Sophos Endpoint Web Protection 10

@JunmaiShu No, i did not say that hips replaces using virtualized software, that is just plain dumb. I just stated it is more convenient and simpler for the average user. Which has its downsides as well.

@JunmaiShu Also by restoring an image it is not guaranteed to be restored to the state it is meant to be restored to. Malware/trojans e.t.c can infect the image using different kinds of techniques and by going to deeper parts of the system which rootkits can do which simply restoring to a previous state does not have an effect to the infection. With worms such as the conficker/bots/rat servers, it could be spreading through lan usb... it could infect you again.

@JunmaiShu You are wrong again. No they are not dependent upon end user knowledge. Hips that come with rules alongside with an antivirus are very useful even for the average user. Where as with vmware and sandboxie malware it would be a harder task to perform to determine the legitimacy of the file. Also just because you run malware in a virtual environment it does not mean the file is clean. Malware can detect if its running and not execute or simply run in stealth mode.

Anything can be bypassed. Some hackers recently found a way to crack SSL encryption given the right set of circumstances. I don't ever pretend to be invulnerable. But I'll trust my implementation over an AV that's only 95% effective any day, and fore-go increasing my attack surface for an app that's just going to sit there sucking resources and never find anything.

To each his/her own though...

Funny you mention HIPS, as they're entirely dependent upon end user knowledge. You would recommend this to the average user? I honestly can't think of a worse idea off-hand. I personally use one, along with Sandboxie. I don't agree that one replaces the other, as both have their own benefits. But when running virtualized or restoring an image, it's a guaranteed restored pristine state. But answer 1 HIPS prompt wrong, and the jig could be up. How is that safer?

@JunmaiShu Virtualization software consume a lot of time there is such a thing called hips now that is way better and as for people who are oblivious of the dangers. 90% of the people who watched this video are. None have knowledge about malware, the tricks it uses to infect you e.t.c but instead have proper grammar and attempt to sound as if they know anything/create a strong impression. Which you will notice if you read what they have written realizing it is what a average user knows.

I don't recall stating it's a magic bullet. Such a thing doesn't exist. End user knowledge will always be your best weapon, and the software is only as good as it's implementation. My post was assuming a knowledgeable end user was a given in this equation, watching these videos, and such a person can get more out of OS hardening & virtualization/imaging. The oblivious that you mention should stick to their AV's and inbound only FW's.

@JunmaiShu Lol you are wrong in so many ways. Virtualization software such as shadow defender or sandboxie can be bypassed but not easily. Only virtual machines such as vmware are virtually impossible to be bypassed but i am sure there are workarounds by spreading through the network, you see it is not that simple and are usually exaggerated which ignorant idiots believe and post bullshit on websites bragging about how good it is without programming knowledge, oblivious of many vulnerabilities.

I don't think you understand the process, because it actually negates the chances of losing everything, not increases it. It's disaster recovery, so that if your system becomes compromised you have a clean image to restore from. I'm not talking about reformatting here. And on top of that you keep your files and an image on an external drive, or 2. I have one on a WD Elements, an encrypted USB stick, and a DVD-R just in case. Odds of losing all 3 = remote.