I know that this subject can possibly has been discussed in some place on this forum, but I have inumerous doubts regarding this (and have not found any topic with something similar to what I would like to discuss), and would like to know your opinions.
Speaking for myself, I current have installed in all my machines Comodo Firewall Pro V3, BOClean and Avira AntiVir Personal Editon Classic (only until the new CAVS be released). I also use good practices while browsing the web, and don’t worry about it the majority of the time, because I have a good knowkedgement regarding this subject. I am not a expert, but I am not a newbie, too.
I also know that the new CPF V3 has a HIPS System integrated, and that the future version of CAVS will integrates with BOClean, among other powerful features.
So, my doubt is: is the traditional way of work of many security solutions based on signature files “dead”? Is the pro-active systems (like the one inserted on CFP and like the new “ThreatFire” by PCTools) the future of security, leaving the traditional and old method on the past, and make it use unnecessary?
Can we expect that one day we will only have pro-active systems on our machines, based on the “community learning” or not?
Can we expect that only using a tool like CFP 3, together with good practices while browsing the web is enough to protect us from any malware?
I was thinking on it due to the crescent increase, day by day, of new types of malwares, that growing much more faster than the capacity of the security companies in detects them, and so update his solutions.
Is the HIPS systems, the behaviour analysis, the use of very good alternatives like Defense+, CleanPC mode (on CFP 3) and, sometimes, “sandboxies”, more reliable and secure than the tradition model of signature based solutions? Can we assume that this way of work is enough for the present days?
Even the heuristic system is not enough, in my opinion, because I have already experienced very bad experiences with it, with constants false-positives, etc. And “heuristic” is not the same thing that HIPS and/or pro-active defense systems, in my opinion.
I have tried in the last days the tools SandBoxie and SafeSpace, but I am not sure if the slowing that it causes to the computer is acceptable (except for the cases when we want to “try” some software without cause any damage/modification to our systems) when all we want is “security” and “speed”. Of course, alternatives like that really provides a secure enviroment, but what is the cost?
So, due to the above, what do you think about? Can we expect for a day when only an unique solution “non signature based” will be enough for our security?
What your opinion?