Anti-Virus to become obsolete.

[rhythmnsmoke]

Whatever this "matrix" is, the matrix has to be stored somewhere in the system, most likely in a file. Whatever you decide to [not] call this file, in the end it will still be a database no matter how much you deny it. Now there's two things wrong with having a database: corruption\modification, and contradiction. Also, more advanced hackers know that it's as easy to simply modify the registry so as to have batch files have a new extension of say .baw. Then they rename their file and, voila, it runs! Using a database of good and bad files also doesn't work with CDs. Some CDs might contain malware, but others needed for programs. The only way you can get these files into your matrix is to ask the user to insert all of his/her CDs to be scanned.

My friend, you have it all wrong. If you want to call something a "Database", then the ENTIRE HDD is your Database. Nothing comes in plain and simple. That goes for CD's too. You put in a cd, and try to launch something from the CD, it gets scanned. Guess what, no execution. Next thing, how are you going to get to the registry when we shut it down? Don't matter if your an Admin or not, we SHUT IT DOWN. If we shut it down, how are you going to modify the registry? You can still read the contents of the CD, but your not going to execute something off of it.

Let's see, "it is up to the user to know if any new executables are coming from legit source", but you also say "why waste time in trying to guess what is good or not". So the user gets to decide, but not guess. Since usually the user guesses when faced with a decision dialog, your statements do not make sense, hence another contradiction. If I understood you wrong, and the computer does this, then the computer has no way to know if you know these executables are being downloaded.

You are confusing everything. I was refereing to ImmuneEngine in it's way of defending the PC when I said "why waste time in trying to guess what is good or not". Becuase that's what other technologies do. They try to GUESS at things. ImmuneEngine doesn't give 2 cents, if you download something to the machine, and you didn't tell ImmuneEngine to take down the shield, it's going to be eaten whether it's malicious or not. We don't care about the actual process of you downloading. It's when the executable acutally gets to the machine that we care about. That's why I said it's HOST-Based. If it's not a malicious program, then you should have access to bring down the shield. If you don't have access to ImmuneEngine to download stuff, then obviously your boss dosen't trust you enough to be installing stuff on the machine anyway. What it boils down too, is the power to decide if the source is good or not, is left up to you. If you bring down the shield, and download stuff that you don't know where it's coming from, is the same analogy as the Vault manager at a large bank, having keys to the vault, opening the vault and depositing an unknown bag to which could possibly contain a bomb in it.

So if you just optimize a code enough, you can get Doom 3 to run with zero processor usage? And of course it's possible to have your software run with low processor usage, on an Athlon FX-57.

Why are you comparing a heavy graphics processor, animation, control input induced game, with security software. You don't have to believe me, but when the next meeting takes place, I will show those guys the task manager, and show them how much processor power we utilize. You will only see a range of 0-3 cpu usage. If you can fake a taskmanager cpu usage display, please let me know.

I only use IF so as to not assume anything is true, but to be open to all possibilities. If you do not use lists, databases, or signatures, then what is this "matrix"? Is it stored in memory? Hard-coded into the program executable?

Read previous post, I said that I would go further into detail over the phone during the live demo. If you whish to know the answer to this question, then attend the meeting. Also, I thought the white paper of ours explained this. I could be wrong though. I haven't read it in a while. No wait, there is a brief description of this on the website:

ImmuneEngine establishes SPECIFIC VECTORS AND DEFENSE QUADRANTS over 100% of the hard drive(s). ImmuneEngine not only monitors the traditional kernel events produced from the Microsoft operating system, it goes well beyond the normal dependency of monitoring the Microsoft kernel, by establishing an INDEPENDENT EVENT HANDLING SYSTEM to determine unauthorized program installation activity throughout the entire computer. ImmuneEngine, monitors (using several detection methods including binary analysis) in a real-time environment, all SPECIFIC VECTORS AND DEFENSE QUADRANTS for any unauthorized program file installations, unauthorized use of USB DRIVE DEVICES, unauthorized program file movement or unauthorized program file modifications/installations while utilizing virtually zero CPU resources and approximately and an insignificant amount of memory.

A checksum is also a SIGNATURE. Another contradiction there. Do you know all of the critical system files? If so, what are they? And from what I have read, I assume that this software is installed on a client and reports to a server? A well-hidden malicious software can disable the Internet connection, delete the original and replace the backup and WFP with a malicious copy, leaving you unable to report, unable to replace the bad copy with a good copy, and also corrupting your "database".

