Author Topic: Latest generation of security threats & avast development suggestions  (Read 9999 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
In Gizmo's Support Alert Newsletter Issue 136, Free Edition, 17th August, 2006 is examinated the question of how well computer security programs protect against the latest generation of security threats. The results were not that good, and a lot of programs could be easily terminated by hostile malware.
It's know that new avast 5 will have the AntiKill feature that could be beta tested right now.

We know that signature scanners are not designed to detect things like process injection or registry changes. These, it would be argued, are best left to intrusion detection and protection systems. But, we're asking Alwil from quite some time to improve avast features toward antyspyware and other kinds of malware. I'm trying to discuss the same here.

However, shouldn't avast protect us from rootkits? In Gizmo tests, only WebRoot SpySweeper passed.

Gizmo stated that it's pointless focusing on whether one security program is better than another when, in fact, all the security programs flunked. The reality is that it's not possible to secure your PC against a malware program that is allowed to run on your PC with full admin privileges. Thank Windows for this. Layering your defenses can clearly help. It doesn't solve the problem though. And the cost in complexity, inconvenience and processing power usage is high.

And for solution suggested: run your PC in a virtualized environment whenever connected to the internet. It's simpler and more effective than any other option. Remember though, virtualization is in addition to your normal security defenses. It doesn't replace them; it just makes their job easier.

The full results are here: http://www.techsupportalert.com/security_scanners.htm. I just try to make a summary of them bellow to avast users. Credits are all to Gizmo, not me, of course.

In the table below, the first column shows whether the security product could detect process injection. That's a technique used by malware to hide inside legitimate programs that are current running on your PC. Once inside these processes, they acquire the rights and privileges of the host process. If the host process has the right to communicate with the internet, the malware automatically gets that right, too.

The second column shows whether, independently of signature recognition, the security product could detect a malware program creating an autostart entry. In other words, could it detect an unknown program starting automatically with Windows? To pass the test the security product had to warn or prevent changes in the Startup folder as well as startup locations in the Registry.

The third column shows whether the security product protects your PC against drive-by infections. I tested each product at three hostile sites. To pass the tests, protection must have been provided against all three.

The final column show whether the security product can detect rootkits. I used two rootkits: Hacker Defender and FuTo. To pass, the product had to detect both.


Detect Process injection  Detect malware startup  Protect drive-by download  Detect rootkits 
Ad-Aware Pro V1.6FailFailFailFail
Avast! Home V4.7FailFailOKFail
AVG Anti-Virus Free V7.1FailFailOKFail
BitDefender Pro V9.095FailFailFailFail
CounterSpy V1.5FailFailFailFail
CounterSpy V2.0.122 be-taFailFailFailFail
Ewido v3.5FailFailFailFail
Ewido V4 be-taFailFailFailFail
Kaspersky AV V6.0.0FailFailOKFail
NOD32 V2.51FailFailOKFail
Norton Antivirus 2006FailFailOKFail
SpyBot S&D V1.4FailFailFailFail
Spyware Doctor V3.6FailFailFailOK
Trojan Hunter V4.5FailFailFailFail
WebRoot SpySweeper V4.5FailFailOKOK
Windows Defender V1.1.1051FailFailFailFail
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Latest generation of security threats & avast development suggestions
« Reply #1 on: August 17, 2006, 10:03:36 PM »
Not a comment at all  :'( :-[
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88462
  • No support PMs thanks
Re: Latest generation of security threats & avast development suggestions
« Reply #2 on: August 17, 2006, 10:43:18 PM »
I don't think that there is anything there that we didn't already know.

