Review of the Top Picks in 2012 0-Day Benchmarks

Talk about internet security, computer security, personal security, your social security number...
Hungry Man
Junior Member
Posts: 43
Joined: Wed Oct 19, 2011 9:42 pm

Re: Review of the Top Picks in 2012 0-Day Benchmarks

Post by Hungry Man » Thu Oct 04, 2012 8:42 pm

I was gifted multiple Emsisoft keys (through various forums, I get keys gifted to me from people). I personally found it to be top notch but (I'm a Linux user and have no use for Antivirus on my Windows partition as it's purely for games and only rarely connects to the internet for online games) I put it on my mother's computer and she had quite a bit of trouble with blocked websites (web guard) and a lot of popups for behavioral blocking. I could have toned it down but I felt there was no need for it so I just moved back to MSE.

I would be wary about flash-tests results. The methodology is, in my opinion, very broken. It works on a set of 'stages' for malware ie: if you catch malware 1 you are tested against malware 2 and if you miss malware 2 they don't bother testing malware 3. That's not how it works in the real world.

On top of that there's no distinction between a definitive result (ie: blacklist signature/ definitive heuristics) and a user interaction (ie: This program tried to run? Block? Sandbox?). I can write a program that universally injects a .dll and intercepts all calls to the system - I've just broken every piece of malware, but it's gonna be the biggest pain in the ass to run to the point where there's no security at all. There's a fine line when it comes to HIPS.

@Thrawn,

Apparmor's wonderful. And if you're looking for an AE you can set Grsecurity to deny execution from a UserID and then simply log in from that ID (you can deny socket access etc and have a really 'least privilege' account).

@Tom,

Too true. Zero day season never ends nor will it ever.
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.13 (KHTML, like Gecko) Chrome/24.0.1284.2 Safari/537.13

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Review of the Top Picks in 2012 0-Day Benchmarks

Post by Thrawn » Fri Oct 12, 2012 1:26 am

Tom T. wrote:Something equivalent to AppArmor looks to be far beyond the scope of the average (Win/Mac) home user, although by definition *nix users tend to a much higher tech level. Shame.

AppArmor is basically an application boundary enforcer for your operating system. You write profiles that define the normal behavior of your applications, and deny all other activity. If you're dedicated enough to define comprehensive profiles for everything you use, then you can enforce a restrictive global policy on everything else. Very much like ABE.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Review of the Top Picks in 2012 0-Day Benchmarks

Post by Tom T. » Fri Oct 12, 2012 6:21 am

Thrawn wrote:
Tom T. wrote:Something equivalent to AppArmor looks to be far beyond the scope of the average (Win/Mac) home user, although by definition *nix users tend to a much higher tech level. Shame.

.... You write profiles that define the normal behavior of your applications, and deny all other activity. If you're dedicated enough to define comprehensive profiles for everything you use, then you can enforce a restrictive global policy on everything else. ...

Which sounds far beyond the scope of the average (Win/Mac) home user, as said. ;)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:16.0.1) Gecko/20100101 Firefox/16.0.1

Post Reply