Jump to content

Can we trust this industry anymore?


Recommended Posts

Hello,

so the main Q is the title. and it gets back to the John McAfee keeps telling that AV is useless and dead nowadays and etc.. well maybe he's right. or not?
I've recently ran into a phishing URL reported on twitter. and at the time the URL reported on Twitter ( by malwrhunterteam Twitter account ) they were claiming that it is so new that it's almost an hour old, so i just checked the url with VirusTotal and at the time( this is for yesterday when malwarehunterteam claimed the url is phishing and a very new one ) only 4 vendors were detecting the URl and blocking it, they were "Emsisoft-Fortinet-Sophos-Netcraft". so i submit the URL to F-Secure and Kaspersky.

what so disappointed me so much was that the Kaspersky market the URL as "good" in their Opentip portal you know their submission portal.. after like 2hours. so that's Kaspersky the largest private cybersecurity company. and then F-Secure which emailed me back in about like 6hours (these are not just words i got the emails from F-Secure, but Kaspersky well updated their mistake today.) and F-Secure response:

Greetings, Thank you for your submission. Our analysis has found that the URL submitted is not harmful. Our security products have been updated to rate the URL as safe through F-Secure's Security Cloud.

so one call itself largest single provided cybersecurity services in EU and one largest private .. and imagine a criminal gave me that URL and actually made me to use that link which is "hxxps://my-skyaccount.com/secure/" I am very careful user and i didn't trust that link in first place. so i went to my AV provider and ask them to check the link for me and they got back to me and say that the URL is not even harmless but it's actually "Safe" and "good". it's right that Kaspersky changed his mine in 16 hours and F-Secure well. 24 hours later still no response to my second email that asked them to check the link again. but user lost his account already and he was a very careful one..

 

I don't know if Emsisoft Team which is not that big i don't think if the threat hunters of Emsisoft be like even 10 people since the company is at max maybe 40? analyzed the mentioned url themselves or someone reported it to them sooner( how soon i mean the url was an hour old ) or they just check the urls with Netcraft database with their extension? but yea this i'd like to share with you guys maybe i can see other opinions on it as well 🤔

Link to post
Share on other sites
12 hours ago, ParhaM said:

John McAfee keeps telling that AV is useless and dead nowadays

People have been saying that for decades, and they've always been wrong.

 

12 hours ago, ParhaM said:

I don't know if Emsisoft Team which is not that big i don't think if the threat hunters of Emsisoft be like even 10 people since the company is at max maybe 40? analyzed the mentioned url themselves or someone reported it to them sooner( how soon i mean the url was an hour old ) or they just check the urls with Netcraft database with their extension? but yea this i'd like to share with you guys maybe i can see other opinions on it as well 🤔

It was almost certainly analyzed by someone on our team. I don't think we supplement with Netcraft's database on VirusTotal, or for our Surf Protection in EAM.

 

As for the main issue, we've noticed that some Anti-Virus software companies do have a bad habit of making mistakes with reports. It's possible that the larger companies, since they handle a larger volume of reports, hire less experienced people to handle those reports rather than having the more experienced analysts handle them.

We don't have a large team of people, and everyone on the analysis team has a good deal of experience handling malware/phishing/etc. This means that reports are always reviewed by someone who is less likely to misclassify things.

Keep in mind of course that I am just speculating as to why some companies have this issue, and that I could simply be mistaken. I've never actually worked for a large Anti-Virus software company.

  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...