Mbr Protection?

[bellgamin]

Does Immunet provide real-time monitoring of the Master Boot Record (MBR)? If so, please give a brief description of the nature of Immunet's MBR monitorship.

[bellgamin]

Since this forum post has drawn no replies, I telephoned Immunet's Office at 1-510-962-3114. It was an answering machine. So I called their Tech Support number, 1-866-891-4480, as listed on THIS Immunet page. I spoke with an individual named Ahmed, who put me on hold while he researched my question: "Does Immunet provide real-time monitoring of the Master Boot Record (MBR)?" When he returned, he said that Immunet does not cover the MBR - - - BUT he seemed not to even know what the MBR is. Therefore, I place no reliance on his reply.

 

I am a potential customer for Immunet, now on my 3rd day of trialing the PRO version. I like Immunet so far, but it is beginning to seem that no knowledgeable, official representative of Immunet is readily available to answer pre-sales questions.

 

I haven't given up -- YET. But I do hope that a knowledgeable & official source of Immunet Tech Support manifests himself soon.

[alfred]

Since this forum post has drawn no replies, I telephoned Immunet's Office at 1-510-962-3114. It was an answering machine. So I called their Tech Support number, 1-866-891-4480, as listed on THIS Immunet page. I spoke with an individual named Ahmed, who put me on hold while he researched my question: "Does Immunet provide real-time monitoring of the Master Boot Record (MBR)?" When he returned, he said that Immunet does not cover the MBR - - - BUT he seemed not to even know what the MBR is. Therefore, I place no reliance on his reply.

 

I am a potential customer for Immunet, now on my 3rd day of trialing the PRO version. I like Immunet so far, but it is beginning to seem that no knowledgeable, official representative of Immunet is readily available to answer pre-sales questions.

 

I haven't given up -- YET. But I do hope that a knowledgeable & official source of Immunet Tech Support manifests himself soon.

 

Sorry about the delayed answer. I suspect you called first level support (the toll free number for Free users). First level support is, well, first level support, they are meant to help with basic issues and generally can't be counted on to be super technical in nature. We're working on that.

 

In as much as any product provides MBR protection, Plus does. It will review the MBR at boot and keep subsequent watch of it afterwords. It will do a decent job at protecting against sophisticated rootkits and threats likely to play in the MBR (which btw, is very few). In reality, if your MBR is compromised by anything that is not stock, over tired malware, you might as well pack it up and reformat because no AV product is going to adequately defend you from sophisticated attacks at this level.

 

Threats like Mebroot et. al. are perhaps the future of AV products once we get basic detection hammered out. The only saving grace we have right now is that general detection is so easy to game that threats like Mebroot are overkill and not needed.

 

al

[bellgamin]

Sorry about the delayed answer. I suspect you called first level support (the toll free number for Free users). First level support is, well, first level support, they are meant to help with basic issues and generally can't be counted on to be super technical in nature. We're working on that.

 

In as much as any product provides MBR protection, Plus does. It will review the MBR at boot and keep subsequent watch of it afterwords. It will do a decent job at protecting against sophisticated rootkits and threats likely to play in the MBR (which btw, is very few). In reality, if your MBR is compromised by anything that is not stock, over tired malware, you might as well pack it up and reformat because no AV product is going to adequately defend you from sophisticated attacks at this level.

 

Threats like Mebroot et. al. are perhaps the future of AV products once we get basic detection hammered out. The only saving grace we have right now is that general detection is so easy to game that threats like Mebroot are overkill and not needed.

 

al

Thanks Al. I mean REALLY thanks. Your reply was *well worth waiting for.* I am delighted that Inet+ watches the MBR.

 

I shall shortly be on the 5th day of trialing Inet+. I really really like it!

 

Here are 2 more matters-of-interest while I (hopefully) have your attention:

 

1- I note that Inet+'s RAM load is quite reasonable. On the other hand its agent.exe page file load is >521MB & its iptray.exe page file is >105MB. I assume these are mainly sig databases. If so, I had thought Immunet's cloud approach would mean smaller page files. As a matter of interest (this is NOT a deal breaker) I would appreciate any comments that you care to make about this high page file usage.

 

2- Inet+ doesn't fare very well on Keylogger-prevention POCs. It's not a problem for me (I run a strong antikeylogger when I do sensitive biz), but I was wondering if keylogger protection (a la SafeOnline) is a long-term goal for Inet+?

[Kyle]

Maybe it's coincidence, however the sig folder on immunet (from my memory) is 500mb+, this seems very close to the page file you were mentioning.

Something I don't understand tho is that I thought the cloud was meant to be lighter, then i checked the sig folder :S

[alfred]

Thanks Al. I mean REALLY thanks. Your reply was *well worth waiting for.* I am delighted that Inet+ watches the MBR.

 

I shall shortly be on the 5th day of trialing Inet+. I really really like it!

 

Here are 2 more matters-of-interest while I (hopefully) have your attention:

 

1- I note that Inet+'s RAM load is quite reasonable. On the other hand its agent.exe page file load is >521MB & its iptray.exe page file is >105MB. I assume these are mainly sig databases. If so, I had thought Immunet's cloud approach would mean smaller page files. As a matter of interest (this is NOT a deal breaker) I would appreciate any comments that you care to make about this high page file usage.

 

2- Inet+ doesn't fare very well on Keylogger-prevention POCs. It's not a problem for me (I run a strong antikeylogger when I do sensitive biz), but I was wondering if keylogger protection (a la SafeOnline) is a long-term goal for Inet+?

 

Hi,

 

The paging out is definitely based on the definitions. In general we try to page out things which are not actively used in memory. Aspects of the UI will also page out.

 

As for keyloggers my hope is to not treat them any differently but rather just get better at detecting them. We are shipping a new engine 'code name iDelete' in February which will allow us to do this.

 

Best,

al

[alfred]

Maybe it's coincidence, however the sig folder on immunet (from my memory) is 500mb+, this seems very close to the page file you were mentioning.

Something I don't understand tho is that I thought the cloud was meant to be lighter, then i checked the sig folder :S

 

The Cloud part does make us lighter but if you opt for a traditional desktop based engine in tandem with your Cloud engines (TETRA in this case), it will take disk to consume the space for the defs. We could store them completely in the cloud and that would drop the space requirement but you would lose offline protection which is the general value proposition for offline engines.

 

al

[Kyle]

Thanks Alfred. I was under the assumption that local sigs were an opt\in\out kind of thing in the plus version, however they are automatically downloaded when you install\update. (No biggy, but still- i'd prefer the options)

I'd like to suggest if possible, to add a option for this to opt in\out.

 

 

thanks again.

[bellgamin]

I'd like to suggest if possible, to add a option for this to opt in\out.

I also would like the option to NOT store sig database on my computer. Offline protection is not an issue for me.