Der.Reisende

Level 40
Verified
Trusted
Content Creator
Malware Hunter
Almost too predictable. Not a whole lot of people doing it right in the ransomware game. A lot of companies seem more interested in throwing money away at bloated statistics.
+1

Took me only one random zero day Locky script out of a quite current pack from the HUB to waste Avira Pro (tested 1-1,5 weeks ago). Avira has quite good detections, but it takes them quite long to add signatures for SUDed files (from 2 to 6 hours i had everything).
I really like their detailed reports on submitted files, however, as they clearly advertise Anti-Ransom capabilities in their paid versions, they should really step up their game.

Avira.JPG

Back to topic: Thank you for another great vid @cruelsister, though I knew what would happen, I really enjoyed the clocklike Sunday vid of yours :)
P.S. Which ransomware was the 2nd one, looking like a installer? I did not see a wallpaper making it able to identify.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Almost too predictable. Not a whole lot of people doing it right in the ransomware game. A lot of companies seem more interested in throwing money away at bloated statistics.
Almost correct. They care about ransomware because it's a threat that scares users so it can be used for advertisement. Now why their product sucks at stopping them it's because they are stuck in 2002 with their precious signatures.
 
W

Wave

Sorry, I know Avira is a respectable and reputable security company, but they have joke products and it's been this way for a long time now. I agree with @XIII and @SHvFl (by the way I almost died laughing while reading the part about their "precious" signatures).

They need to step up their game and focus more on the dynamic aspects of malicious software protection, as opposed to keeping their focus directly on static detection methods - such as signature-based detection through checksum signatures - which are getting more and more obsolete everyday through the usage of zero-day packing techniques and even .NET obfuscation methods.

It seems they have an outdated engine and an outdated GUI - by "outdated" I am referring to it not being modern - since modern protection engines these days include really good dynamic heuristics, sandboxing, BB/HIPS protection mechanisms...

I know some people may not like what I am about to say, but I find it lazy and completely ridiculous that they have fallen behind with all the money they make... Many people use Avira, they surely have enough to invest in development of more sophisticated behavioural components. In fact, they don't even need to necessarily invest money, they can just do their own research on malware analysis and apply some basic concepts they should already know to develop at least a basic HIPS engine.

Hopefully Avira see this and take these points on-board, they are wasting too much time focusing on their signatures and their speed-up optimisation software/software launcher (they need to completely ditch the optimisation software and the launcher since it wastes their resources and is starting to ruin their image a bit IMO), when they could be spending more time on what really matters these days.
 

Evjl's Rain

Level 43
Verified
Trusted
Content Creator
Malware Hunter
She is able to find the flaw because the FLAW exists ( which is there to see for every one's eye) and not because she is so adamant to find the flaw.
I mean the malware samples
360 HIPS is very very sensitive against ransomwares but not as sensive against normal malwares
comodo is unpredictable, ransomwares may bypass

I didn't mean she does not want to find a flaw for those 2 but 360 and comodo did well with her samples

many other AVs don't use default-deny which means it's easier to find ransomware samples that can bypass the products
 
Last edited: