Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Crowdstrike Falcon Review | Tested vs Malware
Message
<blockquote data-quote="artek" data-source="post: 828044" data-attributes="member: 22897"><p>I have several problems with this video and with his testing methodology.</p><p></p><p>1st) I don't think 98.58% detection rate is a bad result (that's what his script indicates in the video).</p><p>During his sophos test which is linked here: [MEDIA=youtube]p4-lLZtsGjY[/MEDIA]. Sophos had a detection rate of 97.56%. And he iterates that it was one of the cleanest he's seen of a system doing this kind of test. But how can this be? 97.56 is clearly lower than 98.58. The difference in the rate of infection and the status of the system is more dependent on the sample set he is choosing in each video. The small percentage of files that snuck through in the sophos test were probably either non-functional or benign. Which would indicated to me that he is not curating his samples carefully enough to ensure that they contain functional and dangerous malware consistently across all of his tests. It could very well be that some of the sample sets that he chose to run during many of his test were either easier or harder than his other tests depending on the randomness with which he selects his samples.</p><p></p><p>2nd) His operating system is out of date. Does that include security patches that would render some of the samples non-functional on a reboot? Why is the OS fully up to date in some of his videos and not others?</p><p></p><p>3d) He tested glasswire against ransomeware samples. Said there were no notifications. Found the notifications but concluded that the firewall wouldn't be effective in stopping any real world attacks. Never mind that he left the connection blocking feature off and tested the logging features of glasswire. Let that sink in. <strong>He tested network logging features in their ability to stop ransomware samples.</strong> Which suggests to me that he is either incompetent or he's designing tests in a way that conforms with his bias. Wouldn't it make way more sense to use a trojan instead of a ransomeware smaple to test this kind of feature? You're going to get way more network chatter with the trojan.</p></blockquote><p></p>
[QUOTE="artek, post: 828044, member: 22897"] I have several problems with this video and with his testing methodology. 1st) I don't think 98.58% detection rate is a bad result (that's what his script indicates in the video). During his sophos test which is linked here: [MEDIA=youtube]p4-lLZtsGjY[/MEDIA]. Sophos had a detection rate of 97.56%. And he iterates that it was one of the cleanest he's seen of a system doing this kind of test. But how can this be? 97.56 is clearly lower than 98.58. The difference in the rate of infection and the status of the system is more dependent on the sample set he is choosing in each video. The small percentage of files that snuck through in the sophos test were probably either non-functional or benign. Which would indicated to me that he is not curating his samples carefully enough to ensure that they contain functional and dangerous malware consistently across all of his tests. It could very well be that some of the sample sets that he chose to run during many of his test were either easier or harder than his other tests depending on the randomness with which he selects his samples. 2nd) His operating system is out of date. Does that include security patches that would render some of the samples non-functional on a reboot? Why is the OS fully up to date in some of his videos and not others? 3d) He tested glasswire against ransomeware samples. Said there were no notifications. Found the notifications but concluded that the firewall wouldn't be effective in stopping any real world attacks. Never mind that he left the connection blocking feature off and tested the logging features of glasswire. Let that sink in. [B]He tested network logging features in their ability to stop ransomware samples.[/B] Which suggests to me that he is either incompetent or he's designing tests in a way that conforms with his bias. Wouldn't it make way more sense to use a trojan instead of a ransomeware smaple to test this kind of feature? You're going to get way more network chatter with the trojan. [/QUOTE]
Insert quotes…
Verification
Post reply
Top