Why is my cloud better than your cloud?

Discussion in 'other anti-virus software' started by Pleonasm, Jul 6, 2009.

Thread Status:
Not open for further replies.
  1. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, we sum it up as "Age/Popularity" but use the same additional data that they use, as well as more :) The main configurable elements are Age/Popularity, however, as those are the ones that affect detection the most.

    I wasn't criticizing the prevalence based logic, I was criticizing their line of: Which software vendor does the file belong to?

    Just because software comes from Sony, a legitimate vendor, does not mean that it is legitimate.

    I was referring to your post of: "Reputation ratings, in contrast, have no such asymptotic constraint." Reputation ratings still fall into constraints as well, weighing usability with warnings, as do signatures and heuristics. An AV could say that all packed files are malicious and thereby block ~80% of new malware but also block ~30% of legitimate software. A reputation system can say that the only legitimate software comes from Symantec, Sony, and Microsoft and to block all others but the rootkits would still survive.

    I'm referring to new software versions as variants of existing software. Because Symantec is using a one-to-one cryptographic hash, the slate is completely wiped blank every time a single byte is changed in any component of any new program and it must be re-scrutinized by the reputation analysis.

    It all depends on how Symantec has tuned their warnings - if they require 100 or 1000 users to see a new program before it passes the reputation analysis, then they WILL warn on 100 or 1000 user's systems.
     
  2. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    PrevxHelp, there are two facets of “data” in this context: breadth and depth. While the depth may (?) be similar for the two companies, Symantec has considerably more breadth – i.e., visibility to a much larger installation base. Based on the numbers I have seen publically reported, Symantec’s worldwide visibility to files through its community is about 5 to 10 times larger than that of Prevx. That’s a tough hurdle to overcome.

    PrevxHelp, I agree. Symantec isn’t arguing that the identity of the software publisher is an exclusive deciding factor in the reputation calculation, but is only an element.

    PrevxHelp, point well taken.

    PrevxHelp, are you referring to Sony’s famous rootkit – or, to rootkits in general? If the latter, why would they survive? As I understand Symantec’s approach, a rootkit's reputation rating would be low and they would be classified as malware (also relying, perhaps, upon the SONAR technology).

    PrevxHelp, while this approach may require Symantec to invest in more hardware to support the uniqueness of each SHA256 hash, why should a user care about the operational efficiency of Symantec’s cloud? If Symantec has tuned their systems to provide quick performance, I doubt that a user cares how many unique records are being stored within Symantec's cloud.

    PrevxHelp, I don’t believe a user will care about the total number of “unknown software warnings” that Symantec issues collectively each day. What a user will care about, however, is how many such warnings appear on their own PC. Again, time will tell, but I suspect that the warnings will be of little concern for the majority of users who experience them only rarely. Witness, for example, the lack of any chatter about this issue on the Norton Internet Security / Norton AntiVirus 2010 Public Beta forum.
     
    Last edited: Jul 14, 2009
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That's a terrible mentality to have if you're looking to ever see new technology in the market place (and why we do not consider it a hurdle at all).

    The former.

    It seems that you're misunderstanding what a SHA256 hash is. No matter where it is calculated, it will always be unique and the calculation overhead is relatively low which is not what I'm referring to. A strong cryptographic hash "guarantees" (or comes close to it) that two files of arbitrary length with even so much as just one binary bit of difference between the two will produce different cryptographic hashes. Therefore, when Vendor X releases an update of their software, the hash will be different so Symantec will have no way to correlate it back to say that Software Y v1.1 is from the same "family" of software as Software Y v1.0. This will cause headaches for frequently updated programs and is a massive differentiator between a hash-based approach and a generic signature approach, regardless of where the signature is used (a hash can be considered a signature so even with reputation analysis they still aren't fully away from signatures :))

    Sure, that's very true, however, I suspect if you go through Download.com and find programs which aren't very popular, you will receive warnings. And if you don't receive warnings, then there is something wrong with their system.
     
  4. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567

    Okay, so let's say this was based on only the post that I quoted from the engineer. One source is not everything. I've learnt that since long. Read the blogs, read the forums. They've made it and they've documented it - and it's not hidden from your sight. Let me take this example... when I decide whether to try a product or not, I look at many different sources (reviews, comparatives, forums, searches through a search engine), then when I'm satisfied, I don't stop there - I think through the information that's given on these sources in real-time, then I sum up what has been said and make up my own mind, maybe for a long time to take in the points, both good and bad in the calculation.

