App Review [Bypassed] Crystal Security VS DarkComet RAT (Manzaitest)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Status
Not open for further replies.
M

Manzai

Thread author


- DarkComet detection => 0/1 / 0%
- Behavioral Shield => 0/1 / 0%

Crystal Security was bypassed in my test against DarkComet.
The big downside, Crystal Security is is too trusting on it's database and lack of behavioral and proactive detection.
When creating a server, change the MD5 and it's impossible for Crystal Security to detect it.

@Kardo Kristal Crystal Security is a very good software but add heuristic detections or a HIPS. ;)
 

Tony Cole

Level 27
Verified
May 11, 2014
1,639
The problem is with security software like Crystal Security is that they do not have the staff, nor the funds to develop the product further, therefore they struggle against today's advanced threats.

P.S. great review Manzai
 

Dubseven

Level 14
Verified
Aug 12, 2013
694
VirusTotal and 100% detection.. Oops.
Like they said, in all case the problem is from the trust of the Crystal Security staff to VirusTotal.
It's was a default server from DarkComet Remote Administration Tools (Trojan), lot of companies detect it, it's like EICAR but VirusTotal has only the hash of the files, that's is very easy to change, so Crystal Security can detect only VirusTotal scanned files, not real potential infections that you can be infected.

I have already mentioned that on an older post.

People thinks that VirusTotal is the best way for a 100% detection, it's totally wrong. And my company was accused of use of VT (Tiranium) due to the detection rate, that's another subject.

4sxVqB9.png



Hackers starts sharing them malicious files on all the internet. No one will thinks to scan it on VirusTotal because they trust the web site or them anti-virus.

Lot of anti-virus companies receive suspicious files automatically from them users, for them protection.
And some anti-virus companies uses them security toolbars to logs them users visited web sites to analyze them in deep.


XMq3V8j.png



Your anti-virus will detect any undetected attacks more faster than VirusTotal and the scan on VirusTotal of the malicious file is not guaranteed. And the softwares of anti-virus on VirusTotal are not updated quickly like on the users computers.

For malware like the DarkComet Remote Administration Tools servers, companies favorite HEX detections (one/two/three or more parts from the codes of the program).
And others companies favorite icon detections too. Others, favorite JMP (debugg) or Entry Point (PE, the entry code that the program starts) detections.

298438.png

(HEX codes from a program)


Entry-point.png



This system help the companies to detect ALL new created malware from a malicious software or all the variants of a malicious worm or program.

Because the program will change the signature but never the code.
We can take example (not real):
Let's say that:

ABC DEF GEH

are the codes of a malicious program.
when you create a new variant, in the codes, this adds news things like the settings choosen by the user:

ABC %random things% DEF GEH KeyloggerName CND

But the ABC DEF and GEH will be always here at the same entry. This means, the signature will change because the codes in the program changes but some points in the codes will still be always the same.

That's being said, VirusTotal will never protect any users from real malware that the user can meet on the internet.
And the results on malware detections, will never be 100 percent.
That's why Crystal Security has difficulties on malware detections.
What i recommend to the Crystal Security staff, is to do like we're doing in Tiranium Staff, to work with a method of better detection than hash (HEX or others) and to recruit malware hunters to create a real and good anti-malware database.

I can understand that is difficult to recruit malware hunters, it's was very hard for us too, but it's the best way. VirusTotal is not a good choose in my opinion for an security product, due to the bad detection rate. You can do better with upgrading your own database.

That's being said, i hope that Crystal Security will become better with the time. And i hope Kardo will understand my suggestion.
Good work and a good project.


Good luck Kardo :)


Maybe i said something wrong, sorry about. if my post offends anyone, I'm sorry too, it's not my goal.
 
Last edited:

Kardo Kristal

From Crystal Security
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
@Tony Cole
The problem is with security software like Crystal Security is that they do not have the staff, nor the funds to develop the product further, therefore they struggle against today's advanced threats.

P.S. great review Manzai

Read this (you can find it in Crystal Security thread) ;)
Hello everyone.

I hope you are all doing well. Today I would like to introduce the new developer at Crystal Security!
His name is Stefan Tafkov and he has previously worked at other security-related companies.

I am hopeful for the future of Crystal Security with the new developer, and there should be some nice updates soon!

:)

Regards,
Kardo

Regards,
Kardo
 

Kardo Kristal

From Crystal Security
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
@Dubseven Thank you for your informative comment. It is much appreciated. ;)

I do not agree that VirusTotal is totally useless, because why then HitmanPro integrated VT service? Currently I am not working alone on this project and we have a plan to get rid of VT usage in the future. when all goes well.. Lets see how good is my teamwork to provide even better protection against malware (different methods to detect suspicious/unknown malware etc..).

Regards,
Kardo
 
S

Sr. Normal

Thread author
Thanks for another excellent review @Manzai.

What I really like about MT is what I learn every day and with threads like these, with respect to which you expose this information is best.

Crystal Security is not a finished product, but is an excellent proposal, it is , as we say in my country , " another around the screwdriver and perfect."

3 translators and 3 different translations, hope will understand what I mean.

Greetings to all
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top