Jump to content

Anti-Virus to become obsolete.

rhythmnsmoke
 Share

Recommended Posts

rhythmnsmoke

rhythmnsmoke

Posted
  • Author
Posted
The problem that I have with this (I'm not an admin by the way...) is the fact that someone completely new comes in and advertises (that's the way I see it) a new product without having contributed anything else first. The difference between rythmnsmoke and nuhi and Alanoll is that nuhi and Alanoll have provided help in many areas, whereas for rythymsmoke, his first post is regarding a product that costs money and he works on. To me, that's advertising.

I think where I'm different here is, I'm not trying to sell it to you. I can't sell it to you, cause it's not available for you yet. So, all I'm doing is educating you. I don't plan on posting this and going away. So, don't worry, I will contribute other places on the forums.

I apologize if I was quick to judge on this. I've seen many other such first posts, and probably all of them up until now have been completely bogus. From the looks of things, this isn't the case here.

No worries, many people are quick to judge. So, all I can do is remain professional about it all. I'm 25 yrs. old, not some middle aged person, trying to promote thier company to increase sales.

Sure... most AV programs go undetectable on the system when you're not using it, but what about when there's high network or file I/O happening? Both Norton and NOD32 will sit quietly at idle, but start downloading a lot of stuff and Norton will cause your computer to slow to a crawl while NOD32 doesn't. These are just for comparative purposes mind you - there are several other AV programs that demonstrate similar qualities.

I run it everyday all day. It dose not impede on your daily activities with such things as a scheduled update of the signature database. Because there is none. I can download stuff to my hearts content(given the fact that I have privileges to do so). I don't see any system degradation. But I can only tell you that. You might think I'm full of it, but it does run lean. I have the usual stuff on my compter. Firefox, and IE browsers, Nero burning rom, Outlook, Office, Text messaging software, ect.. And I don't have to worry about the software poping up in the middle of me doing my work.

How exactly do you accomplish this? You're saying that you recieve data at the hardware level before Windows does? I thought that this was the key to how WinXP worked... the HAL - a method so that it was simple to interface hardware through the OS. The only program that I know of that can directly access some hardware (network cards and CD drives perhaps) is VMWare, but it still relies on the OS for processor calls and file I/O.

I could tell you that, but then I would have to kill ya....LOL. No, 10years of "C" code will allow you to do that. I'm not the programmer, so I can't give you specifics on the way that it's coded. It works though. The man behind the software is truly a genius. I have never seen someone with his skill when it comes to programming.

I'm somewhat skeptical of this... was the program put on the computers malicious (i.e. a virus/trojan)? If so, you're saying that none of the AV programs picked it up? I'd like to get my hands on this program... for testing purposes. ;)

I did not attend this particular test in question. However, given the nature of the software, it dosen't matter if it was malicious or not. Now why is that. Simple reason is this. If you take a traditional AV software and install it. Now, take a known virus and just copy it onto the drive, the AV software is not going to do anything until you try and execute it. This goes for batch files, virus, worms, trojans. Untill it actually tries to execute will the AV start it's defense, and only if it's a Known attack. That's why malicious code can so to speak "Wake Up" at a certain time the programmer specified and wreak havoc on your machine. The virus could have well been on your system months prior to it launching. Because of the binary search engine built into our software, anything that can execute will not be able to lie "asleep" on the machine. We are going to know it's there, and we are going to eradicate it. That goes for anything that can execute. Scripts, batch files, already exsisting batch files that you altered, etc...

Kinda harsh way to put it, but true... several programs use auto-update features. When the program is updated, how would the ImmuneEngine know to allow that program access to resources? For example, Sygate Personal Firewall keeps a running tabs on all programs that request network access, and when a program version changes, it asks the user what to do. Would the ImmuneEngine provide a similar feature?

Several, mostly all use a auto-update feature. But we don't. ImmuneEngine does not need to connect to a seperate website to download any update. We don't house any signatures in office, nor in the software. Simply put, if you need to update the computer, you either setup the function from the central console, or bring down the shield when installing the update.

Also, I'm not quite sure what you mean by "Binary Search Engine". Searching through the binary code itself is somewhat crude and probably an inefficient way of doing things. The binary data itself doesn't hold much value unless you know how to interpret it. A little more elaboration might help here...

