![]() ![]() I’ve always been told that the firewall was the first and main security to deploy and I remember an article stating that 80% of computer/web professionals didn’t believe and consequently rely on universal anti-malware solutions. I do have a security infrastructure but no kernel-deep anti-virus/malware/all-in-one solution. – even the auto-sandbox of Comodo Firewall, though I wouldn’t use Comodo, personally – Excubits product line (Bouncer, along with MemProtect and Pumpernickel, the last two still being in beta). There are many superior solutions out there: Then again, Webroot is extremely thin protection. I’ll give you that Webroot is probably not vulnerable to many things which classic AVs are vulnerable to. According to Webroot, exploit payloads are exe’s, that are dropped on and executed from the disk (it hurts to read something like this from a endpoint protection company). There are some very nasty in-memory-only exploit payloads in regard to which Webroot is completely oblivious. Keep in mind, a hollowed whitelisted system process is not monitored. In the past it has also been very easy to circumvent the monitoring feature, with process hollowing and the like. Malware delivery servers nowadays push out unique malware with every infection attempt automatically. ![]() ![]() The checksum scanner can easily be fooled just by changing the hash. On top of that, if an unknown process executes, a monitoring dll is injected to observe its behavior. ![]() There is no examination of malicious word documents (other than hash, but probably not even that). Filesystem realtime scanning is just an md5 checksum scanner with a cloud connection. Webroot is very different from the rest of the industry. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |