Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
The peculiarity of EXE malware testing.
Message
<blockquote data-quote="Andy Ful" data-source="post: 979895" data-attributes="member: 32260"><p><a href="https://malwaretips.com/posts/979871/reactions" target="_blank">wat0114</a>,</p><p></p><p>Your last post has given me an idea about better and worse signatures in relation to "EXE error".</p><p>Let's look again at the test results:</p><p></p><p>AV-Comparatives + AV-Test, Consumer Malware Protection tests 2021</p><p>Missed samples - tested few-weeks-old prevalent samples: only <strong>EXE files</strong>:</p><p>Avira ..................... <span style="color: rgb(41, 105, 176)"><strong>39</strong></span></p><p>TrendMicro ......... <strong><span style="color: rgb(41, 105, 176)">224</span></strong></p><p></p><p>The results for relatively old and prevalent EXE files depend mostly on signatures. So, it is natural to conclude that TrendMicro has got worse signatures.</p><p><strong><span style="color: rgb(184, 49, 47)">But this is not necessarily true because, in the test, not all signatures are used.</span></strong></p><p>The test uses signatures for the EXE files, but ignores the possible signatures for documents, scripts, etc. In reality, the signatures for documents and scripts can be better and more efficient protection than signatures for EXE files. In many cases, the EXE payloads are delivered only by documents and scripts. Furthermore, one signature for a document or script can protect against several EXE payloads. The scripts and documents often include only the URL to the payload, and the payloads there are often changed after a few hours.</p><p></p><p>So, in this example, TrendMicro has got a much worse result not because of worse signatures. The issue is the testing methodology which is anomalous for TrendMicro. The test can see the signatures for bullets (that killed people) but ignores the signatures for guns and shooters.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 979895, member: 32260"] [URL='https://malwaretips.com/posts/979871/reactions']wat0114[/URL], Your last post has given me an idea about better and worse signatures in relation to "EXE error". Let's look again at the test results: AV-Comparatives + AV-Test, Consumer Malware Protection tests 2021 Missed samples - tested few-weeks-old prevalent samples: only [B]EXE files[/B]: Avira ..................... [COLOR=rgb(41, 105, 176)][B]39[/B][/COLOR] TrendMicro ......... [B][COLOR=rgb(41, 105, 176)]224[/COLOR][/B] The results for relatively old and prevalent EXE files depend mostly on signatures. So, it is natural to conclude that TrendMicro has got worse signatures. [B][COLOR=rgb(184, 49, 47)]But this is not necessarily true because, in the test, not all signatures are used.[/COLOR][/B] The test uses signatures for the EXE files, but ignores the possible signatures for documents, scripts, etc. In reality, the signatures for documents and scripts can be better and more efficient protection than signatures for EXE files. In many cases, the EXE payloads are delivered only by documents and scripts. Furthermore, one signature for a document or script can protect against several EXE payloads. The scripts and documents often include only the URL to the payload, and the payloads there are often changed after a few hours. So, in this example, TrendMicro has got a much worse result not because of worse signatures. The issue is the testing methodology which is anomalous for TrendMicro. The test can see the signatures for bullets (that killed people) but ignores the signatures for guns and shooters. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
