PrevX: divide malware into more categories

Discussion in 'Prevx Releases' started by Jeroen1000, Apr 16, 2010.

Thread Status:
Not open for further replies.
  1. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    I have always liked the ability to select multiple categories so that you can, for instance, detect 'potentially unwanted applications' like cracktools , network sniffers, Remote administration tools, ...

    I find it useful that Remote Administrator gets detected if a specific category is enabled. Will PrevX implement category based detection in the not so distant future or is this unlikely to ever happen?

    But then Joe got me thinking on something he said:

    I'm not good at thinking up scenario's but here goes:

    Alice gets infected by a nasty piece of malware M. She doesn't know this, but it isn't detected yet by any vendor. She takes an image of her computer after cleaning it up or something. PrevX cleans this nasty a few hours later and no harm done (hopefully). 1,5 years later she restores her image because the PC crashed but detection for that piece of malware may be removed from PrevX? Is that what you are saying Joe? The reason for its removal was simple: it died off in the wild . . .

    This would kind of explain why there are no categories. You'd never know what was in them at any given time.
     
  2. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    p.s.: as written in the report, samples used in current AVC testset are mainly samples seen relevant in last 8 months - not 15 years.
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    We are indeed planning to further extend our malware groups for clarification and provide the ability for users to select what groups they want to detect (i.e. is Spector Pro malicious to the average user).

    I may have misrepresented our detection - that is incorrect as we do not remove any detections - ever. We still have many signatures in place from 2001 when Prevx was started and they still detect threats, however, the usefulness of testing security products against threats that are this old is marginal - users are massively less likely to encounter a threat that is several months old rather than one that is new so testing new detection technologies should be applied over new threats, in our opinion :)
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Sorry again about that, IBK - I was under the impression that you had still tested with DOS malware and old threats.
     
  5. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    Hi PrevxHelp, no problem ;)
    DOS viruses have been excluded from all our test-sets already many years ago.
     
  6. Jeroen1000

    Jeroen1000 Registered Member

    Joined:
    Aug 18, 2008
    Posts:
    162
    Thank you for explaining this. Examplatory support:thumb:
    I feel PrevX will be growing into a superb piece of software in the future. I can't wait for the techie options to arrive in the next version:)
     
Thread Status:
Not open for further replies.