus on August 18, 2006, 10:54:54 AM
Isn't this something that we already have known for a long time now?
Yes... but won't be useful to Alwil to discuss this with us?

Quote from: polonus on August 18, 2006, 10:54:54 AM
The fact that security can only be guaranteed by a whole range of measures and attitudes known as "layered protection and secure practices".
In fact, he went further... he's defending 'virtualization'... a thing that we do not discuss this frequently.

Quote from: polonus on August 18, 2006, 10:54:54 AM
So laments about an av solution not offering full protection should be a thing from the past, we can only ask for the best possible protection.
I do think Alwil could do a better avast  ;)
Title: Re: Latest generation of security threats & avast development suggestions
Post by: polonus on August 19, 2006, 12:20:46 AM
Hello Tech,

I agree with you here on several points. Just had to point to a new vulnerability that can be exploited in Word documents to turn a PC into a zombie for which only 6 virus scanners have ample protection.
The malware landscape is changing, and even Balmer admits that it is less secure than two years ago. Traditional viruses only make up a minority of malware, as spyware and drive-by installs of adware form the majority. Scripting vulnerabilities make for the majority of infection vectors. Disable scripting and your Internet experience is much more secure. But in some cases you cannot do without.
A solution could be sandboxing or a full restoring capability, so that all the impact of an infection of malware could be undone to the effect it appeared it never happened.

polonus
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Lisandro on August 19, 2006, 03:22:25 AM
Quote from: polonus on August 19, 2006, 12:20:46 AM
I agree with you here on several points. Just had to point to a new vulnerability that can be exploited in Word documents to turn a PC into a zombie for which only 6 virus scanners have ample protection.
Yeah... http://forum.avast.com/index.php?topic=22945.msg189525#msg189525

Quote from: polonus on August 19, 2006, 12:20:46 AM
The malware landscape is changing, and even Balmer admits that it is less secure than two years ago. Traditional viruses only make up a minority of malware, as spyware and drive-by installs of adware form the majority. Scripting vulnerabilities make for the majority of infection vectors. Disable scripting and your Internet experience is much more secure. But in some cases you cannot do without. A solution could be sandboxing or a full restoring capability, so that all the impact of an infection of malware could be undone to the effect it appeared it never happened.
Ok... but backup backup backup all the time... sometimes we want just to work  8)

Other security programs are going in high speed to protect new technologies... what I want with this thread is taking Alwil team out of the programmers desktop and discuss with us what we can expect from avast 5...

For instance, where is pk? where is Pavel? where is Kubecj? Are they all on vacations?  ??? ::)
Title: Re: Latest generation of security threats & avast development suggestions
Post by: polonus on August 19, 2006, 04:21:30 PM
Hello Tech,

There are also other aspects of innovative techniques to be used.
Consider the following:

McAfee has been sued by another security solution provider because of offering a firewall and intrusion detection and prevention technology on one machine. According to Deep Nines they have the patents for "unified threat management technology" that is used in developing appliances.

Originally McAfee was offered this patent,  Deep Nines succesfully filed an appeal.
The latter firm uses this technology inside their  UTM and IPS appliances, and wnats McAfee to quit selling products that use this technology. Furthermore they seek for damages undone.

"This is important to us. The government states clearly that the patent is ours,
but they keep on offering products and sell these with our patented technology" according to the president of Deep Nines.

McAfee has refused to comment, because it has not seen the accusations as filed.

So if you want to beat your competition, you see to it that you have some vital patented technology so you can succesfully keep them from making any innovations,
or you have to buy them about together with their patents, a strategy that Microsoft more than often followed. If you cannot you have to come up with new original ideas, and coding.

polonus

      
Title: Re: Latest generation of security threats & avast development suggestions
Post by: guestja on August 19, 2006, 04:26:11 PM
Quote
For instance, where is pk? where is Pavel? where is Kubecj? Are they all on vacations? 

Is it just me or are they less active in general than they used to be? It seems there have been situations where people have not found resolutions and responders are speculating as to what a problem could be and yet there is no response from them where as it the past they would almost always respond eventually??
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Dwarden on August 19, 2006, 04:28:00 PM
Vlk said before that upcoming avast! gunna include own version version of HIPS ... so in short point of this thread is ?

... until we see what and how is getting implemented then discussion about that can turns into wasted time as it may be in already ...


p.s. polonus from ondate is that patent filled ?
Title: Re: Latest generation of security threats & avast development suggestions
Post by: polonus on August 19, 2006, 08:26:10 PM
Hello Dwarden,

The patent news is just recently found, look here:
http://www.deepnines.com/pressreleases/pr081706.php

What the case is eventually developing into, that the future will tell. But I can guess that these patents can get developers count the buttons of their shirts, as you grasp what I mean to say.
That is just why they say in the east when you do not have the money to come up with an easy solution, you should use your brains to create a clever one.

polonus
Title: Re: Latest generation of security threats & avast development suggestions
Post by: mouniernetwork on August 20, 2006, 04:29:42 AM
sorry but what is HIPS ??
Any idea of when avast 5 will be available even for beta ??
Is Avast thinking about adding a firewall ??
New modules ??

