Sign in to follow this  
EASTER

Lavasoft HIPS?

Recommended Posts

Ad-Aware-SE is adequate in scanning of course as well as some removals but what is the likelihood of incorporating a solid HIPS prevention mechanism to offset and better protect against some more formidable designs of malware that require additional efforts and more valuable time for many not to mention third party helps to completely free affected PC systems and often leaves users with DOUBTS after being tasked with seeking such assistance who often have to take up learning if they are following steps correctly or not.

 

Just a thought that should be deemed worthy enough for serious consideration one would think.

 

Feel free to move this Topic to your appropriate area for reply. Malware Complaints seemed the most reasonable section to raise this question at this time.

 

Thanks

 

EASTER: Global Computer Security Specialist and Online Protection Advocate for a safer PC experience.

Share this post


Link to post
Share on other sites

MOVED NOW

 

Is there any interest for offering some reply?

Share this post


Link to post
Share on other sites
Ad-Aware-SE is adequate in scanning of course as well as some removals but what is the likelihood of incorporating a solid HIPS prevention mechanism to offset and better protect against some more formidable designs of malware that require additional efforts and more valuable time for many not to mention third party helps to completely free affected PC systems and often leaves users with DOUBTS after being tasked with seeking such assistance who often have to take up learning if they are following steps correctly or not.

 

Just a thought that should be deemed worthy enough for serious consideration one would think.

 

Feel free to move this Topic to your appropriate area for reply. Malware Complaints seemed the most reasonable section to raise this question at this time.

 

Thanks

 

EASTER: Global Computer Security Specialist and Online Protection Advocate for a safer PC experience.

 

Hello Easter. I cannot comment at this time as to the full set of features that will be included in Ad-Aware 2006, as it is still under development and this will not be made public until the beta testing phase. Proactive protection is the way forward I agree. The number of malwares coming out daily is jst getting ridiculous. However, the biggest problem with pure pro-active / heuristic protection, is that a human being has not evaluated the file that is being blocked. Whereas this may be ok in the A/V industry where a Virus is simply a Virus, in the adware/spyware industry the threat levels vary on a large scale and the line between good/bad is very clouded. This line is very important to both the users and the vendors, as many vendors accept that some users will remove them, and some users may accept the risk level to get some "free music" or something... So my point is... if you want to go with heuristics and block everything, you open yourself up to a ton of legal issues. How does heuristic protection know how bad something is based on a signature that flags something as a downloader for example? Many innocent programs install by downloading their own installtion files. My personal opinion on this matter... and believe me, it is a topic of discussion, is that anti-spyware vendors may push ahead to quickly with wanting to adopt the A/V style of detection and open themselves up to some very serious legal problems. Also, one of the side effects of this aswell, is that vendors will no longer have any reason to change their business models for the better. Lavasoft rates vendors according to the TAC scale. If a vendor makes a serious change to their software that merits a reduction in threat level, then this will be reflected in the TAC rating - even going so far as to remove things from our database althogether. With this form of impartial rating, vendors have an incentive to change their software, and also learn that they can change their business model while still producing revenue. It pains me to see that certain other anti-spyware vendors refuse to alter the threat level of softwares in these cases - why does it pain me? Well... ask yourself a question... if you need to make money, and your software is being deleted because of its threat level being too high, plus any attempts to change the business model / software generate no change from the side of the anti-spyware vendors, what is your only option? GET MORE AGGRESSIVE... this unfortunately is the only way out for many.... they must find more aggressive ways of getting onto the system, and staying on the system. So at best, removing everything just elevates the war... its a classic "arms race"...

In conclusion, I would like to say that we must move forward with heuristics... but I believe that the level of heuristics we use should be based on the nature of the family in question. As you correctly state, some of the really stubborn or nasty ones (Look2Me, Nail, DollarRevenue etc) and also things that exhibit Keylogging behaviour should be blocked by a very high degree of heuristics.... however, the closer you get to that grey line, the more careful you have to be... at this point the level of heuristics should probably resemble the same kind of detection that our current CSI method uses. The ability to spot new variants of already known families... Thus we can employ the correct TAC level for that particular file... I am in the strong belief that this form of "pseudo-heuristic" detection will be the norm in the future, and that moving to fully heuristic detections (as powerful as it may be) should be done with caution and certainly an option that the USER must activate....

 

Let me know your thoughts on this...

 

Thanks

 

//Steve

Share this post


Link to post
Share on other sites

Hmm

 

Hi Steve if HIBS is too problematical then what about a blacklist based process firewall for known malware installers.

 

If bad code is stopped from executing then it cannot deploy and infect :)

 

JMHO its better to stop the malware at the gate then to try and eject it once its in the house.

 

Hi J, good to see ya postin' again B)

Share this post


Link to post
Share on other sites

Thanks

 

Implications on the TYPE of PC user regarding a HIPS approach will vary, on that i agree.

 

I certainly want to expound further on the suggestions and thoughts offered and appreciate the initial feedback to my interest in this direction

 

More to express and touch on soon. Glad to see you again also fatdcuk

Share this post


Link to post
Share on other sites
Sign in to follow this