Panda Cloud Antivirus - Version 1.0 Final Released

Only problem I see is auto-quarantine. I hope there is at least a configuration to stop that, I'll just test it instead of waiting for a response.

Off Topic:

I don't think it's fare to compare anything to Norton. Last time I checked their products were harder to remove than some rootkits, and the software was thread and memory greedy 'bloatware'. Not to mention all public benchmarks reflect both 360 and NIS were behind in detections. Probably why you don't see anyone but department store shoppers discussing it and McAfee.

Most people think the fact you see the vendor giving their 2 cents on a lot of security sites they have the most enlightened security people. Go to a respected reverse engineering or research community and it's almost never mentioned when the topic of AVs come up. You can also defeat it the same as a lot of other solutions once you get your binary to the windows loader.

 

Last time you checked.........1996, I guess. Norton is fast and light in memory usage now.

Behind in detections?. If you mean they are not number one in every single test, yes. They win in dynamic test and are at the top in the rest, I wouldn't call this "being behind".

 

360 and NIS are their current products. I can't keep count of the number of complaints I've gotten over 360 and I deal with a small demographic. NIS users too, most of them are frustrated because they still have a subscription when I show them how much it was killing their system performance and immediately replace it at their request.To each their own though.

EDIT: I can still get my malware to the windows loader and through the firewall on 360 4.0 and NIS+NAV 2010. Their strength is only in their network distribution. Panda, KIS, and Avira are still dominant in some significant parts, and seem to be stepping forward first in heuristics and emulation.

 

Guys this thread about Panda Cloud Antivirus

not Norton.

 

Indeed, not my experience and not what all the people that I know running NIS in very old laptops tell me either. About detections, what I said in my previous post.

But, as Brocke said, this is not a Norton thread, so I quit here.

 

Hehe, a moderator should cut off some posts

 

Are you sure? Could you back-up your claim? Please provide some references.
FYI Symantec was the winner of the 2009 AV comparatives best product of the year with top notch detection and low false positives.

Thanks

 

Wait a minute, "your malware?" You mean... you are a malware creator? Please explain.

Thanks.

 

Hi pbust
here is a sample 'stop' error (windows) that caused the redX in the sys tray icon.
Product
Application Host Service

Problem
Stopped working

Date
29/03/2010 20:43

Status
Report Sent

Problem signature
Problem Event Name: BEX
Application Name: PSANHost.exe
Application Version: 1.0.0.2
Application Timestamp: 4ae6db45
Fault Module Name: MSVCR80.dll
Fault Module Version: 8.0.50727.4053
Fault Module Timestamp: 4a594c79
Exception Offset: 00008aa0
Exception Code: c000000d
Exception Data: 00000000
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 2057
Additional Information 1: b393
Additional Information 2: 69be597de06dc0618c681b90d40fe0ab
Additional Information 3: f120
Additional Information 4: d3e786fe7a1a0c5118402ada707b9093

Extra information about the problem
Bucket ID: 817473395

Restart all ok
will mail it to David.SanJose

 

Yes I make custom samples. They never get distributed so they don't end up in generic signatures. Using generic attack patterns is why post-infection response is still needed in AVs. A typical AV vendor at most will reverse engineer a binary and make generic signatures based on it's payload and in some cases PE or ELF characteristics. My samples haven't been so they go right to the windows loader, and once their I'm free to inject and hook my way through filters both in ring 0 and 3. No AV on the market can protect against memory residency, and injection protection, the few that exist, don't protect the API that they use. The languy videos even demonstrate this with generic samples, and no AV is an exception.

This will be my last non-panda post here. Bitter soccer dads are getting angry.

Is >>>Panda<<<< going to use TruePrevent 2.0 in the cloud client?

 

.
Why not create a new thread so the talk can continue "on topic"?

 

HAHA isn't this a very similar GUI like Pandas Cloud AV?
http://www.f-secure.com/weblog/archives/00001920.html

It's a FAKE Facebook antivirus.

 

Great!! Is it free?

