Any real-time software that uses non-traditional ways to find malware?
- Thread starter Nagisa
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
Yes, scan for Safe files instead 
.
It is the only way I know of to reliably detect FUD's.
.It is the only way I know of to reliably detect FUD's.
F
ForgottenSeer 89360
What do you consider a non-traditional way?
I've tested many so-called "next-gen" and the results have never been brilliant.
An infusion of standard methods + cloud (which is now standard as well) + machine learning (now standard as well) is always better.
@danb, this is sales opportunity
I've tested many so-called "next-gen" and the results have never been brilliant.
An infusion of standard methods + cloud (which is now standard as well) + machine learning (now standard as well) is always better.
@danb, this is sales opportunity
I assumed he meant a malware detection mechanism that is "outside the box". You know, not traditional and not next-gen ML/Ai. Something that is not simply just another clone.
WLC is free (and so is VS).
WLC is free (and so is VS)
.
F
ForgottenSeer 89360
Gosh I really can't think of such model. I understood that the question is about a program that uses sort of next-gen approach.
The term "next-gen" is meaningless, which is why we have never and will never use that term in our marketing . I think he means something outside the box.
The OP proposed a great question. A tough question. Also, I think it is important to exclude anything that is a clone of another tech.
BTW, I read the other day that some company was trying to implement block chain into their engine. I could be completely wrong about this, but I do not see how block chain is going to help in any meaningful way... I guess we will see.
. I think he means something outside the box. The OP proposed a great question. A tough question. Also, I think it is important to exclude anything that is a clone of another tech.
BTW, I read the other day that some company was trying to implement block chain into their engine. I could be completely wrong about this, but I do not see how block chain is going to help in any meaningful way... I guess we will see.
F
ForgottenSeer 89360
I honestly can't even see that applied on practice. What benefit are they seeing in that?The term "next-gen" is meaningless, which is why we have never and will never use that term in our marketing
The OP proposed a great question. A tough question. Also, I think it is important to exclude anything that is a clone of another tech.
BTW, I read the other day that some company was trying to implement block chain into their engine. I could be completely wrong about this, but I do not see how block chain is going to help in any meaningful way... I guess we will see.
I don't get it either... perhaps we have overlooked something
.BTW, one reason I think it is such a great question is because the scope is specifically narrowed to Detection.
Honestly, I think detection is currently about as good as it is ever going to get, with sigs, BB, ML/Ai, etc. It might get a little better in 20-40 years when Ai reaches Artificial General Intelligence... but then the malcoders will be utilizing the same tools, so it will be a wash.
- Apr 28, 2015
- 9,386
- 1
- 84,789
- 8,389
Yeah, I have heard a lot of great things about WV recently and have considered pairing VS with WV because WD is quite slow and not at all user-friendly, so I ran a test (unlisted on youtube)…
WV did pretty well with the really bad malware, but as you can see, they probably need to add some more PUP’s to their training data sets.
F
ForgottenSeer 89360
Adding PUP's to their training set might increase false positives and this is already a product, not coupled with a whitelist. PUPs are just a step away from a fully legit program.
Last edited by a moderator:
Very true, but they could create a completely different algo and training data set just for PUP's, then make PUP detection optional.
Most of these PUP's are pretty bad PUP's... most of them are much closer to real malware. You would not want any of them on your machine, but on the other hand, they are not nearly as bad as a lot of stuff that is out there.
F
ForgottenSeer 89360
Anomaly detection would be better in this case, if trained properly, with a large set of trusted programs and installers. And still, identifying them manually and creating simple, generic heuristics would be the best.
Yeah, I have played around with anomaly detection machine learning algos and it makes sense that would be the way to go, but I personally never had much luck with these. Same with deep learning and neural networks... they certainly work, but not much better than binary classification algos.
No matter what detection mechanism you use, it is going to fail. Turing taught us this 80 or so years ago. To me, it is best to cut your loses and only allow known safe items.
No matter what detection mechanism you use, it is going to fail. Turing taught us this 80 or so years ago. To me, it is best to cut your loses and only allow known safe items
.- Dec 4, 2014
- 3,504
- 1
- 19,047
- 4,479
- 52
I've spent many years testing every PUP I've been able to find. In my opinion anything that is actually malicious can be classified malware, whereas actual PUPs are not malicious and can usually be easily uninstalled. They certainly can be an annoyance, particularly when they come bundled as unwanted with other software and in some cases can cause problems. For example, a cleaning app which has an unsafe registry cleaner, that mistakenly deletes important registry keys. But in that example, any problems caused are not intentional, but rather due to a poorly coded registry cleaner.
While it is good to be able to remove PUPs from the point of view they can be an annoyance. On the other hand, if they're not actually doing anything malicious and can be uninstalled, then I don't think the ability to have an excellent detect rate for PUPs is too critical, particularly when it could possibly increase false positives.
Can you give some examples of PUPs, which as you said - are closer to real malware? I'm just curious.
F
ForgottenSeer 89360
In my opinion only misleading apps, apps with no clear privacy policy and apps with no proper uninstall routine should be covered by PUP detection. Some of these can't be detected with machine learning algos, behavioural blocker or any other automated classification system. They have to be manually detected and then signatures/heuristics can be created/tweaked.
Everything else might be removed at user's discretion.
Everything else might be removed at user's discretion.
Here is an example... SAP has been labeled by reputable AV's as a PUP for a very long time, even though it is not.
When a PUP trashes your computer, spies on you, corrupts your files or OS, etc... then that is a bad PUP.
Here are the samples used in the WV PUP test, feel free to install them on your computer.
hxxps://drive.google.com/file/d/1-jCMgNjCMPk2RypMnunZ49mQWEmNE8SN/view?usp=sharing
Please let me know if you understand the distinction.
Last edited by a moderator:
Please see above
.
F
ForgottenSeer 89360
Jiangmin classified SAP as ClipBankerPlease see above
I am trying to find the file in the archive....
Because of these attributes:
Last edited by a moderator:
Just as long as they do not classify VS as BlackMagic, I will be happy .
.You may also like...
-
Not Safe for Work/Sextortion: Stealerium & Phantom Infostealers- Started by Wrecker4923
- Replies: 7
-
Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot- Started by Gandalf_The_Grey
- Replies: 1
-
The Necessity of Simulating the Full Malware Infection Chain for Security Suite Testing- Started by harlan4096
- Replies: 3
-
US asks judge to break up Google’s ad tech business after requesting Chrome sale- Started by oldschool
- Replies: 2
-
40+ Passwords Found in Data Breach - Help Me Understand What Actually Happened- Started by vaultedlogic
- Replies: 24