Prevx hard diffuculty for detect rogues

Discussion in 'Prevx Releases' started by dorgane, Aug 1, 2009.

Thread Status:
Not open for further replies.
  1. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    hi,

    sorry for my bad english.
    A friend is testing prevx edge 3.0 but we see than prevx don't detect rogues :O
    3 rogues launch, 3 rogues installed :/

    can you see video : http://infomars.fr/WordPress/peghorse/?cat=171

    what prevx do in next version for stopping rogue ?
    but nice self-defence, system security can't stop prevx =D
     
  2. Retadpuss

    Retadpuss Suspended Member

    Joined:
    Apr 4, 2009
    Posts:
    226
    Detecting rogues can be tricky for several reasons - firstly, there are so many of them and they often reguarly change the setup files to avoid detection. Secondly, many of them do not do anything malicious, so cant be caught using behaavoural analysis.

    On the whole, Prevx catches rogues and scareware better than most AMs / AVs. A test based on three samples does not carry much meaning as there are tens of thousands of rogues out there.

    I have tested Prevx against over 1000 rogues over the last 6 months and have found it to do very well - aas good as A2 and better than pretty much anything else in realtime and on demand.

    Puss.
     
  3. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    Rogues/fraudulent software is an area which some anti-malware programs do better at dealing with than others. It's a classification issue and how they get added to databases as rogues/frauds/scams etc..

    As Retadpuss says, there's so many of them, and if you submit any to some AVs for example, many will report the files to be clean because they don't actually contain malicious code. It's the intent and what these applications do that needs to be investigated, which means more analysis.

    In the case of Prevx, if you believe a program to be a rogue, submit to report@prevxresearch.com - that way, it'll be analysed and if found to be a scam, it'll be added for detection.
     
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    TonyW/Retadpuss: thank you for the perfect responses :)

    Rogues are indeed the most difficult area to deal with currently in the antimalware industry. Not only are the authors coming out with new rogues by the dozens, but the rogues actually look very close/better than legitimate applications so they require manual research and discussions - TonyW is right: even researchers in the same company can sometimes disagree if a program is a rogue :doubt:

    As said, if you could send the information on where to get the samples or the samples themselves to report@prevxresearch.com, we will add them as quickly as possible :) Thanks!
     
  6. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    hi,

    i send 7 virus ( type of fake codec)

    screen :
    prevxrogue.jpg


    now 5 hours ago and no reply/partial detected 4 on 7 :cautious:
     
  7. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    ok,
    i support team writed me
     
  8. overangry

    overangry Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    309
    Interesting reviews I was surprised at how poorly some of the major av's performed, using this limited sample of malware.
    It seems that not only Prevx had detection difficulties:eek:

    Some AV's I had never heard of performed quite well, some better than the big players...

    I haven't looked at all the videos, but I did notice that for Drivesentry the tester updated the signature data base after he completed his testso_O
    o_O
    Personally, I would like to see him test geswall.
     
Thread Status:
Not open for further replies.