what i mean is: when an av company finds out about a new virus, they should immediately share this with every other AV company.
Melih
I could not agree more Melih if every AV company could do that it would help keep everyone more protected and the internet would become more safer if you could speak to other AV companys and get it so this would happen that would be AWESOME but why do i have a feeling they will say no its because they want to have better dection than other AV companys but as i like to say there is no harm in trying as you may just get lucky ;D
Again , it’s all about competition for market share. Does a retail store that finds a great deal on merchandise that they can then sell for less than the competition inform their competitors of the deal and thus lose their advantage? It’s a nice utopian idea but it will never happen.
We’re not talking about sharing the code or the signatures (the ability to detect, the engine…), but the malware (which “belongs” to nobody).
exactly!
And guess how they find these new malware…the users report it to them after an infection!
Melih
competition that causes insecurity…hmm…
never say never…where there is a will there is a “way”.
Melih
I still would like to know how it works.
Cheers >:-D
How would the “average” user know they were infected? Surely, they would only know if their antivirus told them.
How it works? What?
LOL…usually your computer would get slow and start noticing weird things. Also, a lot of the computer consultants and sys admins find the malware and submit it to AV companies from user’s machines.
Melih
Not always. Symantec has test systems constantly combing the 'net searching for new things and often release alerts based solely on their own detections.
I suppose all av companies do similar job… There isn’t just one honeypot.
I thinking of an idea and I just can’t get it out of my head. What if there was a super computer on the internet that had terabytes upon terabytes worth of programs installed on it and that it could compare all users’ computers connected to it to itself? Just by comparing all users’ computers with similar programs to eachother, and itself, it could see that a system was infected not just by strange file names or behaviors, but by having any file at all that shouldn’t be there. It would be like a cloud based HIPS that was constantly comparing computers to itself.
The computer for instance would see that the Windows directory of one user had extra files that nobody else had and would conclude that this user must have an infected system.
Would this be possible?
It’s possible but even with the many programs it may have installed there will be new programs all the time, also that memory will fill up sometime and imagine the strain on that super computer.
(Im not an expert so i could be completely wrong!)
Tech, I would like to know how the sharing of malware is done, as indicate in my previous post, which includes a quote from another thread. I thought it was quite specific.
Cheers
I see. Hope Melih give us more details.
Oh, yeah? Then Perhaps you would care to explain why The Safe Files list gets erased after you have painstakingly added all your programs in the hard disk? It just decides it does not want to have all those file in there and just keeps the ones it wants!!!
Please start a topic about this in Defense+ / Sandbox Help.
This way your problem will get the deserved attention and will prevent this topic from diverting too much.
Possibly the files deleted from the SAFE list were launched from removable media? If so, they cannot be made permanently trusted.
Ewen
It is becoming more and more evident that antivirus cannot protect you! My friend’s computer was just infected today with a fake antivirus rogueware program that was not only able to completely bypass and disable Microsoft Security Essentials antivirus without it being detected, but it was also able to corrupt some of the system files, preventing the system from booting. I have 100% faith that Comodo would have prevented this.
We need behavior-based solutions that can prevent infection without needing signatures. There is no way, 5…10…15 years from now that we will be able to rely on signature database. The sizes will be enormous…we are talking tens of millions of virus definitions, hundreds of megabytes in size.
Host intrusion prevention solutions are in need more than ever. Antivirus software can not and will not stand the test of time; this is becoming more evident everyday. Comodo is going in the right direction in overcoming this problem.