FMA Intel-Secure: CBAD Statistics & General Discussion

Status
Not open for further replies.

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Hi guys,

Since CBAD Cloud is being restored within the next 12 hours let me take some time and show you some data that i did gather from all the scans that have been performed using our software. Since we opened shop lots of data has been scanned, and if i take the sample pack scanning done by our members as a baseline, then i can honestly claim that we do not have to shame ourself in terms of detection and removal.
As how cocky it sounds, the fact is that we match many well known brands and in some cases even out perform them, which is not bad for a first generation program that is technically still in beta.

The question is how good did we do so far?
Well while the cloud was off line i did make a comparison chart that will show exactly how CBAD did perform in the past 60 days.
So here you go and let me know.

BDljL0w.png

Malware:
Detections = 2217
Removal =2153
Submissions= 899

Trojan:
Detections = 3395
Removal = 3211
Submissions = 1701

Virus:
Detection = 815
Removal = 783
Submissions = 360

Rootkit:
Detection = 726
Removal = 712
Submissions = 222

Adware:
Detection = 4835
Removal = 4691
Submissions = 1501

Spyware:
Detection = 803
Removal = 735
Submissions = 500

Ransomware:
Detection = 1614
Removal = 1598
Submissions = 741

Worms:

Detection = 881
Removal = 821
Submissions = 181

RAT: (Remote Access Tool)
Detection = 1864
Removal = 1742
Submissions = 330

Keylogger:
Detection = 124
Removal = 122
Submissions = 15

Bot:
Detection = 184
Removal = 180
Submissions = 75

Exploit:
Detection = 480
Removal = 473
Submissions = 221

Unclassifiable malicious codes (*Not listed in chart):
Detections = 9483
Removal = 7698
FP (False positive) = 3975

UsB3blr.png

Here you can see the percentage of user malware submissions since we opened shop. (Thanks guys)

pCMfNPZ.png

Here you can see all the type of detections and the share they represent of the total detections.
This does clearly show that adware, malware and trojans seem to dominate the internet and present a clear danger to computers & servers, data and web pages.
Also the amount of RAT and R-Ware detections does raise a alarm and imo it should be noted that these 2 types of malicious software should not be underestimated as they usually do cause massive damage and data loss.
The main reason for this topic is simple, to many users here on MT and to many users on the net underestimate their exposure to malware.
Usually they put to much faith in their own computer habits, and as such they generate a false sense of security.

So let me know what you think about these statistic's?
What do you think CBAD Anitmalware so far?
What would you recommend for us to do next?
What do you do personally to protect yourself against malicious data?
In your opinion where does traditional antivirus/malware shine? and where does it fail?
What could the industry do to bring down the numbers of malware on the net (realistically)?

Just a open discussion guys.
Looking forward to your reactions, comments and opinions.

Kind Regards
Nico
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
So you can classify the malwares type.. I think people will trust this stuff if your AV use make sense detection name.

I do not understand you comment, what is it that you try to say? Because in terms of trustworthiness i can honestly say that we have a good name and rather good product and that our star is rising.
Obviously we are still in BETA phase and there are still lots of things we need to improve but so far i did not hear anyone making critical comments. And no the cloud cannot classify malware based upon the code as its does not use signatures.
The classification is being done by our research department which does check the detected codes every 48h, to kill false positives, to gather statistical data, to enhance our software based upon new trends in detections and increase removal capacity and to make sure that every single detection that is being added to our database is truly malware.
Keeping this clean smooth and steady.
Because while the cloud does not work with signatures it however does remember every detection it makes, so next time anyone using our software comes across the same file, then it does not need to be uploaded anymore and will be flagged by default. Which speeds up scanning, lowers resource usage and provides faster reaction times.
So hence why our research department goes trough the detection every 48h

Kind Regards
Nico
 
  • Like
Reactions: Ali80 and Oxygen

avkom

Level 3
Verified
Well-known
Jul 29, 2013
111
Your cloud could provided malware type into a statistic report but it could not classify and report malware type as detection name? LOL
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Your cloud could provided malware type into a statistic report but it could not classify and report malware type as detection name? LOL

@avkom Uhhm LOL where did it say that the cloud was providing the data into a statistic report? When I have been saying at the beginning of the topic:

Let me take some time and show you some data that i did gather from all the scans that have been performed using our software.
Well while the cloud was off line i did make a comparison chart that will show exactly how CBAD did perform in the past 60 days.


And in the second reply:

The classification is being done by our research department which does check the detected codes every 48h, to kill false positives, to gather statistical data, to enhance our software based upon new trends in detections and increase removal capacity and to make sure that every single detection that is being added to our database is truly malware.
Keeping this clean smooth and steady.

So again LOL reading seems to be hard these days is it? They got backup classes for that buddy LOL.
Alright with that out of the way, I fall back to my original reply to you:

avkom said:
So you can classify the malwares type.. I think people will trust this stuff if your AV use make sense detection name.
Click to expand...
I do not understand you comment, what is it that you try to say?

Kind Regards Nico
 

avkom

Level 3
Verified
Well-known
Jul 29, 2013
111
@jasonstatham Calm down dude :p

Let me take some time and show you some data that i did gather from all the scans that have been performed using our software.
Well while the cloud was off line i did make a comparison chart that will show exactly how CBAD did perform in the past 60 days.


All the scans? Where? In your computer or in all CBAD users?