    Don't make it simple for you, just because it benefits your company, cause then you shouldn't even compare with other company's products.
     
    Last edited: Jul 14, 2009
  5. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567

    I don't understand how you can seriously even expect this and other things that you've talked about. QUORUM IS NOT ALONE. It's working as a whole suite, therefore it can determine what's bad, what's good, and what might be either of it, based on lots of factors. Quorum, SONAR, Download Intelligence, Auto-Protect, Intrusion Prevention.

    Again, don't make things so simple for you, or did you "believe this on purpose"?
     
  6. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    PrevxHelp, I agree that it’s a “terrible mentality” if you are referring to market share -- because, as you imply, it would shrivel innovation. However, my point isn’t about market leaders versus laggards, but simply about the scope of the data encompassed within a reputation calculation. Reputation ratings should be more effective as the size of the population upon which they are based increases (all else being equal). In this respect, Symantec appears to have a significant advantage.

    PrevxHelp, clearly, the SHA hash of version 1.0 of Product X will be different from version 1.1 of the same product. As a consequence, each version will have its own reputation rating. I disagree, however, that this will “cause headaches for frequently updated programs.” The only case where I might envision “headaches” materializing is for the “few” users who are the very first to update to “version 1.1”.

    PrevxHelp, I suspect that in some cases you're right. It may be personal preference, but I would rather be warned about a potential threat and asked to “check back in a few hours” (as NIS10 operates) than to install malware.

    In total, your comments seem to be implying that reputation ratings are ill advised, because they will produce too many warnings. As I have noted, it’s a case of “time will tell” -- but, I haven’t seen any reports from the beta testers of Norton Internet Security 2010 that this theoretical problem is an actual concern (yet).
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    :doubt: I'm well aware that Quorum is not alone, the point is, if they have reputation based protection then programs without an established, positive reputation should be flagged, no?
     
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    They aren't ill advised - we use them extensively - but they are not a panacea which is all that I'm trying to point out.

    Marketing departments can easily make this sort of "press-friendly" functionality appear to be the absolute best thing to ever come out of a company but I think that would be a big slight on their other functionality and while "reputation" is an important factor to take into account, it is something I believe they (and most other vendors) have been doing for years so it isn't anything new.
     
  9. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    PrevxHelp, Symantec isn’t releasing details of how all of its decision engines within NIS10 integrate with one another (for obvious reasons), but my understanding is that a file with a “low” reputation rating might be classified as “non-malware,” if it passes the other filters. For a file with a “very low” rating, however, the user might be advised to “check back again in a few hours” when more is known about the application.

    PrevxHelp, there is no single “panacea” in this realm, I agree. However, reputation ratings appear to deliver an important benefit beyond anti-malware signatures (which continue to be important, too).

    PrevxHelp, can you please elaborate why Symantec’s use of reputation ratings “isn't anything new”?
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Yes, agreed.

    It is basically what a number AV companies have but don't bother flaunting around as it is a basic concept within their engines. We've had "reputation ratings" in place since the first incarnations of Prevx farther back than 2004 and a number of other products use all of the metrics which Symantec outlines on their page. Frankly, we consider it such a necessary component that it can't be excluded. All heuristics are also, to some degree, a reputation check, as are blacklists and whitelists (a whitelist being a perfect reputation check).

    Most files on every user's PC lie in common with other users - the average user tends not to deviate from a basic set of programs and standard operating system. We've always had logic in place to automatically identify these x thousand components - based on their signing identity, signatures, etc. It is hard to think that a signed program by Microsoft named C:\Windows\Explorer.exe which has been seen by 6+ million users could be malicious (Linux jokes aside).

    Using these ratings, Prevx, Norton (with Insight/Quorum), Zonealarm (with their checking to prevent unnecessary firewall prompts), Bit9, Kaspersky, Microsoft, etc. etc. are all able to improve scan speed and protection by quickly identifying and ruling out the possibility for malware in many files.
     
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    I don't think they're ill-advised, but it looks to me that all Symantec are doing is adding another layer to their already established detection methods. They're not exclusively using the cloud on its own. If they were, then we could really compare between the likes of Panda's Cloud AV and Prevx.

    I suspect that for the average user, much of the time signatures will most likely kick in from the local database. It'll be a race as to which component of the suite flags the malware first.
     
  12. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,642
    Location:
    Sneffels volcano
    Excellent posts PrevxHelp. Deserves a huge :thumb:

    (although I still stand against the dubious way to promote Prevx on its main website :rolleyes:)
     
  13. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Sorry, sorry - me spinning out of control again. My apologies. :oops: :)

    The fanboy in me turns on when most importantly a product that I use and use because I believe it's a great approach and gets criticism that doesn't even seem realistic.

