I heard this and it caught my attention. Instead of preventing certain applications from running (which is the current method), your anti-virus should allow certain ones to run (i.e. the ones you need, like your browser for instance). Isn't this better than the non-stop virus updates and the continuous threats?
2006-09-02 22:17:28 · 3 answers · asked by Psychotic Clown 4 in Computers & Internet ➔ Security
Yes, it is a better approach - in the sense that it is more effective at stopping viruses, if used correctly. Unfortunately, most people are unable to use it correctly.
First of all, the average user has no clue which programs he or she needs to allow running. The browser, obviously - but what about lsass.exe? Or csrss.exe? Yet try killing those and your Windows machine is dead.
Second, programs are not static. Occasionally their contents changes - e.g., when you update them with a newer version. And if you think that you'd know if you have done so, think again. Do you know which programs the latest running of Windows Update has changed? Yet a program might have changed because a virus has infected it - how would the average user know the difference?
Most generic protection programs are like that - they don't tell you if you have a virus; instead they tell you things like "should I allow program Foo to run" or "program Bar is doing XYZ - should I allow it?". Most of the time the average user has no clue how to answer such questions correctly and is likely to give the wrong answer, allowing the malware to run. As opposed to that, conventional anti-virus programs (i.e., scanners) tell the user things that are understandable - like "you don't have any viruses" or "you have the XYZ virus, do you want me to remove it?".
But if you think that you're experienced enough to decide which programs should be allowed to run on your computer (for instance, I am) you could try Kerio's Personal Firewall. (The unregistered version is free for personal use; the only additional features that the full version has are not related to basic firewall functions - e.g., web filtering, etc.) It has a setting that would allow only approuved programs to run and will pop up a warning, if an unauthorized one is trying to run - or if a program tries to launch another. When the warning appears, though, it will be up to you to decide whether to allow the program to run or not. It works great for me - but most people would find these pop-ups annoying and/or would be unable to provide correct answers to them.
2006-09-03 21:10:19 · answer #1 · answered by Vesselin Bontchev 6 · 0⤊ 0⤋
If the application you allow to run is already infected in the first place then it defeats the purpose. Moreover, most users don't know what applications are legitimate or even necessary for their computers to work. If we remove malwares like we do now, we reduce the likelihood of other computers being infected. If we merely "build up our own computers' immunity", then we may end up playing a part in passing malwares around, such as through sending infected files as an intermediary.
2006-09-03 05:40:46 · answer #2 · answered by guppy 2 · 0⤊ 0⤋
Computers are an imitation of the human organism. We know no other model to copy. When a virus enters the body, it must be overcome by antibodies or the body will die. Computers will get "sick" if viruses are allowed to enter freely.
2006-09-03 08:17:29 · answer #3 · answered by Hank 3 · 0⤊ 0⤋