Serious Discussion Are antiviruses unimportant?

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
If behavioral need internet, why it's behavioral protecton?
The fact that it is “behavioural” doesn’t have anything to do with the way it operates. It needs internet because some machine learning models are impossible to run on your machine, they would take days, weeks, months.

If you don’t understand the principles of protection, you should abstain from doing everything that you do.
i think you dont tell behavior, you telling heuristic.
They work the same way. One works with behaviour extracted through partial emulation, the other one works with behavioural features observed at runtime.

Also, try consolidating your replies in one post.
Don’t rush to reply, read and understand first.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
The fact that it is “behavioural” doesn’t have anything to do with the way it operates. It needs internet because some machine learning models are impossible to run on your machine, they would take days, weeks, months.
I also tested it with system watcher, internet was open and ksn was also connected but it did not block. But it's not recorded, if you want me to test sample with all modules and open internet, i will record it and send you after @Shadowra and @Khushal told me they tested my sample.

Another things with KSN or alternative of it is that they dont get digitally signed files, that's why if a virus really strongly fudded and signed, then KSN-like cloud technologies would ignore it.



i think offline behavioral protection should able to stop this virus, it's not complex. it's simple.
 
  • Like
Reactions: zidong and Khushal

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
Another things with KSN or alternative of it is that they dont get digitally signed files, that's why if a virus really strongly fudded and signed, then KSN-like cloud technologies would ignore it.
Different solutions have different ways of dealing with signed malware. Some may be oblivious to signed malware, others may need more indicators than just the digital signature. Kaspersky is not one of the oblivious, neither is Avast. Avast very quickly makes the digital signature the actual reason for detection.
 

Dr. Wells

Level 1
Thread author
Aug 27, 2024
38
Different solutions have different ways of dealing with signed malware. Some may be oblivious to signed malware, others may need more indicators than just the digital signature. Kaspersky is not one of the oblivious, neither is Avast. Avast very quickly makes the digital signature the actual reason for detection.
Maybe i can test AVG tonight with open internet. I worry it.
 
  • Like
Reactions: Khushal and Trident

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,561
Here are the tests!

Internet was disabled during the test.

KFree1.png
KFree2.png
KFree3.png

Kaspersky did not block the attack.
I don't think the Ransomware encrypts the data because the files are lost forever...
It's more like a Wipper...

Bitdefender.png
Bitdefender blocked it on extraction by the anti-malware engine with one detection.
 

Khushal

Level 2
Apr 4, 2024
68

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,355
it does encrypt data, i agree i am doing forensics.
It compromises the integrity of information is the right way to say it then, since you are doing forensics.
It is malware and it must be detected.
@Trident Bro i just tested Kaspersky Premium with all module and connected to network and it didnot block, im uploading video.
Kaspersky Premium can be tweaked to not allow the execution of this file. Without the tweak, seems like there is no detection from the standard modules.
 

Khushal

Level 2
Apr 4, 2024
68
It compromises the integrity of information is the right way to say it then, since you are doing forensics.
It is malware and it must be detected.

Kaspersky Premium can be tweaked to not allow the execution of this file. Without the tweak, seems like there is no detection from the standard modules.
Yeah i have often submitted Kaspersky such samples and their analysts always hesitate to add heuristics for Kryptik/Crypt Samples. Albeit i do think that Kaspersky might behave differently on a real machine as quoted multiple times by their experts.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top