    The point is, they've obviously thought this through. It works with the others and overall analyzes what is run and its behavior to determine what is safe - and more importantly, what's not. I'm not gonna go into how Prevx would flag, but I could. Don't get this wrong, I'm sure it was the increased sensitivity because of Conficker. ;)
     
  14. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    You're absolutely right. IT'S not about using the cloud exclusively. It's taking advantage of all components and technologies of the "suite" - whether it's NIS or NAV - to come to the right determination, without bothering the user.
     
  15. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Macstorm, yes, I do agree -- kudos to PrevxHelp for interjecting insights into this thread. :thumb: I hope his presence continues (even if we don't always share the same perspectives)…

    TonyW, I don’t see why Norton Internet Security 2010 could not be compared to the Panda or Prevx product. The key metrics continue to focus on the prevention and detection of malware, and all products may be measured on these dimensions.

    I highly doubt that most users really care about what’s in-the-cloud versus what’s resident on-the-client -- rather, it’s all about protection at the end of the day.
     
    Last edited: Jul 15, 2009
  16. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    I agree it's all about detection and prevention, but it's the how that seems to interest some of us here at Wilders. Joe Average probably isn't that interested or clued up to know.
     
  17. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    PrevxHelp, could the difference between the use of reputation information by other vendors versus Symantec be the following? While other vendors primarily use reputation information to improve the quickness and quality of anti-malware signatures, Symantec is using reputation ratings as a separate and distinct “layer” of protection above and beyond its existing signature-based technology. In other words, with Norton Internet Security 2010, Symantec is leveraging the reputation ratings in its heuristic detection, in its firewall, in its intrusion prevention, in its scanning engine, and in its download protection. Thus, the thrust of Symantec’s approach with reputation ratings appears to be considerably more comprehensive than what any other vendor has employed to-date.

    Additionally, as noted previously, the quality of Symantec’s reputation ratings may be higher than those of other vendors, given Symantec’s visibility to a large worldwide collection of users’ PCs that others do not possess.
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Symantec's approach is similar to ours and we use the same techniques for protection as they do. However, reputation checking is just a combination of different components which other products use inherently. Symantec's description includes:

    "How many instances of a particular file are seen?" - we call it "Popularity", other vendors use similar approaches primarily for whitelisting but it is logical to apply them to detection as well. It's hard to say exactly what vendor is doing what but if they have the framework to check the popularity of a file for whitelisting/speed purposes, it would be illogical to think they would not be using it for detection.

    How long has that file been around? - we call it "Age". This, again, falls under the same category as "Popularity" for what other vendors have in place.

    From which URLs were they downloaded? - every content screener/link scanner/http scanner/download monitor/internet security suite will have these details. We take into account what URLs the programs then download also as part of the behavior which we collect.

    What is the basic health of the system that is submitting the data? - we have this also, which is why some users come across runs of FPs: once a file is detected on your PC, we heighten the analysis behind the scenes. I suspect most vendors do the same, IMO it would be illogical not to.

    Which software vendor does the file belong to?" - we do use this to a degree but our list of trusted software vendors is VERY short because we don't trust software just because it comes from vendor X. Vendors have been compromised in the past so we will very, very rarely give a "get out of jail free" card to vendors. Most vendors do have quite a bit of analysis based on the digital certificate present and heuristic rules tend to be tuned differently depending on the presence of a valid, trusted certificate.

    Statistical significance is not hard to establish. The difference between 6+ million Prevx users and Symantec's userbase is negligible. There is no added benefit in seeing that a program has been on 20 million PCs than if it has "only" been on 6 million PCs. While Symantec may be in a better position to try and catch up to us than the other cloud-emerging vendors because of their size, we have a significant foot in front of them even though they may have more users.

    They are also not collecting/processing anywhere near the amount of data which we do as their architecture is not built around behavioral analysis. In some months, we plan on opening up some of the behavioral analysis output to large enterprise/government customers so that they can really get a feel for what is on their networks. Once we do this, it will become immediately apparent what the significant differences are between what Prevx does and what vendors like Symantec do, but until then, it is a bit of a guarded door.
     
