A New Way Of Monitoring Malware?
from the proactively-checking-things-out dept
For years we've been discussing how traditional methods used by antivirus and antispyware products are often too reactive. The firms wait for someone to complain or send in an example of a problem. This often leads to calls for behavioral based solutions that look for certain behaviors that are likely to come from malicious files -- though that certainly risks lots of false positives if legitimate systems use similar behavior (already this can be seen with some firewall products, which constantly pop up warnings -- almost all of which users ignore, because so many are false positives). However, it appears that one firm is trying to take a different form of proactive approach. alarm:clock writes about SiteAdvisor that appears to try to proactively visit lots of sites and download all sorts of products while while putting together a large database of what those sites and products do, so that anyone can check to get a sense of how safe a site or software download really is. It's an interesting approach if they can really cover enough sites and downloads, while still getting people to actually look at their info (and, of course, not getting the data wrong).
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
How to Reach SiteAdvisor
-Ben, who liked the company so much, he joined the advisory board
[ link to this | view in thread ]
No Subject Given
[ link to this | view in thread ]
False positives
This is not a false positive, it's just telling you it's a new program and it's not been approved.
That said, if you have no idea what you're doing, of course you'll click yes mechanically. But those are not products that are supposed to work for people who have no idea what they're doing.
Neither is SiteAdvisor. People have to actively seek and analyze the data.
"Security for the dumb" is not near yet.
[ link to this | view in thread ]
Re: False positives
Ok, so when a pop-up from my security suite tells me that Microsoft Internet Explorer (or FireFox Browser) wants to access the internet, I am the dumb one for telling it "yes"? You would think that the software should already know that if I am opening a program to access the internet, I want to...well... access the internet.
I think that as the article states, there are many false positives - and by calling the user "dumb" (as you state), you probably just need to run more software, as there are many software out there that actually treat the user as being dumb, due to the fact that the software doesn't use much intelligence itself (the pot calling the kettle black).
[ link to this | view in thread ]
Re: False positives
Clicking yes when you know you want to access the internet may be annoying, but if you get malware that's sending a million spam emails and the charge over qwest is $5 each... you definitely want to be told about it...you might want to consider clicking NO (or at least reading the message), instead of being a "dumb" user.
As my old techer used to say... It's impossible to make software idiot proof because idiots are so ingenious
[ link to this | view in thread ]
Re: False positives
How is the software to know that YOU are the one who launched the program?
What do you expect if you don't know how to set your security settings to ignore certain products?
I agree more with the comment you replied to - however, it is a little extreme to call computer illiterate people dumb - just because people aren't in the industry doesn't mean they aren't intelligent. That's an extreme and pretty ignorant perspective (but what do you expect from script-kiddie elite?)
[ link to this | view in thread ]
Deep Freeze
Here's what I did. I set my PC up so my C: drive only contains a clean, updated copy of the XP operating system and my programs and then "froze" the C: drive so nothing else could be written to it. I keep all my -data- on an "unfrozen" external 40 MB USB drive so I can write to it while using my PC.
If I need to update the PC or load a program I can just shut down Deep Freeze until I load my new program or update my PC. Then, whenever I want to surf the Web, I disconnect the USB drive so it won't get infected with anything...and I *do* surf everywhere...virus web sites, rootkit sites, etc. If get infected with anything (even a rootkit), it's gone once I reboot. It's very cool to be able to surf anywhere I want and never having to worry about my PC or data getting trashed.
Note: If you try this, don't reconnect the USB drive until you reboot!
Another advantage is that you don't have to always be updating your PC to keep it protected. Just unfreeze it once a month (like on Black Tuesday) and do all your updates in one go. I am behind a NAT, so I can get my updates from MS in peace...
Another note: on my C: drive I have removed all personal information because if something loads on my PC while surfing, I don't want my personal information compromised.
I know this might not be for everybody, but this solution works very well for me and I have never had my PC get infected using Deep Freeze.
[ link to this | view in thread ]
Gigabyte
[ link to this | view in thread ]