Author Topic: Time to go proactive, not reactive!  (Read 2110 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33495
  • malware fighter
Time to go proactive, not reactive!
« on: March 15, 2009, 05:56:27 PM »
Hi malware fighters,

Proactive, not reactive

Blocking viruses and spyware by using signature-based scanning is a reactive measure.
There's no way to keep signatures up to date for the new malware that's churned out every day.
Some crimeware is even designed to generate a new signature for each attack.
Virus scanning still has its place, but you also need something smarter.

Malware has to find a way to install itself before it can initiate harmful action.
Most of these installation behaviors are well known.
Why not watch for this malicious behavior instead of trying to catch every variant of the malware?
If you can block installation, the malware is stymied.

There's another dimension of behavior that can be blocked too.
Malware has to come from somewhere. Some websites silently install malware when you visit.
Others serve up malware disguised as useful software.
Why not block those evil websites?

There are now online services that screen websites for malware and other adverse behavior.
The best of these services are augmented by human networks that report problem websites.
McAfee SiteAdvisor, finjan, WOT, and Exploit Prevention Lab's LinkScanner are prime examples of services
that block malware at the website level.
Avast's Webshield and Network shield can pro-actively intervene the access to websites with malicious content found on it.
Firefox 3 natively blocks access to websites that are known to attack visiting computers.
Firefox 3 with its security extensions like: NoScript, RequestPolicy, Perspectives, CSP,
and firekeeper with some specific anti malware rules lists installed can add pro-actively
towards a better in-browser security,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Alan Baxter

  • Guest
Re: Time to go proactive, not reactive!
« Reply #1 on: March 16, 2009, 12:02:54 AM »
Malware has to find a way to install itself before it can initiate harmful action.
Most of these installation behaviors are well known.
Why not watch for this malicious behavior instead of trying to catch every variant of the malware?
If you can block installation, the malware is stymied.

That's the job of Host Intrusion Protection Software (HIPS), right? From http://antivirus.about.com/od/securitytips/g/hips.htm:
"Definition: Host intrusion protection software, or HIPS, provides rule and behavior-based system monitoring to guard against unwanted changes. HIPS can be used alongside traditional antivirus software to add an extra layer of security. Some host intrusion protection software provides a learning mode and pre-configured rules, but in general HIPS is best suited for more advanced computer users."

WinPatrol Plus is recommended by some of the other forum members, but I haven't decided to spend $29.95 on it yet.