  19. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    PrevxHelp, I take you at your word that the collection of “reputation variables” used by Prevx is similar to that used by Symantec. Yet, the point of my prior post was more architectural in nature: whereas many vendors appear to be using reputation ratings to improve existing detection technologies, Symantec is layering reputation ratings across all of the technologies within NIS10. To clarify further, I am getting the sense (and may be incorrect) that many security vendors have a “Reputation Rating --> Anti-Malware Signature --> Decision” architecture, whereas for Symantec the architecture is “Reputation Rating + Anti-Malware Signature --> Decision” (i.e., a multi-input and additive structure). This approach can only be implemented if reputation ratings are maintained as distinct entities, created and updated and used independently of anti-malware signatures. Do you see the distinction?

    PrevxHelp, the issue here isn’t about “statistical significance” (i.e., the probability of making a Type I or a Type II error). The issue, in contrast, is twofold: (1) the ability and promptness to detect new emergent threats that have a very low prevalence (i.e., are “rare”); and (2) the ability and promptness to identify new software (or new versions of existing software) that are safe and that should be allowed to run on the user’s PC without user intervention. For both of these facets, the size of the population participating in the reputation ratings logically seems to have an important impact.

    For example, if a new threat first appears on a number of PCs randomly spread across the globe, and if Symantec’s visibility to the worldwide population of the PCs is about 5+ times greater than that of Prevx, then it logically follows that Symantec will be 5+ times more likely to have visibility to the threat than Prevx at any point in time. Of course, as the dispersion of the threat spreads, the size advantage enjoyed by Symantec will eventually diminish -- but, that does not lessen the importance of the advantage in today’s rapidly evolving threat landscape. I don’t see how you can dismiss this benefit.
     
    Last edited: Jul 15, 2009
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'm sure some of this may just be coming across because of the inability to collaborate and discuss on the web but do you mean the opposite? "

    "Reputation Rating + Anti-Malware Signature --> Decision" would infer that you would need a signature and a rating to make a decision. A signature should be good enough just to create the decision by itself. However, in the case of Prevx/Symantec/others, we consider a "bad reputation rating" enough to block it immediately. For instance, URL scanner have blacklists of URLs which block the downloads immediately. The file may have changed to a legitimate file between the time that the URL was added to the blacklist and the user visiting the website, but the URL will most likely still be blocked because it now has a bad reputation.

    Reputation ratings do improve protection and stand alone - we use reputation as a component of the back-end heuristics (i.e. REGEDIT.exe may modify some suspicious registry keys but it is trusted across the globe because it is a core component) as well as using them independently as distinct detection measures via the Age/Popularity protection.

    Taking an example like Zonealarm - their firewall will warn when an untrusted program tries to connect to the internet after they check their database of trusted programs. They could therefore say that they are analyzing the reputation of the program before warning and that they reduce or increase warnings depending on the reputation of the program in question.

    You're looking at this incorrectly when dealing with the cloud model. Your assumptions are correct if we required samples to be harvested and researchers to analyze each new threat based on volume, but our architecture is inverted. Although Symantec's userbase is larger, Prevx is not trying to protect the Symantec users which Prevx is not installed on. Assuming that Symantec has exactly the same implementation and protection as Prevx, it would be logical that protection would be equivalent irrespective of the size of the userbase, assuming you are comparing the effectiveness within the installed userbase. Therefore, Prevx protects Prevx users the same as Symantec protected Symantec users.

    It doesn't matter if a threat has been seen on 5 PCs within Prevx or 50 PCs within Symantec - the same protection will apply to both.

    Threats which Prevx users have never seen would logically not be detected as would be the case with Symantec (hence the argument against on-demand AV testing but I'll leave that can of worms sealed :D)
     
  21. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    PrevxHelp, I think that the “diagram” I provided may have been inadvertently misleading. I understand that Symantec may classify a sample as malware if any one of its decision engines (e.g., reputation ratings, heuristics, signatures) indicates a high likely of a threat. Based on your description, Prevx operates in a similar manner.

    I’ll research this issue more, and continue the conversation again later....

    PrevxHelp, perhaps I am misunderstanding a point. If Symantec has 5+ times the visibility to threats across the globe, then any individual user of Norton Internet Security 2010 engaging in a potentially risky activity (e.g., downloading an application) will have the benefit of all other Symantec users who have already performed that same activity. If the set of Symantec users is about 5+ times larger than that of Prevx, then any in-the-wild threat will be 5+ times more likely to have been encountered and classified by Symantec than by Prevx; and, as a consequence, any single user of NIS10 will have a protection advantage.

