Thread: Matousec needs some more tests.
View Single Post
  #32  
Old October 16th, 2009, 03:12 AM
Kevin McAleavey's Avatar
Kevin McAleavey Kevin McAleavey is offline
Security Expert
  
Join Date: Dec 2003
Posts: 299
Default Re: Matousec needs some more tests.
Quote:
Originally Posted by Rednose!
Hey Kev

Another question is : Who is ( are ) behind DIFINEX (DIFferent INternet EXperience) Ltd. , the company that bought Matousec That is not clear either !

Off topic : Kev, is your operating system based on BSD, or am I totaly wrong here

Greetz, Red.

Howdy, stranger! Long time no type!

I know absolutely nothing of Matousec or those other guys - somehow I suspect I don't want to. Heh. Some fast giggling only seems to indicate that they were "acquired" and something about a new level of creating "trust." Been there. Done that. Trust is EARNED, you can't "create" it. I was just gassing off about these "testers" on a generic basis, it's been AGES since I've seen any that weren't taking kickbacks for their results. I'm sure you read years ago about the "gizmo" saga (and others) and how we were constantly getting outbid with BOClean. Just bothers me when I see what is supposed to be a "product comparison" looking to get paid when the "tests" aren't clear as to what they're testing, and with what, and then they REtest and make like the first test never happened. When I saw how the results stacked up there, something was obviously not right. Then again, seen it all before.

Wouldn't it be *really* neat for one of these "tests" to include several "file infectors" and find out if certain proggies can actually REPAIR an infected file and recover it or is it just deleted? That'd be an interesting test. Sadly, a lot of the popular antimalware proggies do NOT have the ability to actually clean infected files like the classic AV's they're being compared to, and so if there's a blacklist match, then important files just go poof and your system gets clobbered. Or worse, they ignore the problem and you remain infected. Sadly, "file infectors" are back in a BIG way in the past year and change ... when I was with COMODO, I ended up having little to do in the second year and during that time, I figured out how the 1980's AV's did it. Turned out to be ridiculously simple. But nobody was listening when I had the answer, so I eventually gave up. And from what I've seen of some of the other vendors, same issue as far as cleaning files goes.

Same for another valid testing issue called "currency" ... a test comprised of things found out there in the wild as of the DAY of the test. Many vendors whose priority is "passing tests" pay more attention to waiting for OTHER vendors to identify the mystery meat, and if enough of them diagnose it as malware, it goes to the head of the line and gets added even if it's ten years old and not seen since then. Otherwise, today's "critical sample" arrives among thousands of other samples and thus a zero day might not be detected for weeks or even months. After all, if you're trying to pass tests, you concentrate on those zoos and matching score with the other vendors who have been around for a while. Even MORE important if you know which zoos you're being tested on, and if you fail at first and get a second chance KNOWING what you failed on, there's your priority. That was done with BOClean once and it bothered the hell out of me. There's no priority in the "brand new" as that rarely affects the testing results. Such is only important to customers, not the testers.

If *I* were running a "testing" thingummy, that's the way I would choose to test but then that's just me. Hmmmm ... maybe I can make some money here. Heh.

As to "project KNOS" (that's its temporary name, "Kevin & Nancy's OS") it is indeed derived from BSD, but a much later version than Mac OSX chose, and runs on a much greater variety of hardware. And unlike BSD, it's actually easier and friendlier than Windows (and especially Linux) and the GUI we've assembled looks like a cross between Vista and OSX. We took the best aspects of both and melded them into something that makes sense. KNOS even runs classic DOS and some Win32 stuff but actually contains its own versions of various things from browsers to office stuff. Even comes with just about everything everyone already uses on Windows. We even let you READ your Windows disk, USB's, etc into our OS should you want to export stuff to sites. And we protect those from attack as well because nobody can write to them! We also provide a means to copy back with protection using a USB stick as an intermediary though so that you can turn off the internet in Windows should you want to continue to use that on your machine. But I only use Windows rarely now - this is really that much better. No joke!

The PRIMARY value to what we've done however is assembling a "world" where you don't HAVE to use a firewall, don't NEED an AV, and in the event that somewhere down the road it becomes popular enough and someone actually finds some means of exploiting KNOS, just turn it off and start it again, and whatever happened never happened, nothing can possibly stick.

I think that's a useful answer to the problem of malware, and it's designed for people who can't tell the difference between a computer and a toaster. That was our design philosophy with NSClean, IEClean, BOClean and all else Nancy and I did for the intarwebs. Make it simple, make it unobtrusive, and leave folks alone to what they want to do in peace and privacy. There's nothing anyone has to do other than use it. Worries not included, no need for them. You can even look at PDF's, Flash content, anything that's deadly on Windows and still no worries. We even handle privacy issues like we did with NSClean and IEClean. Close the browser, kiss your trail byebye! Everything you do gets forgotten as soon as you do it. (grin)

Only problem we have right now is we're ready to go with it, but can't find sufficient financing at the moment to "make it so." We're working on that ... if anyone here is actually intested, I'll post some screenies another time. It's pretty.

But our particular problem right now is that the distribution is about 1.4 gigabytes. The bandwidth is a killer and without any income at the moment, can't be handing it out right now except in person. However, in the hands of an operation that DOES have the bandwidth (and the morals) to do this - KNOS is bound to be far more useful than Ubuntu or anything like it. So that's where things are right now ... glad to hear from ya buddy! Wish 3xist had bothered to tell me I'd been fired, but then you know how COMODO does things. Started writing a book about it.

---

Edit: Damned random keystrokes! Heh.
Last edited by Kevin McAleavey : October 16th, 2009 at 03:41 AM.