Antivirus companies not keeping up with technology

[Galdorf]

Antivirus companies are not keeping up with technology sure they protect you from viruses but malware and spyware most av's cannot block or even stop it from being installed.
I have tested all major brands using zero day malware every av fails my test most new malware turns off av protection before launching it's payload every major av failed to stop this from happening.
Even malwarebytes pro fails the realtime protection gets turned off before it launches it's payload.
Mcafee announced it was working on a malware/spyware program that prevents installation by using advanced behavior analysis and no signature based detection that was a year ago.
Av companies seem to be following the brick and mortar video store/music store they are not keeping up with the times and will probably die out.
Good for us bad for av companies many customers with kapsersky 2015 drop in when i take a look at av it's off and cannot be turned back on, i end up scanning with vba32 rescue boot cd and find av dis-abler tojans.
So far every av Kapsersky,Norton,Mcafee,Nod-32,avg,avast,bitdefender,trendmicro,panda all show up at my shop disabled it is very common now.
Most programs now have ad's even Skype there has been reports of Malicious Ads in Skype and bittorent software none of the av's will even stop the drive by user installation won't even flag them before disabling your av,windows update and stopping you from going to av and spyware removal websites.
Users Report Malicious Ads in Skype

 

[ohio_grad_06]

But by nature, AV companies are almost fighting losing battles because much of the time they are being reactive to things they see come up correct?

 

[citizensmith]

I have tested all major brands using zero day malware every av fails my test

I would expected zero day malware to beat the AV. Is'nt that the point of a Zero day exploit? With VirusTotals online checkers any wannabe can try the currant AV with some 'L33t' code


[Edit] - Drive by infections? Sounds like a poor choice of browser \ outdated \java \ flash is the problem. My browsing on Mint seams ok. May be I dont frequent the hacked sites. Got any urls handy?

 

[NYJimbo]

I would expected zero day malware to beat the AV. Is'nt that the point of a Zero day exploit? With VirusTotals online checkers any wannabe can try the currant AV with some 'L33t' code

^ ---- This right here.

 

[NOOB_TECH]

I would expected zero day malware to beat the AV. Is'nt that the point of a Zero day exploit? With VirusTotals online checkers any wannabe can try the currant AV with some 'L33t' code


[Edit] - Drive by infections? Sounds like a poor choice of browser \ outdated \java \ flash is the problem. My browsing on Mint seams ok. May be I dont frequent the hacked sites. Got any urls handy?

Mr smith is correct

I agree citizensmith
AV companies are gettings updates for viruses and attacks that have already have happened.

Zero-Day Attacks are not the same as Zero-Day Vulnerabilities
https://www.fireeye.com/blog/execut...not-the-same-as-zero-day-vulnerabilities.html

In an enterprise and even for small businesses they use more then just AV to protect their networks.
My point is AV plays just a small role in the huge pciture of security.
If you really want to protect your customers you need to educate them on browsing, updates ,ect.
Also, you should look into offering managed serivces, patching, AV , backups, ect., network managment, ect ect.
The more you manage thier enviroment, the less viruses and attacks you will see.

Security comes in layer like an onion.

 

[kpk1]

Wouldn't be without a sandbox these days.. Although nothings secure if someone's determined enough.

 

[TechPJC]

I prefer Virtualization (Sandboxes) and Imaging (Back Ups)
than Real-Time/On-Demand Scanners.

 

[Galdorf]

There is another way white listing software such as VoodooShield
Don't have time to test it atm very busy but heard good things about it esp with people who click everything and open every attachment.

 

[frostbyte5014]

Have you tried CryptoPrevent? It not only blocks Cryptolocker it also blocks many malware programs from installing because most use the same method to install.

 

[NJW]

Have you tried CryptoPrevent?

I'd be interested in knowing how CryptoPrevent handles this, too.

My browsing on Mint seams ok.

lol. That's like saying you've never been shot while driving your tank. ;-) (Spoken as a Debian user.)

 

[Dr Tweak]

I exclusively use Avast for my customers and have not had anyone infected since doing so. I agree that traditional detection methods are lacking but Avats new NG Technology could be the answer, it's new but is very promising. Here are some details about it:

Some information about new avast! NG component: our classic sandbox technology (used for DeepScreen, Sandbox and SafeZone components) restricts a sandboxed application to modify your system. As Windows OS is quite rich for various APIs and frameworks, we need to monitor more and more OS functions invoked from the unknown applications. This works perfect for Sandbox/SafeZone, but it's not enough for DeepScreen analysis. When a malware is analyzed in DeepScreen, we'd like to allow it to behave freely without any restrictions and monitor only its activities. Unfortunately, we might end up very soon if it tries e.g. to load a kernel-mode driver (you can't monitor kernel-mode, and if it gets there, it can control your entire OS, hide itself, connect to internet, ...), or use some undocumented system calls on 64-bit OSes (we use own hypervisor driver to fully protect 64-bit OSes, but this doesn't work on older PCs or with disabled VT-X/AMD-V feature in BIOS).

Avast! NG helps us to analyze malware real-time totally without any restrictions - it can load a kernel driver, it can delete any Windows files, format your volume, everything it wishes. The malware is executed on your OS using VirtualBox engine and the entire OS with malware is monitored. NG was heavily tested for a few months by our user base and we have fixed various HW/SW conflicts and tuned performance. After avast installation, it takes a couple of minutes to prepare NG (this is executed in the background with normal priority in this Beta, it'll be on idle priority in final release).

 

[Dr Tweak]

Something else I use for every client is Norton ConnectSafe, it helps a lot by automatically blocking malicious sites.