Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Anti-Virus & Malware = Myths and Facts
Message
<blockquote data-quote="Littlebits" data-source="post: 173755" data-attributes="member: 146"><p>Testing malware in virtual environments will never give you correct results. Just as mentioned by Umbra Polaris, some protection and detection features will fail to work properly because they will need direct access to Windows kernel, the same applies to Windows features like UAC and secure boot. On-demand scans of malware packs don't tell you nothing about a product's protection features.</p><p></p><p><strong>If you want to test like a professional, it requires a lot of work and takes time. </strong></p><p>-You will need a dedicated testing system with updated Windows OS installed.</p><p>-After the all Windows Updates are applied you will need to make an disk image to restore after testing the malware samples.</p><p>-To make sure that you get correct results, every time the testing system gets infected, you will need to restore the disk image before continuing to the next sample test.</p><p>- Test the protection blocking features of each selected product, on-demand scans are not important since protection blocking features of many products can still protect against infection even though the on-demand scans may not detect anything.</p><p>- Besides of testing live malware samples, mix in some popular safe files and test for false positives as well.</p><p>- Make sure that your malware samples are current and still available in the wild for accidental download. Testing remote samples that most users will not likely encounter will give to false results. According to Microsoft, malware samples that have not been active in the wild for over 90 days with no reported infections are dead bad samples. Just because you can find the samples and manually download them from a malware hosting site doesn't mean that they are in the wild for accidental download. Some samples never go in the wild, they just sit on hosting sites and stay remote where only malware hunters can find them and test them, these are poor samples to test if you want accurate results.</p><p>- Make sure that the samples are actually real malware, just because they are detected by an AV doesn't mean they are real. False positive detection has become a problem with many AV's. You will have to observe the samples after they run to see what they do, because each sample will have to run on the testing system one at a time to verify that they are indeed real malware. Then you will have to restore disk image between running each one to make sure there is no cross infection between each sample.</p><p>-Depending on the number of samples tested, it will probably take several months to complete the test, by then many of the samples used will be dead and still will not show an accurate picture of the current active malware in the wild.</p><p>-If you have several hundred exact testing systems then it saves a lot of time because you won't have to keep restoring disk images. It also helps if you have a testing crew, too much work for just one person to do.</p><p></p><p>So who wants to test like a professional?? I have better things to do with my time.</p><p></p><p>Enjoy!! <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p></blockquote><p></p>
[QUOTE="Littlebits, post: 173755, member: 146"] Testing malware in virtual environments will never give you correct results. Just as mentioned by Umbra Polaris, some protection and detection features will fail to work properly because they will need direct access to Windows kernel, the same applies to Windows features like UAC and secure boot. On-demand scans of malware packs don't tell you nothing about a product's protection features. [B]If you want to test like a professional, it requires a lot of work and takes time. [/B] -You will need a dedicated testing system with updated Windows OS installed. -After the all Windows Updates are applied you will need to make an disk image to restore after testing the malware samples. -To make sure that you get correct results, every time the testing system gets infected, you will need to restore the disk image before continuing to the next sample test. - Test the protection blocking features of each selected product, on-demand scans are not important since protection blocking features of many products can still protect against infection even though the on-demand scans may not detect anything. - Besides of testing live malware samples, mix in some popular safe files and test for false positives as well. - Make sure that your malware samples are current and still available in the wild for accidental download. Testing remote samples that most users will not likely encounter will give to false results. According to Microsoft, malware samples that have not been active in the wild for over 90 days with no reported infections are dead bad samples. Just because you can find the samples and manually download them from a malware hosting site doesn't mean that they are in the wild for accidental download. Some samples never go in the wild, they just sit on hosting sites and stay remote where only malware hunters can find them and test them, these are poor samples to test if you want accurate results. - Make sure that the samples are actually real malware, just because they are detected by an AV doesn't mean they are real. False positive detection has become a problem with many AV's. You will have to observe the samples after they run to see what they do, because each sample will have to run on the testing system one at a time to verify that they are indeed real malware. Then you will have to restore disk image between running each one to make sure there is no cross infection between each sample. -Depending on the number of samples tested, it will probably take several months to complete the test, by then many of the samples used will be dead and still will not show an accurate picture of the current active malware in the wild. -If you have several hundred exact testing systems then it saves a lot of time because you won't have to keep restoring disk images. It also helps if you have a testing crew, too much work for just one person to do. So who wants to test like a professional?? I have better things to do with my time. Enjoy!! :D [/QUOTE]
Insert quotes…
Verification
Post reply
Top
