Poll

OT posts splitted

who removed my posts from this thread
0 (0%)
https://forums.comodo.com/empty-t28058.0.html
0 (0%)

Total Members Voted: 0

Author Topic: Eighty percent of new malware defeats antivirus????!!!!  (Read 42623 times)

Offline ailef

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 946
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #15 on: October 08, 2008, 01:27:35 AM »
if u doubt about the fact that a high level of new malwares are simply nit detected,
make a search on packagers to bypass antivirus on google and u'll certainly find how it's possible.
i often go to some wellknown bittorrent sites cause i know that the majority of keygens or cracks included are malwares.
i dl all that then i scan it with kaspersky, result : no virus.
i just have to send the file to virustotal.com and if the malware is really new, not a lot of scanners find some suspicious file, maybe 6 max, and always the same engines.
but sometimes 15 scanners detect a malware and know what? i send it to kaspersky and they reply : no malware detected !!! so i reply : really ??? excuse me but 15 scanners detected it so i doubt about you result and i tell that i will certainly change of AV solution cause i sent them a lot of files and i often receive the same answer : no malware. except when i wait a long time then scan again with kasperky, oooooh suddendly the file is detected.
so there are 2 solutions : they don' t even look at the code and just scan it or they don't want to reply me thanks for sending this new malware, it will be added to the base in the next hours.
that's why i never trust my AV and always go to virustotal.com
and i got the unique logical solution named DEFENSE+, if some engine can't detect malware so let's see what the file wants to do with DEFENSE+ and u'll be informed quickly about the real activity the file could start on your machine, except when u got D+ alerts showing the malware activity, u just have to kick it and it's done, the file cant even load a bit into memory.
kaspersky said they added HIPS in their products but i have to say the level of security is far from what comodo is able to give for free... that hurts competitors ? that's life, start first to stop lying to customers on your sites by telling your security solution is the best ever cause it's just crap.

and about the all in one, i don't want all in one, what i need is comodo FW, scanners are the first security hole in your system and the prob is that customers are far to imagne that.
but that is just true.
u know with internet u can access any infos and u'll find all things to even use a known malware and repack it with various methods and the known malware will bypass again your AV.
it's packed a way that engine is unable to unpack it cause the way it's packed send the AV from line to line code and if the AV continues to follow the game of the packager it could crash. sometimes the AV stays like 2min on a file of 20KB then it stop with result : 0 virus detected, except it just failed to scan the file cause of the method used to pack the file. so send it to virustotal.com and u'll get your answer.
and at the end there's always DEFENSE+ there to advise u, except it's your own decision that will save your system or not. but if it's a malware, DEFENSE+ will show u the first bad activity the file wants to start and if u don't stop it u'll see how the malware will infect your system with all the D+ alerts u will let run. so u'll know all and how the malware infected u but if it's a bad one, u can say goodbye to clean it.
use backup progs to save your system, use comodo FW and for the AV, do what u want. but if u find new malwares not detected by your av, go to virustotal.com and u'll see wich engines are the best cause they're always the same 5 or 6 engines to detect a bad file.
Windows 8.1 Enterprise 64bit

Security programs installed : Comodo FW 12.0.0.6810

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #16 on: October 08, 2008, 08:10:02 AM »
Interesting post there Ailef  (:CLP)

While I accept the basic premise I must say that in defence of Avira it's blocked every keygen or crack that I've ever run,but it's quite right that old methods aren't working in the modern malware world.A combo of HIPS,behavioural,virtualization and whitelisting with some blacklisting thrown in is currently the best option but alas nothing is perfect.The sheer complexity of running a good degree of security brings problems in itself.In order to get close to 100% immunity it gets very restrictive indeed.
« Last Edit: October 08, 2008, 08:12:25 AM by andyman35 »

Offline ailef

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 946
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #17 on: October 08, 2008, 07:28:52 PM »
there's something strange, i got tools to modify your bios and it's recognized as malware but i think it's more the fact that the tool is able to add slic tables to activate vista that MS and antivirus firms decided to return a malware alert to their users. is that possible ?
Windows 8.1 Enterprise 64bit

Security programs installed : Comodo FW 12.0.0.6810

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #18 on: October 08, 2008, 09:07:44 PM »
there's something strange, i got tools to modify your bios and it's recognized as malware but i think it's more the fact that the tool is able to add slic tables to activate vista that MS and antivirus firms decided to return a malware alert to their users. is that possible ?

Quite often legitimate programs can be flagged up as potentially malicious because they exhibit similar traits to known malware,they tend to err on the side of caution.Out of the many cracks/keygens that I've run,the majority were from safe sources,but I'm happy to accept the FPs in such cases.

