tag:blogger.com,1999:blog-7347279.post9038550974370609568..comments2023-08-26T05:04:33.009-04:00Comments on anti-virus rants: yes mr. rothman, there is a defense against drive-by downloadskurt wismerhttp://www.blogger.com/profile/03810635947269551517noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7347279.post-88570455605176034592008-03-24T10:45:00.000-04:002008-03-24T10:45:00.000-04:00@luke:3 things... first and foremost - i am not an...@luke:<BR/><BR/>3 things... first and foremost - i am not an expert, i have never claimed to be an expert... i am, at best, a specialist (in that i have specialized knowledge)...<BR/><BR/>second, i think the reason you aren't seeing these things in anti-virus products is because you're too traditional in what you call an anti-virus product...<BR/><BR/>finally, with regard to lsp's: avg, antivir, mcafee, esafe, dr. web, f-secure, nod32, virusbuster, panda, pctools, trend, and vet all have lsp's - in addition to exploit prevention labs' linkscanner/socketshield which was purchased by grisoft/avg not too long ago (presumably because xpl was doing a better job of it)... and thanks to <A HREF="http://www.castlecops.com/LSPs.html" REL="nofollow">castle cops</A> i didn't need to pour over google search results to come up with that list...kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-84428745168592501832008-03-23T05:33:00.000-04:002008-03-23T05:33:00.000-04:00Actually I *do* use an antivirus (actually more th...Actually I *do* use an antivirus (actually more than one)...<BR/>But if i want something beyond known malware scanning antiviruses generally don't provide it.<BR/><BR/>Let's look at this from a home user context and look at the options you listed and see whether antiviruses have it..<BR/><BR/>* Sandboxes - No antivirus i'm aware provides this. No doubt you might be able to find 1 or 2 (good luck googling), but they are not representative of what's is available.<BR/><BR/>* behavioural HIPS - A few do now, but not many. <BR/><BR/>* application whitelisting - see above.<BR/><BR/>* known-malware/exploit scanning in a layered service provider - okay this one I don't really use except for Exploitlab's Linkscanner... But I would add that many antiviruses themselves don't even do this :)<BR/><BR/>* "not having the web rendering component that a particular drive-by download exploits installed and/or using a web-content whitelisting technology " - Why would I use an antivirus for this?<BR/><BR/><BR/>To be clear I'm not saying antiviruses can't (or haven't tried such things in the deep ancient past) provide these types of defenses, but the reality is they don't today (with rare rare exception)!<BR/><BR/>Oh sure you can always google and find exceptions, but the reality is, even you a "av-expert" have never heard of them before you googled.<BR/><BR/>I'm no expert, but i love playing and testing all kinds of security software, and I generally can't find AVs that provide such <BR/>protection either.... <BR/><BR/>So what does that tell you? As you yourself noted, AVs have being slow to move!Lusherhttps://www.blogger.com/profile/16666435479524946069noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-62704128087933762582008-02-24T11:58:00.000-05:002008-02-24T11:58:00.000-05:00oh really... is that because you don't use anti-vi...oh really... is that because you don't use anti-virus at all?<BR/><BR/>and if so, where do you get a known-malware scanner in an LSP... generally speaking the only people who bother making known-malware scanners are in the so-called anti-virus biz... i suppose exploit prevent labs might have been an exception at one point, but they were bought by grisoft some time ago...kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-80119915090491214092008-02-24T08:25:00.000-05:002008-02-24T08:25:00.000-05:00You are right of course about the defenses.And I u...You are right of course about the defenses.<BR/><BR/>And I use all of them at different times. <BR/><BR/>But I get them not from antiviruses... :)Lusherhttps://www.blogger.com/profile/16666435479524946069noreply@blogger.com