Serious Discussion Are antiviruses unimportant?

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,760
I think ZoneAlarm Nextgen would be the ideal software for the OP's purpose. It's basically a behavior analysis software that run simulations of software before they run with some Ai thrown in and Sophos signatures as well.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
Send me your sample in mp if it's FUD with which antivirus you want to see and I'll take a look at it on Sunday :)
(Not available Saturday)
What's MP? I can send you from Discord, Instagram. And i want you to close network after update antivirus because Kaspersky can send it to KSN and add its database (normally, no problem at this but while testing, it can give result false, after test, u can open network to allow kaspersky send file KSN.)
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I think ZoneAlarm Nextgen would be the ideal software for the OP's purpose. It's basically a behavior analysis software that run simulations of software before they run with some Ai thrown in and Sophos signatures as well.
The anti-ransomware makes periodic backups as well of what looks like user files. It is done every hour, file size up to 25MB and maximum repository (compressed, encrypted, only accessible to Check Point -signed processes) 1GB. Upon ransomware, it restores from there.
 

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,760
The anti-ransomware makes periodic backups as well of what looks like user files. It is done every hour, file size up to 25MB and maximum repository (compressed, encrypted, only accessible to Check Point -signed processes) 1GB. Upon ransomware, it restores from there.
You're really tempting me. You want me to throw the US$5 I paid for Norton in the trash :)
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
What's MP? I can send you from Discord, Instagram. And i want you to close network after update antivirus because Kaspersky can send it to KSN and add its database (normally, no problem at this but while testing, it can give result false, after test, u can open network to allow kaspersky send file KSN.)

Private Message
 

Khushal

Level 2
Apr 4, 2024
77



What do you think about this video? i obfuscate the ransomware and kaspersky just drink tea while files encrypting. Norton and Bitdefender still detects HEURISTIC. i also finally tested Norton's behavioral and it also drink tea.

Not too surprised with Kaspersky drinking tea on an obfuscated sample, since it's Kryptik/Crypt protection has always been unsatisfactory in my own tests. Still i would like to have a look at the sample and would not test it with internet enabled.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
Not too surprised with Kaspersky drinking tea on an obfuscated sample, since it's Kryptik/Crypt protection has always been unsatisfactory in my own tests. Still i would like to have a look at the sample and would not test it with internet enabled.
i can send if you want.
 
  • Like
Reactions: Khushal

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Come private message and, close internet before extracting virus, dont forget update antivirus before close internet.
Without internet your test is not accurate, as a lot of solutions need internet connection. I don’t understand what is the point of these weird and half-baked tests. What exactly are you trying to prove?

Norton needs connection to access up-to-fate machine learning for SDS and SONAR. Others, like McAfee and Webroot don’t function without a connection at all. Avast and Kaspersky need connection to access enhanced detection.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
Without internet your test is not accurate, as a lot of solutions need internet connection. I don’t understand what is the point of these weird and half-baked tests. What exactly are you trying to prove?

Norton needs connection to access up-to-fate machine learning for SDS and SONAR. Others, like McAfee and Webroot don’t function without a connection at all. Avast and Kaspersky need connection to access enhanced detection.
Norton dont matter so much with/without internet. If i open internet the test would be invalid because of KSN. Yes, KSN good but that test just shows offline results. Also, If behavioral protection dont work without internet, then why it's behavioral protection?
 
  • Like
Reactions: zidong and Khushal

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Norton dont matter so much with/without internet. If i open internet the test would be invalid because of KSN. Yes, KSN good but that test just shows offline results. Also, If behavioral protection dont work without internet, then why it's behavioral protection?
It does matter because without Internet it can’t use its reputation heuristic, which takes into account the file origin, age and prevalence. The machine learning is constrained too. There is a lot that is only in the cloud, updating doesn’t download all the models and threat information.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
It does matter because without Internet it can’t use its reputation heuristic, which takes into account the file origin, age and prevalence. The machine learning is constrained too. There is a lot that is only in the cloud, updating doesn’t download all the models and threat information.
You may be right but i dont thought it does matter so much exclude kaspersky if i open internet, Also, Kaspersky cant block while others can block.
 
  • Like
Reactions: zidong and Khushal

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
You may be right but i dont thought it does matter so much exclude kaspersky if i open internet, Also, Kaspersky cant block while others can block.
But it’s not only Kaspersky, Trend Micro, Norton, McAfee, Avast, Webroot and many others need their cloud either partially or fully.

You are disabling the antivirus in some tests and just testing the behavioural blocker. But then you are also going ahead and disconnecting the behavioural blocker from its machine learning backend, leaving it with a small number of local behavioural profiles.

So again, what’s the point of all that? You can turn off telemetry to protect your sample. But disconnecting the AV is absurd.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
You are disabling the antivirus in some tests and just testing the behavioural blocker. But then you are also going ahead and disconnecting the behavioural blocker from its machine learning backend, leaving it with a small number of local behavioural profiles.
If behavioral need internet, why it's behavioral protecton?
 
  • Like
Reactions: zidong and Khushal

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top