Detection of a virus by its appearance
Detection of a virus by its behavior
Detection of an evolution of a known virus
Detection of a triggering mechanism by its appearance
Detection of a triggering mechanism by its behavior
Detection of an evolution of a known triggering mechanism
Detection of a virus detector by its appearance
Detection of a viral detector by its behavior
Detection of an evolution of a known viral detector
Agreed, and we all agree I think that ‘default deny’ is a better option. However, most people want ‘security in depth’ which is why a decent antivirus engine is still important.
As an example, I live on board a sailing yacht. The best defence against sinking is an automatic bilge pump (which I have). But because I believe in ‘security in depth’ I also have two manual bilge pumps and wooden pegs next to each through-hull for immediate emergency use.
Even sky-divers carry a reserve parachute and you never put all of your eggs in one basket.
Why do we need cheap signature based analysis?
Heuristic scanning was supposed to be “the future”, but it’s actually useless.
Why not just teach AV/FW to reverse engineer programs, to be 100% sure, if malicious or not?
look at the above documents…detection using software cannot be 100%… it will allow malware in…No matter what kind of detection algorithm…
signature, heuristic, AI, Machine learning, static analysis, dynamic analysis and so on…these are all software trying to detect bad stuff and cannot be 100% according to research papers.
Yes I agree that 100% detection will never be possible, therefore an AV that just uses detection can only stop known malware.
Yes I agree that Default Deny will isolate any unknown program and is therefore the best currently available mechanism to stop new malware. BUT Default Deny ultimately relies on the user to decide if an unknown program is OK to run outside the Sandbox which means that it could still infect the PC if the user makes the wrong decision. THEREFORE using an AV with a high detection in addition to Default Deny reduces the chance that the user needs to decide whether an unknown program is safe or not.
“New Containment technology makes it both not only possible but also practical to implement a Default Deny security platform. This is a rare, transformational opportunity for organization of any size”.
no user intervention required, thanks to containment!
i understand that but when a file is sandboxed (actualy lots of files are) we relly on valkirye to know if the file is safe or not but valkyrie is there, dead… thats why i dont get the point. when valkyrie gets running completely for all then ill agree and understand the point. im still waiting for it. I know it will happen… eventualy…
Melih, If and when everything works as claimed in this article then your statement about no user intervention required may well be true.
As far as I am aware Valkyrie is only partially working even though it has been around for a while, and the article implies that Valkyrie is a critical part of the no-user-intervention Containment and Advanced Endpoint Protection mechanism.
When do you expect fully automated Advanced Endpoint Protection to be part of CIS?