I also stated that it was just ONE of the methods involved in our authenticating the executable before it's passed to the kernal. Again, take an existing executable on the machine, and change it. Now, wouldn't you also be changing the check sum value of it? Also, the Admin console does NOT need to be a server. I can take a XP Home machine and install our Admin console on it, and have my clients report to it. You said a "well-hidden malicious software". HOW are you going to insert it into a shielded computer that's being scanned constantly "REAL TIME"? You have to get it into the system first. Once more, there is no "database". The entire HDD is what we scan. Nothing gets in without our permission.

I'd prefer a trial version. I also have removed Netmeeting a long time ago. And seeing how long and processor-intensive a filename search is, how much more so do you think a checksum scan will be?

There is no trial version. You have to take what you can get. By the way, it's Live Meeting, not Net meeting. You don't have to download a single piece of software to your machine to view the live meeting. Live meeting is hosted on their servers.

Prove this not by asking me to see a demo that I absolutely refuse to see, but by explaining to me how the code functions.

Read previous post. I explained what I can and can't do. Curious as to why you don't want to see the demo. It will be the same as flipping on your TV screen, and watching a live broadcast of tech news or something. All you need is an internet conneciton.

You didn't mention anything about processor usage, so I'm guessing that there is a speed decrease? And read above sentence, I cannot and do not want to see a demo, but a trial version. What is the use of telling us about some software we cannot get?

The majority of the questions you have asked can be answered by reading the website. Why are you seeking answers to questions about the software but you don't want to see the demo? That's very weird. Have you never seen a movie preview on TV, and find out that it comes out next year? Same thing. I'm telling you about software technology that will be the next level in computer security. Why wait to tell you later, when I can tell you now.

I know lots of snake oil products that say something is possible when it can't be done. Give me code proof.

Are you asking me to give you code? Please tell me you are not seriously asking me to release source code to you. "Can't be done". Same thing they said when a man set out on a mission to fly around the entire earth in a hot air ballon. Same thing they said when someone climed to the top of Mount Everst. Never say it "Can't be done", because that will motivate people more just to do it. To which it HAS Been Done.

And my conclusion: You are not really what you claim you are. As an IT pro, you should be able to know that checksums are used to create a signature in AVs, that this matrix has to exist somewhere and if it does, as a database, that the use of this matrix makes it a database, that the matrix has an obvious flaw of not being able to detect CD files and of all the ways to bypass this matrix, that optimizing code does not take away from obviously processor-intensive tasks, and finally, all of the contradictions of yours. I have also read the whitepapers on the site, and find it nothing more than describing its product superiority, and gives no reasons whatsoever as to how it does something, the entire purpose of a whitepaper.

I'm sure you have every absolute proof that statement was pure truth. I must be a fraud. I must be full of it. We must not be able to stop executables from a CD. Our system must be a flaw. You have proven all of this right? I'm willing to put my statements to factual account. And prove them. What's your proof? Just other people saying the same thing as you, that it Can't be done? That's not proof. Some P.H.D's would say the same thing. What it boils down to is not that it CAN'T be done. The saying should be that it HASN'T been done. To which it HAS now.

ps...I still don't understand why you are so interested in me entertaining your questions, but you don't want to see a live demo. It's like you want to ask for the truth, but when I try to show it to you, you don't want to look. Huunh? Don't get it. The live demo requires only for you to have an internet connection. No software download necessary. And I don't recall it sucking the juices from your PC either. I don't recall Dman saying anything about his machine being sluggish after that. As a matter of fact, Dman's internet connection was pretty good, that he did not experience any time delay between the transmission of my screen to his.

[Jito463]

I know I said I was done with this topic, but I had to comment about some recent statements. Basically, it sounds like you just prevent anything from running that wasn't already there when IE (err?) was installed or was taken down. To sum it all up anyway. So if the machine is already infected with a virus, this software can't do squat because the virus infected file is now allowed to run. Traditional AV can sometimes (not always though admittedly) remove an existing virus from a machine. And if you take down the program and install something with a virus, then turn the program back on, you're still hosed. At least with traditional AV it will usually detect the virus after being turned back on even if the virus was already executed.

In fact, I could see virus writers exploiting some of the features in your program, like deleting non-authorised programs. If a virus gets on the machine while IE is down, once back up the virus can infect as many files as it wants and let your program delete them for being "non-authorized". Please correct me if I have it wrong, but it sounds like this would not fully replace the need for a good AV. I'm very paranoid about opening files and have never had a virus, though I always keep an up-to-date AV installed as a precaution. Because no one is perfect and anyone could potentially be tricked into opening a malicious file.

Please, let me know if I'm misunderstanding, but this is what I get from your comments.

[Aegis]

The way you're going at it, I believe that your software is way to complicated and restricted to be of any use. What you have done can easily be done in Windows without any software. Read Martin Zugec's blog if you don't believe me. Now what I want to know is why is there no trial? And what is your job in the company? Anyway, it's way too annoying trying to get you to admit it on the forums, so consider me in for your demo. Unfortunately, I have no speakers, so....

[rhythmnsmoke]

I know I said I was done with this topic, but I had to comment about some recent statements.  Basically, it sounds like you just prevent anything from running that wasn't already there when IE (err?) was installed or was taken down.  To sum it all up anyway.  So if the machine is already infected with a virus, this software can't do squat because the virus infected file is now allowed to run.  Traditional AV can sometimes (not always though admittedly) remove an existing virus from a machine.  And if you take down the program and install something with a virus, then turn the program back on, you're still hosed.  At least with traditional AV it will usually detect the virus after being turned back on even if the virus was already executed.

You are starting to get it now. What we haven't gotten to is what is NEXT for ImmE. It is YOUR job to know if there is an already existing virus, trojan, malware...ect. on your machine. It's always been YOUR job to make sure your machine was clean before you installed your security solution. You take Norton or any other product and install it after the virus is already infected the machine, same thing would apply. Security software is designed to stop stuff from getting in, not stop stuff after it's already on the machine. Now, what's NEXT for ImmE, is a version that you can use to install on a KNOWN clean box. The next ver. will then take a data dictionary of that known clean machine. Once that is done, you will be able to take it to all other existing machines on the network, and ImmE will anaylze everything on that machine, compare it to the data dictionary of the known clean machine, and report back all the "DELTA's" of the other machine. Given you control over whether or not to keep what was not recognized as being apart of the known clean machine.

In fact, I could see virus writers exploiting some of the features in your program, like deleting non-authorised programs.  If a virus gets on the machine while IE is down, once back up the virus can infect as many files as it wants and let your program delete them for being "non-authorized".  Please correct me if I have it wrong, but it sounds like this would not fully replace the need for a good AV.  I'm very paranoid about opening files and have never had a virus, though I always keep an up-to-date AV installed as a precaution.  Because no one is perfect and anyone could potentially be tricked into opening a malicious file.

Please, let me know if I'm misunderstanding, but this is what I get from your comments.

Again, the computer can't reason. Therefore, you are going to have to know what it is you are downloading while ImmE is down. If you don't trust the executable that you are about to put into the machine, then don't put it in. Traditional AV isn't going to do a lick for you when it comes to a Zero-Day attack, and that's with it RUNNING. So, correct me if I'm wrong, but you are comparing:

AV software that IS running, and still getting infected with a new un-known virus and hosing your machine. TO:

Having access to ImmE and shutting it down and installing your malicious code. Because it's not going to get on there while ImmE is running, unlike AV software.

To sum that up, your argument is that ImmE NOT running is just as vulnerable as AV software RUNNING....lol. If that's your complaint my friend then what would you like your security solution to do.

The logic:

Shutting down ImmE and depositing a malicious program is like opening the bank vault door and throwing a bomb inside. When you close the vault back, and the bomb explodes, do you think it's going to save all the cash from burning up, let alone the building that the bank is in. But if you know the contents of the bag, then you know it's not a bomb, you open the vault door, and now that bag is under protection. When ImmE is up, and you get tricked into opening a program you thought was a word document, it's NOT going to run. So, what it boils down to is, YOU now have the POWER to infect your machine. If you bring the shield down and install a program that you don't know the history behind, you can't blame the software for it hosing your machine, when you told it to shut down. Not the same as "I have AV running and I still getting hosed". The comparison is the effectiveness of preventing infection with ImmE running vs. AV running. To which AV comes in second place.

A lot of this stuff I should explain over the phone. There are so many nuts and bolts to ImmE, that your questions would be better answered in verbal communication. These are starting to be some long explanations that I would rather not have to type.

By the way, ImmE has the capability to know what you are deleting, and will report your every move.

Edited July 5, 2005 by rhythmnsmoke

[rhythmnsmoke]

The way you're going at it, I believe that your software is way to complicated and restricted to be of any use. What you have done can easily be done in Windows without any software. Read Martin Zugec's blog if you don't believe me. Now what I want to know is why is there no trial? And what is your job in the company? Anyway, it's way too annoying trying to get you to admit it on the forums, so consider me in for your demo. Unfortunately, I have no speakers, so....

