64-bits are uneasy to protect for many [Matousec]
- Thread starter savit
- Start date
Littlebits
Retired Staff
- May 3, 2011
- 3,893
jamescv7 said:
Note, in spite of what some of you think, Matousec does NOT test malware or zero-days, etc. They only test methods used by malware to infect systems. Most of these methods are not used anymore by malware since about 95% or more of infections are rogue security products that have to be manually downloaded and installed by the users. Some of these methods have never known to be used by any malware, so I couldn't tell you why Matousec even uses them in their testing. So why doesn't malware use these methods? because it is not necessary needed anymore since many users will be tricked into installing the malware manually. Malware can successfully infect systems now days by only using trickery like fake websites that tell users they are infected and need to download this update, etc. Most malware infections now are plain and simple. Malware writers today don't want to have to write a complicated malware that uses all of these advanced methods to infect systems when a simple solution is successful. Of coarse some bad malware that still uses some of these methods still exists, but they are not as wide spread like the rogue security products, scareware, ransonware, etc. If Matousec would just test the known methods used today, their tests could paint a better picture.
Below is a copy of the testing Levels used: each product must score 50% on levels 1 -9 to continue to the next level. On level 10, the products must score 100% to pass.
Code:
Levels:
Level 1 – Autorun1, Autorun3, Breakout2, Coat, ECHOtest, FileDel2, Kill1, Kill2, Leaktest, Tooleaky, Wallbreaker1, Yalta
Level 2 – Autorun12, Autorun2, Autorun20, Autorun30, AWFT1, DNStest, FileMov2, Ghost, HostsBlock, Jumper, Kill3, Kill3b, Kill6, RegDel1, Wallbreaker3, Wallbreaker4
Level 3 – Autorun16, Autorun24, Autorun31, Autorun4, AWFT3, AWFT4, DNStester, FileRep1, Kernel1, Kill3f, Kill4, Kill7, RegSet1, SSS2, Suspend1, Thermite, Wallbreaker2
Level 4 – Autorun14, Autorun17, Autorun26, Autorun36, Autorun37, Autorun6, Autorun9, CopyCat, CPIL, CPILSuite1, FileRep2, Inject2, Inject3, Kernel1b, Keylog1, Kill3e, Kill8, Kill9, SSS, Suspend2
Level 5 – Autorun15, Autorun18, Autorun21, Autorun28, Autorun5, Breakout1, CPILSuite2, Crash1, Crash2, Crash3, Crash4, FileWri1, Kernel2, Kernel3, Keylog2, Kill3c, Kill3d, RegDel2, Svckill, VBStest
Level 6 – Autorun22, Autorun25, Autorun27, Autorun29, Autorun32, Autorun7, CPILSuite3, Crash5, Crash6, DDEtest, ECHOtest2, FileWri2, FireHole, Flank, Kernel4, Keylog3, Keylog4, Kill10, Kill11, Runner
Level 7 – Autorun10, Autorun19, Autorun33, Autorun35, Autorun8, BITStest, Crash4b, FileDel1, FileMov1, FileWri3, FireHole2, Inject1, Keylog5, Keylog6, Kill12, OSfwbypass, RegAcc1, Runner2, Schedtest, SSS3
Level 8 – Autorun11, Autorun13, Autorun23, Autorun34, FileDel3, FileOpn1, FileOpn2, Kernel4b, Kernel5, Kernel5b, Keylog7, Kill5, NewClass, Schedtest2, SockSnif, SSS4
Level 9 – Crash7, Driver Verifier, FileAcc1, FileCtl1, FileWri4
Level 10 – BSODhook, ShadowHookThanks.
Hungry Man
New Member
- Jul 21, 2011
- 669
Malware isn't a video game lol that's all there is. It just doesn't come in levels. You hit an exploit page and you either get infected or you don't. All exploits are created equal - they either do what they want to do or they don't.
- Nov 5, 2011
- 5,855
@Hungry Man,
'All exploits are created equal' ..
Yeah .. Orwell wrote: 'All animals are equal but some animals are more equal than others.' - So this is not the same story with the exploits, you say.
Surely, I see.
'All exploits are created equal' ..
Yeah .. Orwell wrote: 'All animals are equal but some animals are more equal than others.' - So this is not the same story with the exploits, you say.
Surely, I see.
Similar threads
