Anything can be bypassed. Some hackers recently found a way to crack SSL encryption given the right set of circumstances. I don't ever pretend to be invulnerable. But I'll trust my implementation over an AV that's only 95% effective any day, and fore-go increasing my attack surface for an app that's just going to sit there sucking resources and never find anything.
I think AV's are becoming outdated. It's a losing battle trying to keep up to date blacklisting all the new threats, and real-time scanning is a resource hog. Sandboxing/virtualization, limited privileges & imaging/backup are the future. By running in an isolated, virtual environment with low privileges malware can't do anything even if you're infected, and a simple reboot can restore a clean image anyway. Much more practical.
I don't think you understand the process, because it actually negates the chances of losing everything, not increases it. It's disaster recovery, so that if your system becomes compromised you have a clean image to restore from. I'm not talking about reformatting here. And on top of that you keep your files and an image on an external drive, or 2. I have one on a WD Elements, an encrypted USB stick, and a DVD-R just in case. Odds of losing all 3 = remote.
@JunmaiShu Lol you are wrong in so many ways. Virtualization software such as shadow defender or sandboxie can be bypassed but not easily. Only virtual machines such as vmware are virtually impossible to be bypassed but i am sure there are workarounds by spreading through the network, you see it is not that simple and are usually exaggerated which ignorant idiots believe and post bullshit on websites bragging about how good it is without programming knowledge, oblivious of many vulnerabilities.
I don't recall stating it's a magic bullet. Such a thing doesn't exist. End user knowledge will always be your best weapon, and the software is only as good as it's implementation. My post was assuming a knowledgeable end user was a given in this equation, watching these videos, and such a person can get more out of OS hardening & virtualization/imaging. The oblivious that you mention should stick to their AV's and inbound only FW's.
@JunmaiShu Virtualization software consume a lot of time there is such a thing called hips now that is way better and as for people who are oblivious of the dangers. 90% of the people who watched this video are. None have knowledge about malware, the tricks it uses to infect you e.t.c but instead have proper grammar and attempt to sound as if they know anything/create a strong impression. Which you will notice if you read what they have written realizing it is what a average user knows.
Funny you mention HIPS, as they're entirely dependent upon end user knowledge. You would recommend this to the average user? I honestly can't think of a worse idea off-hand. I personally use one, along with Sandboxie. I don't agree that one replaces the other, as both have their own benefits. But when running virtualized or restoring an image, it's a guaranteed restored pristine state. But answer 1 HIPS prompt wrong, and the jig could be up. How is that safer?
@JunmaiShu You are wrong again. No they are not dependent upon end user knowledge. Hips that come with rules alongside with an antivirus are very useful even for the average user. Where as with vmware and sandboxie malware it would be a harder task to perform to determine the legitimacy of the file. Also just because you run malware in a virtual environment it does not mean the file is clean. Malware can detect if its running and not execute or simply run in stealth mode.
@JunmaiShu Also by restoring an image it is not guaranteed to be restored to the state it is meant to be restored to. Malware/trojans e.t.c can infect the image using different kinds of techniques and by going to deeper parts of the system which rootkits can do which simply restoring to a previous state does not have an effect to the infection. With worms such as the conficker/bots/rat servers, it could be spreading through lan usb... it could infect you again.
@JunmaiShu No, i did not say that hips replaces using virtualized software, that is just plain dumb. I just stated it is more convenient and simpler for the average user. Which has its downsides as well.
lol sophos you are a joke this so called sophos endpoint web protection can be easily compromised, killed, bypassed by malware so just give up you will never be as good as kaspersky or eset.
Anything can be bypassed. Some hackers recently found a way to crack SSL encryption given the right set of circumstances. I don't ever pretend to be invulnerable. But I'll trust my implementation over an AV that's only 95% effective any day, and fore-go increasing my attack surface for an app that's just going to sit there sucking resources and never find anything.
To each his/her own though...
JunmaiShu 5 months ago
I think AV's are becoming outdated. It's a losing battle trying to keep up to date blacklisting all the new threats, and real-time scanning is a resource hog. Sandboxing/virtualization, limited privileges & imaging/backup are the future. By running in an isolated, virtual environment with low privileges malware can't do anything even if you're infected, and a simple reboot can restore a clean image anyway. Much more practical.
