64-bits are uneasy to protect for many [Matousec]

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Hungry Man said:
Matousec's methodology is bs lol they test malware in levels.

So if you pass level 1 you go to level 2 and if you pass 2 you go to 3 and then you fail 4 and you stop.

But what if you fail level 1 and stop even though you could have passed 2 and 3 and 4?

It's nonsensical.

Exactly, not sure if those level were test known for so common to detect or likely a zero day.
 

Littlebits

Retired Staff
May 3, 2011
3,893
jamescv7 said:
Hungry Man said:
Matousec's methodology is bs lol they test malware in levels.

So if you pass level 1 you go to level 2 and if you pass 2 you go to 3 and then you fail 4 and you stop.

But what if you fail level 1 and stop even though you could have passed 2 and 3 and 4?

It's nonsensical.

Exactly, not sure if those level were test known for so common to detect or likely a zero day.

Note, in spite of what some of you think, Matousec does NOT test malware or zero-days, etc. They only test methods used by malware to infect systems. Most of these methods are not used anymore by malware since about 95% or more of infections are rogue security products that have to be manually downloaded and installed by the users. Some of these methods have never known to be used by any malware, so I couldn't tell you why Matousec even uses them in their testing. So why doesn't malware use these methods? because it is not necessary needed anymore since many users will be tricked into installing the malware manually. Malware can successfully infect systems now days by only using trickery like fake websites that tell users they are infected and need to download this update, etc. Most malware infections now are plain and simple. Malware writers today don't want to have to write a complicated malware that uses all of these advanced methods to infect systems when a simple solution is successful. Of coarse some bad malware that still uses some of these methods still exists, but they are not as wide spread like the rogue security products, scareware, ransonware, etc. If Matousec would just test the known methods used today, their tests could paint a better picture.

Below is a copy of the testing Levels used: each product must score 50% on levels 1 -9 to continue to the next level. On level 10, the products must score 100% to pass.

Code:
Levels:

    Level 1 – Autorun1, Autorun3, Breakout2, Coat, ECHOtest, FileDel2, Kill1, Kill2, Leaktest, Tooleaky, Wallbreaker1, Yalta
    Level 2 – Autorun12, Autorun2, Autorun20, Autorun30, AWFT1, DNStest, FileMov2, Ghost, HostsBlock, Jumper, Kill3, Kill3b, Kill6, RegDel1, Wallbreaker3, Wallbreaker4
    Level 3 – Autorun16, Autorun24, Autorun31, Autorun4, AWFT3, AWFT4, DNStester, FileRep1, Kernel1, Kill3f, Kill4, Kill7, RegSet1, SSS2, Suspend1, Thermite, Wallbreaker2
    Level 4 – Autorun14, Autorun17, Autorun26, Autorun36, Autorun37, Autorun6, Autorun9, CopyCat, CPIL, CPILSuite1, FileRep2, Inject2, Inject3, Kernel1b, Keylog1, Kill3e, Kill8, Kill9, SSS, Suspend2
    Level 5 – Autorun15, Autorun18, Autorun21, Autorun28, Autorun5, Breakout1, CPILSuite2, Crash1, Crash2, Crash3, Crash4, FileWri1, Kernel2, Kernel3, Keylog2, Kill3c, Kill3d, RegDel2, Svckill, VBStest
    Level 6 – Autorun22, Autorun25, Autorun27, Autorun29, Autorun32, Autorun7, CPILSuite3, Crash5, Crash6, DDEtest, ECHOtest2, FileWri2, FireHole, Flank, Kernel4, Keylog3, Keylog4, Kill10, Kill11, Runner
    Level 7 – Autorun10, Autorun19, Autorun33, Autorun35, Autorun8, BITStest, Crash4b, FileDel1, FileMov1, FileWri3, FireHole2, Inject1, Keylog5, Keylog6, Kill12, OSfwbypass, RegAcc1, Runner2, Schedtest, SSS3
    Level 8 – Autorun11, Autorun13, Autorun23, Autorun34, FileDel3, FileOpn1, FileOpn2, Kernel4b, Kernel5, Kernel5b, Keylog7, Kill5, NewClass, Schedtest2, SockSnif, SSS4
    Level 9 – Crash7, Driver Verifier, FileAcc1, FileCtl1, FileWri4
    Level 10 – BSODhook, ShadowHook

Thanks.:D
 

Hungry Man

New Member
Jul 21, 2011
669
Malware isn't a video game lol that's all there is. It just doesn't come in levels. You hit an exploit page and you either get infected or you don't. All exploits are created equal - they either do what they want to do or they don't.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
@Hungry Man,

'All exploits are created equal' ..

Yeah .. Orwell wrote: 'All animals are equal but some animals are more equal than others.' - So this is not the same story with the exploits, you say.

Surely, I see.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top