F

ForgottenSeer 823865

Thanks for the explanation.
Doubt is a form of not knowing you are right, so for clarity you repeat the answer in reverse order?
Hahaha I see you like to play on words as I do. :p

Leo from TPSC? I got the very same response when I told him his methodology was incorrect. He argumented he thought it was right and people from Sophos or Fortinet or F-Secure (can't remember) supported him lmao
Not him, and in my case, the professionals were backing me, not the tester.
In fact, about test even professional test labs "real world" methodologies aren't even accurate, to me they are even biased to benefit the vendors...ask yourself, how come in their test all vendors get at least 90+% score with their so-called zero-days malware, when the same vendors totally fails when the their products are tested by professionals pentesters... Only one reason: 90% of the samples are cherry-picked to fail against the products, while few are left to bypass the product to make the test more credible.
Test labs are marketing proxies for vendors, making big money from them so they cant obviously show products having a very bad scores, did you ever see a test with product with 50% or less score? Never, why? Because it would be bad advertisements and the vendors won't participate anymore...

These are probably some of the reasons why Cruelsister was so popular and efficient. As she knew perfectly well how each piece of malware works and how the security software would interact with it. It wasn't random
Indeed, she is one of the few youtester i acknowledge, even if I like shot at her lol. Watched most of her tests and they were most of the time accurate.
She often use housemade Scriptors, reason she knows what is happening.
 

Outpost

Level 5
Verified
I think it is wrong to generalize that if a test or review (of anything) is done by a "hobbyist" it is done badly, if it is done by a "professional" it must be done well. I know hobbyists in photography, journalism and other fields who could easily teach the profession to so-called professionals. And the same goes for computer science in general.
It doesn't seem to me that malware tests done by specialized companies are more detailed than those done, for example, in the HUB. On the contrary, in the Hub it is easier to find and see screenshots of the task manager and other tools, such as second opinion scanners, or the situation after a reboot, which is missing in other tests and other realities.
 

RoboMan

Level 30
Verified
Content Creator
Malware Tester
Not him, and in my case, the professionals were backing me, not the tester.
In fact, about test even professional test labs "real world" methodologies aren't even accurate, to me they are even biased to benefit the vendors...ask yourself, how come in their test all vendors get at least 90+% score with their so-called zero-days malware, when the same vendors totally fails when the their products are tested by professionals pentesters... Only one reason: 90% of the samples are cherry-picked to fail against the products, while few are left to bypass the product to make the test more credible.
Test labs are marketing proxies for vendors, making big money from them so they cant obviously show products having a very bad scores, did you ever see a test with product with 50% or less score? Never, why? Because it would be bad advertisements and the vendors won't participate anymore...
LOL I feel you; "professional" test labs claiming they tested 30 vendors with 600 million "zero-day malware" that were caught 15 seconds before the test and 50 billion ransomware pieces that were not even created at the time of the test; and somehow all software manage to achieve nearly perfect scores. But then you go open a VM, install Avira and throw a 2013 ransomware and see it fail lmao.

Where's Umbra Total Security when we need it?
 

mlnevese

Level 19
Verified
Umbra Total Security should only be used by professionals as it's a possible cause for paradox as it's explained in its thread :)

As far as malware testing in this forum i think the answer is more for fun than anything else. The people running the tests here know enough not to infect themselves and it's fun to see how security software behaves against live malware :)
 
F

ForgottenSeer 823865

LOL I feel you; "professional" test labs claiming they tested 30 vendors with 600 million "zero-day malware" that were caught 15 seconds before the test and 50 billion ransomware pieces that were not even created at the time of the test; and somehow all software manage to achieve nearly perfect scores. But then you go open a VM, install Avira and throw a 2013 ransomware and see it fail lmao.
The worst is when a very famous test lab made his yearly survey (at that i was working for a AV vendor) and asked about what should they add to their test, i suggested disclosing the malware used so people who may have access to them could replicate or crosscheck their test.
Guess what was their answer?
1- we cannot because people may infect themselves... LOL
2- if you really want to know which are used, you can request them via your company channel... Triple LOL...

Where's Umbra Total Security when we need it?
Sold to Sophos ! sadly they couldn't handle them and it burned the server where the code was :p
 

Vitali Ortzi

Level 18
Verified
The worst is when a very famous test lab made his yearly survey (at that i was working for a AV vendor) and asked about what should they add to their test, i suggested disclosing the malware used so people who may have access to them could replicate or crosscheck their test.
Guess what was their answer?
1- we cannot because people may infect themselves... LOL
2- if you really want to know which are used, you can request them via your company channel... Triple LOL...


Sold to Sophos ! sadly they couldn't handle them and it burned the server where the code was :p
Why not allow people to download if they pass a basic security test?
 

MacDefender

Level 10
Verified
Why not allow people to download if they pass a basic security test?
I think:
(1) warning labels and disclaimers rarely hold up in court. If an employee detonated malware in their spare time and caused their company to be ransomed, I am sure a large company would go after the “distributor” of the malware
(2) ethically, real malware can potentially either be used to enlist computers into botnets or ransom proceeds could fund terrorism, etc. I can understand some ethical objection to distributing real malware even if you don’t care about the person who is downloading and executing the malware.
 

Vitali Ortzi

Level 18
Verified
I think:
(1) warning labels and disclaimers rarely hold up in court. If an employee detonated malware in their spare time and caused their company to be ransomed, I am sure a large company would go after the “distributor” of the malware
(2) ethically, real malware can potentially either be used to enlist computers into botnets or ransom proceeds could fund terrorism, etc. I can understand some ethical objection to distributing real malware even if you don’t care about the person who is downloading and executing the malware.
Unfortunate .
BTW do you know where you can get exploit samples ?
(Found a few from apt and POC but it's not enough)
 

Kermit80

Level 1
Test labs are marketing proxies for vendors, making big money from them so they cant obviously show products having a very bad scores, did you ever see a test with product with 50% or less score? Never, why? Because it would be bad advertisements and the vendors won't participate anymore...
yes, vendors agree with testers on test books and samples to use. At the end, vendors agree or not to show the results for their products. After all, it is the vendors who pay for those tests. The results are real but they only reflect a partial reality. However, this is better than nothing.

Why test malware? Do people think they can be better at manually detecting malware than the likes of BitDefender, Kaspersky and the like? Are they planning to write a new detection engine?
to gain knowledge and have fun. What else
 

Vitali Ortzi

Level 18
Verified
Wise range of CVE delivered by different types of exploitation
techniques.
Example
Null Dereference ,Heap Spray Pre-Allocation ,Dynamic Heap Spray Stack Pivot ,Stack Exec , Structured Exception Handler Overwrite , Import Address Table hooking , Reflective DLL Injection , VBScript God Mode , Process Hollowing , Code Cave , Privilege Escalation (LPE) ,DoublePulsar Code Injection ,AtomBombing Code Injection ,DoubleAgent Code Injection etc etc
 
Top