Exactly. A modified sample that does the same thing may not be a 0-day for Vendor 1, but it could be a 0-day for Vendor 2. In fact, a "0-day test" will not necessarily be valuable. Instead, it might be worth focusing on finding URLs/threats for testing, which is always a problem. Paradoxically, there isn't much that's unique about it.
avlab.pl
Bitdefender free doesn’t include memory and command lines scanner. Not sure how and when command line scanner works but I am assuming this is on runtime… not sure. I did check the hashes back then, did not rescan the files, some files had detections by Bitdefender on VT (the scan dates were 20-30 days prior). Maybe the product could have glitched (bug/connection issue)?
I’ve said that very very long time ago… ages ago. When you don’t update a component that comes in direct contact with malicious code, this component sooner or later will become prone to evasions, in the case of sandbox escapes, exploits, performance issues (as operating systems introduce new APIs) and so on.
Even if Kaspersky somehow gets installed on SIPR, JWICS or SIC it won't go anywhere. The networks don't communicate with NIPR so no K server will ever gain connection.
Well if you read the system requirements, they (not sure about Kaspersky but most vendors) tell you that a high-speed (by high speed they mean 20-30 mbps) connection is required. It is your duty to ensure that the security software can connect to the internet.
Indeed. Hence 3L agencies run Trilix or Symantec because they run their own database servers on those trunks.
Trend Micro as well. But Trellix, Symantec and TM all use cloud based machine learning. For businesses, TM added a very minimal client-side model. On home versions it’s not there. McAfee/Trellix can resort just to client side AI, sometimes it attempts to verify detections with the cloud (this can be switched off).
https://malwaretips.com/threads/ana...nline-malware-–-july-2025.137258/post-1139745
This is correct, but I'm unsure where Kaspersky comes into this discussion. Guess I'm not paying attention or reading every post in the thread.
Kaspersky is an issue for US GOV agency networks due to the data collection and file harvesting. Not all US GOV networks are disconnected from the internet - and one of the reasons Kaspersky got banned was that it uploaded secret files from US Government and contractor systems to Kaspersky. Now, to his credit, Eugene Kaspersky did quickly inform the US Government and the contractors about the file uploads, but the prevailing view is that it does not matter much when the files are already out of your control - and therefore the secrecy is lost. Same happened in the UK and Lithuania. Same experience with Kaspersky being a huge data collector and file grabber. The overall concern being that while there is no active cyber-espionage being performed by Kaspersky using its software that has been proven to date, it certainly has the capabilities to do so. Combine that with the fact that there's a significant number of ex-KGB and FSB personnel at Kaspersky - or their family members are ex-KGB or FSB, it just comes down to a matter of being prudent not to use Kaspersky products within government systems.
The state of Comodo is not only determined by the fact that it is freeware with inadequate back end support.
