Proactive Security Challenge (Matousec) vs. real malware

guest · Nov 3, 2010

Proactive Security Challenge is a project devoted mostly to testing abilities of security software to protect against actions of malware. Currently, Proactive Security Challenge consists of 148 different tests. Sometimes we hear people arguing that the techniques used in our tests do not correspond with techniques used by the real malware. In order to find out how much Proactive Security Challenge reflects the real world of malware, we have performed the following research.

We have collected a set of 20 malware samples that were not detected by two popular anti-virus engines. This means that downloading these samples to the computer and executing them would be possible even with a fully updated anti-virus installed. Then we have run the samples and analyzed the techniques they used. The results are as follows.
Click to expand...

Link:
http://www.matousec.com/matousec/blog.php?blog=147-Proactive_Security_Challenge_vs._real_malware_

As we can see behavior of real malware samples consists of many techniques that we test in Proactive Security Challenge. We are sure that if larger set of malware was used we would see even more techniques that are implemented in our tests. If a security product is able to block techniques of our tests, it can also block most of the real malware's behavior. It is clear that Proactive Security Challenge is not a useless theoretical concept, its techniques are used by real malware. Being able to fight these techniques makes sense. It should be mentioned, however, that not all the existing attacking techniques are implemented in Proactive Security Challenge tests, but we have tried to cover the most used techniques with our testing suite.
Click to expand...

Proactive Security Challenge:
http://www.matousec.com/projects/proactive-security-challenge/results.php

Rmus · Nov 3, 2010

We have collected a set of 20 malware samples that were not detected by two popular anti-virus engines. This means that downloading these samples to the computer and executing them would be possible even with a fully updated anti-virus installed.
Click to expand...

Since I'm not in the habit of downloading and executing malware, I would find it a more useful, realistic, practical, and interesting challenge for them to put the malware samples into existing web-based exploits on their test pages and let users go to the page to see if their security can block the download/execution of the exploit.

It would be easy for them to get a current exploit kit floating around the internet and have the exploits point to their malware samples from their test page.

----
rich

Peter2150 · Nov 3, 2010

Sounds like he's trying to re invigorate his business.

My reaction to this: yawn.

nessy90 · Nov 3, 2010

If it talks like a Matousec sound like a Matousec walks like a Matousec then it is a Matousec and not to be trusted.

nessy

tobacco · Nov 3, 2010

nessy90 said:

If it talks like a Matousec sound like a Matousec walks like a Matousec then it is a Matousec and not to be trusted.

nessy
Click to expand...

Unless your favorite security program finished near the top

acr1965 · Nov 3, 2010

Matousuck

Kernelwars · Nov 4, 2010

acr1965 said:

Matousuck
Click to expand...

indeed

fax · Nov 4, 2010

guest said:

http://www.matousec.com/matousec/blog.php?blog=147-Proactive_Security_Challenge_vs._real_malware_
Click to expand...

Most Autoruns and old methods... leaktest, thermite, AWFT, wallbreaker, etc. Just confirming that malware need to be far less sophisticated than matousec tests to spread...

andyman35 · Nov 4, 2010

fax said:

Most Autoruns and old methods... leaktest, thermite, AWFT, wallbreaker, etc. Just confirming that malware need to be far less sophisticated than matousec tests to spread...
Click to expand...

Indeed,the proliferation of rogue AMs show it's much easier to just let the user install the malware for them.

Log in or Sign up

Proactive Security Challenge (Matousec) vs. real malware

guest Guest

Rmus Exploit Analyst

Peter2150 Global Moderator

nessy90 Registered Member

tobacco Frequent Poster

acr1965 Registered Member

Kernelwars Registered Member

fax Registered Member

andyman35 Registered Member

Log in or Sign up

Proactive Security Challenge (Matousec) vs. real malware

guest Guest

Rmus Exploit Analyst

Peter2150 Global Moderator

nessy90 Registered Member

tobacco Frequent Poster

acr1965 Registered Member

Kernelwars Registered Member

fax Registered Member

andyman35 Registered Member

Useful Searches