    Think about it using Venn diagrams. The set of PCs is the population, a subset of which are Symantec users and another smaller subset of which are Prevx users. If instances of unique new threats are randomly and continuously distributed across the population of PCs, then the probability that any one threat will fall into the Symantec subset must be greater than the corresponding probability for the Prevx subset. Because neither Symantec nor Prevx is perfect, each product will initially miss some proportion of new threats until such time as a ‘critical mass’ of information about that threat is accumulated. Because we’re assuming that Symantec and Prevx provide equivalent protection, that ‘critical mass’ will be achieved sooner with Symantec than with Prevx; and as a result, all other users of Symantec will inherit the benefit of those experiences more quickly. For illustration, if it takes 10 encounters with threat X before either Symantec or Prevx can correctly identify the threat as malware, then the Symantec userbase will achieve that criterion 5+ times more quickly -- and, most importantly, the likelihood that any one Symantec user will be placed at risk in the process will be 5+ times lower (i.e., 10 divided by the number of Symantec users is 5+ times less than 10 divided by the number of Prevx users). At the level of the userbase viewed in totality and in isolation, there exists 'equivalence' in protection between the products. However, at the level of the individual user (which is, after all, what matters most), the average Symantec user is exposed to less risk at any point in time.

    Am I missing something here?

    P.S.: I am assuming that the geographic coverage and Internet habits of both the Symantec and Prevx userbases are similar; and, for ease of illustration, that the set of Symantec and Prevx users do not overlap.
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    You aren't directly missing anything, except that you're assuming that Symantec's Quorum provides the same level of analysis as Prevx's centralized database and that reputation analysis is equivalent to the community protection offered by Prevx/Panda. Although Symantec's reputation analysis can aid their malware detection, their architecture and technology is vastly different from Prevx or Panda in the fact that they cannot leverage each user's visibility past the simple incrementing count of how many times a program has been seen and from where.

    Because of that, even if they were to be installed on every PC in existence, they would not gain effectiveness over what we provide with actual analysis and research occurring in realtime on data from the agent computers.

    Symantec uses their hundreds (thousands?) of human virus researchers to write new signatures for threats. Prevx, however, uses an almost completely automated system with only a couple virus researchers who do not write signatures but tune rules which are fed with the data coming from each agent.

    Therefore, because of the ability to leverage the intelligence from the behavior of programs/contextual data/signatures/etc. from the local agent PCs, Prevx is able to outperform much larger vendors even though we have a fraction of the userbase. We really have little/no intention or need to hire additional researchers even though the volumes of new threats is growing exponentially and that unequivocally highlights the benefits of our centralized view across the population.
     
  23. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    If I may bust in here too again :D - I'm not sure this is entirely correct. Sure, it's proven on your end that even if a threat is seen for the first time to your db when a user encounters it, it can be determined very fast, and often even automatically. The thing is, the same goes for Symantec and their Norton. This is what we, or atleast I have been trying to say. And yes - this one HAS been stressed before, but I hope time will come that I won't have to anymore. Quorum is working with the other components. This means that, say that Quorum with its data can't determine a decision automatically. Fine, but then it doesn't just stop there. Then it'll check with all the other technologies and kinda like ask "what do you think, buds?" :D - we're talking SONARv2 (behavior analyzis, and not the old one - it's been vastly improved as well, Quorum is not alone to be new incase you thought so :p), we're talking Auto-Protect, we're talking Intrusion Prevention - etc., etc. Not a single one can determine it, so it's just gonna let it pass? WRONG! That's yesterday, which you know by now. Then it'll take the last piece in the puzzle - it'll ask the user what to do; Stop it, Remove it, or Allow it. Recommended is to Stop it, simply because if it's not determined by ANY component, what's about to run gotta be pretty damn new and non-analyzed. The underline is: keep the user as safe as possible without bothering him or her. I hope this clears things up.
     
  24. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    295
    I start to know why one cloud may be better than another cloud simply because one cloud is not a pure cloud and it is only a layer out of XZY. It sort of reminds me of discussions about some firewall leaktests in which one product may fare better than others because of its multiple components (e.g. HIPS) but not only because its firewall is better. I still cannot tell why one cloud (by itself) is better than another cloud (by itself) yet.
     
  25. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Just because there's just a cloud and nothing around it, it doesn't mean it's better at protecting a system or doing it lighter, even if it can theoretically do that. It all comes down to what suits the specific users and overall protects that user best - not the approach of using a cloud-db or tech. This discussion is only to discuss just what the topic says but with other words maybe; when it comes to the cloud used by security software, what approach does the software in question use, and what advantage does it take from (making) this sort of online database - compared to the others.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.