Likewise your bios modifier performs a potentially malicious action and probably shows enough coding similarities to known malware to make the AV twitchy so I'm not sure that there's any collusion between the AV companies and Micro$oft,having said that nothing would surprise me with Bill's mob. :THNK

Offline halfcack

  • Comodo Family Member
  • ***
  • Posts: 60
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #19 on: November 13, 2008, 02:06:00 AM »
Based on that article, I think we should keep CAVS very quiet & not tell any more people about it.

Hmm.. I believe there's a slight flaw in that thinking.  ::)

Seriously, I think your strategy is correct & certainly is best for the user.

But, the article does make a valid point. The more popular any product becomes, then there more likely it will be that virus/trojan/malware writers test their latest thing against that product. That is, as the article indicates, indeed a worrying trend.
When I first tired the Comodo Firewall out last year, I was amazed.  I wanted to tell everybody but then I didn't but I did anyway.

CAVS as I familiarized myself more tonight, is awesome.  CIS was so good I though it was crap, I really ate crow on that one and a lengthy number of apologies appear.

The main problem I had was the crap software I had been paying for, using about 5-6 apps at a time and slowing machines down to a crawl.

It was hard to take the leap to one firewall and one antivirus, malware and spyware program.  I'm glad I did.

It was impossibly difficult at first and actually still is but as each day goes by, I learn a little more.  When I recommend Comodo software to someone, I want to be there to install and show them what I've learned.

A question, is CIS considered to be an all in one, need nothing else program?  Does it have to be set up by a professional to be effective in all the different areas we are finding ourselves being attacked on.

Thank you.

Offline ganda

  • thermodynamic defier
  • Comodo's Hero
  • *****
  • Posts: 5896
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #20 on: November 13, 2008, 02:15:57 AM »
Does it have to be set up by a professional to be effective in all the different areas we are finding ourselves being attacked on.
if it does, then i'm doomed  ;D
i don't think so, i successfully installed & setup my CIS on my own  O0
i think the default config is sufficient enough, but of course you can tweak it here & there to get extra protection.  my $2 (oh yes, i'm rich  ;D ) :Beer

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #21 on: November 13, 2008, 01:02:29 PM »


A question, is CIS considered to be an all in one, need nothing else program?  Does it have to be set up by a professional to be effective in all the different areas we are finding ourselves being attacked on.

Thank you.

The question of "what is enough security?" depends on a number of factors,including online activities and technical expertise of the user.For an average user who goes online to do some e-mailing,read a few forums,etc. then CIS,with default configuration is maybe enough,however the AV is still in an early stage so a backup scanner would be advisable IMO.For a very technical user then CIS alone,coupled with good habits,would be sufficient,if not entirely comprehensive...yet. ;)

mattjh

  • Guest
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #22 on: November 13, 2008, 07:44:03 PM »
Hello,  I know this doesn't really have anything to do with what this article is about, but I would like to get somebody important's attention since I haven't seen any changes regarding this issue yet.   Here is a copy of an email I have sent to Comodo regarding your firewall.  Sorry for this abrupt reply, but this is very important and needs to be address to improve your firewall!

Copy of email:

I'm sorry to have to say this about your product, but I had to quit using it because it still doesn't have the firewall auto-lock feature that is so desirable for any software firewall.  To find out what I mean by an auto-lock feature, please read below, the email I sent long ago concerning this issue.  Unfortunately, since I haven't seen this feature added yet, I have stopped using your product and reinstalled the ZoneAlarm firewall since it does has this feature.  I don't know if you realize how important it is to have this feature available with a firewall.  I can't tell you how much better I feel knowing that my computer will be automatically access safe when my screensaver kicks.  This automatic feature is very nice for reasons I don't think I need to explain.

In short,  please consider adding  this feature to your firewall ASAP. 

Thank you for your concern.  Below you will find a copy of the email I sent long ago about this issue.

Matt Horning



Hello,

I couldn't find a link for leaving feedback or suggestions for your firewall, so I'm sending this email to this link.  Please forward my suggestion to the appropriate department. 

I uninstalled my ZoneAlarm firewall so I could install yours.  There's one important feature that ZoneAlarm had which I can't find on your firewall.  This feature is an Internet lock that has the option of being activated when the screensaver activates or after a user defined period of time.  I believe it is a very simple feature to incorporate, but a lot of firewalls, including yours, I think, don't have it.  I think this is a very useful, important feature to have on a firewall, because it completely locks down and stops all activity going to and from my computer while I'm away, and also it does this automatically, only after I'm no longer using my computer.  Then, when I return to use my computer, the screen saver deactivates which unlocks the firewall so I can have Internet access again.

Please consider adding this option to your firewall as soon as possible, since this adds extra protection to a computer when the person is away.  I realize that I could click on  your "stop all activities" button to probably do this, but it would be much more convenient to have it done automatically with my screen saver as I've described above.

Thank you for your consideration in this matter and also thank you for providing your firewall for free.