Sandboxie & ShadowProtect are great solutions.
JunmaiShu 5 months ago
@JunmaiShu If you're using recovery partitions, reinstalls, etc. you risk losing all your files. Not very practical at all,.
TwiIightSparkle 5 months ago in playlist More videos from SophosLabs
I don't think you understand the process, because it actually negates the chances of losing everything, not increases it. It's disaster recovery, so that if your system becomes compromised you have a clean image to restore from. I'm not talking about reformatting here. And on top of that you keep your files and an image on an external drive, or 2. I have one on a WD Elements, an encrypted USB stick, and a DVD-R just in case. Odds of losing all 3 = remote.
JunmaiShu 5 months ago
@JunmaiShu Lol you are wrong in so many ways. Virtualization software such as shadow defender or sandboxie can be bypassed but not easily. Only virtual machines such as vmware are virtually impossible to be bypassed but i am sure there are workarounds by spreading through the network, you see it is not that simple and are usually exaggerated which ignorant idiots believe and post bullshit on websites bragging about how good it is without programming knowledge, oblivious of many vulnerabilities.
joshuapratt6 5 months ago
I don't recall stating it's a magic bullet. Such a thing doesn't exist. End user knowledge will always be your best weapon, and the software is only as good as it's implementation. My post was assuming a knowledgeable end user was a given in this equation, watching these videos, and such a person can get more out of OS hardening & virtualization/imaging. The oblivious that you mention should stick to their AV's and inbound only FW's.
JunmaiShu 5 months ago
@JunmaiShu Virtualization software consume a lot of time there is such a thing called hips now that is way better and as for people who are oblivious of the dangers. 90% of the people who watched this video are. None have knowledge about malware, the tricks it uses to infect you e.t.c but instead have proper grammar and attempt to sound as if they know anything/create a strong impression. Which you will notice if you read what they have written realizing it is what a average user knows.
joshuapratt6 5 months ago
Funny you mention HIPS, as they're entirely dependent upon end user knowledge. You would recommend this to the average user? I honestly can't think of a worse idea off-hand. I personally use one, along with Sandboxie. I don't agree that one replaces the other, as both have their own benefits. But when running virtualized or restoring an image, it's a guaranteed restored pristine state. But answer 1 HIPS prompt wrong, and the jig could be up. How is that safer?
JunmaiShu 5 months ago
@JunmaiShu You are wrong again. No they are not dependent upon end user knowledge. Hips that come with rules alongside with an antivirus are very useful even for the average user. Where as with vmware and sandboxie malware it would be a harder task to perform to determine the legitimacy of the file. Also just because you run malware in a virtual environment it does not mean the file is clean. Malware can detect if its running and not execute or simply run in stealth mode.
joshuapratt6 5 months ago
@JunmaiShu Also by restoring an image it is not guaranteed to be restored to the state it is meant to be restored to. Malware/trojans e.t.c can infect the image using different kinds of techniques and by going to deeper parts of the system which rootkits can do which simply restoring to a previous state does not have an effect to the infection. With worms such as the conficker/bots/rat servers, it could be spreading through lan usb... it could infect you again.
joshuapratt6 5 months ago
@JunmaiShu No, i did not say that hips replaces using virtualized software, that is just plain dumb. I just stated it is more convenient and simpler for the average user. Which has its downsides as well.
joshuapratt6 5 months ago
My school uses eset
MapleCrafter 5 months ago
lol sophos you are a joke this so called sophos endpoint web protection can be easily compromised, killed, bypassed by malware so just give up you will never be as good as kaspersky or eset.
joshuapratt6 5 months ago
Haha my primary school used Sophos, secondary sch they used McAfee. :P
mp3talon 5 months ago
@mp3talon Both of mine used McAfee :(
XUbuntuzX 5 months ago
My school uses Sophos :P
jazzysocksdude 5 months ago
Sophos interface looks so outdated.
USoundMad 5 months ago 2
@USoundMad professional*
BacklTrack 5 months ago
Comment removed
yinge101 5 months ago