Melih spreads misinformation

drama · December 1, 2010, 3:11pm

Abdulhayoglu contends that AV is a cleaning tool, not a preventive one. “The way that it works is still reactive, it still looks for signatures”

http://www.infosecurity-us.com/view/14008/desktop-security-model-needs-revamping-says-comodo-ceo-/

So what has happened to heuristics, behavior blockers, HIPS, IPS, sandboxes, etc?

Its time to apologise publicly Melih, for spreading misinformation. Will you?

kinemitor · December 1, 2010, 3:40pm

what was the missinformation?
all what melih said there is correct

hullboy · December 1, 2010, 3:53pm

In fact.
Apologise for what? ???

Melih · December 1, 2010, 4:58pm

Behaviour blockers, IPS and Heuristic: is still rule based glorified signature.

Traditional AV does not use HIPS or sandbox (pls do not point me to AV’s that bundle sandbox as a proof that they use Sandbox…they bundle…not use within AV process).

So everything I said above is correct. Will be more than happy to apologise if you can show me that Heuristic is not rule based/aka Glorified signature (these all work with trying to identify a “bad behaviour” while letting everything else in…)…and because there is no good way of identifying bad behaviour, malware does creep in…Hope this clarifies…heuristic, behaivour blocker etc etc are all looking for “signatures”…

Melih

Valentinchen · December 2, 2010, 9:37am

Hey and Welcome Drama

Did you come here to attack Melih?
I don’t get your problem? CIS uses AV that has heuristics, firewall and Defense+ which is the main tool. And what Melih says is true.
What should he apologize for?

Regards,
Valentin

panic · December 2, 2010, 11:23am

Since they were talking about Anti Virus (AV) products;

Is a sandbox application an AV? No

Is an IPS an AV? No

Is a HIPS an AV? No

Is a behaviour blocker an AV? Maybe as a part of an AV product - but it is essentially comparing actual behaviour against a library of known or deduced behaviours - otherwise known as signatures.

Is heuristics an AV? Yes, as a component of an AV. It’s a signature form for an AV where it checks for typical code sequences or actions.

The very nature of AVs is that they are reacting to events and actions already taking place on a PC. They cannot be anything other than reactive.

Its time to apologise publicly Melih, for spreading misinformation. Will you?

You’re correct when you say it’s time for an apology. Let me know when you’re going to post it.

Cheers,
Ewen

Valentinchen · December 2, 2010, 11:29am

you said it Ewen! :-TU