Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Do not choice Panda ! (Panda Dome Free vs Panda Dome Complete)
Message
<blockquote data-quote="ForgottenSeer 97327" data-source="post: 1018407"><p>Well, I made a joke about feeding the Panda one sample a year, but that could be the reason why Panda performs better in real world tests of AV-test labs (I have read somewhere that most of the AV-Labs use fresh samples, but launch malware samples in 15 minutes windows simultaneously for all AV's to prevent one AV learning from other sharing samples and VT-detections).</p><p></p><p>Machine Learning/Artificial Intelligence is the next level of static (pre-execution) heuristics, only AI/ML uses many more data points and determines the probability based on the distance to earlier bad/good sample value clusters (while heuristics only use a few data points with at best some rules based reasoning). This makes ML/AI a huge improvement over traditional heuristics. Behavioral blockers are often seen as the next level HIPS (which is not true because HIPS denied strange, out of bound, behavior, while BB's allow behavior until an actor has accumulated so many warnings, it is blocked, so allow by default).</p><p></p><p>Early BB's managed their own data acquisition and monitoring until Windows started to prevent or virtualize critical system components and the BB's started to use windows own event system for collecting unusual behavior., This has immense advantages (less overhead while obtaining more data), but at the cost of some loss of cause-effect information. Because the Windows OS became more robust, malware started to use smarter and more staged ways to intrude the system (e.g. social engineering, obfuscation, LolBin, script, boot persistency, worm, outbound access, dropper, exectable).</p><p></p><p>Due to the staged intrusion and insufficient cause-effect information, a behavior blocker will have a hard time recognizing the correlation between the different stages over time. The Behavior Blocker pattern recognition capabilities will decrease signifcantly when the tester launches mutiple malwares within a short period of time. All the event signals triggered (with insufficient cause-effect info) may overwhelm the BB because it does not know how to deal with so many deviations on normal behavior. The event-sequence-paths get disturbed, so the BB simply does not recognize the event-path-patterns which are typical for some malware (it becomes autistic due to the many event triggers).</p><p></p><p>I only know Kaspersky System Watcher as the raven with the white feathers, Kaspersky's System Watcher (behavorial blocker) somehow manages to keep track of the event-sequences and popup on the right moment to block malware from infecting your system, but Panda's and Webroot's behavioral blockers are obvious not capable of handling several malware intrusions in a short period of time (as clearly shown by Shadowra's videos).</p></blockquote><p></p>
[QUOTE="ForgottenSeer 97327, post: 1018407"] Well, I made a joke about feeding the Panda one sample a year, but that could be the reason why Panda performs better in real world tests of AV-test labs (I have read somewhere that most of the AV-Labs use fresh samples, but launch malware samples in 15 minutes windows simultaneously for all AV's to prevent one AV learning from other sharing samples and VT-detections). Machine Learning/Artificial Intelligence is the next level of static (pre-execution) heuristics, only AI/ML uses many more data points and determines the probability based on the distance to earlier bad/good sample value clusters (while heuristics only use a few data points with at best some rules based reasoning). This makes ML/AI a huge improvement over traditional heuristics. Behavioral blockers are often seen as the next level HIPS (which is not true because HIPS denied strange, out of bound, behavior, while BB's allow behavior until an actor has accumulated so many warnings, it is blocked, so allow by default). Early BB's managed their own data acquisition and monitoring until Windows started to prevent or virtualize critical system components and the BB's started to use windows own event system for collecting unusual behavior., This has immense advantages (less overhead while obtaining more data), but at the cost of some loss of cause-effect information. Because the Windows OS became more robust, malware started to use smarter and more staged ways to intrude the system (e.g. social engineering, obfuscation, LolBin, script, boot persistency, worm, outbound access, dropper, exectable). Due to the staged intrusion and insufficient cause-effect information, a behavior blocker will have a hard time recognizing the correlation between the different stages over time. The Behavior Blocker pattern recognition capabilities will decrease signifcantly when the tester launches mutiple malwares within a short period of time. All the event signals triggered (with insufficient cause-effect info) may overwhelm the BB because it does not know how to deal with so many deviations on normal behavior. The event-sequence-paths get disturbed, so the BB simply does not recognize the event-path-patterns which are typical for some malware (it becomes autistic due to the many event triggers). I only know Kaspersky System Watcher as the raven with the white feathers, Kaspersky's System Watcher (behavorial blocker) somehow manages to keep track of the event-sequences and popup on the right moment to block malware from infecting your system, but Panda's and Webroot's behavioral blockers are obvious not capable of handling several malware intrusions in a short period of time (as clearly shown by Shadowra's videos). [/QUOTE]
Insert quotes…
Verification
Post reply
Top