- Sep 2, 2021
- 2,582
Hello
In my queries for the past few days, I've had a totally unknown AV pop up, asking me for a test.
It's Xylent.
I quickly looked into it, and it was untestable.
There have been corrections, so it deserves its own topic.
Still quickly, it uses ClamAV, YARA and its own rules based on MD5/SHA1 .
On installation, Xylent still doesn't launch anything! You have to launch the interface and its engine (which will quickly take up 3GB of RAM!!).
(coded by @XylentAntivirus )
I decide to test it... obviously, Xylent's analysis doesn't work... It runs in a vacuum...
I take some old malware from a pack and some old malware just to see...
On the Zombie virus, no reaction...
On another malware, reaction after .... 7 minutes!
And on Cerber5 Ransomware, it tries to kill the Ransomware... problem, it's already acted!
I stopped the test straight away because it was useless.
There are several problems, which I will explain:
- Xylent uses an MD5 and SHA1 database. All the malware needs to do is change one byte to bypass the protection. An MD5 comparison is obsolete and useless.
- It loads its entire database into memory, occupying CPU and RAM to death (I've got a Ryzen 7 7700X, and it was constantly busy).
- The software is coded entirely in VbNet, which is totally unacceptable for an antivirus! Possibly the interface (Bitdefender & Kaspersky do this) but the rest MUST be coded in C or C++.
- No drivers (I can kill it with no problem)
- Very slow actions (you can see it)
- Totally covered in bugs (a console next to the interface? ), the fact that it launches nothing so on restart no protection, and why do you have to launch the engine manually?
I think this project clearly deserves a re-code, because it's just not right.
In my queries for the past few days, I've had a totally unknown AV pop up, asking me for a test.
It's Xylent.
I quickly looked into it, and it was untestable.
There have been corrections, so it deserves its own topic.
Still quickly, it uses ClamAV, YARA and its own rules based on MD5/SHA1 .
On installation, Xylent still doesn't launch anything! You have to launch the interface and its engine (which will quickly take up 3GB of RAM!!).
(coded by @XylentAntivirus )
I decide to test it... obviously, Xylent's analysis doesn't work... It runs in a vacuum...
I take some old malware from a pack and some old malware just to see...
On the Zombie virus, no reaction...
On another malware, reaction after .... 7 minutes!
And on Cerber5 Ransomware, it tries to kill the Ransomware... problem, it's already acted!
I stopped the test straight away because it was useless.
There are several problems, which I will explain:
- Xylent uses an MD5 and SHA1 database. All the malware needs to do is change one byte to bypass the protection. An MD5 comparison is obsolete and useless.
- It loads its entire database into memory, occupying CPU and RAM to death (I've got a Ryzen 7 7700X, and it was constantly busy).
- The software is coded entirely in VbNet, which is totally unacceptable for an antivirus! Possibly the interface (Bitdefender & Kaspersky do this) but the rest MUST be coded in C or C++.
- No drivers (I can kill it with no problem)
- Very slow actions (you can see it)
- Totally covered in bugs (a console next to the interface? ), the fact that it launches nothing so on restart no protection, and why do you have to launch the engine manually?
I think this project clearly deserves a re-code, because it's just not right.