Malcontent Posted July 1, 2010 Report Share Posted July 1, 2010 I'm glad to hear that Behavioral Blocking is coming in the future. How about Behavioral Analysis as well? It would help increase protection against of 0-day malware. It would also be helpful while offline. Also, any time frame for when behavioral blocking will be available? Months? Year? Thanks for listening Link to comment Share on other sites More sharing options...
Guest Armin Pasalic Posted July 1, 2010 Report Share Posted July 1, 2010 Hmm... Can you tell me what Behavior Analysis does that Behavior Blocker doesnt? :-) Cheers! Link to comment Share on other sites More sharing options...
Malcontent Posted July 1, 2010 Author Report Share Posted July 1, 2010 <br />Hmm... Can you tell me what Behavior Analysis does that Behavior Blocker doesnt? :-) <br />Cheers!<br /><br /><br /><br /><br /><br /><br /> My understanding is that when a program is executed, it is ran in a mini virtual machine to see if it does anything suspicious. It's something like Panda's TruPrevent technology. http://research.pandasecurity.com/how-truprevent-works-i/ Link to comment Share on other sites More sharing options...
Guest Armin Pasalic Posted July 1, 2010 Report Share Posted July 1, 2010 I would just add this kind of Engine: A Virtuel box. Isolates UNKNOWN! files from system. If it is .exe/installers they will be sandboxed, but you install it in a kind of "Virtuel box." In there, you have a behavior analysis/blocker, and it will watch the behavior what the FILE would have done if it was malicous. It then submits files to the Experts.. That's the way I would have done, but of course viruses can pass this too. ^^ Cheers! Link to comment Share on other sites More sharing options...
clocks Posted July 2, 2010 Report Share Posted July 2, 2010 I would just add this kind of Engine: A Virtuel box. Isolates UNKNOWN! files from system. If it is .exe/installers they will be sandboxed, but you install it in a kind of "Virtuel box." In there, you have a behavior analysis/blocker, and it will watch the behavior what the FILE would have done if it was malicous. It then submits files to the Experts.. That's the way I would have done, but of course viruses can pass this too. ^^ Cheers! That's program pretty much already exists. It's call Comodo Internet Security. Link to comment Share on other sites More sharing options...
Guest Armin Pasalic Posted July 2, 2010 Report Share Posted July 2, 2010 Yeah, but we are not talking about Comodo now. It was just a suggestion for Immunet. Link to comment Share on other sites More sharing options...
clocks Posted July 2, 2010 Report Share Posted July 2, 2010 Yeah, but we are not talking about Comodo now. It was just a suggestion for Immunet. That's fine, it's just you described a sandbox as if it were a new concept. Personally, I would rather see a great behavior blocker added than hips/sandbox. If Immunet were to use an existing program as a model, I would hope they go the Prevx route. Probably the lowest resources (ram, virtual mem, cpu, etc) of anything out there, while having awesome detection. Just price the program better than Prevx does. Link to comment Share on other sites More sharing options...
Guest Armin Pasalic Posted July 2, 2010 Report Share Posted July 2, 2010 I admit, PrevX is a great product. I suggested an idea: "Immunet Manuel Cleaning" like in PrevX. But... Behavior Analysis/blocker can fail 70% if the virus makers knows how to slip through. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.