Author Topic: The Good, The Bad and The UGLY (ugly because its unknown!!)  (Read 32479 times)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Legacy AntiVirus products allow Unknown (The UGLY) applications to execute on your computer!

A computer file could be an executable or non executable type in general. The executable one is full of instructions telling the CPU (the intel thingy ) what to do, like show this character on the screen etc..just full of instructions..sometimes, these instructions could be some malicious things like, copy the password and email it to fraudster etc…

A file can be in 3 states

1) A good file (aka The Good)

2)A bad file (aka The Bad)

3)Unknown file (aka The UGLY)


A system, like legacy Anti virus products work in the main with “Blacklisting” architecture.

They work by saying: “if you are in the blacklist you are not allowed to execute in this computer”.

So lets take the files and step it thru a legacy antivirus to see if their architecture works.

Journey of a Good file…

We take a Good file and push it thru an antivirus…antivirus checks this against their blacklist..it can’t find it there so lets it go ahead and execute…all well and good so far…great…..

Journey of a Bad file…

next…lets take a bad file….(lets be nice and say that this is a bad file that the legacy antivirus knows about, cos there are many bad files that legacy Anti virus products know about, as No single Antivirus company can have 100% visibility to ALL the malware out there, period)..but lets be nice :)…so take the bad file and push it thru a legacy Antivirus….antivirus check this against their blacklist and bingo..it detected it and stopped it from executing….welldone legacy antivirus!!

Journey of an Unknown file…

Now lets take an unknown file and push it thru a legacy antivirus product, it will check against its blacklist…is it there? Nope…so lets just let it go ahead and execute..after all its not in its blacklist….

so what did i just execute?

What was that unknown file that I just executed? Was it good or bad? Afterall it can either be good or bad…. so using a “blacklisting” architecture you just allowed potentially malicious application to run and damage your computer!

If you were writing Viruses…

Now, lets say you are writing viruses for living…and believe me there are many out there that does that and many more who use these to make money from them. What would be the first thing you would do when you created your malicious creation?

Yep, you guessed it right…you would first check to make sure popular legacy Antivirus products don’t detect it. Afterall, if you are intelligent enough to write a virus, you should have an ounce of brain (used for wrong purposes….) to check if your virus is detected or not. And yes you make sure its not detected and then you release it on people….

But wait!!!

This new virus/malware that this Virus author just released will be an “unknown” file and will be executed….errrmm…yes…it will…..so now you know why you are MAD MAD MAD to rely on a legacy Antivirus that still uses “blacklisting” techniques in an attempt to protect you but fail miserably!

Yeah but Legacy AntiVirus products have heuristic built in…..

Damn, didn’t know that  oh really, well everything is fine then…:) (sorry for the sarcasm….:) Heuristic is also based on “blacklisting method”, these are rules that identifies files/behaviours that matches a blacklist of rules. The architecture is still the same! You are still running the “risk” by “executing” “unknown” applications. Do these things detect more..sure they do…do they eliminate the risk, hell no!

So if you don’t want to run your computer or your business like a lottery and letting your security applications run “unknown” applications, then better use Comodo

Melih

Offline Ovidiu G.

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 260
  • The only real valuable thing is intuition-Einstein
    • Comodo Reviews in limba română
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #1 on: May 30, 2010, 07:53:39 AM »
Hello,

I do not think anyone could better and easier as Melih explain how it works Comodo
Internet Security. With conventional antivirus products, the UGLY will always gain
something from our computers, what is a risk which, besides being very large is
also a continuing risk.  >:-D

We have now the possibility of using a product like Comodo to greatly reduce this
risk, (Why not close to zero) making a bad file in one inofesiv for our computers.
We must see the reality: conventional antivirus products are about to lose the war
and alternatives are the products that rely on prevention, not detection!
When we get a internet security suite, we should not think about the great detection
rate of 99.99% but the fact that we want a product that will provide a full complete
protection against unknown malware! Why does not Comodo Internet Security?

Keep up the good work Comodo!  :-TU

Best Regards,
Ovidiu

Offline ssj100

  • Comodo's Hero
  • *****
  • Posts: 482
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #2 on: May 30, 2010, 04:44:58 PM »
Completely agree with Melih.  I've been repeating it across various forums - "Antivirus" and/or "Behaviour Blocker" software is simply a "roll of the dice" security setup/approach.

CIS is certainly on the right track, particularly with Defense+.  However, a default deny setup/approach (and not running as admin) would be even more powerful, and is what I've been employing for over 8 months.
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #3 on: May 30, 2010, 09:26:09 PM »
This is funny....Go ahead buy Norton for $50....but when it fails....come and get this Norton Power Eraser.....

I mean, do i need to say anymore?

PS: this power eraser could also delete your legit files though..so you must be careful....

Melih

Offline SpeedyPC

  • Comodo's Hero
  • *****
  • Posts: 546
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #4 on: May 30, 2010, 10:38:37 PM »
I mean, do i need to say anymore?

