We are witness to a historic, unprecedented amount of attention given to cyber-security. Even the Government today is moving a bill up the chain of command to allow companies to share with the government incidents of breaches with all the details to collaborate and coordinate a comprehensive defense.
Well, it may take a while for the benefits of that move to trickle down to you and I, so here a Wasabi, we thought we would share information that would immediately impact, and perhaps benefit your computing health with some enlightening facts that aren't commonly known about your typical Anti-Virus solution, and yes, we do have a remedy on standby... May the odds be in your favor...
1. Different Vendors DOESN'T Mean
Different Detection
Think when you are
selecting an anti-virus vendor you are deciding between individual solutions?
Think
again! Much like breakfast cereals, the industry is only made up of a few
unique engines that are heavily licensed. AV Comparatives has an excellent breakdown of third party engines. Regardless
of which AV you choose, there's a good chance you actually just bought
Bitdefender. The net? It just makes it that
much easier for attackers to target and avoid AV.
2. AV Actually INCREASED Pop-Ups
Traditional AV, to find a
way to stay relevant, has actually increased the number of “”pop ups” to let
you know it's “working”. Working, of course, is a relative term.
3. AV is Why Your PC is Slow and Your Battery Is Dead
With the most of the top applications hovering about 60 MB and
peaking at 150 MB, traditional AV companies get a huge amount of complaints for
hogging system resources, averaging 320 MB of RAM with some topping out in the 580MB range, rivaling that only of the OS
system itself.
To stem to tide of complaints, they tried reducing the load by deploying techniques such as scaling back threat detection or paging memory to disk to hide memory usage, the invention of quick scans, and the worst offender of them all, on-access scanning. These tricks have hidden costs that cause instability, slowness, and decreased battery life.
To stem to tide of complaints, they tried reducing the load by deploying techniques such as scaling back threat detection or paging memory to disk to hide memory usage, the invention of quick scans, and the worst offender of them all, on-access scanning. These tricks have hidden costs that cause instability, slowness, and decreased battery life.
4. AVs
are Relatively Ineffective due to Packers
A packer is a tool that can
transform an executable into another executable which exhibits the same or
extended functionality but has a different footprint on the file system where
it resides. These packers are also often referred to as compressors, and were
very popular in the early days of personal computers.
Today, packers make reverse engineering
executables significantly more difficult. These packers are also often referred
to as “protectors”, as they attempt to protect the original executable from
prying eyes. In fact, new methods of packing executables were developed which
turned out to be very efficient in evading all current Antivirus products
without the use of emulation, which is the ‘Resource packer’.
The net is – if your product doesn’t sandbox
the attack – they are useless. Even with sand-boxing – it’s a crap-shoot on whether they will be able to find the malware
due to the many malware techniques used to mask their code in a sandbox
scenario. The malware goes so far to
actually do system checks before encrypting the code to make sure they are in
a real system.
A packer is a tool that can
transform an executable into another executable which exhibits the same or
extended functionality but has a different footprint on the file system where
it resides. These packers are also often referred to as compressors, and were
very popular in the early days of personal computers.
Today, packers make reverse engineering
executables significantly more difficult. These packers are also often referred
to as “protectors”, as they attempt to protect the original executable from
prying eyes. In fact, new methods of packing executables were developed which
turned out to be very efficient in evading all current Antivirus products
without the use of emulation, which is the ‘Resource packer’.
The net is – if your product doesn’t sandbox
the attack – they are useless. Even with sand-boxing – it’s a crap-shoot on whether they will be able to find the malware
due to the many malware techniques used to mask their code in a sandbox
scenario. The malware goes so far to
actually do system checks before encrypting the code to make sure they are in
a real system.
5. Detection Relies On Internet Access
Ever tested your traditional AV without the
internet? You might be surprised to learn that all that virus knowledge isn’t
actually jammed into that signature file you have to download every day to
"stay up to date". Cloud lookups are a huge percentage of AV’s
ability to detect things. And cloud-based lookups mean malware executes while
the lookup occurs. This is also why one of the first things malware does to
attack AV is stop AV from calling home. It’s partially to stop signature
downloads, but it’s more effective at stopping detections the AV company has
using the cloud.
Hey Buddy Can you Paradigm?
Regardless of the very scary prognosis in the
Anti-virus industry, there is hope. A
new paradigm shift has occurred to address the need for anti-virus
security. Prevention is possible with
CylancePROTECT. PROTECT is the next generation of antivirus with orders of
magnitude increases in detection and orders of magnitude decreases in resource
usage. Cylance is ushering in a mathematical revolution to the security
industry, one math model at a time.
The key features of host name to IP mapping are as follows:
The key features of host name to IP mapping are as follows:
- At Cylance they built their own engine without using signatures, instead they leverage predictive mathematics – the same math that is disrupting a variety of other industries including marketing, insurance, finance, defense, manufacturing and medicine to name a few. .
- No Pop ups, we chose our name with purpose, so it should be obvious that we appreciate that security should be silent.
- Cylance took a generational leap away from this broken architecture. CylancePROTECT uses predictive mathematics, and obviating the need for daily updates. No daily updates, means no daily scans, and no dirty tricks.
- The great part about a machine learning based solution is that our model file contains the entirety of what we know about malware distilled down into one convenient package. It’s a mini-brain. Offline or online, killing malware all the same.
- Cylance provides a PCI-DSS and Microsoft VIA certified next generation AV that stops tomorrow’s threats today. Enterprise customers should consider checking this out if your traditional AV subscription is up for renewal.
Source(s):
- http://www.av-comparatives.org/wp-content/uploads/2015/01/avc_sum_201412_en.pdf
- https://social.technet.microsoft.com/Forums/windows/en-US/c3254f92-e185-4d3f-815c-6a42ff32334e/how-much-ram-is-usage-is-normal
- https://youtu.be/RqyrHCJEmAw
- http://www.blog.creativform.com/complete-list-antivirus-software/
So “Once more unto the breach, dear friends, once more;”
____________________________________________________________
About Rick Ricker
An IT professional with over 23 years experience in Information Security, wireless broadband, network and Infrastructure design, development, and support.
For more information, contact Rick at (800) 399-6085 x502
No comments:
Post a Comment
Thanks for your input, your ideas, critiques, suggestions are always welcome...
- Wasabi Roll Staff