Please do tell us  ;D

MounierNetwork
Title: Re: Latest generation of security threats & avast development suggestions
Post by: DavidR on August 20, 2006, 02:53:37 PM
Google is you not your friend on a search for HIPS 'Helping Individual Prostitutes Survive' but there is an acronyms search tool http://acronyms.tfd.com/Hips which returns 'HIPS   Host Intrusion Protection System.'

No date yet for avast 5.0 but you will sure find out first here also for the beta.
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Lisandro on August 20, 2006, 02:59:06 PM
Quote from: polonus on August 19, 2006, 04:21:30 PM
So if you want to beat your competition, you see to it that you have some vital patented technology so you can succesfully keep them from making any innovations,
or you have to buy them about together with their patents, a strategy that Microsoft more than often followed. If you cannot you have to come up with new original ideas, and coding.
This is a very good point of view... but we need some expert info here. I'm not sure the programmers could not innovate anything, on contrary, if the 'code' is not stolen or craked, it will be difficult (in my point of view) to avoid innovations...

Quote from: Dwarden on August 19, 2006, 04:28:00 PM
... until we see what and how is getting implemented then discussion about that can turns into wasted time as it may be in already ...
Well, if you think I've opened this thread to waste time...  ::) ::)

Quote from: mouniernetwork on August 20, 2006, 04:29:42 AM
Any idea of when avast 5 will be available even for beta ??
Sure, it will.

Quote from: mouniernetwork on August 20, 2006, 04:29:42 AM
Is Avast thinking about adding a firewall ??
http://forum.avast.com/index.php?topic=12640.msg187343#msg187343  :)  ;)

Quote from: mouniernetwork on August 20, 2006, 04:29:42 AM
New modules ??
I hope, I wish the antispyware is comming...

Quote from: mouniernetwork on August 20, 2006, 04:29:42 AM
sorry but what is HIPS ??
Host Intrusion Prevention Services (HIPS). http://www.secureworks.com/services/hostintrusionprev.html
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Lisandro on August 21, 2006, 03:43:08 AM
Talking about Host Intrusion Prevention System (HIPS):
A HIPS shield will protect the computer from running unknown applications that can infiltrate by system and/or applications security holes.
The avast VRDB or the full scanning could create a database of executable files in the computer.
With a HIPS shield, any attempt of an unknown application or library (dll) to install in the computer could be monitored.
When the shield cannot detect the action as coming from is a safe application, it will display a warning message.

Alwil, can we expect this for avast 5 ?  ::)
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Lisandro on August 21, 2006, 04:14:19 AM
If anti(virus+spyware) could live into Spyware Terminator (http://www.spywareterminator.com//help/FAQ.aspx?faqid=1761&faqmod=SpyTerm_Help5), why not inside avast 5?
Title: Re: Latest generation of security threats & avast development suggestions
Post by: mouniernetwork on August 21, 2006, 02:36:37 PM
yes I agree with you tech ,if Alwil doesn't want to develop an antispyware in the fear that the antivirus might lse its ansome performance and detection abilities just do like spyware terminator that way you are just adding abilities and it won't interfere with the antivirus. Or hire new progrqmers that would only work on the spyware definitions just like for the virus.
Any idea if this is possible vlk ,igor, pavel ??

Thank You

MounierNetwork
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Dwarden on August 21, 2006, 03:52:27 PM
this bring me on idea, Spyware Terminator is done by Czech team, Alwil should get them :) (buy them out :)))
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Lisandro on August 21, 2006, 04:44:09 PM
Quote from: Dwarden on August 21, 2006, 03:52:27 PM
this bring me on idea, Spyware Terminator is done by Czech team, Alwil should get them :) (buy them out :)))
It won't be bad at all  8)
What we cannot acchieve is an official word about what Alwil thing about all of this issue...  ::)
Title: Re: Latest generation of security threats & avast development suggestions
Post by: mouniernetwork on August 22, 2006, 12:34:19 AM
Maybe they are thinking about it  ;)

Ok thinking time is over .Can we have an answer ! ;D ;D

MounierNetwork
Title: Re: Latest generation of security threats & avast development suggestions
Post by: Lisandro on September 17, 2006, 04:00:11 PM
Quote from: Tech on August 21, 2006, 04:44:09 PM
What we cannot acchieve is an official word about what Alwil thing about all of this issue...  ::)
Bump  :P
Title: Re: Latest generation of security threats & avast development suggestions
Post by: bob3160 on September 17, 2006, 09:22:03 PM
Is this another of the forgotten or neglected threads?
Maybe it needs to be posted in the avast! support forum to merit a response?  :'(