I do not understand you comment, what is it that you try to say?

CBAD virus detection name is so :). Yes @KardoKristal has explained my answers. I think he's cleaver. LOL :p
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
@Nico@FMA


avkom probably meant detection name like "TrojWare.Win32.Trojan.Agent" and so on...

Regards,
Kardo

Right well his comment do not make sense to me, ill bet he must have been sleeping or drunk or so as the replies did not impress me lol.
In regards to the naming of detected malware its simple I already explained it like 5 times that maybe in the future we will have such option.
But at this point there is no way the cloud could do that within the current config.

Cheers and thanks for the reply.
 

Kardo Kristal

From Crystal Security
Verified
Top Poster
Developer
Well-known
Jul 12, 2014
1,143
@Nico@FMA
Right well his comment do not make sense to me, ill bet he must have been sleeping or drunk or so as the replies did not impress me lol.
LOL. xD
In regards to the naming of detected malware its simple I already explained it like 5 times that maybe in the future we will have such option.

For me it is totally fine, just tried to explain what avkom asked or mentioned. ;) PS. Nice charts and statistics! :)

Regards,
Kardo
 

avkom

Level 3
Verified
Well-known
Jul 29, 2013
111
Why you edited first post. LOL

How came malware statistic can be done but malware type can't be used as detection name. Okay the reason is our cloud doesn't use blablabla. :p
 
  • Like
Reactions: indra11tng

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
@jasonstatham Calm down dude :p

Let me take some time and show you some data that i did gather from all the scans that have been performed using our software.
Well while the cloud was off line i did make a comparison chart that will show exactly how CBAD did perform in the past 60 days.

All the scans? Where? In your computer or in all CBAD users?

I do not understand you comment, what is it that you try to say?

CBAD virus detection name is so :). Yes @KardoKristal has explained my answers. I think he's cleaver. LOL :p

"i did gather from all the scans that have been performed using our software." What part of this do you not understand?
Obviously the data has been put together over ALL scans made with CBAD this includes every single client.

After our research department has classed the files that have been detected by the cloud and confirmed them to be malicious it will be added into our repository on our server that allows me to extract any data I want over a time period.
I call it our little zoo.

And again our cloud does not give names to detections, as currently the cloud cannot do that.
And as I explained several times maybe in the far future we will have names, but at this point I do not have plans to redo the whole cloud just because of some names. The cloud has been made with 1 thing in mind, determine if a file is clean or malicious.
It has never been made to give names...

Are we done bashing me and my product? Yes? ok nice...
Can we now get back on topic please?

Cheers
 

avkom

Level 3
Verified
Well-known
Jul 29, 2013
111
"i did gather from all the scans that have been performed using our software." What part of this do you not understand?
Obviously the data has been put together over ALL scans made with CBAD this includes every single client.

After our research department has classed the files that have been detected by the cloud and confirmed them to be malicious it will be added into our repository on our server that allows me to extract any data I want over a time period.
I call it our little zoo.

And again our cloud does not give names to detections, as currently the cloud cannot do that.
And as I explained several times maybe in the far future we will have names, but at this point I do not have plans to redo the whole cloud just because of some names. The cloud has been made with 1 thing in mind, determine if a file is clean or malicious.
It has never been made to give names...

Are we done bashing me and my product? Yes? ok nice...
Can we now get back on topic please?

Cheers
Bashing? I was just asking dude. I wonder why you can create malware statistic but you can't use malware type/name as the detection name. Okay from your answer that you classified the sample manually or I don't follow you?
 
  • Like
Reactions: indra11tng

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Bashing? I was just asking dude. I wonder why you can create malware statistic but you can't use malware type/name as the detection name. Okay from your answer that you classified the sample manually or I don't follow you?

Yes the real classification is being done by our research team they actually class and name the malware.
 

avkom

Level 3
Verified
Well-known
Jul 29, 2013
111
Yes the real classification is being done by our research team they actually class and name the malware.
Your answer is make sense since your cloud could does not give names to detections.

Anyway, you research team must be had hard work for classifying hundreds sample manually. :D
 
  • Like
Reactions: indra11tng

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Your answer is make sense since your cloud could does not give names to detections.
Anyway, you research team must be had hard work for classifying hundreds sample manually. :D

Yes they are doing a good job, we have a few systems in place which they use to automate the process. So its actually not that much work.
Anyway thanks for your reaction.
 

avkom

Level 3
Verified
Well-known
Jul 29, 2013
111
Yes they are doing a good job, we have a few systems in place which they use to automate the process. So its actually not that much work.
Anyway thanks for your reaction.
It seems your few systems is more sophisticated than your cloud because they can classify malware type automatically. :D
 
  • Like
Reactions: indra11tng

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
It seems your few systems is more sophisticated than your cloud because they can classify malware type automatically. :D

Well initially we are a digital forensics & intrusion analysis company, and the systems we use for that are kickass and very advanced.
But then again the malware thing did come only 2 months ago. So yes you are right the analysis tools we have are far more advanced then any AV on the market, and this is not unique because ANY company that does digital forensics & intrusion analysis will have similar systems in place that are equally effective.
 
  • Like
Reactions: Kardo Kristal

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
@avkom
If you want to ask something about the product, you can do it without equivocations, everyone has an opinion but everyone should also respect other's posts and make a conversation/discussion in a cultural way. And please stay on topic. Thank you.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top