Malware Hub Testing

L0ckJaw

L0ckJaw

Level 19
Verified
Content Creator
Well-known
Feb 17, 2018
870
ForgottenSeer 58943 said:
Ugh, I looked forward to your continued testing of Norton. While I don't use Norton I do love following it and seeing it tested. Most guys seem to test the same couple of suites, I'd like to see alternative suites being tested more.
Click to expand...
Lets see what time brings ;) We got a big client at work that needs to be configured, so it takes a lot of work time.
Maybe when they are settled i will be back here for testing :)
 
  • Like
Reactions: upnorth, silversurfer, harlan4096 and 2 others
F

ForgottenSeer 58943

L0ckJaw said:
Lets see what time brings ;) We got a big client at work that needs to be configured, so it takes a lot of work time.
Maybe when they are settled i will be back here for testing :)
Click to expand...

Not to get off tangent, Norton has a SERIOUS activation bug that has been around for years. Where you try to sign in after install and it cannot connect to servers. Hundreds of google search results on this.

So I tried to put it on a test machine (VM) and got this bug. I opened a web chat, after an hour of some low grade tech repeating what I already did it got bumped to a high level Norton Tech. After another hour it 'magically' worked. I wiped the VM, remade it, and guess what? Same issue was back.

It's really pathetic when firms can't even get things like install/uninstall/registration right with their products and DOES NOT give me confidence in them to handle serious matters. Back in the dumpster with Norton for me. At least the time wasn't lost with the Norton techs, I was busy doing other crap and just let them fuss around in the VM..
 
  • Like
Reactions: upnorth and Sunshine-boy
L0ckJaw

L0ckJaw

Level 19
Verified
Content Creator
Well-known
Feb 17, 2018
870
ForgottenSeer 58943 said:
Not to get off tangent, Norton has a SERIOUS activation bug that has been around for years. Where you try to sign in after install and it cannot connect to servers. Hundreds of google search results on this.

So I tried to put it on a test machine (VM) and got this bug. I opened a web chat, after an hour of some low grade tech repeating what I already did it got bumped to a high level Norton Tech. After another hour it 'magically' worked. I wiped the VM, remade it, and guess what? Same issue was back.

It's really pathetic when firms can't even get things like install/uninstall/registration right with their products and DOES NOT give me confidence in them to handle serious matters. Back in the dumpster with Norton for me. At least the time wasn't lost with the Norton techs, I was busy doing other crap and just let them fuss around in the VM..
Click to expand...
I never had that bug, uninstalled and installed it a lot of times. Signed in with my e-mail and works.
 
  • Like
Reactions: upnorth, harlan4096, Hero7 and 1 other person
F

ForgottenSeer 58943

amico81 said:
I had the same problem 2 weeks before. That was the reason for me to change my av
Click to expand...

I've had the problem on my test machine, and have seen it at least a half dozen times over the last year on other systems. Seriously, if they can't fix something as simple as signing in with your email would one have confidence in them for more complex things?

They CLEARLY know about it, as their techs have a list of things to try to fix it, including removal of IE11 from the machine, etc.
 
  • Like
Reactions: Faybert, Sunshine-boy, L0ckJaw and 1 other person
mekelek

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
ForgottenSeer 58943 said:
I've had the problem on my test machine, and have seen it at least a half dozen times over the last year on other systems. Seriously, if they can't fix something as simple as signing in with your email would one have confidence in them for more complex things?

They CLEARLY know about it, as their techs have a list of things to try to fix it, including removal of IE11 from the machine, etc.
Click to expand...
i never had that issue when i was testing Norton, could be hardware/isp related?
 
amico81

amico81

Level 21
Verified
Top Poster
Well-known
Jan 10, 2017
1,061
mekelek said:
i never had that issue when i was testing Norton, could be hardware/isp related?
Click to expand...

same hardware ->no changes. i tried the install with my active logged-in-account....no chance to activate
the license on the pc :mad: sure i can call the support...but sorry no...I am not dependent on norton
 
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148
We don't need to discuss with people they just want to criticize the efforts of testers. Like it or not but keep in mind, doing something wrong is always better than doing nothing like the most other members of the forum here ;)

It's always the same old story, new members come in here with suggestions how others need to work :rolleyes:
 
  • Like
Reactions: Solarquest, illumination, Gandalf_The_Grey and 9 others
erreale

erreale

Level 9
Verified
Content Creator
Malware Hunter
Well-known
Oct 22, 2016
409
silversurfer said:
We don't need to discuss with people they just want to criticize the efforts of testers. Like it or not but keep in mind, doing something wrong is always better than doing nothing like the most other members of the forum here ;)

It's always the same old story, new members come in here with suggestions how others need to work :rolleyes:
Click to expand...

You took the words right out of my mouth.
 
  • Like
Reactions: Solarquest, silversurfer and Der.Reisende
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
ticklemefeet said:
I have looked at a few of the tests and noticed shadow defender being used as isolation. I would think that would limit the software that can be tested because any software requiring a restart will be gone when the machine starts back up.
Unless I am missing something.
Click to expand...
SD is used to virtualize the current Windows session so that the tester can test the malware in complete safety.
What software that requires a reboot you're talking about?
 
  • Like
Reactions: illumination, silversurfer, Der.Reisende and 1 other person
F

ForgottenSeer 69673

tim one said:
SD is used to virtualize the current Windows session so that the tester can test the malware in complete safety.
What software that requires a reboot you're talking about?
Click to expand...

Yes I have been using SD for along time. I am talking about any software that requires a reboot after install. don't most AV's require a reboot after install? when I test software I have SD running on my host and virtual box running with what ever software I am testing .
 
  • Like
Reactions: upnorth and Der.Reisende
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,655
I guess @ticklemefeet means when, for instead, the security application needs to reboot the system to finish the clean-up, or similar cases to check if after a reboot the system is still infected... of course in these cases with Shadow Defender, the tester is limited...

About installing other software in general there is no problem, the tester should 1st prepare in the real system all the necesary tools before testing, and then go to Shadow Mode...
 
  • Like
Reactions: Solarquest, illumination, upnorth and 4 others
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
ticklemefeet said:
Yes I have been using SD for along time. I am talking about any software that requires a reboot after install. don't most AV's require a reboot after install? when I test software I have SD running on my host and virtual box running with what ever software I am testing .
Click to expand...
As @harlan4096 said.
Of course SD has to be used with your AV already installed in Windows session.
 
Last edited:
  • Like
Reactions: illumination, bribon77, silversurfer and 1 other person
F

ForgottenSeer 69673

tim one said:
As @harlan4096 said.
Of course SD has to be used with your AV already installed in Windows session.
Click to expand...

I start SD up on my host
I then open VB and install whatever I want to test. then a reboot the vm is not a problem and if a sample manages to get through VB and on to my host system, a reboot will clear it. just an extra precaution.
I have not used malware tips samples as of yet.
 
  • Like
Reactions: tim one and harlan4096
D

Deleted member 65228

Remember that Shadow Defender does not protect against data exfiltration.

Chat logs from local IM software, personal documents such as photos and other types of media, browser history/bookmarks/saved passwords, finger-printing data regarding yourself and your machine and a lot more can be stolen - you may never even know about it afterwards unless you were analysing the payloads and identified 100% of what the sample did.
 
  • Like
Reactions: tim one, illumination, silversurfer and 2 others
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
This is ridiculous, on the full understanding of the word. No Malware Hub tester here is paid and it's no job to share what is shared. MalwareTips has always gave the chance to people to learn, and that's the whole purpose of these forums: share, teach, and learn. Choose your style but do not interfere with the rest. The Malware Hub has amazing professionals, and amazing learners, who have the guts to apply to the Hub and start learning and updating their methodology in the process. Aforementioned, it is no work and it's not rewarded in any way but the gratitude of becoming better and the amazing enviroment the testers provide. As some mate has told you, if you don't like what some people do, specially learners, ignore it. But please do not come here pointing people with a finger claiming what they try their best to do is not of your taste.

Some months ago I didn't even know what process hollowing was, now I can say I'm certain to know how to identify this technique applied by malware. And I owe it only to the Hub and the amazing people there willing to help. If you think what is done is done wrong, then maybe you could apply and teach us the way.
 
  • Like
Reactions: Solarquest, harlan4096, tim one and 7 others
F

ForgottenSeer 69673

Opcode said:
Remember that Shadow Defender does not protect against data exfiltration.

Chat logs from local IM software, personal documents such as photos and other types of media, browser history/bookmarks/saved passwords, finger-printing data regarding yourself and your machine and a lot more can be stolen - you may never even know about it afterwards unless you were analysing the payloads and identified 100% of what the sample did.
Click to expand...

I think you might be misunderstanding me. I don't test samples on my host system, I only test them in a vm but I always have SD running on my host. does that make sense? on my host for protection I run voodooshield and appguard along with an antikeylogger.
 
  • Like
Reactions: harlan4096 and upnorth

Similar threads

BigWrench
    • Like
    • Sad
    • +Reputation
It's been a year since any activity in the Malware Hub
Replies
7
Views
601
Member Chat
Practical Response
Practical Response
N
    • Like
Database with malware hashes
Replies
5
Views
404
Malware Analysis
B-boy/StyLe/
B-boy/StyLe/
Gandalf_The_Grey
    • Like
    • Thanks
    • +Reputation
AVLab.pl Advanced In-the-Wild Malware Test January 2024
Replies
8
Views
979
Security Statistics and Reports
Anthony Qian
Anthony Qian

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top