Ok, check this out. Every piece of code that has the ability to execute, has a section of it, that CANNOT be changed. If you were to try and mess with it, the entire executable will have to be scrapped. You wouldn't be able to run it anymore. Now, let me tell you about our old technology when it still on the drawing board, and we were still modifying things. The old technology relied on file extentions. We would detect any new or old executable that had any of the common extentions on them like : .exe, .vbs, .ocx, .clsid...etc. We detected 12 file extentions by default, with the ability to add file extentions should someone start making TOM.Kill. However, there is a fundamental flaw with our approach. If you were to copy say Calc.exe to another part of your machine, and rename it to say Tom.txt, and say "YES" to all the dialog boxes that ask you about changing the file type. Now, what you will see is calc.exe change into a text file, with the text file logo. Now, if you were to double click it, it should run the calc program still, even though Windows recognize it as a text file. This is the primary reason why the binary search engine was created. Because of the binary search engine, you can name it anything you want now, but you can't change the underlining factor that it's still an executable. So, you can make it say John.John, we are going to know, and eradicate it.

This is one of those things where if I explain it to you, the comprehension is not going to settle into your mind, unless I demonstrate it to you. The you will be able to grasp the full ability of the software.

Link to comment
Share on other sites

^_^

^_^

Posted
Posted (edited)

No, he's saying his software looks at the binary of every file to see if it's executable

if so, his software locks it down.

but like everyone else is saying, what if you WANT new software? I don't want a piece of security software that's going to screw me as much or more than help me :no:

oh, and btw, norton considers file writing to be activity, if a know virii is written or copied on a drive, it detects it. it doesn't sit waiting for it to be executed

Edited by ^_^
Link to comment
Share on other sites
rhythmnsmoke

rhythmnsmoke

Posted
  • Author
Posted
i have 2 things to say

1-NOD32 is still considered the BEST overall AV out there including price and detecttion rate.

2-I knew 1 AV like the advertised one in this thread in the past. I asked this kind of question to AV company and they told me there is no way you can have AV without an update thing because if they do, we don't need to update our AV every week, do we.?

AV is like adware program. You need to keep updating your software if you don't want any virus / adware in your computer.

My response to you two things.

1) Wait till they get a load of this.

2) You can only say that until someone shows you that it exsist. We don't need to update our solutions. That's why we have the AV industry getting a little ticked off. If you had billions of dollars invested into a product that is getting beat up all the time by new viruses, and someone comes along and develops a new technology, wouldn't you be a little upset. You would not believe me if I told you how many times we have seen agencies that DON'T want us to get big. They have used all of their political power and pull to dethrone us. Simple reason, is they have all their R&D funds going into a technology that has been around since the early 90's. They don't want some new kid on the block that dosen't use that stuff, to provide a better software than they do.

That's why I told the other guy in the previous post, we are NOT AV software. We are a Security Solution, that makes the use of AV software obsolete. Until we have a new file structure, there will be no new way of writing malicious code. Given the way it is designed, it can not go undetected and eradicated by our system. Even if it's new or old. We Know Everything In The Computer!

Link to comment
Share on other sites
^_^

^_^

Posted
Posted

oooo, good idea.

make your program delete pr0n too.

that way the AV companies will hate you, and the pr0n industry will love you cuz all those sickos will have to download their fantasies again :lol::whistle:

Link to comment
Share on other sites
Yzöwl

Yzöwl

Posted
Posted

So far so good, but if my 90% of my network users spend almost all their login time creating code

  • Scripts
    MS Office Macros & Templates
    Programming
    Web design /solutions

Tthe shield will only be able to go up when we go home and we will need a 'standard' product during the day!

Link to comment
Share on other sites
rhythmnsmoke

rhythmnsmoke

Posted
  • Author
Posted
No, he's saying his software looks at the binary of every file to see if it's executable

if so, his software locks it down.

but like everyone else is saying, what if you WANT new software? I don't want a piece of security software that's going to screw me as much or more than help me :no:

Whew! man, my hands are starting to get tired. You must missed the part where I explained about taking down the protection of the machine, installing your software, and bringing your machine back up to include you now NEW software in the protection matrix.

oh, and btw, norton considers file writing to be activity, if a know virii is written or copied on a drive, it detects it. it doesn't sit waiting for it to be executed

Notice you said KNOWN virus. The test case is this, take Norton, create what they call a Zero-Day exploit. Now deposit onto the machine. Nothing will happen, because Norton dosen't KNOW it. Take another test case, create a script file onto a Norton computer, to have it say, open the registry editor. Lets say you name it "test.bat". Launch it, and watch it run and open your registry editor.