Matt Horning

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #23 on: November 13, 2008, 09:11:36 PM »
Hello,  I know this doesn't really have anything to do with what this article is about, but I would like to get somebody important's attention since I haven't seen any changes regarding this issue yet.   Here is a copy of an email I have sent to Comodo regarding your firewall.  Sorry for this abrupt reply, but this is very important and needs to be address to improve your firewall!

Copy of email:

I'm sorry to have to say this about your product, but I had to quit using it because it still doesn't have the firewall auto-lock feature that is so desirable for any software firewall.  To find out what I mean by an auto-lock feature, please read below, the email I sent long ago concerning this issue.  Unfortunately, since I haven't seen this feature added yet, I have stopped using your product and reinstalled the ZoneAlarm firewall since it does has this feature.  I don't know if you realize how important it is to have this feature available with a firewall.  I can't tell you how much better I feel knowing that my computer will be automatically access safe when my screensaver kicks.  This automatic feature is very nice for reasons I don't think I need to explain.

In short,  please consider adding  this feature to your firewall ASAP. 

Thank you for your concern.  Below you will find a copy of the email I sent long ago about this issue.

Matt Horning



Hello,

I couldn't find a link for leaving feedback or suggestions for your firewall, so I'm sending this email to this link.  Please forward my suggestion to the appropriate department. 

I uninstalled my ZoneAlarm firewall so I could install yours.  There's one important feature that ZoneAlarm had which I can't find on your firewall.  This feature is an Internet lock that has the option of being activated when the screensaver activates or after a user defined period of time.  I believe it is a very simple feature to incorporate, but a lot of firewalls, including yours, I think, don't have it.  I think this is a very useful, important feature to have on a firewall, because it completely locks down and stops all activity going to and from my computer while I'm away, and also it does this automatically, only after I'm no longer using my computer.  Then, when I return to use my computer, the screen saver deactivates which unlocks the firewall so I can have Internet access again.

Please consider adding this option to your firewall as soon as possible, since this adds extra protection to a computer when the person is away.  I realize that I could click on  your "stop all activities" button to probably do this, but it would be much more convenient to have it done automatically with my screen saver as I've described above.

Thank you for your consideration in this matter and also thank you for providing your firewall for free.

Matt Horning

Please post any feature requests to this section:

http://forums.comodo.com/firewall_wishlist-b147.0/

Offline Android2007

  • Comodo Family Member
  • ***
  • Posts: 55
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #24 on: January 12, 2009, 11:13:31 AM »
At our school we researched a virus making bot.
It randomly creates viruses of all kinds.
Most are crap but from time to time it creates superviruses that broke every antivirus we tested.

Also we researched selflearning virus.
It spreads itself by creating viruses like himself and also by modifying other programs into itself.
The virus improves itself from the personal experience.
It uses probability method (most viruses that are trying to improve die but the ones that survive are very powerful and nearly impossible to remove)

How do you fight these beasts?

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #25 on: January 12, 2009, 11:26:37 AM »
At our school we researched a virus making bot.
It randomly creates viruses of all kinds.
Most are crap but from time to time it creates superviruses that broke every antivirus we tested.

Also we researched selflearning virus.
It spreads itself by creating viruses like himself and also by modifying other programs into itself.
The virus improves itself from the personal experience.
It uses probability method (most viruses that are trying to improve die but the ones that survive are very powerful and nearly impossible to remove)

How do you fight these beasts?

You've rightly pointed out the limitations of a traditional AV scanner against sophisticated,polymorphic malware.

To fight those type of threats a HIPS ,virtualisation/sandbox or behavioural scanner would be the best methods.However malware hides itself from scanner detection the fact remains that in order to cause a problem it has to do something malicious.In knowledgeable hands a HIPS will detect just about any possible malware activity,as will a good behavioural scanner.Virtualisation/sandboxing is an extremely powerful method for containing malware and isolating it from the system.
« Last Edit: January 12, 2009, 11:29:31 AM by andyman35 »

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14648
    • Video Blog
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #26 on: January 12, 2009, 02:34:55 PM »
At our school we researched a virus making bot.
It randomly creates viruses of all kinds.
Most are crap but from time to time it creates superviruses that broke every antivirus we tested.

Also we researched selflearning virus.
It spreads itself by creating viruses like himself and also by modifying other programs into itself.
The virus improves itself from the personal experience.
It uses probability method (most viruses that are trying to improve die but the ones that survive are very powerful and nearly impossible to remove)

How do you fight these beasts?

we simply don't let them execute in a PC.. we only execute what is good

Melih

Jammerdelray

  • Guest
Re: Eighty percent of new malware defeats antivirus????!!!!
« Reply #27 on: February 16, 2009, 04:50:08 PM »
Luckily there's Comodo to save the day  :comodojiggy:

More & More Rogue Security Apps are appearing, As Anti virus Apps keep getting better the more Malware will increase.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek