Solve : Are AV's obsolete?

1.	Solve : Are AV's obsolete?
Answer» My only issue with WinPatrol has always been that it isn't proactive but rather reactive. By the time WinPatrol alerts you the damage is (sometimes already) done. It's an awesome tool but like an antivirus is just a tool. As for Bill P. He is just as critical of himself as he is everyone else. He keep the playing field even and I admire him for that.A good article from TWC today. Windows 8.1: The Anti Malware Operating System Quote In short, the operating system now takes care that each program runs in its own shell (designated area) and other programs cannot manipulate its data, thereby reducing the chance of malware attack and malware replication. That "RAM Compartmentalization" section doesn't make any sense. It describes Virtual Address spaces, which exist on pretty MUCH any Protected Mode Operating System, eg, the first paragraph of that section. I've broken it up and stuck numeric footnotes to address. Quote Along with the hack attempts bypassing firewalls, another problem with traditional operating systems(1) is that they tend to mix up electronic memory (the RAM bytes) with ONE or more programs(2). For example, if you are running program A, B and C at the same time, and if there isneed for some data to be stored for program B, the operating system will simply put the data into the next available empty cells. These data cells are not isolated, so the other programs may snoop out or even write on them to infect the computer(3). 1. What do they mean by traditional? 2. I think I see what they mean here- even if the memory addresses are virtualized, the physical memory of programs can be adjacent (?). 3. However, as I understand it, this is completely false. Within a Protected-Mode operating System, The only way RAM can be directly addressed without being virtualized is within Ring0 Drivers. Meaning it is not a vector of attack. Perhaps there is something that is poorly explained in the section. I cannot find anything- at all- about this "Ram compartmentalization" capability anywhere except on that post and posts that link to it; additionally, it still makes no sense, eg: Quote From Windows 7, and especially in Windows 8.1, the operating system provides a RAM compartment for each program and its data. That is, a kind of sandboxed RAM. If program A is running in compartment 2, program B cannot store its code or data into the empty RAM cells allotted to program A. If there is need for more storage, it falls back to paging file on Hard Disk. This makes sense on the SURFACE. However- how are RAM cells "allotted" to a program? The only way I can see would be if that programs entire virtual address space is directly allotted to physical memory locations. For 32-bit programs that means every program gets 4GB of Physical memory; 64-bit programs would need 256TB of memory, of course, this is entirely impractical, so I question the legitimacy of the "technique" being mentioned, and SUSPECT it is actually talking about Address Space Virtualization, which is hardly new. I did find Isolated Storage, but that seems to be something entirely different and far from actually being secure (and it's not related to Memory, either). It's also a .NET feature as far as I can tell.Quote from: BC_Programmer on March 12, 2014, 06:55:06 PM 1. What do they mean by traditional? Maybe virtual vs. non-virtual environments? Non-virtual would be traditional. That's all I can think of. Much of what he's talking about is new to me but I think it confirms that Windows is a much more secure OS then what we had as recently as in XP. I do know that the guy who wrote the article is from India. He does good 99% of the time but now and then his WORDS can get 'lost in translation.'Quote from: evilfantasy on March 12, 2014, 07:10:20 PM Maybe virtual vs. non-virtual environments? WEll that's the thing that I don't get, since the last OS that didn't use Protected Mode and a Virtual Address Space was 9x (I know all versions of NT used Address Space virtualization, and Windows 7 did not add anything as far as I know, related to this, thus my confusion. Quote Much of what he's talking about is new to me but I think it confirms that Windows is a much more secure OS then what we had as recently as in XP. I wouldn't call XP particularly "recent". I Agree though since Vista/7/ and 8 do add new security related features (ASLR starting with Vista) as well as refine older ones (eg. DEP goes back to XP or maybe 2000) Quote I do know that the guy who wrote the article is from India. He does good 99% of the time but now and then his words can get 'lost in translation.' That's what I thought too. Everything up to the compartmentalization section is sensible, but everything after that is complete nonsense.

Answer»

My only issue with WinPatrol has always been that it isn't proactive but rather reactive. By the time WinPatrol alerts you the damage is (sometimes already) done. It's an awesome tool but like an antivirus is just a tool.

As for Bill P. He is just as critical of himself as he is everyone else. He keep the playing field even and I admire him for that.A good article from TWC today. Windows 8.1: The Anti Malware Operating System

Quote

In short, the operating system now takes care that each program runs in its own shell (designated area) and other programs cannot manipulate its data, thereby reducing the chance of malware attack and malware replication.

That "RAM Compartmentalization" section doesn't make any sense. It describes Virtual Address spaces, which exist on pretty MUCH any Protected Mode Operating System, eg, the first paragraph of that section. I've broken it up and stuck numeric footnotes to address.

Quote

Along with the hack attempts bypassing firewalls, another problem with traditional operating systems(1) is that they tend to mix up electronic memory (the RAM bytes) with ONE or more programs(2). For example, if you are running program A, B and C at the same time, and if there isneed for some data to be stored for program B, the operating system will simply put the data into the next available empty cells. These data cells are not isolated, so the other programs may snoop out or even write on them to infect the computer(3).

1. What do they mean by traditional?
2. I think I see what they mean here- even if the memory addresses are virtualized, the physical memory of programs can be adjacent (?).
3. However, as I understand it, this is completely false. Within a Protected-Mode operating System, The only way RAM can be directly addressed without being virtualized is within Ring0 Drivers. Meaning it is not a vector of attack. Perhaps there is something that is poorly explained in the section. I cannot find anything- at all- about this "Ram compartmentalization" capability anywhere except on that post and posts that link to it; additionally, it still makes no sense, eg:

Quote

From Windows 7, and especially in Windows 8.1, the operating system provides a RAM compartment for each program and its data. That is, a kind of sandboxed RAM. If program A is running in compartment 2, program B cannot store its code or data into the empty RAM cells allotted to program A. If there is need for more storage, it falls back to paging file on Hard Disk.

This makes sense on the SURFACE.
However- how are RAM cells "allotted" to a program? The only way I can see would be if that programs entire virtual address space is directly allotted to physical memory locations. For 32-bit programs that means every program gets 4GB of Physical memory; 64-bit programs would need 256TB of memory, of course, this is entirely impractical, so I question the legitimacy of the "technique" being mentioned, and SUSPECT it is actually talking about Address Space Virtualization, which is hardly new.

I did find Isolated Storage, but that seems to be something entirely different and far from actually being secure (and it's not related to Memory, either). It's also a .NET feature as far as I can tell.Quote from: BC_Programmer on March 12, 2014, 06:55:06 PM

1. What do they mean by traditional?

Maybe virtual vs. non-virtual environments? Non-virtual would be traditional. That's all I can think of. Much of what he's talking about is new to me but I think it confirms that Windows is a much more secure OS then what we had as recently as in XP.

I do know that the guy who wrote the article is from India. He does good 99% of the time but now and then his WORDS can get 'lost in translation.'Quote from: evilfantasy on March 12, 2014, 07:10:20 PM

Maybe virtual vs. non-virtual environments?

WEll that's the thing that I don't get, since the last OS that didn't use Protected Mode and a Virtual Address Space was 9x (I know all versions of NT used Address Space virtualization, and Windows 7 did not add anything as far as I know, related to this, thus my confusion.

Quote

Much of what he's talking about is new to me but I think it confirms that Windows is a much more secure OS then what we had as recently as in XP.

I wouldn't call XP particularly "recent". I Agree though since Vista/7/ and 8 do add new security related features (ASLR starting with Vista) as well as refine older ones (eg. DEP goes back to XP or maybe 2000)
Quote

I do know that the guy who wrote the article is from India. He does good 99% of the time but now and then his words can get 'lost in translation.'

That's what I thought too. Everything up to the compartmentalization section is sensible, but everything after that is complete nonsense.

Solve : Are AV's obsolete?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment