Hi all. just a quickie. I read this in paper today and makes interesting reading (http://www.guardian.co.uk/technology/2008/jan/17/computersecurity). Seems to me to provide good argument in moving away from traditional ‘blacklist’ type antivirus in favour of a ‘whitelist’ or ‘hips’ approach such as used by cavs2 and to be furthered by cavs3. I know there are those whom detection rates are the ‘thing’ to look for but they are no protection against unknowns especially if this article is anything to go by and one can only use whatever security program has the most hackers on their books!
But we’ve been waiting sooooo long! The “Soon” promise has been floating for months! I love Comodo products but am tired of explaining to the users that I say grace over why I recommend the firewall / malware products, but send them to another vendor for AV. I’ve seen all the links to why AV isn’t the first line of defense any longer, but most end users aren’t moved by discussions of computing reality.
Yeah, this is free. But at this point Comodo has succeeded in becoming an important piece of the security puzzle. Leaving users hanging who are using an OS that has been out 1-1/2 years at this point is terribly frustrating, free software or not.
despite my frustrations – (L)
Patience is a virtue - unless you’re waiting for a broken elevator.
Sorry; must have missed something. Whitelisting has been a colossal failure for email, and has not worked well for web browsing. Just because most users deal with a lot of unknowns and don’t tend to catch up very quickly. I am not a CAVS user, so wonder what Comodo is doing differently for CAVS3. Thanks; Ed.
Number of baddies out there is outnumbering the number of goodies.
Its much more difficult to find baddies (cos they hide until they start causing damage, in which case its too late), than goodies.
Its much safer only to allow safe apps to run than running everything then figuring out whats bad in there.
As to most users dealing with a lot of uknowns: Not sure I share the “most” aspect of that statement. Not sure how many new executables an average person introduces to their machines on daily basis, however I do suspect to be a low number. And in the case of businesses, they are doing everything to stop the employees from introducing any new executables to their PCs to save support issues.
Also there are additional benefits like: Drive by downloads will be caught red handed with a Whitelisting approach, whereas blacklisting will wait for the signature.
Thanks for the info, Melih. I was really wondering what it is that CAVS3 is whitelisting? For AV/AS/Antispam it is usually things like email address consistency, correspondents, web page URLs, … that do vary a lot and are difficult to maintain. Are you whitelisting executables (CRCs?) and using a HIPS approach to prevent white programs from doiing black things or something entirely different? Perhaps a reference where we can go read about the CAVS3 approach? Thanks; Ed.