A New Way Of Monitoring Malware?

from the proactively-checking-things-out dept

For years we’ve been discussing how traditional methods used by antivirus and antispyware products are often too reactive. The firms wait for someone to complain or send in an example of a problem. This often leads to calls for behavioral based solutions that look for certain behaviors that are likely to come from malicious files — though that certainly risks lots of false positives if legitimate systems use similar behavior (already this can be seen with some firewall products, which constantly pop up warnings — almost all of which users ignore, because so many are false positives). However, it appears that one firm is trying to take a different form of proactive approach. alarm:clock writes about SiteAdvisor that appears to try to proactively visit lots of sites and download all sorts of products while while putting together a large database of what those sites and products do, so that anyone can check to get a sense of how safe a site or software download really is. It’s an interesting approach if they can really cover enough sites and downloads, while still getting people to actually look at their info (and, of course, not getting the data wrong).

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “A New Way Of Monitoring Malware?”

Subscribe: RSS Leave a comment
Sv says:

False positives

You firewall is asking when a new program wants to access the Internet.

This is not a false positive, it’s just telling you it’s a new program and it’s not been approved.

That said, if you have no idea what you’re doing, of course you’ll click yes mechanically. But those are not products that are supposed to work for people who have no idea what they’re doing.

Neither is SiteAdvisor. People have to actively seek and analyze the data.

“Security for the dumb” is not near yet.

Anonymous Coward says:

Re: False positives

“Security for the dumb” ???

Ok, so when a pop-up from my security suite tells me that Microsoft Internet Explorer (or FireFox Browser) wants to access the internet, I am the dumb one for telling it “yes”? You would think that the software should already know that if I am opening a program to access the internet, I want to…well… access the internet.

I think that as the article states, there are many false positives – and by calling the user “dumb” (as you state), you probably just need to run more software, as there are many software out there that actually treat the user as being dumb, due to the fact that the software doesn’t use much intelligence itself (the pot calling the kettle black).

bob says:

Re: Re: False positives

I tend to stand somewhere between the 2 of you… I think that the software should be somewhat smarter about internet access, and that users should be more informed about the consequences of blindly clicking YES.

Clicking yes when you know you want to access the internet may be annoying, but if you get malware that’s sending a million spam emails and the charge over qwest is $5 each… you definitely want to be told about it…you might want to consider clicking NO (or at least reading the message), instead of being a “dumb” user.

As my old techer used to say… It’s impossible to make software idiot proof because idiots are so ingenious

Anonymous Coward says:

Re: Re: False positives

I am the dumb one for telling it “yes”?

How is the software to know that YOU are the one who launched the program?

What do you expect if you don’t know how to set your security settings to ignore certain products?

I agree more with the comment you replied to – however, it is a little extreme to call computer illiterate people dumb – just because people aren’t in the industry doesn’t mean they aren’t intelligent. That’s an extreme and pretty ignorant perspective (but what do you expect from script-kiddie elite?)

PB says:

Deep Freeze

I don’t even care who tries to get into my PC anymore or what website is trying tp screw me over…I bought a copy of Deep Freeze Standard from http://www.faronics.com for $25 last year. Deep Freeze does one simple thing; it doesn’t allow anything to be written to your hard drives…it “freezes” them.

Here’s what I did. I set my PC up so my C: drive only contains a clean, updated copy of the XP operating system and my programs and then “froze” the C: drive so nothing else could be written to it. I keep all my -data- on an “unfrozen” external 40 MB USB drive so I can write to it while using my PC.

If I need to update the PC or load a program I can just shut down Deep Freeze until I load my new program or update my PC. Then, whenever I want to surf the Web, I disconnect the USB drive so it won’t get infected with anything…and I *do* surf everywhere…virus web sites, rootkit sites, etc. If get infected with anything (even a rootkit), it’s gone once I reboot. It’s very cool to be able to surf anywhere I want and never having to worry about my PC or data getting trashed.

Note: If you try this, don’t reconnect the USB drive until you reboot!

Another advantage is that you don’t have to always be updating your PC to keep it protected. Just unfreeze it once a month (like on Black Tuesday) and do all your updates in one go. I am behind a NAT, so I can get my updates from MS in peace…

Another note: on my C: drive I have removed all personal information because if something loads on my PC while surfing, I don’t want my personal information compromised.

I know this might not be for everybody, but this solution works very well for me and I have never had my PC get infected using Deep Freeze.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...