Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Avira vs a D+2 Ransomware file
Message
<blockquote data-quote="cruelsister" data-source="post: 747453" data-attributes="member: 7463"><p>Hi Guys! Just wanted to give a bit of background to this test. An old colleague made me aware of a bunch of this malware masquerading as Cracks were showing up, written by a Bulgarian Group. I was in a process of writing a rather extensive report on AMD and as is typical for me I needed frequent breaks (to allow for Brilliance to rise to the top). Anyway, I followed this thing from the report to me until I made the video and wanted to share a few things:</p><p></p><p>1). From what my friend told me there were over a hundred different variants that were released. Some just differed in the file name, some had verbose code that was nopped out to give it a different SHA-256. But all essentially were the same. Point being, whenever you read that there are like 10,000 "New" malware thingies being released daily, in all probability it is really like 10 with 9990 semi-duplicates.</p><p></p><p>(Note: for the following I'm limiting myself to products that are utilized by the Home User)</p><p></p><p>2). The initial detection was by Kaspersky. Qihoo was second. Both had definitions in place within 12 hours of initial detection (infection).</p><p></p><p>3). Between Day 1 and 2 (D+24-48 hrs)- detection came in dribs and drabs. Eset and Avast/AVG were the first, followed by others.</p><p></p><p>4). On day 2 (when I did the video), both Avira and Webroot were the only Non-Chinese majors not to detect it. At this point I did and uploaded to YouTube a Webroot fail. But before I made it public I did one more test and Damned- Webroot now got it (about FxxxxxG Time). So I deleted that video and did this one, with Avira.</p><p></p><p>5). Today (day 3; D+72 hrs), Avira cloud now detects it. Microsoft also delayed detection until earlier today. I personally feel that Microsoft could be the best anti-malware product on the Planet but are forced to dumb-down their detection due to anti-trust concerns. </p><p></p><p>6). Tencent still allows this malware. Please, please do not use Tencent!</p><p></p><p>7). Regarding the Avira Heuristics (and please note that I heavily edited this video to fit the song- which I consider one of the Highpoints of Western Culture - If I had used the default heuristic setting, the malware would have encrypted almost immediately. At the max, Avira kept it at abeyance for about 3 minutes until allowing it (duhhhhh- I think it's OK). Avira heuristics suck big-time.</p><p></p><p>8). This point is of EXTREME IMPORTANCE- note my comment above about Microsoft (Windows defender). I've seen such delays in TTD (Time To Detection) all of the time. So whenever you see any "Pro" testing site give WD stellar results, you should know that the malware used in that test was OLD (reminds me of the Kaspersky anti-ransomware test posted here recently when the newest malware used was a year old!). Demand that the Pro sites use ONLY NEW MALWARE and do the tests on all of the products SIMULTANEOUSLY. Otherwise there is no actual Real-World signifigance no matter what they may say.</p><p></p><p>Rant Ends.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 747453, member: 7463"] Hi Guys! Just wanted to give a bit of background to this test. An old colleague made me aware of a bunch of this malware masquerading as Cracks were showing up, written by a Bulgarian Group. I was in a process of writing a rather extensive report on AMD and as is typical for me I needed frequent breaks (to allow for Brilliance to rise to the top). Anyway, I followed this thing from the report to me until I made the video and wanted to share a few things: 1). From what my friend told me there were over a hundred different variants that were released. Some just differed in the file name, some had verbose code that was nopped out to give it a different SHA-256. But all essentially were the same. Point being, whenever you read that there are like 10,000 "New" malware thingies being released daily, in all probability it is really like 10 with 9990 semi-duplicates. (Note: for the following I'm limiting myself to products that are utilized by the Home User) 2). The initial detection was by Kaspersky. Qihoo was second. Both had definitions in place within 12 hours of initial detection (infection). 3). Between Day 1 and 2 (D+24-48 hrs)- detection came in dribs and drabs. Eset and Avast/AVG were the first, followed by others. 4). On day 2 (when I did the video), both Avira and Webroot were the only Non-Chinese majors not to detect it. At this point I did and uploaded to YouTube a Webroot fail. But before I made it public I did one more test and Damned- Webroot now got it (about FxxxxxG Time). So I deleted that video and did this one, with Avira. 5). Today (day 3; D+72 hrs), Avira cloud now detects it. Microsoft also delayed detection until earlier today. I personally feel that Microsoft could be the best anti-malware product on the Planet but are forced to dumb-down their detection due to anti-trust concerns. 6). Tencent still allows this malware. Please, please do not use Tencent! 7). Regarding the Avira Heuristics (and please note that I heavily edited this video to fit the song- which I consider one of the Highpoints of Western Culture - If I had used the default heuristic setting, the malware would have encrypted almost immediately. At the max, Avira kept it at abeyance for about 3 minutes until allowing it (duhhhhh- I think it's OK). Avira heuristics suck big-time. 8). This point is of EXTREME IMPORTANCE- note my comment above about Microsoft (Windows defender). I've seen such delays in TTD (Time To Detection) all of the time. So whenever you see any "Pro" testing site give WD stellar results, you should know that the malware used in that test was OLD (reminds me of the Kaspersky anti-ransomware test posted here recently when the newest malware used was a year old!). Demand that the Pro sites use ONLY NEW MALWARE and do the tests on all of the products SIMULTANEOUSLY. Otherwise there is no actual Real-World signifigance no matter what they may say. Rant Ends. [/QUOTE]
Insert quotes…
Verification
Post reply
Top