Interesting HIPS leaktests/ malware tests

By the way, i have got the sample of Robodog. If I had VM I would have tested it against some ISR, HIPS and sandboxes etc!

 

that is very impressive and interesting with F-Prot.

 

Any good scanner will catch them all as these are not new samples. I hardly remember any of them not to be detected by Antivir on my system.

 

aigle, have you had a chance to email a sample to the comodo guys or brian from geswall? i'm sure they'd test it vs their apps ASAP.

 

I sent it to Ilya. he will check it against DW. I might wait for his reults. I have no idea what it tries to do so I don,t even know whether it merits testing against GW and CFP or not?

See ur PM BTW.

 

The first action this trojan do is attempt to set up its driver. If it fails, trojan stops its job.

 

So nothing serious for a Sandbox. As I know Returnil failed against it but they are working to fix it.

 

I have a better idea. Submit the file to Kaspersky, Grisoft, or Avira.

In all seriousness, though, I don't think any security company employee worth his salt will ever dream of making this assumption.

 

Very simple. Plenty/some threats go undetected even past 30 days, depending on which product you're using.

 

Aigle, just to clarify, my questions were not directed at you personally.

Yes I know, I just wondered if someone has got any samples, I would like to test NG. And I wonder what happened to nicM?

No you didn´t, just wanted to give some extra/general info.

@ alfa1, thanks for letting me know, I completely missed the thread, so seems like it was a flaw in PS.

 

What a bummer, I´ve tested it, and NG can´t protect against the SSDT Unhooker, eventhough it does try to block direct memory access. Like I said before, NG is quite powerful (will stop most attacks, if you kill the malicious process soon enough) but it needs to become more robust, it simply can´t stop certain stuff, even if it tries to. Would be nice if Arman would start development again, or would make the thing open source.

 

Now I don,t hope NG,s development will ever be satisfactory. I really liked it but it,s stangnant and gives me off and on BSODs. I just removed it from my system.

 

If it were open source are YOU going to develop it further?

 

You mean you don´t think it will ever become a stable program I assume. And yes I noticed that you removed it from your system, and switched to TF and CFP! Eventhough I also use 2 HIPS, IMO it looks a bit like overkill to me, and not really an option for me since I don´t like those apps. But I might switch to EQS. It´s really a pity that both SSM and NG seem to be pretty dead, they both could be a lot better. But still, they are capable to stop most of the tests mentioned in this thread.

I wish I could do it! No seriously, I still think that HIPS could be a lot easier to use, so I do think that I could improve it when it comes to usability, but when it comes to programming I don´t know a thing.