Link to comment
Share on other sites
rhythmnsmoke

rhythmnsmoke

Posted
  • Author
Posted
So far so good, but if my 90% of my network users spend almost all their login time creating code
  • Scripts
    MS Office Macros & Templates
    Programming
    Web design /solutions

Tthe shield will only be able to go up when we go home and we will need a 'standard' product during the day!

Negative. We have already thought of this as well. The solution has the ability to allow those people writing code, to store, modify, can create code to where they need to. And still have the shield up and running. You will recieve notification on when they created and updated with new code and saved it onto the computer. All you have to tell the shield to do is not eat that code. It's that powerful.

Link to comment
Share on other sites
Win2k3EE

Win2k3EE

Posted
Posted
Several, mostly all use a auto-update feature.  But we don't.  ImmuneEngine does not need to connect to a seperate website to download any update.  We don't house any signatures in office, nor in the software.  Simply put, if you need to update the computer, you either setup the function from the central console, or bring down the shield when installing the update.

Wait a sec bob. What you are saying is "if I have to update a piece of my software I can't do it with your "AV" ON, but OFF?" What's the point then of having this "wonder of technology" if you will get infected while the "shield is down". Then I'll bring up "the shield" and it will detect...let's say a couple of vital files of my apps infected. It will delete the infected files and my OS will stop working!!! What then? Who will I sue for loosing a lot of money 'cause my server(s) down???

Think a bit kid...it's not easy.

Right now, my network is secured behind a Sygate Personal Firewall Pro 5.5.2710 and I run Symantec AV Corp. NOTHING can pass through whitout ME knowing it. Can YOU provide the same security?

:whistle:

Link to comment
Share on other sites
Zxian

Zxian

Posted
Posted (edited)
Notice you said KNOWN virus. The test case is this, take Norton, create what they call a Zero-Day exploit. Now deposit onto the machine. Nothing will happen, because Norton dosen't KNOW it. Take another test case, create a script file onto a Norton computer, to have it say, open the registry editor. Lets say you name it "test.bat". Launch it, and watch it run and open your registry editor.

I think the difference here that many people are getting confused with is the fact that this software will essentially lock down the entire computer - not just provide an alternative to anti-virus software.

But what you also said isn't quite true... NOD32 relies heavily on heuristics to detect viruses - not definitions. As a result, it's recieved the highest placement on the VB100 list (30 passes, 3 fails - all fails on Linux or DOS...). Place an unknown malicious piece of software on your hard drive and chances are that it'll get picked up.

As for the question about the batch file... it's a silly example, IMO. A lot of the stuff I do involves batch files... and you're basically saying that I'd have to add each one to the "allowed" list. I could also type in (as un4given1 pointed out a while back):

del c: /s /q /f

to the command line... no anti-virus program would catch it, but would your software stop that if you had granted permission to the command line?

EDIT And yeah... I'd imagine your hands are getting tired. You've got a lot of smart (and some not-so-smart) people asking questions. Kudos to you for keeping such a level head! :thumbup

Edited by Zxian
Link to comment
Share on other sites
Yzöwl

Yzöwl

Posted
Posted

Files are 'checked out' of the 'Document Management' system, and worked on locally until 'checked back in'.

All files code will be tested several times every day during its creation /modification, by users not administrators.

Regardless of where the files are stored during the day, code will be in and out of memory, whilst testing, either debugging in the IDE or real world testing on smaller portions of a file before appendaing to the master file.

If your program does as you say, I will have to only have the shield up on the clerks PCs, or effectively open it up so far as it becomes ineffective.

Link to comment
Share on other sites
rhythmnsmoke

rhythmnsmoke

Posted
  • Author
Posted
Wait a sec bob. What you are saying is "if I have to update a piece of my software I can't do it with your "AV" ON, but OFF?" What's the point then of having this "wonder of technology" if you will get infected while the "shield is down". Then I'll bring up "the shield" and it will detect...let's say a couple of vital files of my apps infected. It will delete the infected files and my OS will stop working!!! What then? Who will I sue for  loosing a lot of money 'cause my server(s) down???

