Malware Hub Testing

ForgottenSeer 58943 said:
Ugh, I looked forward to your continued testing of Norton. While I don't use Norton I do love following it and seeing it tested. Most guys seem to test the same couple of suites, I'd like to see alternative suites being tested more.
Click to expand...
Lets see what time brings ;) We got a big client at work that needs to be configured, so it takes a lot of work time.
Maybe when they are settled i will be back here for testing :)
 
  • Like
Reactions: upnorth, silversurfer, harlan4096 and 2 others
L0ckJaw said:
Lets see what time brings ;) We got a big client at work that needs to be configured, so it takes a lot of work time.
Maybe when they are settled i will be back here for testing :)
Click to expand...

Not to get off tangent, Norton has a SERIOUS activation bug that has been around for years. Where you try to sign in after install and it cannot connect to servers. Hundreds of google search results on this.

So I tried to put it on a test machine (VM) and got this bug. I opened a web chat, after an hour of some low grade tech repeating what I already did it got bumped to a high level Norton Tech. After another hour it 'magically' worked. I wiped the VM, remade it, and guess what? Same issue was back.

It's really pathetic when firms can't even get things like install/uninstall/registration right with their products and DOES NOT give me confidence in them to handle serious matters. Back in the dumpster with Norton for me. At least the time wasn't lost with the Norton techs, I was busy doing other crap and just let them fuss around in the VM..
 
  • Like
Reactions: upnorth and Sunshine-boy
ForgottenSeer 58943 said:
Not to get off tangent, Norton has a SERIOUS activation bug that has been around for years. Where you try to sign in after install and it cannot connect to servers. Hundreds of google search results on this.

So I tried to put it on a test machine (VM) and got this bug. I opened a web chat, after an hour of some low grade tech repeating what I already did it got bumped to a high level Norton Tech. After another hour it 'magically' worked. I wiped the VM, remade it, and guess what? Same issue was back.

It's really pathetic when firms can't even get things like install/uninstall/registration right with their products and DOES NOT give me confidence in them to handle serious matters. Back in the dumpster with Norton for me. At least the time wasn't lost with the Norton techs, I was busy doing other crap and just let them fuss around in the VM..
Click to expand...
I never had that bug, uninstalled and installed it a lot of times. Signed in with my e-mail and works.
 
  • Like
Reactions: upnorth, harlan4096, Hero7 and 1 other person
amico81 said:
I had the same problem 2 weeks before. That was the reason for me to change my av
Click to expand...

I've had the problem on my test machine, and have seen it at least a half dozen times over the last year on other systems. Seriously, if they can't fix something as simple as signing in with your email would one have confidence in them for more complex things?

They CLEARLY know about it, as their techs have a list of things to try to fix it, including removal of IE11 from the machine, etc.
 
  • Like
Reactions: Faybert, Sunshine-boy, L0ckJaw and 1 other person
ForgottenSeer 58943 said:
I've had the problem on my test machine, and have seen it at least a half dozen times over the last year on other systems. Seriously, if they can't fix something as simple as signing in with your email would one have confidence in them for more complex things?

They CLEARLY know about it, as their techs have a list of things to try to fix it, including removal of IE11 from the machine, etc.
Click to expand...
i never had that issue when i was testing Norton, could be hardware/isp related?
 
mekelek said:
i never had that issue when i was testing Norton, could be hardware/isp related?
Click to expand...

same hardware ->no changes. i tried the install with my active logged-in-account....no chance to activate
the license on the pc :mad: sure i can call the support...but sorry no...I am not dependent on norton
 
We don't need to discuss with people they just want to criticize the efforts of testers. Like it or not but keep in mind, doing something wrong is always better than doing nothing like the most other members of the forum here ;)

It's always the same old story, new members come in here with suggestions how others need to work :rolleyes:
 
  • Like
Reactions: Solarquest, illumination, Gandalf_The_Grey and 9 others
silversurfer said:
We don't need to discuss with people they just want to criticize the efforts of testers. Like it or not but keep in mind, doing something wrong is always better than doing nothing like the most other members of the forum here ;)

It's always the same old story, new members come in here with suggestions how others need to work :rolleyes:
Click to expand...

