Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Battlefield
Software Comparison
Planned: Real-world Test of Trend Micro, ZoneAlarm, Eset and Webroot
Message
<blockquote data-quote="cruelsister" data-source="post: 1097392" data-attributes="member: 7463"><p>What confuses me is that you have stated previously that executing a file from the Desktop is somehow not "real world", and should be differentiated from a file run from elsewhere (C:\Downloads, C:\Users\appdata\roaming, etc). In the same vein, how would a video authors decision to first do a custom scan then run undetected files from a malware pack in a C:\Malware directory be inferior?</p><p></p><p>Also, regarding the scanning abilities of various AM products- some will just be aware of the file ID, and if matched will detect; some will indeed look deeper (eg: if a link is received in Gmail and thereby stored somewhere in the browser directory in AppData, a good AM app can detect a malicious Powershell or Python string). But as such scans can be implemented from anywhere the malware resides, including malware packs, how is such testing "not real world" and somehow inferior?</p><p></p><p>Finally, the comment "Many products control false positives by using more aggressive screening of downloads, as opposed to local files." should be questioned. This is implying that an AM application utilizes some sort of Folder Priority, when the emphasis should actually be placed the potential system changes made by the execution the malicious file, either as a direct result of it or by the concurrent spawning of a LoLbin.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 1097392, member: 7463"] What confuses me is that you have stated previously that executing a file from the Desktop is somehow not "real world", and should be differentiated from a file run from elsewhere (C:\Downloads, C:\Users\appdata\roaming, etc). In the same vein, how would a video authors decision to first do a custom scan then run undetected files from a malware pack in a C:\Malware directory be inferior? Also, regarding the scanning abilities of various AM products- some will just be aware of the file ID, and if matched will detect; some will indeed look deeper (eg: if a link is received in Gmail and thereby stored somewhere in the browser directory in AppData, a good AM app can detect a malicious Powershell or Python string). But as such scans can be implemented from anywhere the malware resides, including malware packs, how is such testing "not real world" and somehow inferior? Finally, the comment "Many products control false positives by using more aggressive screening of downloads, as opposed to local files." should be questioned. This is implying that an AM application utilizes some sort of Folder Priority, when the emphasis should actually be placed the potential system changes made by the execution the malicious file, either as a direct result of it or by the concurrent spawning of a LoLbin. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
