Returnil and cloud

Discussion in 'Returnil releases' started by skokospa, Jan 13, 2011.

Thread Status:
Not open for further replies.
  1. skokospa

    skokospa Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    177
    Location:
    Srbija
    Hi Mike
    Can you explain the functioning of Returnil cloud.
    Recently I uploaded a file of 640MB....how long do you keep those files on their servers...
    get the impression by sending a file that all you do on your computer is suspicious.It is written parts of a malicius program.
    Seems to be on my computer all suspicious
    Everything you do on your computer is collected and sent.The photograph beautifully written that are sent suspicious files only important parts...o_O
    Ok, I know you can not rule out sending files but many people simply are not aware that they can opt out of sending files.
    Do you get to analyze all...is much more to file.





    Rade
     

    Attached Files:

    Last edited: Jan 13, 2011
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    As you can see from the log, we make sure that the user can check to see what information is being collected as one of our highest development priorities has been ensuring that the user can review this information at any time they wish to do so. Further, we made sure to include opt-out and user initiated upload options for those who do not wish to participate in the malware sample and suspicious behavior information collection (Virus Guard > Settings > Data Collection Policy).

    The information collected is analyzed at the server using our artificial intelligence and machine learning technology which works to both identify suspicious as well as legitimate content. This enables us to improve the overall effectiveness of our policy updates (these are our internally created updates for the Virus Guard as distinct from those supplied by Frisk) by helping us to better identify new malicious content and to reduce false positive detections by learning what is good.

    This is why you may see what you know to be good in the upload queue which is there because it may have performed a suspicious action that is also used by malware. This does not mean the content is malicious, just that the Virus Guard component flagged something about it that needs further analysis to be certain it is not malicious. Further, the data collected may not be an entire file, especially if we already have a sample being analyzed from a different source so you may see what appear to be incomplete files.

    The purpose is as stated above, but also as a prerequisite for our Distributed Immunity project which will eventually allow clients within a network to update each other in near real time rather than the current server based analysis.

    As for data retention, the only data that is retained is what is required to verify that content "x" is malicious and content "y" is valid. When the analysis at the server returns an ambiguous result (cannot say if bad or good), that sample and/or information goes to the malware research team for more intensive investigation. As our server side analysis is extremely efficient and accurate at what it does, the need for direct researcher intervention is very infrequent which allows them to concentrate on sample submissions we get from other sources, including those sent in by independent researchers and enthusiasts.

    Simply put, we do not collect personal information and would have no use for it period...

    Mike
     
  3. skokospa

    skokospa Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    177
    Location:
    Srbija
    I felt like I was in an episode of big brother and someone watching from above:cool:
    a big fuss about comodo i dacs.:thumbd:


    Thanks Mike....
     
Thread Status:
Not open for further replies.