 

feature request

I would like th have control over the scanning mechanisms from the guy.


question

By providing options in the setup i have a fair idea of how the caching mechanism of avast works. pbust has given some expanation of how panda cache works. to me this sort of had the same intelligence applied to reduce on execution scanning of existing safe executables.

when i perform a quick and a full scan of my c partition for both avas and panda (on different image with same config). On the next reboot i can see that avast only reads 33kb while panda reads about 411kb. this is on a xp pro sp3 setup wth no other security aps.

why is there such a big differenc?

 

Ah...! your confession is very interesting. Please, liberate your soul and do confess more... custom samples, what do you mean by that? Do you have tailor made samples for your customers on-demand or what? Is writing malware a hobby? Are you part of a larger bot, zombie field or ring? I'm pretty sure Pbust would be more than interested in your custom made samples in order to protect Panda customers from you; just in case one get lost in the wild, inadvertently, of course.

P.S: I'm sorry to be a little bit out of subject here; however, we have a malware writer or creator or artist in our midst I think we all have to take a time out from the main subject of the thread and interrogate him for a while.

Thanks.

 

Thanks for the info DavidCo. Yes please send it to DavidSanJose as well.

Regarding the default installation directory, you can choose a different one during install.

 

PBust
Back to the faulting module MSVCR80.dll
You can see that the version is 8.0.50727.4053 & this is in wSxS on my PC
However PandaCAV has version 8.0.50727.762 in its folder
I know that this could be in the CAV folder just in case the client does not have anything else available but Microsoft have been known not to provide backwards compatibility before

 

I meant exactly what I typed, I write malware to use for testing. The key to the castle is the fact it doesn't get distributed.

Your slander is hilarious. You think I need info and insight from this forum. I haven't learned anything I can't learn in 5 minutes on my own from here. The AV vendors also don't protect their binaries, anyone who is a interested can spend a day with a debugger or disassembler and get any info they want.

If I wanted info I could think of at least a dozen other places way more informative. Sorry to disappoint your double-o-zero scenario.

Get your head out of the clouds, unless it's the panda cloud, then breath in the information XD

 

@Pbust

https://www.wilderssecurity.com/showpost.php?p=1649328&postcount=589

answers when possible?

 

Basically every engine is build differently. Some scanners read more or less parts of a file during on-demand vs on-access, during cached scanning, etc. based not only on the emulation engine but also on the type of signatures you are checking against. Reading less always improves speed of scan but also gives less realible results under certain conditions.

I'm not saying one is better than the other... just different ways of doing things. Comparing only the portions of a file which are read does not really say anything good or bad about an engine. If it is able to emulate correctly to detect what it needs to, then its mission accomplished.

Also caches are built differently between vendors. Some engines re-check after x hours/days even if the file has been cached. Some re-check after a signature update, some never re-check based on digital signatures, etc.

 

Ok thx,

Will the free continue be a simple AV (fool proof usage) or is there a chance configurations option will be available in the GUI (or through regsitry).

I recall Panda having some options through registry settings, could you provide a link to that?

 

Oh dear! Slander... I must have asked the right questions? You are the one who confessed that you are a malware writer. Obviously, I want to get to the bottom of things. By the way, you claim that your malware are not distributed, now can I ask you another question? If you were to distribute them, would you come out in public on a security forum and say so? The answer is...

The truth my friend will set your free; consequently, I would greatly urge you to confess more of your nefarious deeds. Really, when you get it all out you would feel an uplift from your chest.

FYI my head is still inside the Panda Cloud and PCAV will stay on my VM for a while.

Thanks.

 

Is all this really necessary. I mean geez, give me a frigging break. As far as writing malware I would say this member isnt alone. He or she has been open and I feel honest about stuff. They dont deserve the third degree Cogito. Give it a rest.

 

Really? Could you give me more names of people who write malware? Oh! Wow I might stumble upon more than I expected. It's becoming more interesting by the day. Tell me more trjam. Most in the cybercrime enforcement circles would be most interested.

Thanks.

 

I will.

Thanks.