Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[hake]

The latest version of AVG security and anti-virus software now includes self-protection to prevent malware from disabling it.  AVG 2012 and previous versions lack this feature.

[kitz]

Thanks for posting.    I was interested in how/what AVG were doing about the self-protection and Ive just tried to do a quick google to find out more info.  - This sort of thing used to be a hobby horse of mine many years ago.

Some AVs have supposedly had some sort of self protection module for a while, but it often seems like the bad guys are one step ahead and various trojans/viruses have still managed to get through... ie waiting to install on next boot.

Unfortunately I didnt come to anything conclusive about what/how they were doing to prevent this, perhaps because its too new yet, I did find a few reviews, not all of them positive, but I'll post a link in a bit of one that seems fairly unbiased.     Also interestingly it seems like a few users are having problems with this new version and are having problems running certain tasks such as chkdisk. :/

http://www.softwarecrew.com/2012/09/review-avg-internet-security-2013/

http://forums.avg.com/gb-en/avg-forums?sec=thread&act=show&id=216203

[hake]

One or two drawbacks with AVG 2013.  The UI is hard to read and is not resizable to a larger window.  Also the unistall would not work on Windows XP and neither would the 2013 uninstall utility.  These things will get ironed out I suppose but my verdict on AVG 2013 is that it should still be in beta.

AVG 2012 is sweet however apart from the nil point for virus update (in)frequency with the free version.

The travails I endured in removing AVG 2013 when system restore would not help on my main system was enough to propel me back to Avast!

[kitz]

Oh dear 

[Chrysalis]

I have always considered a/v useless to the technical competant (ie. they avoid infection by knowing how to avoid it) and only partially adequate for the rest.

Everytime someone on the net reports they got infected, I always used to ask them how, as I am very curious, but they never reply.
This suggests they too embarrassed to reply  (downloaded some fake warez or something) or its a made up story I guess to trash the a/v vendor since their post is to complain they got infected.

The only time I have had my a/v popup in over 10 years is rarely for some email attachments and I think i can remember 1 or 2 webpages.

The bestest way for protection is likely a combination of using a restricted user account (not admin under UAC a proper restricted account) and SRP (software restriction policy).   The idea been the only dirs that can run programs are all non writable, so a payload if was able to download to the system eg. via a exploited web page in browser run would fail to run no the system due to lack of local permissions.  SRP can be used to restrict execution paths and a restricted user account will have very limited places it can write to.  That combo is extremely powerful and tough to break better than any a/v.

Other OS's like linux use limited accounts by default, root is used for maintenance not for every day usage.  Microsoft I thought were introduing UAC as a stop gap in vista and had a plan to eventually migrate to restricted accounts but it now looks like they either abandoned the idea or were never planning to go all the way.

a/v vendors know that a blacklist system will always be behind the curve as it relies on discoveries and fixes to be rolled out, thats why they keep trying to make systems that can detect viruses without signatures.

Some things to look into also are microsoft's EMET tool and looking into using opt out for DEP combined with a custom dll someone made.  Thread here.  http://www.wilderssecurity.com/showthread.php?t=347514