Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Modern protection without signatures – comparison test on real threats (Advanced In The Wild Malware Test)
Message
<blockquote data-quote="Andy Ful" data-source="post: 977487" data-attributes="member: 32260"><p><h4>[USER=71496]Adrian Ścibor[/USER],</h4><p>Although the testing methodology is interesting, it also has got some questionable points.</p><ol> <li data-xf-list-type="ol">The samples are a few days old (on average).</li> <li data-xf-list-type="ol">The samples are mostly the *.exe files (some files had a spoofed DLL extension on VT).</li> </ol><p>As we can see from the test results most AVs have no problem with detecting such payloads by cloud backend (fast signatures and behavior-based modules).</p><p>But, in the real attacks on businesses, the payloads will be much fresher. In many cases, the payloads are changed after a few hours, so they may be often unknown also in the cloud. Furthermore, in the compromised business networks the scripts are often used before applying the final EXE payload. Detecting suspicious/malicious scripts will prevent many such attacks. That is why the real protection against the threats in the already compromised business network can be different from the results of this test.<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite132" alt=":unsure:" title="Unsure :unsure:" loading="lazy" data-shortname=":unsure:" /></p><p></p><p>Edit.</p><p>The Malware Hub is a good place to see the protection against the very fresh samples (including scripts).</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 977487, member: 32260"] [HEADING=3][USER=71496]Adrian Ścibor[/USER],[/HEADING] Although the testing methodology is interesting, it also has got some questionable points. [LIST=1] [*]The samples are a few days old (on average). [*]The samples are mostly the *.exe files (some files had a spoofed DLL extension on VT). [/LIST] As we can see from the test results most AVs have no problem with detecting such payloads by cloud backend (fast signatures and behavior-based modules). But, in the real attacks on businesses, the payloads will be much fresher. In many cases, the payloads are changed after a few hours, so they may be often unknown also in the cloud. Furthermore, in the compromised business networks the scripts are often used before applying the final EXE payload. Detecting suspicious/malicious scripts will prevent many such attacks. That is why the real protection against the threats in the already compromised business network can be different from the results of this test.:unsure: Edit. The Malware Hub is a good place to see the protection against the very fresh samples (including scripts). [/QUOTE]
Insert quotes…
Verification
Post reply
Top