Viruscape....A new antivirus on the market?

Re: A new antivirus on the market?

Policy based malware prevention will probably prove to be much more widely accepted and work better than heuristic methods. The fact that heuristics DO need to be updated makes them just as vulnerable as signature definitions. A totally new threat using new techniques/infection vectors will not be found by (most if not all) antivirus engines even if they have great heuristics.

As long as virus writers have copies of the antivirus programs, they can evade them. The best (and only) heuristic engine is a trained antivirus researcher, and even then - they could be fooled.

Current heuristics exist as more of 'generic definitions' for a wider range of malware than just one family. While they do work, they are not cross-virus type. A true heuristic engine would be able to determine malicious behavior from legit behavior without needing to be told EXACTLY what is good behavior. While this will require a great deal of artificial intelligence, I do not believe it is impossible per-se, as incoming executable blockers work quite well at stopping threats.

The problem is weighing false positives/warning to detections.

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

How?

 

Re: A new antivirus on the market?

How could an antivirus engineer be fooled? I dont know, maybe a virus using a hash on the time of a file stored on some randomly generated server to update itself.. there are times where it is possible that new variants of malware will be missed.

Various red-herrings and traps can cause a nightmare for researchers.

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

Bullshit of its best! For what do you have virus researchers? Not only for a try-and-error-method. Even a junior analyst will detect such code passages!

 

Re: A new antivirus on the market?

No, if there was a virus which used a server side algorithm to tell where it would download next - it would be impossible to find where it would download until the author choses to show.

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

First, then it's a downloader. 2nd you will see the downloading locations (even if this is done via server side download rotate) and you will see what it does with this downloaded file (for example selfstart) even if this file to download is not available during time of analysis.

 

Re: A new antivirus on the market?

Yes - obviously. I am unsure what we are still talking about... but.... everyone makes mistakes once in a while. I'm sure that you have mis-analyzed a virus before, thought it was doing something when it wasnt, or got stuck trying to decrypt a complex encryption algorithm.

That is the only point I'm trying to make. No one is perfect, and trying to teach a computer program everything that a person knows is impossible or atleast very improbable.

Thats all,

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

No, i didn't. That's for what i'm wellknown - virus analysis and especially decryption of complex malware In other areas i regulary make a lot of mistakes, such as joining discussions in forums Making the food to salty, but for sure i got never stuck trying to decrypt something

 

Re: A new antivirus on the market?

Well, although I do respect that because you are a very respected antivirus researcher, everyone has to start somewhere - when they do not do everything perfectly Eventually it is possible to decrypt any piece of malware... even if you have to decrypt the bytes on paper, but, you can't just wake up one day and say 'I think I'm going to disassemble some malware for the first time!'

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

That's for sure and i respect also "beginners" because i was not born with IDA Pro in my pampers By the way i have a great respect how much efford you put here to discuss. Just learn to deal with my answers and you'll easily find out that i'm not a monster

 

Re: A new antivirus on the market?

Agreed - We have just a handful of false positives to take care of now. The release may be sooner than originally expected.

Derek - you said that there was no on access protection. Was it merely not working on your computer? Depending on if you have other antivirus programs installed or not, or firewalls (Outpost Firewall is incompatible with our guard), the guard may perform incorrectly. PER AntiVirus also seems to cause some issues, but, we are investigating them.

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

Perhaps a little background on the other individual would be of help. A good many of us are very familiar with the background of Happy Bytes, and he is considered to be an expert by many. Even I, who is known to be very blunt try and keep personal attacks out of the post I make here at Wilders.

Thanks
Wildman

 

Re: A new antivirus on the market?

We have thought a lot on this issue, and have weighed it out that, as a newly public company, it is more important to get and establish a user base than to make a killing profit wise. We are really just trying to hit a break even point, and have enough left over to buy a pizza once in a while. I know that Joe inherited a good deal of money which he has been able to use to keep the company up for such a long with no profits. We have existed for 9 years as a group of people working together to make this product, and all believe in it.

As has been said before, all we need is a good stream of samples and we can make it work. We are also licensing our engine currently to two different companies and that is bringing in an adequate amount of money to reimburse us.

Over the last day, we have had a dozen compliments from people that submitted files at our turn around speed with responding with a human email and with adding the definitions.

Right now everything is more than manageable for our team.

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

By other individual, do you mean our president?

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

Personally my suggestion (but however with knowing absolutely nothing about the inner workings of Antiviruses/AntiMalwares). Would be for you to adapt your product to work alongside current antiviruses to double the effectivness.

I currently use Kaspersky Antivirus Personal 5, and wouldnt swap it for the world. And definitely wouldnt risk using a new untested Antivirus as my sole protection (its just to risky of a venture for most people to try, to me its like going into a hospital for open heart surgery and letting an untested medical student solely carry out the operation by himself, i.e noway would anyone do this for such a risky thing where any mistakes could prove drastic).