The one that surprises me is that ewido failed the process injection one, I though that was one of its strengths.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.10.6086 (build 23.10.8563.800) UI 1.0.784/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

drhayden1

  • Guest
Re: Latest generation of security threats & avast development suggestions
« Reply #3 on: August 18, 2006, 02:13:42 AM »
Hi Tech ;D

Comment No.2
Thanks for the Info :o
Avast! Home V4.7   Fail   Fail   OK   Fail
Avast did better than most of them(6 out of 16)
And on the tests-spy sweeper 4.5 was used-wonder how the new 5.0 would of done ::)
And Ewido was also the older version as it looks liks some of the others were too!
« Last Edit: August 18, 2006, 02:37:00 AM by drhayden1 »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Latest generation of security threats & avast development suggestions
« Reply #4 on: August 18, 2006, 10:54:54 AM »
Hello posters in this thread,

Isn't this something that we already have known for a long time now? The fact that security can only be guaranteed by a whole range of measures and attitudes known as "layered protection and secure practices". The days that your computer was aptly protected by an av solution and a software fw, these days, my good friends, are long gone, and are never to return. We have to try and live with this factual situation. So laments about an av solution not offering full protection should be a thing from the past, we can only ask for the best possible protection.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Latest generation of security threats & avast development suggestions
« Reply #5 on: August 18, 2006, 01:47:58 PM »
Isn't this something that we already have known for a long time now?
Yes... but won't be useful to Alwil to discuss this with us?

The fact that security can only be guaranteed by a whole range of measures and attitudes known as "layered protection and secure practices".
In fact, he went further... he's defending 'virtualization'... a thing that we do not discuss this frequently.

So laments about an av solution not offering full protection should be a thing from the past, we can only ask for the best possible protection.
I do think Alwil could do a better avast  ;)
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Latest generation of security threats & avast development suggestions
« Reply #6 on: August 19, 2006, 12:20:46 AM »
Hello Tech,

I agree with you here on several points. Just had to point to a new vulnerability that can be exploited in Word documents to turn a PC into a zombie for which only 6 virus scanners have ample protection.
The malware landscape is changing, and even Balmer admits that it is less secure than two years ago. Traditional viruses only make up a minority of malware, as spyware and drive-by installs of adware form the majority. Scripting vulnerabilities make for the majority of infection vectors. Disable scripting and your Internet experience is much more secure. But in some cases you cannot do without.
A solution could be sandboxing or a full restoring capability, so that all the impact of an infection of malware could be undone to the effect it appeared it never happened.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Latest generation of security threats & avast development suggestions
« Reply #7 on: August 19, 2006, 03:22:25 AM »
I agree with you here on several points. Just had to point to a new vulnerability that can be exploited in Word documents to turn a PC into a zombie for which only 6 virus scanners have ample protection.
Yeah... http://forum.avast.com/index.php?topic=22945.msg189525#msg189525

The malware landscape is changing, and even Balmer admits that it is less secure than two years ago. Traditional viruses only make up a minority of malware, as spyware and drive-by installs of adware form the majority. Scripting vulnerabilities make for the majority of infection vectors. Disable scripting and your Internet experience is much more secure. But in some cases you cannot do without. A solution could be sandboxing or a full restoring capability, so that all the impact of an infection of malware could be undone to the effect it appeared it never happened.
Ok... but backup backup backup all the time... sometimes we want just to work  8)

Other security programs are going in high speed to protect new technologies... what I want with this thread is taking Alwil team out of the programmers desktop and discuss with us what we can expect from avast 5...

For instance, where is pk? where is Pavel? where is Kubecj? Are they all on vacations?  ??? ::)
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Latest generation of security threats & avast development suggestions
« Reply #8 on: August 19, 2006, 04:21:30 PM »
Hello Tech,

There are also other aspects of innovative techniques to be used.
Consider the following:

McAfee has been sued by another security solution provider because of offering a firewall and intrusion detection and prevention technology on one machine. According to Deep Nines they have the patents for "unified threat management technology" that is used in developing appliances.

Originally McAfee was offered this patent,  Deep Nines succesfully filed an appeal.
The latter firm uses this technology inside their  UTM and IPS appliances, and wnats McAfee to quit selling products that use this technology. Furthermore they seek for damages undone.

