there is no algorithm that can perfectly detect all possible viruses

Undecidable Detection Problems

Detection of a virus by its appearance
Detection of a virus by its behavior
Detection of an evolution of a known virus
Detection of a triggering mechanism by its appearance
Detection of a triggering mechanism by its behavior
Detection of an evolution of a known triggering mechanism
Detection of a virus detector by its appearance
Detection of a viral detector by its behavior
Detection of an evolution of a known viral detector

agree!!!but a goodone its not bad thing ;D ;D ;D

Agreed, and we all agree I think that ‘default deny’ is a better option. However, most people want ‘security in depth’ which is why a decent antivirus engine is still important.

As an example, I live on board a sailing yacht. The best defence against sinking is an automatic bilge pump (which I have). But because I believe in ‘security in depth’ I also have two manual bilge pumps and wooden pegs next to each through-hull for immediate emergency use.

Even sky-divers carry a reserve parachute and you never put all of your eggs in one basket.

I think my point is lost somewhere here :slight_smile:

My point is: To all who are using just AV (detection) as the only method…thinking they have an AV product and they are safe…

Agreed, but I think we can all see the underlying (and unstated) plug for ‘default deny’. :slight_smile:

Hi all,
Exactly, only one antivirus does not protect a system.
Add-ons HIPS - Viruscope - Sandbox - firewall -…
are essential
Interactivity modules must be perfect in order to provide security

hips not for me(i need something to tell me this is bad or this is good…im not an expert)…viruscope still weak…so i need a strong av with Auto sandbox to get less sandbox items as posible :slight_smile: :slight_smile: :slight_smile:

+1 :-TU

Why do we need cheap signature based analysis?
Heuristic scanning was supposed to be “the future”, but it’s actually useless.
Why not just teach AV/FW to reverse engineer programs, to be 100% sure, if malicious or not?

look at the above documents…detection using software cannot be 100%… it will allow malware in…No matter what kind of detection algorithm…
signature, heuristic, AI, Machine learning, static analysis, dynamic analysis and so on…these are all software trying to detect bad stuff and cannot be 100% according to research papers.

Yes I agree that 100% detection will never be possible, therefore an AV that just uses detection can only stop known malware.
Yes I agree that Default Deny will isolate any unknown program and is therefore the best currently available mechanism to stop new malware.
BUT Default Deny ultimately relies on the user to decide if an unknown program is OK to run outside the Sandbox which means that it could still infect the PC if the user makes the wrong decision.
THEREFORE using an AV with a high detection in addition to Default Deny reduces the chance that the user needs to decide whether an unknown program is safe or not.

“New Containment technology makes it both not only possible but also practical to implement a Default Deny security platform. This is a rare, transformational opportunity for organization of any size”.

no user intervention required, thanks to containment!

i like the articles but what does it have to do with ccav as valkyrie is not working right yet? who relies on ccav is doomed, for now, right?

Nope, you still have the sandbox. Valkyrie has teething problems. We need to give it time to grow up.

that’s why we have been trying educate everyone. Your understanding is not correct.

Security comes from “isolation” provided by our automatic containment (sandboxing) technology of the unknown files. So you are safer running CCAV than a traditional AV.

i understand that but when a file is sandboxed (actualy lots of files are) we relly on valkirye to know if the file is safe or not but valkyrie is there, dead… thats why i dont get the point. when valkyrie gets running completely for all then ill agree and understand the point. :frowning: im still waiting for it. I know it will happen… eventualy…

Melih, If and when everything works as claimed in this article then your statement about no user intervention required may well be true.
As far as I am aware Valkyrie is only partially working even though it has been around for a while, and the article implies that Valkyrie is a critical part of the no-user-intervention Containment and Advanced Endpoint Protection mechanism.

When do you expect fully automated Advanced Endpoint Protection to be part of CIS?

This article is written for the Enterprise version.

We are trying to get it for consumer version. Just matter of time…