Think a bit kid...it's not easy.

Right now, my network is secured behind a Sygate Personal Firewall Pro 5.5.2710 and I run Symantec AV Corp. NOTHING can pass through whitout ME knowing it. Can YOU provide the same security?

:whistle:

you either setup the function from the central console

Did you overlook that part. You DON'T have to bring down the shield to update what it is you need to update. I said it was an OPTION to bring down the shield to do your update. Look at it this way, Do they have to open the bank vault to deposit money? The answer is YES. Same philosophy, except, in the shield, you can make a mail slot like in the front door of your house. And yes, you will know when a your program gets the update because an alert will be generated on it.

Link to comment
Share on other sites
^_^

^_^

Posted
Posted

well, grisoft is starting out by offering a free version

I think you guys need to get busy, and release one on your website so all these propellerheads can get out there and give some real word of mouth :yes:

Link to comment
Share on other sites
rhythmnsmoke

rhythmnsmoke

Posted
  • Author
Posted
I think the difference here that many people are getting confused with is the fact that this software will essentially lock down the entire computer - not just provide an alternative to anti-virus software.

But what you also said isn't quite true... NOD32 relies heavily on heuristics to detect viruses - not definitions. As a result, it's recieved the highest placement on the VB100 list (30 passes, 3 fails - all fails on Linux or DOS...). Place an unknown malicious piece of software on your hard drive and chances are that it'll get picked up.

Have you done research on the fundamental flaws of a heuristic approach? Do a search and let me know what you find. There are a lot of white papers on it over a ZDnet. We don't poses those flaws. Did you read also the white paper on our website. The one entitled ImmuneEngine Vs. Symantec. I done research and came up with the majority of material for that white paper. When doing my research, I came upon the finding that Symantec didn't even create their solution, and infact IBM created. Read the white paper, and the link in the white paper to see why I'm telling you this.

As for the question about the batch file... it's a silly example, IMO. A lot of the stuff I do involves batch files... and you're basically saying that I'd have to add each one to the "allowed" list. I could also type in (as un4given1 pointed out a while back):

It's just a short example. But far from silly. You can create a batch file to do multiple things. Malicious things to top that off.

del c: /s /q /f

to the command line... no anti-virus program would catch it, but would your software stop that if you had granted permission to the command line?

1) your not getting the option to do that.

2) someone placed mis-judgement in you to give you rights to ImmuneEngine to access the non-secure version of cmd.exe.

3) If they did give you rights to ImmuneEngine, and you open the non-secure cmd.exe and were to input that command in, What will happen is the alerts will start going haywire on the Admin's desk. Then he is going to come down to you, because the alert tell you 1) What machine, 2) the user logged in 3) and the date and time stamp in. This all happens in real time. Now, how are you going to explain to the Admin that you did it by mistake. Say good bye to your job. This action will not go undetected even if you have rights to ImmuneEngine.

This is the whole reason why we created BBXcmd.exe. Corporations now have the abiltiy to track everything you do by command prompt. It even stores the commands you previously entered. You would be stupid to mess with a system that has an all seeing eye, and knows everything you touch. And get this, the feature has not been put into place yet, but from the main console Admin's are going to have the abiltiy to send a signal to the BBXcmd.exe on the client machines to specify which commands it should allow and not allow. Only the truly trusted Admin's(which I think corporations are going to have few and far between) are going to have access to the system's not so secure functions.

Link to comment
Share on other sites
rhythmnsmoke

rhythmnsmoke

Posted
  • Author
Posted
Files are 'checked out' of the 'Document Management' system, and worked on locally until 'checked back in'.

All files code will be tested several times every day during its creation /modification, by users not administrators.

Regardless of where the files are stored during the day, code will be in and out of memory, whilst testing, either debugging in the IDE or real world testing on smaller portions of a file before appendaing to the master file.

If your program does as you say, I will have to only have the shield up on the clerks PCs, or effectively open it up so far as it becomes ineffective.

The files are check in/out of a central location right? All you have to do is filter that location. The shield will still be up and running. Who you give access to deposit and update that location is totally up to you. However, to test the software by executing it, is going to require you to run it on a separate machine not running ImmuneEngine. I guess you could set up a "Code" test box for the specific purpose of just testing the new codes.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...