Jump to content
VaMPiRiC_CRoW

Malware-Test Lab

Recommended Posts

Hi Nick,

What do you think about them, and about the results that SAS had?

Thanks

Again they are testing with old samples, and the samples are not actually installed on an infected machine - they sent us the samples last time and they were from 2003.

Share this post


Link to post
Share on other sites
Hi Nick,

What do you think about them, and about the results that SAS had?

Thanks

Again they are testing with old samples, and the samples are not actually installed on an infected machine - they sent us the samples last time and they were from 2003.

So, we should not take to much attention on these tests...

Thanks

Share this post


Link to post
Share on other sites
Hi Nick,

What do you think about them, and about the results that SAS had?

Thanks

Again they are testing with old samples, and the samples are not actually installed on an infected machine - they sent us the samples last time and they were from 2003.

Hi Nick,

Please excuse my ignorance, but it would seem that old samples would much more likely be detected than new ones. Why is that not true?

I am not sure how one would test samples without them being either on the machine or an attempt is made to install them on a machine.

How do their tests differ from real world scenarios?

I wish tests would be performed with;

1. Malware installed on a machine and the scanners initiated so as to find them and then test the removal capability.

2. Attempt to install malware on a clean machine with one, (or more?), anti-malware program active on the machine.

Why do test orgs run tests that do not approximate real world situations, and when they do why are they considered useful?

Regards,

Jerry

Jerry - I am doing a full write up on this subject for my blog, and I will post a link when done. The older samples (pre-2002/2003) are not even really in circulation - we focus on the new zero-day (newly released) threats, and current threats. Most of the items they tested against last time were not even "harmful" - so many vendors, including us, do not focus on those as they don't steal passwords, track surfing, etc.

I wish they would test in real-world scenarios also, because that is what we target with our software - real spyware in the real world.

I am going to cover all this in my blog and I will post it here, and on the other forums.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×