WiseVector Stop-X

The developer hasn't told us his plans but on the MT thread he did observe changes in Windows driver certification are going to force a wait.

When that's done, maybe the product will move out of the beta. We'll see.

 

The MT-post:

https://malwaretips.com/threads/wisevector-free-ai-driven-security.87965/page-84#post-961555

 

Microsoft curve ball. It is encouraging however that @WiseVector is aware of exactly what manner of their own changes is identified and needed to return compatibility again.

 

I'm sorry but do you guys think that a detection rate of 87.5% is good for a tool like WVSX? It's not bad indeed, but this still means it's probably a good idea to combine with another AV.

 

R- Remember that WVSX is not just a "dumb" (sig based) product, but an AI. When doing an accurate test one does NOT run a script that will run many malware samples over a few minutes and expect a relevant result (note on the videos the time lapse over which a bulk of the malware was run). Such testing will invariably result in overwhelming the AI functionality and also is hardly a real world scenario.

In my personal testing I coded true zero day stuff for which WV had a 0% initial detection rate, but when these malicious files were run WV stopped them, although sometimes with a 30 second or so lapse while WV was "thinking". I hope you will agree that taking the time to understand how a product works, testing accordingly and not attempting to impress by gang-banging a flock of samples will yield a more accurate result.

(ps- CF + WV 2.73 is a wonderful combo)

m

 

With the 2.73 CS is right. With the 3.01, you get HIPS and an IP firewall and CF becomes redundant.

I can only imagine what the paid version will be like for the features in the free will be the same but lack configuration options.

 

87.5% but what are the samples are they tested with other avs at the same time, can we download them to test them ourselves? I swear AV testing industry is the most unclear and hidden stuff there is out there. All u see is like 175/200 samples and ure like "87.5% SO GOOD" like an absolute brainless monkey (and by you i don't mean you i mean most people), u never ask what the samples are, u never ask how would other AVs do against the same samples at the same time, u never ask to inspect them to make sure it's not some ******** filled with a few real samples, u never ask so many other questions. I can go on and on. But u can make LITERALLY ZERO conclusion from a random youtuber guy that gives 0 details or anything. And even if he did you can never be sure until they are checked by people who know what they're doing (not me i don't have much knowledge in this area). I cannot even begin to start explaining just how useless this test is. From the guy's point of view MAYBE it's legit (but then what if Kaspersky gets 100.0%, 87.5% is not good when u factor in the small sample size. Now try testing billions of malware and watch kaspersky be like 99.8% with all its modules while WVSX goes lower and lower as u increase the sample), but from our point of view it's absolutely useless.

Also btw it's 87.15% not .5, plus that's just FOR THE STATIC TEST. So what does this mean, it means 87.15% of malware were (likely) already marked by signatures ("fresh malware" ******). This is why I think avs should be tested without file scanning module. Because a true 0 day would NOT be detected by this module. So if they got detected THEY are not 0 days, and to me the definition of Fresh is that. So really the REAL test only begins AFTER WV has already detected and deleted the marked malware. Then only the unmarked ones remain and NOW the real test of protection can begin. Not test of "how many of these malware have been detected before and marked as malware".

So out of nearly 900 samples that passed the test, 40 (39) were detected as malware by Hitman Pro. So AT LEAST about 8% of malware managed to pass through. But likely many many many more, because chances are if WV's signatures couldn't detect the samples, then the 2nd opinion's scanners wouldn't be able to either. So nearly 900 malware executed and based on part 1 video u can tell A LOT more than 40 showed stuff on the screen. So yeah, if u ignore all the malware samples detected likely mostly by the sigs, u can see in the real test that, well we don't know how many of the 900 were able to harm the system, but u can see that A LOT of them managed to harm it. So this is a pretty big fail imo.

 

Maybe the AI should not let a file get executed before it's done scanning? Just like VS does. It's WV's fault it lets the file execute. So it counts as a fail.

 

Lol u wish

 

I agree with you about the shortcomings but people are going to run an AM in conjunction with a AV. Its not going to be their sole security software and what's missed by one will be detected by the other.

Even with world class security software, there will never be 100% protection, that's unrealistic. At best they will be your second line of defense if your SRP, anti executable and firewall don't stop malware first.

 

This is the whole point People expect 100% protection and that is unrealistic if you connect to the internet. Look at all the agencies, defense companies being hacked.

 

Their being hacked (businesses) because there is money to be made. 98% of people do not have to worry about that type of attack. Malware attacks on home users is getting rarer, its social engineering they have to worry about now, emails trying to trick you into giving financial or account details etc. No program is going to protect you from that. A decent AV and brain.exe is all most need.

 

Exactly my point. No AV or any security program is 100%...Brains and backup is the only solution..

 

I need that for my kids computer

 

Don't remember microsoft or google being hacked. U only hear about the **** ones that don't know about security.

AVs are AM nowadays

Yeah but the closer u can get to 100% the better.

I feel like the only way for home users to get malware is to download random **** like cracks or activated programs or "ruby generator" etc. from unverified sites. If u type ANY game that is unreleased in google there will be pages and pages of sites where u can "download it" but obviously u can't cuz it's not released yet, many of them are actually surveys or it's a zip with a password or u have to go through 15 shortening links so they can get money from ads

 

So defense companies are ****? yeah ok, like you know more than them lol...

 

Points very well taken. Also in this world of immediate expectations developers aren't exactly seasoned sages. It takes intense R&D stamina and I found WVSX while in something of initial infancy has mastered criteria some AV's have not. To their credit WVSX is been quite enthusiastic and forthright as humanly possible with stellar results so far. And courtesy members and user's alike have contributed to it's improvement without doubt. AI is something of a bonus for all of us depending on it's actual real world results. Even @cruelsister's home grown projects seem to offer some testament if AI is up to task

It's a TEAM effort that produces the most positive outcomes which i might add at record pace.

 

Though backups won’t protect you against everything either

 

well idk but i haven't been infected with malware so

 

a trusty firewall will

 

With ransomware, offline backups will keep valuable data from getting lost.

And yes, the most important form of prevention isn't software but human smarts in knowing what do on the Internet and not blindly clicking on links and downloading untrusted software.

 

Also by the way this thread is really getting off-topic and i don't mind one bit but i'm sure the developer does when he has to read 10X as many messages not related to WV so maybe the mod can come in to scold us

Paging @stapp

 

I think its relevant and of course WSVX is a great software but we were talking about what it can't do. It can't protect users from themselves. Its a tool to safe computing practice, nothing more.

 

That is pounding the nail home squarely on the head.

No malware is a ghost. Keep off the machine a series of backups is what I like to refer to as FAILSAFE. Yeah go ahead and deface a system or render it inert for a user or company. But try reaching backups isolated away from the targeted system online. Wasted time and no returns for you bad guys. Have a smoke to celebrate another failure.

Backups OFFLINE are the KEY so what!