Battle Which Is The Best Cloud File-Rating System ?

Status
Not open for further replies.
H

hjlbx

Thread author
As a basis for judgment consider the frequency of the following:
  • False Negatives (rated as Safe, but actually is PUA\PUP\Malicious)
  • False Positives (rated as PUA\PUP\Malicious, but actually is Safe)
  • Unknown\Unrecognized (not rated as Safe or PUA\PUP\Malicious)
  • How long does it take, on average, for a final determination\rating from the cloud for Unknown\Unrecognized files?
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Only tried ESET's and Kaspersky's reputation systems, both have great response to unknown and new files and recommends not to run them. Didn't tried others tho
 

Alexstrasza

Level 4
Verified
Mar 18, 2015
151
I believe that ESET's cloud is called ESET LiveGrid. (fancy names... *shudders*)

It's rather strange to compare these clouds because they are the work of the collective community in identifying safe and dangerous files.

The duration of the rating also depends on your internet connection (basically it's the time for the AV to send the info over to the cloud, get the judgement and then apply it). So personally I think it's irrelevant.

I like the AMN, mainly because you can access it directly (via isthisfilesafe.com) to see what's in there. I don't know if there are any similar options for other networks.
 
H

hjlbx

Thread author
Only tried ESET's and Kaspersky's reputation systems, both have great response to unknown and new files and recommends not to run them. Didn't tried others tho

With Kaspersky I had no problems if file had 0 users.

If users was low... say 10 to 10,000 the rating wasn't always accurate because a lot of users hadn't yet figured out that it was PUA\Malicious - and blocked it yet.

As time went on, a good bit of those files were eventually rated as "Known_Bad."

Lots of PUA\PUPs with digitally signed installers in KSN that I noticed in testing.

I'm not slamming Kaspersky.

This is not only a Kaspersky problem... it applies to all vendors that use file rating system to create application rules.

In my experience, Emsisoft has been the best.

Seems like every single file @Malware1 , @JAMESWT , @Petrovic , etc submitted was rated as Known_Bad and immediately placed in the AMN database.

The Emsi BB makes and user actions make the determination locally for Unknown\Unrecognized files (same as other AVs)... and the AMN gets updated fast.

However, with AMN there have been cases too where 1 user rated a file (IT Hurricane's PowerTool v. 1.3 64-bit) as bad... and it was blocked. I submitted a request to change the rating. No reply, no change.

Cloud File-Rating Systems have problems... but overall they work reasonably well.

The user definitely has to pay attention.
 
Last edited by a moderator:
H

hjlbx

Thread author
It's rather strange to compare these clouds because they are the work of the collective community in identifying safe and dangerous files.

I like the AMN, mainly because you can access it directly (via isthisfilesafe.com) to see what's in there. I don't know if there are any similar options for other networks.

When did ESET change the name to LiveGrid? That one passed me right by. :D

I agree... and it's a problem when a bunch of users do not know how to evaluate an app. No easy fix when a good portion of the herd gets it all wrong. Screws things up.

I didn't mean network speed. Comodo, for example, will update ratings on some files quickly, while others will remain unrated for weeks and months. Over a year on some AMD graphics drivers and graphics software modules. Can cause black screen if user doesn't know how to handle it within CIS.

I agree... it's searchable. None of the others are.
 
Last edited by a moderator:

Alexstrasza

Level 4
Verified
Mar 18, 2015
151
From what I know of ESET, their cloud system has always been called LiveGrid... and it makes sense.

In the case of Emsisoft, if something is blocked wrongly you can resubmit it on the forums and the folks there would get it unblocked in less than a day. <3

Seems like every single file @Malware1 , @JAMESWT , @Petrovic , etc submitted was rated as Known_Bad and immediately placed in the AMN database.
Basically it's this: The file got uploaded to VT, the folks at Emsisoft (I don't know about other AV vendors) download it and analyse it to see if it's actual malware. This avoids the commonly seen problem of vendors flagging a file as malicious en masse even if it's not (it happens).

And of course, there is always the submission area in the forum :D
 
  • Like
Reactions: Piteko21

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
In my experience, Norton Cloud Reputation is really good at all with very minimal false positives/negatives and capable as a reference and protection capabilities.

For Panda Cloud Reputation I'm not sure the cause for a file from WPS Office (updater/notify) to be blocked upon I've checked on my brother's Desktop PC.

Cloud File Rating are accurate to be noted, just minimal glitch would occur on other AV; majority good files > bad files.
 
D

Deleted member 21043

Thread author
My experience with Emsisoft Anti-Malware Network has been positive and so has my experience with ESET LiveGrid therefore I had to make a decision between the two since the poll was not multi-choice. In the end I went for the Emsisoft Anti-Malware Network, however based on my experience I know that ESET LiveGrid is good too.

I cannot comment on the others.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top