Antivirus technology was first used in mid 80-s of the previous century, which makes it over 20 years old. Traditional antivirus approach has not really changed since and the main principle of every antivirus company remains to be chasing viruses around the web, recognizing their names, and finally sending these names via automatic updates into all antivirus programs of their clients. Only at that point antivirus user is safe from those viruses.
The problem arises when we come to viruses which have not been discovered yet by antivirus companies. And there are thousands of such viruses floating on the internet that no security company has discovered them yet. This as well means there is the same number of viruses your computer is vulnerable to.
It is impossible for developers to catch each virus before users of their solutions, to effectively protect them and because of that it seems each of us, using solely antivirus is constantly at danger of coming across a virus which it's security program has not discovered yet. And the truth is not far from this.
A few years ago, some visionary companies realized the vulnerability of antivirus solutions and developed security algorithms that go by the name HIPS. These are special programs which work quite differently from traditional antivirus applications, and instead of scanning every file and program for infection, they rather monitor registry entries, start up folder and other crucial system areas which are most likely to be attacked by malware for effective breach.
Not only HIPS solutions can find known viruses but unknown - zero day malware as well as they do not depend on their developers to catch all those malware on the web before you and update your antivirus to protect you from them. In reality it turned out that this approach better protected computers and easily outperformed traditional antivirus protection, although big and notorious antivirus companies will probably never admit that. But the fact still remains clear. Majority of people are using antivirus and internet is getting more and more infected. If what known AV companies claim would be true about their products there should be virtually no infected computers nowadays. But we know this is not the case.
The future therefore lies in host intrusion prevention systems obviously not in antivirus. I invite you to read an interesting interview with Comodo CEO Melih Abdulhayoglu about prevention vs detection or with other words antivirus vs hips. Find out why antivirus aka antivirus firewall can not protect you sufficiently any more.
READ INTERVIEW
9 Comments:
Proactive protection, in other words. Traditional antiviruses uses the reactive method of protection, where they respond only when a known risk is discovered. Another method of protection is the passive protection, where it prevents rather than cure but then still relies heavily on virus signatures.
Proactive protection allows antivirus to search for traces of possible malware activity rather than wait for it to spring into action before curing it. That's why security companies nowadays are all going HIPS & behavioral detection (correct me if i'm wrong).
It's really an interesting subject, Thomas. In fact, i was about to discuss about one of the products using proactive protection in my blog the coming days.
@Be James
Yes this is as well called proactive protection. We know products which started to implement hips solutions and simply named it as proactive. Some examples are Tea Timer in Search&Destroy, DeepGuard in F-Secure,ThreatSeanse in Eset, BitDefender's proactive inteligence, Kaspersky has it as well. These companies are realizing the potential of host protection solutions but yet they still emphasizes the imprortance of antivirus engine over hips. This obviously means that additional proactive protection in traditional antivirus does not by far perform as well as separated fully designed HIPS with extensive testing and development (Defense+, DefenseWall, ThreatFire).
You are observing corectly about HIPS being implemented more and more in security products these days. But as already said, stress in such products is not on HIPS but on AV engine and therefore such proactive protection is not that strong and perfected.
True, i think that HIPS is unreliable. To be honest, i'm still more of a fan of signature rather than HIPS. Which is why i'm still sticking with signature-driven antivirus like Kaspersky.
Hi James. Thanks for your thoughs.
HIPS may be "unreliable" in commercial antivirus products but not in all (f-secure has very strong hips called deep-guard).
But there are a few HIPS that are very very reliable and strong. I assure you those hips I have in mind are so strong that virtualy no malware can get by undetected. Defense+(part of Comodo firewall) for example is HIPS which is tremendously strong and is probably more effective than all antivirus engines together including eset, bitdefender, norton, kaspersky..... Another one is DefenseWall(shareware) which is using virtualization and therefore every application is run inside virtual box which makes computer almost 100& immune to malware attacks. In such scenarious malware can not escape the power of host intrusion defense program. The only way for malware to penetrate system is to find bug, backdoor or terminate the core of HIPS.
Of course security is something everyone should choose according to his preferences. The best security is the one you feel most comfortable with. HIPS and virtualization are not for everyone that is a fact. True, they both protect computer very effectively but at a cost of complexity, its understanding and costant user intervention. This is probably one of the reasons why HIPS is (and will in my opinion never be in such form)not as widely used as antivirus applications.
Personally I do not have an antivirus but hips or two and I feel truly safe, although I have to say that to majority of people I would still recommend good antivirus over hips because of the reasons above. Not everyone is security geek right? :) And I perfectly understend them.
I'm not an expert user so I thought it's enough to use a famous antivirus to be safe. I tryed with those free and paid -nothing to do. My PC is always infected by something and works bad. But I love free online antivirus scanners.
I still choose the an antivirus ratherthan HIPS its more reliable and more safe. I don't really have much knowledge on security but choosing the one that I used to and feel secure..
keep sharing guy
Nice post.
good post..
Post a Comment