<{POST_SNAPBACK}>

No need for speakers, I talk over the phone. Just PM me your e-mail address. I assure you, all of your un-answered/not yet asked questions will be answered to the best of my ability. For credential sakes, I am the 3rd man down in our IT/R&D department, from our cheif programmer. My job title is Jr. Network Engineer, but I do so much more than that job title expresses. What we have done, goes farther than what can "easily" be done in windows as you proclaim. You can not tell windows to constanly scan the HDD for un-authorized executables for one. Windows does not have the ability to detect existing executables on the machine that have been copied to another part of the machine and changed, and not allow that executable to run. And that is just for starters! If you were to try and do everything we do, just by using Windows (not to mention the stuff Windows can't do, like protect non-critical OS files, or static data from being deleted, altered, or modified) as you say can "easily" be done, then you would render the OS useless, and perhaps cause it to crash.

[D8TA]

Sounds like you have a piece of software that Faronics already distributes called Deep Freeze Click here

[D8TA]

The way you're going at it, I believe that your software is way to complicated and restricted to be of any use. What you have done can easily be done in Windows without any software. Read Martin Zugec's blog if you don't believe me. Now what I want to know is why is there no trial? And what is your job in the company? Anyway, it's way too annoying trying to get you to admit it on the forums, so consider me in for your demo. Unfortunately, I have no speakers, so....

<{POST_SNAPBACK}>

where can I read Marin Zugec's blog? I tried google and nothing came up

[Martin Zugec]

signature http://martinzugec.blogdrive.com

[Zxian]

Sounds like you have a piece of software that Faronics already distributes called Deep Freeze Click here

<{POST_SNAPBACK}>

Deep Freeze is completely different than this. The ImmuneEngine works in realtime to protect your computer, while Deep Freeze restores a working configuration on startup. I had a job offer with them a couple of months back - ended up taking another job though.

[^_^]

I'd agree that it's different.

Sounds to me like ImmEng. just examines every file's binary for executable code and if it finds it, it just blocks it from executing.

so it's n00b unfriendly but in theory foolproof as far as mucking things up

I'd wager it's a pain tho when it comes to a system that most people would actually use for daily use.

So that would leave it mostly for network users in office environment where admins don't want dumb dumbs messing up the computers

[rhythmnsmoke]

Sounds like you have a piece of software that Faronics already distributes called Deep Freeze Click here

<{POST_SNAPBACK}>

You know, I have actually tested that out, and they try to achieve what we do. But they can't do it without you having to reboot the machine. And you can't work with normal daily activities like creating a word document. because it will erase it once you rebooted. I'm not knocking it, but it makes the computer useless. Anyone can go that route.

[rhythmnsmoke]

I'd agree that it's different.

Sounds to me like ImmEng. just examines every file's binary for executable code and if it finds it, it just blocks it from executing.

so it's n00b unfriendly but in theory foolproof as far as mucking things up

I'd wager it's a pain tho when it comes to a system that most people would actually use for daily use.

So that would leave it mostly for network users in office environment where admins don't want dumb dumbs messing up the computers

<{POST_SNAPBACK}>

The very machine I'm replying with is protected by ImmE. I have everything on here that I will ever need. DVD software, text messaging, Microsoft Office, Outlook, etc.. Trust me, besides running programs that don't belong, ImmE will not get in your way of doing your daily activity. I can open Word and save a document, just as much as I can surf the internet. You don't know it's running, except for the authentication bar that scrolls by in like a nano-sec. at times to check your program out, and the icon you see in the system tray.

A little off subject, but man, my g/f mom's computer has Norton on it. And during one of it's moments when it was doing a scan of the machine, I check the task manager, and the thing was reading upwards of 60 CPU drainage. That crazy!

[^_^]

see, the thing is, I'll grab a program off the internet once in a while, or run one of the programs I've accumulated over the years to do an odd job, so I'm installing software on my puter at least twice a month. After a format, it might even be on a daily basis for a couple weeks. so constantly fighting with a program in order to do what I do would be aggravating

plus, what would happen if I plugged somebody's hard drive in my computer to do data recovery? would it erase all executable software on their drive? how would I explain that little problem?

[Aegis]

Rhythmnsmoke can you do me a favor and stop double, triple, or quadruple posting . You always bump it up and make it seem like people are really interested in the thread.

Edited July 5, 2005 by Aegis

[Jito463]

I've played with Deep Freeze. It does actually let you specify "unfrozen" sections your HDD where files can be saved after reboot. However, back to my original statements. Even AV software can still detect and sometimes remove pre-existing viruses when installed. Your software - from your own statements - cannot do this. Hence, why I say it will not truly replace AV. True, it's best not to let malicious software on your PC in the first place which is why I'm the paranoid type when it comes to security on my PC. But a lot of people don't know better and they'll happily click away without thinking first. These are the people who your software can't help because it has no way of helping them once the virus is installed.