"This is important to us. The government states clearly that the patent is ours,
but they keep on offering products and sell these with our patented technology" according to the president of Deep Nines.

McAfee has refused to comment, because it has not seen the accusations as filed.

So if you want to beat your competition, you see to it that you have some vital patented technology so you can succesfully keep them from making any innovations,
or you have to buy them about together with their patents, a strategy that Microsoft more than often followed. If you cannot you have to come up with new original ideas, and coding.

polonus

      
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

guestja

  • Guest
Re: Latest generation of security threats & avast development suggestions
« Reply #9 on: August 19, 2006, 04:26:11 PM »
Quote
For instance, where is pk? where is Pavel? where is Kubecj? Are they all on vacations? 

Is it just me or are they less active in general than they used to be? It seems there have been situations where people have not found resolutions and responders are speculating as to what a problem could be and yet there is no response from them where as it the past they would almost always respond eventually??

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Latest generation of security threats & avast development suggestions
« Reply #10 on: August 19, 2006, 04:28:00 PM »
Vlk said before that upcoming avast! gunna include own version version of HIPS ... so in short point of this thread is ?

... until we see what and how is getting implemented then discussion about that can turns into wasted time as it may be in already ...


p.s. polonus from ondate is that patent filled ?
« Last Edit: August 19, 2006, 04:31:00 PM by Dwarden »
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33810
  • malware fighter
Re: Latest generation of security threats & avast development suggestions
« Reply #11 on: August 19, 2006, 08:26:10 PM »
Hello Dwarden,

The patent news is just recently found, look here:
http://www.deepnines.com/pressreleases/pr081706.php

What the case is eventually developing into, that the future will tell. But I can guess that these patents can get developers count the buttons of their shirts, as you grasp what I mean to say.
That is just why they say in the east when you do not have the money to come up with an easy solution, you should use your brains to create a clever one.

polonus
« Last Edit: August 19, 2006, 08:39:32 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

mouniernetwork

  • Guest
Re: Latest generation of security threats & avast development suggestions
« Reply #12 on: August 20, 2006, 04:29:42 AM »
sorry but what is HIPS ??
Any idea of when avast 5 will be available even for beta ??
Is Avast thinking about adding a firewall ??
New modules ??

Please do tell us  ;D

MounierNetwork

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88462
  • No support PMs thanks
Re: Latest generation of security threats & avast development suggestions
« Reply #13 on: August 20, 2006, 02:53:37 PM »
Google is you not your friend on a search for HIPS 'Helping Individual Prostitutes Survive' but there is an acronyms search tool http://acronyms.tfd.com/Hips which returns 'HIPS   Host Intrusion Protection System.'

No date yet for avast 5.0 but you will sure find out first here also for the beta.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.10.6086 (build 23.10.8563.800) UI 1.0.784/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: Latest generation of security threats & avast development suggestions
« Reply #14 on: August 20, 2006, 02:59:06 PM »
So if you want to beat your competition, you see to it that you have some vital patented technology so you can succesfully keep them from making any innovations,
or you have to buy them about together with their patents, a strategy that Microsoft more than often followed. If you cannot you have to come up with new original ideas, and coding.
This is a very good point of view... but we need some expert info here. I'm not sure the programmers could not innovate anything, on contrary, if the 'code' is not stolen or craked, it will be difficult (in my point of view) to avoid innovations...

... until we see what and how is getting implemented then discussion about that can turns into wasted time as it may be in already ...
Well, if you think I've opened this thread to waste time...  ::) ::)

Any idea of when avast 5 will be available even for beta ??
Sure, it will.

Is Avast thinking about adding a firewall ??
http://forum.avast.com/index.php?topic=12640.msg187343#msg187343  :)  ;)

New modules ??
I hope, I wish the antispyware is comming...

sorry but what is HIPS ??
Host Intrusion Prevention Services (HIPS). http://www.secureworks.com/services/hostintrusionprev.html
The best things in life are free.