A New Way Of Monitoring Malware?
from the proactively-checking-things-out dept
For years we’ve been discussing how traditional methods used by antivirus and antispyware products are often too reactive. The firms wait for someone to complain or send in an example of a problem. This often leads to calls for behavioral based solutions that look for certain behaviors that are likely to come from malicious files — though that certainly risks lots of false positives if legitimate systems use similar behavior (already this can be seen with some firewall products, which constantly pop up warnings — almost all of which users ignore, because so many are false positives). However, it appears that one firm is trying to take a different form of proactive approach. alarm:clock writes about SiteAdvisor that appears to try to proactively visit lots of sites and download all sorts of products while while putting together a large database of what those sites and products do, so that anyone can check to get a sense of how safe a site or software download really is. It’s an interesting approach if they can really cover enough sites and downloads, while still getting people to actually look at their info (and, of course, not getting the data wrong).
Comments on “A New Way Of Monitoring Malware?”
How to Reach SiteAdvisor
I certainly share this article’s enthusiasm about SiteAdvisor. For readers who want to learn more, some links: SiteAdvisor’s main page, signup form, initial testing results & browser plug-ins for automatic notifications, news & blog.
-Ben, who liked the company so much, he joined the advisory board
No Subject Given
Not a bad idea. I know a lot of people will go straight to Google when they find a process running on their PC they don’t know the name of. Most hits seem to be forum postings of other people saying “what is this strange process running on my PC?”
False positives
You firewall is asking when a new program wants to access the Internet.
This is not a false positive, it’s just telling you it’s a new program and it’s not been approved.
That said, if you have no idea what you’re doing, of course you’ll click yes mechanically. But those are not products that are supposed to work for people who have no idea what they’re doing.
Neither is SiteAdvisor. People have to actively seek and analyze the data.
“Security for the dumb” is not near yet.
Re: False positives
“Security for the dumb” ???
Ok, so when a pop-up from my security suite tells me that Microsoft Internet Explorer (or FireFox Browser) wants to access the internet, I am the dumb one for telling it “yes”? You would think that the software should already know that if I am opening a program to access the internet, I want to…well… access the internet.
I think that as the article states, there are many false positives – and by calling the user “dumb” (as you state), you probably just need to run more software, as there are many software out there that actually treat the user as being dumb, due to the fact that the software doesn’t use much intelligence itself (the pot calling the kettle black).
Re: Re: False positives
I tend to stand somewhere between the 2 of you… I think that the software should be somewhat smarter about internet access, and that users should be more informed about the consequences of blindly clicking YES.
Clicking yes when you know you want to access the internet may be annoying, but if you get malware that’s sending a million spam emails and the charge over qwest is $5 each… you definitely want to be told about it…you might want to consider clicking NO (or at least reading the message), instead of being a “dumb” user.
As my old techer used to say… It’s impossible to make software idiot proof because idiots are so ingenious
Re: Re: False positives
I am the dumb one for telling it “yes”?
How is the software to know that YOU are the one who launched the program?
What do you expect if you don’t know how to set your security settings to ignore certain products?
I agree more with the comment you replied to – however, it is a little extreme to call computer illiterate people dumb – just because people aren’t in the industry doesn’t mean they aren’t intelligent. That’s an extreme and pretty ignorant perspective (but what do you expect from script-kiddie elite?)
Deep Freeze
I don’t even care who tries to get into my PC anymore or what website is trying tp screw me over…I bought a copy of Deep Freeze Standard from http://www.faronics.com for $25 last year. Deep Freeze does one simple thing; it doesn’t allow anything to be written to your hard drives…it “freezes” them.
Here’s what I did. I set my PC up so my C: drive only contains a clean, updated copy of the XP operating system and my programs and then “froze” the C: drive so nothing else could be written to it. I keep all my -data- on an “unfrozen” external 40 MB USB drive so I can write to it while using my PC.
If I need to update the PC or load a program I can just shut down Deep Freeze until I load my new program or update my PC. Then, whenever I want to surf the Web, I disconnect the USB drive so it won’t get infected with anything…and I *do* surf everywhere…virus web sites, rootkit sites, etc. If get infected with anything (even a rootkit), it’s gone once I reboot. It’s very cool to be able to surf anywhere I want and never having to worry about my PC or data getting trashed.
Note: If you try this, don’t reconnect the USB drive until you reboot!
Another advantage is that you don’t have to always be updating your PC to keep it protected. Just unfreeze it once a month (like on Black Tuesday) and do all your updates in one go. I am behind a NAT, so I can get my updates from MS in peace…
Another note: on my C: drive I have removed all personal information because if something loads on my PC while surfing, I don’t want my personal information compromised.
I know this might not be for everybody, but this solution works very well for me and I have never had my PC get infected using Deep Freeze.
Gigabyte
Er, 40 GB USB hard drive…oops