No you don't have to say anything Melih because Norton is always after more money and nothing else.
ASUS G75VX-T4153H - AIS v2016.11.1.2245 - W8 64bit - Firefox (AOS/NS/LP/VT) - Thunderbird - MBAM Premium + MBAE Free - Adguard Premium - Secunia PSI - CryptoPrevent - CCleaner - MCShield - WinPatrol PLUS - Unchecky - Macrium Reflect Home Edition

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #5 on: May 30, 2010, 11:13:14 PM »
This is funny....Go ahead buy Norton for $50....but when it fails....come and get this Norton Power Eraser.....

I mean, do i need to say anymore?

PS: this power eraser could also delete your legit files though..so you must be careful....

Melih


Or, Maybe it's a fishing line and hook.  If your infected using another product then you might Google for the removal tool, Come across power eraser and think ' Hey this is good, it fixed my problem. Maybe I'll buy Norton!'
Quote
PS: this power eraser could also delete your legit files though..so you must be careful....

Melih

This is no different from any black listing application. Comodo for example quite often labels false positives with it's antivirus (Even more so then a lot of other applications!), Which results in the deletion of legit files.
Comodo, Symantec,McAfee,anything,everything.
All the same.


No you don't have to say anything Melih because Norton is always after more money and nothing else.
All companies are after money. There MAY be a few exceptions...Charity.. etc.
Comodo for example has a different way of making money through CIS than Symantec does through Norton, You pay for support.  It's a different method, but in the end it performs the same function $$$$



« Last Edit: May 30, 2010, 11:15:36 PM by Kyle »
Don't worry, be happy ????

*No longer active*

Offline John Buchanan

  • "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well armed lamb contesting the outcome of the vote." ~ Benjamin Franklin
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6682
  • Personal Dragons can be defeated. Improve yourself
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #6 on: May 30, 2010, 11:35:44 PM »
Quote
Comodo for example quite often labels false positives with it's antivirus (Even more so then a lot of other applications!), Which results in the deletion of legit files.

But at least you are not allowing a virus to run unknowingly on your system.    The FP at least tells you it may be malicious, hence the option of submission to have it tested for absolute certainty.
Please follow Comodo Forum Policy

Bah! Ban 'em all! The only good member is a banned member
And a member is just a policy violator who hasn't been caught yet. >:-D

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #7 on: May 30, 2010, 11:53:20 PM »
You can too upload potential malware to Symantec and have them check for malware. You can report it on the forums too, Just like here at comodo and get them to verify if it's a false positive or not.

In the context that Melih provided about how sucky Norton Power eraser black list scanner is, He was saying it has the potential to delete safe files, this is no different from comodo's black list scanner - Comodo AV.

Don't worry, be happy ????

*No longer active*

Offline bluesjunior

  • Comodo's Hero
  • *****
  • Posts: 568
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #8 on: May 31, 2010, 03:23:51 AM »
Possibly a dumb question, but which AV's use the Legacy approach, Is legacy an AV system or is it itself an AV I haven't heard about?.

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #9 on: May 31, 2010, 03:37:27 AM »
Possibly a dumb question, but which AV's use the Legacy approach, Is legacy an AV system or is it itself an AV I haven't heard about?.

The only dumb question is the question thats not asked!
Quote
Legacy
In computing, describes outdated, obsolete hardware or software. Usually a PITA. Often refuses to die.
"You'd think after around 30 years legacy storage like floppy disks would be vapour."
Don't worry, be happy ????

*No longer active*

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #10 on: May 31, 2010, 04:23:30 AM »


PS: this power eraser could also delete your legit files though..so you must be careful....

Melih


Yes, just like Comodo AV does sometimes

Offline bluesjunior

  • Comodo's Hero
  • *****
  • Posts: 568
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #11 on: May 31, 2010, 07:54:45 AM »
Thanks Kyle, now I understand.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #12 on: May 31, 2010, 08:08:17 AM »
You can too upload potential malware to Symantec and have them check for malware. You can report it on the forums too, Just like here at comodo and get them to verify if it's a false positive or not.

In the context that Melih provided about how sucky Norton Power eraser black list scanner is, He was saying it has the potential to delete safe files, this is no different from comodo's black list scanner - Comodo AV.




let me explain the main point...

Main point: Norton readily admits Antivirus products miss malware......

Melih

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #13 on: May 31, 2010, 08:10:46 AM »
All antivirus misses malware Melih.. you know that. You should of stuck with the original post and not mentioned norton's black list scanner  :P Kinda shot your self in the foot when you have a black list scanner yourself  ;D
Don't worry, be happy ????

*No longer active*

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #14 on: May 31, 2010, 08:48:25 AM »
All antivirus misses malware Melih.. you know that. You should of stuck with the original post and not mentioned norton's black list scanner  :P Kinda shot your self in the foot when you have a black list scanner yourself  ;D

Are you always this funny? :)

Kyle: I know they miss malware...you know they miss malware. I wrote this post/article for many people who do not understand this subject. So lets let them read it without cluttering it with irrelevant posts ok?

thanks
Melih

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek