Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Community
Community Feedback
Suggestions for Malware Vault testers
Message
<blockquote data-quote="TheMalwareMaster" data-source="post: 659942" data-attributes="member: 47679"><p>Good morning... Today, I'd like to make some suggestions to the Malware Vault testers. Even if I have stopped testing there for a long time, there is still something I'd like to say to help the testers.</p><p>In my opinion, everyone should provide a screenshot of the security product version and update (not all testers do this). The update is the most important: we are humans and we may forget to update the signatures. Even if it's really rare to forget that, it should be provided. My second suggestion is about the second opinion scanners usage. In my opinion, if all the samples don't even touch memory and are quarantined by the product, there is no point in doing that. For example, let's say that a tester is using Avira free on a malware pack of 10 items. 4 are detected by local signatures and 6 are blocked on execution by the cloud. At this point, there is no need of a second opinion scan. The same could be said for VoodooShield, COMODO (if set at default-deny, without the sandbox) and avast hardened mode (even if HM doesn't quarantine the sample, that would be the unique left-over) and all products which with a similar mechanism, or that statically detect all samples. Second opinion scanners are more than welcome when a behavioural blocker removes a sample (there may be left-overs). Let me know your thoughts about this</p><p>Regards..</p></blockquote><p></p>
[QUOTE="TheMalwareMaster, post: 659942, member: 47679"] Good morning... Today, I'd like to make some suggestions to the Malware Vault testers. Even if I have stopped testing there for a long time, there is still something I'd like to say to help the testers. In my opinion, everyone should provide a screenshot of the security product version and update (not all testers do this). The update is the most important: we are humans and we may forget to update the signatures. Even if it's really rare to forget that, it should be provided. My second suggestion is about the second opinion scanners usage. In my opinion, if all the samples don't even touch memory and are quarantined by the product, there is no point in doing that. For example, let's say that a tester is using Avira free on a malware pack of 10 items. 4 are detected by local signatures and 6 are blocked on execution by the cloud. At this point, there is no need of a second opinion scan. The same could be said for VoodooShield, COMODO (if set at default-deny, without the sandbox) and avast hardened mode (even if HM doesn't quarantine the sample, that would be the unique left-over) and all products which with a similar mechanism, or that statically detect all samples. Second opinion scanners are more than welcome when a behavioural blocker removes a sample (there may be left-overs). Let me know your thoughts about this Regards.. [/QUOTE]
Insert quotes…
Verification
Post reply
Top