True Indian

Malware Hunter
  • Content count

  • Joined

  • Last visited

  • Days Won


True Indian last won the day on August 5 2017

True Indian had the most liked content!

Community Reputation

4 Neutral

1 Follower

About True Indian

  • Rank
    Forum Regular

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

4457 profile views
  1. NSA lost multiple remote 0day's for multiple platforms/architectures then people speculate a company that first DETECTED them is toast.
  2. You have no control over what a user does with your it doesnt make anything worse its definately not the first and definately not the last it can happen to anyone even if emsisoft had a VPN we would have no control what a user does with it.I don't understand what sense does it make with the bypass i am sure there are other vpn products who are being abused for wrong purposes by some users.Dont forget TOR as a browser.Even that is being used for wrong purposes so do you say their company is bad or it makes them look any worse? Its not about the gun its the person behind the gun.That symbol's meaning is upto the person who wears or uses it Anyway,I will leave you to your thoughts.
  3. It's not about any person I know from this very forum.I can say that for sure.You guys are awesome don't get me wrong though and emsisoft is a great company too but this is something I find upsetting personally but I am not out here to pick and scratch.No names as usual just my moral code. 😊 Yes we do have verifiable info but as I said it's verifiable not merely assumed or claimed without checking facts as I done by that person.Half knowledge is dangerous especially when you have a audience.Its not even about avast as a company but about ccleaner,I don't know what they were doing,when I am asked I don't have to lie and it isn't even the first time something like this happened.Avira's website hijack,kaspersky and privacy issues with US,comodo signing malware binaries.I think some of this is being blown out of proportion by security companies and given too much hype. I am sure Talos and some other people in the industry wouldn't come trying to roast piriform if it had never been acquired by avast. Also I find it too much to format a computer even if my system was profiled.What if I even format? The data was still stolen and no way to reverse that.A real extreme recommendation from Talos considering there were hardly 40 systems who got the second payload and most of them belong to tech IT firms not home users.As I said too much hype. My end opinion is if you share Intel with each other and talk at big events,you can also help each other at rough times.The constant slapping back and fourth between Talos and avast was unfortunate and lot of us won't agree with Talos extreme recommendations.
  4. The slapping going on between avast,talos and other people is really what upsets me.None wants to step back and talk about facts.People saying "Avast lied about the part where they said no ccleaner has got the second payload" when avast in their latest blog stated only 40 systems (most in big tech firms) did get second payload and that too based on geological locations. Also when I heard from a emsisoft employee in public say "Avast is going to get alot of shit for this and they totally deserve it" or something along those lines..I am terrified and disgusted.Dirty Marketing cash-in. So you share Intel and samples among other vendors and when someone suffers setback one of your employee comes out bad mouthing trying a dirty cashing in on the event without checking facts that the avast and piriform infrastructure was different and piriform was under attack even before avast bought it.Avast never changed piriform dynamics (probably company ethics). Honestly,I expected much better from someone who is in the squad circle.I won't take name in public but even if it is a personal opinion,being a employee of a esteemed company like emsisoft and bad mouthing other vendors is not professional by no standards.Especially when you have people like fabian and polartoffee. We have to fight against criminals not against each other.People are forgetting morals.
  5. Update: Emsisoft just automated their BB which should make a considerable difference I still wouldnt ask people to go by what is being showed in the test rather use it yourself Remember that it takes alot less time out of BB and automated systems to do the processing rather than manual human controlled.AI is good but giving fancy names isnt necessary.Its imperative to act quickly and detect.Nomenclature does not exist with over 50,0000+ samples being analyzed everyday.
  6. Okay,I usually don't post outside of malware submissions but since this is related to tests I thought I should speak my mind being a malware hunter and doing/learning some malware analysis on my own. If you want to go to suspicious sites, just prepare to be infected anyway and make the precautions as backups and not storing anything even moderately sensitive on your machine. And I specifically said by "signatures". But there are also generic protections and layered protections. See the typical chained scenario of today: Porn site -> malicious js -> malicious pdf -> malicious downloader -> malicious binaries. Don't go to such porn site. Don't use vulnerable apps. Have antivirus with layered protection. And then - who cares if emsisoft does not detect one of the downloaded malicious binaries, when the porn site is blocked and we detect the js and pdf? It's very hard to evaluate the real-world performance of an AV solution when we don't (and I suspect we can't) test the whole chain and prove if the user is protected. The tests on VT and such don't prove anything, but the ability of the engine to detect it by the signature. I have objections against all AV-Comparatives tests performed, also the Av-Test, but those are less 'documented', so it's hard to tell where the deficiencies lie. The usual points about static testing are: a) the tests are carried long after the real infection took place, so it's kind of useless from today's point of view b) the tests are carried without any context state information. Such information - if there is file named "document.doc .exe" in email, this is enough to ban the execution c) the tests don't know anything about the relationship of the samples. If you detect the dropper, you don't have to detect the dropped binary. d) the tests are too binary-centric and have only small amount of script/pdf/flash malware, althought these are one of the main vectors of getting thru to your computer. e) there is little of no info on how the testbeds are created. All these 99.1% and such scores are complete nonsense from my point of view. The overlap of the product's detections is not as great as clementi/marx tests suggest. f) the amount of samples tested is around 500 per month this is not even 1/2 of what comes out each day.Its like a drop in the ocean. This is not an excuse, that's an explanation what your really should read from the static tests. Yep, it's nice to be on the first places, but the world does not end if you're not there. Regarding the pro-active test, this is the most flawed test of them all. It does _NOT_ test the ability of the product to protect you from the unknown malware. It tests the ability of the signature engines to detect the samples Av-Comparatives got in the test's timeframe. For example, what if the engine authors already had the samples and wrote the detections and Av-Comparatives added them later? We're back again in the 'testedbed construction' problem.
  7. Clear log.EAM 9

    Same question I have too. Any help is appreciated!