You took the words right out of my mouth.
 
  • Like
Reactions: Solarquest, silversurfer and Der.Reisende
ticklemefeet said:
I have looked at a few of the tests and noticed shadow defender being used as isolation. I would think that would limit the software that can be tested because any software requiring a restart will be gone when the machine starts back up.
Unless I am missing something.
Click to expand...
SD is used to virtualize the current Windows session so that the tester can test the malware in complete safety.
What software that requires a reboot you're talking about?
 
  • Like
Reactions: illumination, silversurfer, Der.Reisende and 1 other person
tim one said:
SD is used to virtualize the current Windows session so that the tester can test the malware in complete safety.
What software that requires a reboot you're talking about?
Click to expand...

Yes I have been using SD for along time. I am talking about any software that requires a reboot after install. don't most AV's require a reboot after install? when I test software I have SD running on my host and virtual box running with what ever software I am testing .
 
  • Like
Reactions: upnorth and Der.Reisende
I guess @ticklemefeet means when, for instead, the security application needs to reboot the system to finish the clean-up, or similar cases to check if after a reboot the system is still infected... of course in these cases with Shadow Defender, the tester is limited...

About installing other software in general there is no problem, the tester should 1st prepare in the real system all the necesary tools before testing, and then go to Shadow Mode...
 
  • Like
Reactions: Solarquest, illumination, upnorth and 4 others
ticklemefeet said:
Yes I have been using SD for along time. I am talking about any software that requires a reboot after install. don't most AV's require a reboot after install? when I test software I have SD running on my host and virtual box running with what ever software I am testing .
Click to expand...
As @harlan4096 said.
Of course SD has to be used with your AV already installed in Windows session.
 
Last edited:
  • Like
Reactions: illumination, bribon77, silversurfer and 1 other person
tim one said:
As @harlan4096 said.
Of course SD has to be used with your AV already installed in Windows session.
Click to expand...

I start SD up on my host
I then open VB and install whatever I want to test. then a reboot the vm is not a problem and if a sample manages to get through VB and on to my host system, a reboot will clear it. just an extra precaution.
I have not used malware tips samples as of yet.
 
  • Like
Reactions: tim one and harlan4096
Remember that Shadow Defender does not protect against data exfiltration.

Chat logs from local IM software, personal documents such as photos and other types of media, browser history/bookmarks/saved passwords, finger-printing data regarding yourself and your machine and a lot more can be stolen - you may never even know about it afterwards unless you were analysing the payloads and identified 100% of what the sample did.
 
  • Like
Reactions: tim one, illumination, silversurfer and 2 others
This is ridiculous, on the full understanding of the word. No Malware Hub tester here is paid and it's no job to share what is shared. MalwareTips has always gave the chance to people to learn, and that's the whole purpose of these forums: share, teach, and learn. Choose your style but do not interfere with the rest. The Malware Hub has amazing professionals, and amazing learners, who have the guts to apply to the Hub and start learning and updating their methodology in the process. Aforementioned, it is no work and it's not rewarded in any way but the gratitude of becoming better and the amazing enviroment the testers provide. As some mate has told you, if you don't like what some people do, specially learners, ignore it. But please do not come here pointing people with a finger claiming what they try their best to do is not of your taste.

Some months ago I didn't even know what process hollowing was, now I can say I'm certain to know how to identify this technique applied by malware. And I owe it only to the Hub and the amazing people there willing to help. If you think what is done is done wrong, then maybe you could apply and teach us the way.
 
  • Like
Reactions: Solarquest, harlan4096, tim one and 7 others
Opcode said:
Remember that Shadow Defender does not protect against data exfiltration.

Chat logs from local IM software, personal documents such as photos and other types of media, browser history/bookmarks/saved passwords, finger-printing data regarding yourself and your machine and a lot more can be stolen - you may never even know about it afterwards unless you were analysing the payloads and identified 100% of what the sample did.
Click to expand...

I think you might be misunderstanding me. I don't test samples on my host system, I only test them in a vm but I always have SD running on my host. does that make sense? on my host for protection I run voodooshield and appguard along with an antikeylogger.
 
  • Like
Reactions: harlan4096 and upnorth

You may also like...