- Apr 13, 2013
- 3,144
Kaspersky AntiRansomware for Business beta Part 2
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Mar 1, 2014
- 1,708
Great video again, cruelsister!
What is proven is KAR's ability to detect and block in offline mode. But of course, it failed to detect some samples.
My theory is that KAR doesn't have enough algorithm to detect those files yet. Kaspersky still needs to implement new algorithms for new malware behavior in order to detect these kinds of threats.
Instead of this, I think Kaspersky should better release a stand-alone Trusted Applications Mode program. This would be something!
What is proven is KAR's ability to detect and block in offline mode. But of course, it failed to detect some samples.
My theory is that KAR doesn't have enough algorithm to detect those files yet. Kaspersky still needs to implement new algorithms for new malware behavior in order to detect these kinds of threats.
Instead of this, I think Kaspersky should better release a stand-alone Trusted Applications Mode program. This would be something!
Last edited:
- Mar 15, 2011
- 13,070
As usual, majority of anti-ransomware protection goes on signature based pattern alongside of behavior where it can only detect recent response threats.
But for sure Kaspersky and others wants user to not take time configuring thus straightforward program.
But for sure Kaspersky and others wants user to not take time configuring thus straightforward program.
- Aug 2, 2015
- 4,286
We have to keep in mind that this is a beta, that was not too bad but they do
have a ways to go still. I wouldn't rely on it just yet.
Its better than the performance of where MBARW was at this stage for sure lol.
Cool vid CruelSis...Thanks
have a ways to go still. I wouldn't rely on it just yet.
Its better than the performance of where MBARW was at this stage for sure lol.
Cool vid CruelSis...Thanks
- Sep 22, 2014
- 1,767
I like this Rollback feature, that should be improved more.
- Dec 24, 2011
- 480
Yes, this is a most important part of protection these days, assuming it works?
A test with WSA against the same samples would be a treat, as they must have been the first with roll back feature?
Or why not with Viruscope to see how that perform?
Great test CS!
/W
- Sep 22, 2014
- 1,767
Can someone tell me how KAR work without internet connection?
Does it have offline database or somekind of BB/HIPS?
Does it have offline database or somekind of BB/HIPS?
It's a pure behavior blocker when offline.
Impressive insight, thank you for that 2-parts video demonstration @cruelsister. Hope to see a improved stable version of KAR in the future!
- May 11, 2014
- 1,639
It's interesting, Kaspersky is a huge company, yet fails on these zero-day tests. WinPatrol on the other hand is able to produce a software that stops these zero-day ransomware, if they can, why does Kaspersky fail?
- Mar 1, 2014
- 1,708
It think it's because Kaspersky, in the case of KAR, is focused on detection rather than default-deny.
Kaspersky has default-deny in the name of Trusted Applications Mode of their security suites, but isn't used in KAR.
- Apr 13, 2013
- 3,144
The issue with KAR is that they produced a product that concentrated on Cloud detection first with mechanism detection as an afterthought. This surprised me as this is the worst possible approach to employ to protect against ransomware, especially for an application geared to the business realm. As the Pro Blackhats are morphing their malware a few times daily, Cloud detection via definitions is guaranteed to fail, and not developing a mechanistic based blocking approach to the most common ransomware being morphed is beyond inexcusable.
The sad thing is that one will see reviews of KAR by both Pro and Amateur reviewers that will give it excellent marks. The reason for this would be that the tests will concentrate on either older samples (covered by the Cloud) and Script-Kiddie morphs of common stuff that will be stopped by the mechanistic based module. The problem here is that although many samples of this kind of stuff can be found (I also did this in the first section of this video), these malware samples constitute only a small fraction of the ransomware being churned out. The samples on which KAR failed currently constitute the bulk of the ransomware being produced.
In short, when watching a review don't be impressed by the QUANTITY of malware used, but instead insist on their Quality and pertinence (Rant ends).
The sad thing is that one will see reviews of KAR by both Pro and Amateur reviewers that will give it excellent marks. The reason for this would be that the tests will concentrate on either older samples (covered by the Cloud) and Script-Kiddie morphs of common stuff that will be stopped by the mechanistic based module. The problem here is that although many samples of this kind of stuff can be found (I also did this in the first section of this video), these malware samples constitute only a small fraction of the ransomware being churned out. The samples on which KAR failed currently constitute the bulk of the ransomware being produced.
In short, when watching a review don't be impressed by the QUANTITY of malware used, but instead insist on their Quality and pertinence (Rant ends).
Excellent work as always Cruelsister! The accompanying Guitar track made it even more so enjoyable to kick back and watch you do your thing! 
Similar threads