But if a company came along and made a half decent complimentary Antivirus which works alongside your current Antivirus, and didnt collide with the actions of my other indispensible programs, Online Armor and Outpost, then i would certainly give it a go. (i think most security concious people would).

I would however be prepared to probably try it out as my sole AV on my linux OS when in the future if you do decide to create and release this. As it is less of a risk in this instance.

But i honeslty say i wish you well on your software. (but also i too would like to see its results on AV-Comparitives as i take this sites comparisons as bible fact on which is good or not).
Anthony.

 

Re: A new antivirus on the market?

We are doing extended testing with our program vs other antivirus programs. So far, ViruScape works in most cases with other antivirus programs. There are some times when they are just totally incompatible (Agnitum Outpost prevents ViruScape's interprocess communication and global monitoring - tho, if the end user adds ViruScape to its Component Control allowed list, it should work fine).

The only issue which is at the core of everything would be having two antivirus programs on the same system. Having more than one antivirus program will cause system disruption because as one antivirus program scans a file, the other will scan it as well.

Tests with Kasperksy antivirus show that they are very compatible, but, when Kaspersky extracts or unpacks files, ViruScape will detect them as they are saved to disk. This may get annoying, but can be avoided if ViruScape's guards are disabled when running a scan with another antivirus program. Scanner speed of both programs may also be decreased because two programs will be scanning each file.

We are continuing to test various programs, but so far, we have had no problems with Avast, NOD32, Kaspersky, and Norton besides the aformentioned ones. Antivirus programs that DO cause problems are PER AntiVirus, possibly McAfee in some cases, and Outpost firewall. We are still working on testing more.

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

No I sort of meant perhaps "YOU"!

Thanks
Wildman

 

Re: A new antivirus on the market?

Ah, was unsure:

My name is David Yates and I am 25 years old. I went to college and recieved a masters degree in computer science. While in my sophomore year in college, I was snatched up by Tera (back then it had no name) where I studied a lot of different malware samples as they came in. After doing that for a while, I began working in their support/sales department looking for potential customers and now are finally working soley at the support section. I do a little bit of virus analysis here and there. I help out a lot (like other Tera guys) in virus help channels around the net. I helped develop a botnet hunting IRC client that we are using to track and mitigate botnets easier. I am also working on writing my own engine addition to better detect cookies and other potentially malicious spyware components. I wrote/am writing the help file for ViruScape and will be working on a FAQ section shortly.

-Tera Innovations, Incorporated Support Team

 

Re: A new antivirus on the market?

I have already posted about how important the engine is , or should be . I must write something here now . I have been reading all of this and I am perplexed . Wilders takes it upon themselves to give certain members the " AV EXPERT " status based on certain criteria . Ok . Fine . It is one thing for us no bodies to say what we think about something . Why in the world is it allowed by Happy and other experts , to start tossing stones but , stop short of any explanation ? I mean hey , if you are experts , tell us the story . Let us decide . It is totally wrong to BEGIN to accuse and then to say , " I won't say anything more " . I like Happy and respect him . I respect a few in here . ONLY a few . What happened in the past is in the past . But , since the " experts " are tossing around the bad mouth stuff , why are they not held accountable ? And do we not have white hat / black hat in this world ? Of course we do . And many of the white hats are former Black hats . All I am saying is to accuse and not say of what is inappropriate at best and downright wrong at worst . I mean no harm but , it certainly appears some of the experts here DO . I agree . Let us talk about the product . It would be nice to see the timid accusations removed from here entirely .
I will judge based on what Tera does . If Viruscape works well , GREAT . I look forward to testing it .

 

Re: A new antivirus on the market?

This thread captures some of the beauty of this board.

A new AV (if it is in fact an AV) is identified by one of the participants (if in fact he was just a participant). People wonder if it's any good.

And AV experts and others all chime in and turn what is a new mystery product into an interesting human interest story along with a technical discussion on the merits of the product.

You can’t get this stuff from other sources.

Thumbs up to Wilder’s.

 

Re: A new antivirus on the market?

Personal remarks should not be said without evidence.If someone cant back these up ,they should keep quiet.

 

Re: A new antivirus on the market?

Example from things i have heard:
The VXer named VirusJoe had the IP 68.253.194.30
Joe Jaroch downloaded the files from Jotti using the same IP.
VirusJoe and Joe Jaroch are both from Chicago Illinois.
IRC is not a secure place; seems like someone capted messages VirusJoe send - where VirusJoe said he lost access to Jottis files after Jotti blocked access to Joe Jaroch. Also VirusJoe was saying he is developing an AV in order to gain more samples and be a big VXer.
etc. etc.
Of course all evidences helps nothing if the other part says it is not true. Anyone is free to decide to who believe and to who not. I am one of those that decided to believe to the facts/things reported - sorry.

 

Re: A new antivirus on the market?

Thank you IBK .
Finally . A little more than an accusation . NOW I see your point .