Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
The peculiarity of EXE malware testing.
Message
<blockquote data-quote="Andy Ful" data-source="post: 979543" data-attributes="member: 32260"><p>Although the "EXE test error" makes the interpretation of test results much harder, the EXE tests can show one thing.</p><p>One should prefer AVs that have got strong protection/prevention against all kinds of files (especially scripts and documents). But, using an additional security layer for EXE files (or better for PE files) can be still recommended in businesses.</p><p>In businesses, many payloads can be delivered directly via lateral movement without using documents (and truly malicious scripts). So, we have more initial malware and fewer true payloads (probably <strong><span style="color: rgb(184, 49, 47)">1/10 </span></strong>instead of 1/2) for the computers in the already infected network. The "EXE test error" is smaller:</p><p></p><p><strong>Rate of false infections = <span style="color: rgb(184, 49, 47)">1/10</span> * 0.3 * 1/3 * 1/2 = 3/600 ~ 0.5%</strong></p><p><strong></strong></p><p><strong>The "EXE test error" is now caused by ignoring some scripting methods in the test.</strong></p><p></p><p>Edit1.</p><p>At home, a similar situation can be caused when flash drives are extensively used for sharing files, cracks, pirated software. Most EXE payloads can be delivered in this way without using documents and scripts.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 979543, member: 32260"] Although the "EXE test error" makes the interpretation of test results much harder, the EXE tests can show one thing. One should prefer AVs that have got strong protection/prevention against all kinds of files (especially scripts and documents). But, using an additional security layer for EXE files (or better for PE files) can be still recommended in businesses. In businesses, many payloads can be delivered directly via lateral movement without using documents (and truly malicious scripts). So, we have more initial malware and fewer true payloads (probably [B][COLOR=rgb(184, 49, 47)]1/10 [/COLOR][/B]instead of 1/2) for the computers in the already infected network. The "EXE test error" is smaller: [B]Rate of false infections = [COLOR=rgb(184, 49, 47)]1/10[/COLOR] * 0.3 * 1/3 * 1/2 = 3/600 ~ 0.5% The "EXE test error" is now caused by ignoring some scripting methods in the test.[/B] Edit1. At home, a similar situation can be caused when flash drives are extensively used for sharing files, cracks, pirated software. Most EXE payloads can be delivered in this way without using documents and scripts. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
