What just happened?

Discussion in 'Prevx Releases' started by Hugger, Jul 19, 2011.

Thread Status:
Not open for further replies.
  1. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Look at the MRG test results and please tell me I'm hallucinating.
    Prevx failed 3 of 4.
     
  2. d0t

    d0t Registered Member

    Joined:
    Apr 23, 2011
    Posts:
    181
    Pretty sad :(
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The Flash tests are over single samples which don't reflect the tens of thousands of other samples we're blocking every day. There isn't an issue - no vendor finds 100% and it is easy to find files that would bypass every vendor listed every day if wanted - it is just the nature of today's malware.
     
  4. Kirk Reynolds

    Kirk Reynolds Registered Member

    Joined:
    May 8, 2011
    Posts:
    224
    You don't think that the MRG flash tests have any value? That is the essence of what you're saying, isn't it? I'm not saying that I do, I'm just trying to clarify, is all.
     
    Last edited: Jul 20, 2011
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No, they do have value. They are a point-in-time snapshot of single file threats and need to be understood as such. Just because we missed SpyEye today doesn't mean that we miss all SpyEye - it could very well just be that we missed that single sample. To put it in perspective - we have detection over several hundred thousand unique versions of SpyEye alone.

    I don't have the MD5s/samples of the samples so I couldn't get further metrics on the scope of these files but most infections today are designed to only ever affect a very small number of users.
     
  6. Kirk Reynolds

    Kirk Reynolds Registered Member

    Joined:
    May 8, 2011
    Posts:
    224
    Ah ok, I gotcha.;)
     
  7. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    It should be pointed out that any missed samples are sent to the vendor before the test results are published - quote by Sveta of MRG:
    So Prevx should actually have copies of those three undetected malware.
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Also Prevx would have them in there database when MRG scan them that's the good thing about full cloud based Anti-Malware we don't have to wait for a signature download to be protected!

    TH
     
    Last edited: Jul 20, 2011
  9. Zorak

    Zorak Registered Member

    Joined:
    Jan 2, 2010
    Posts:
    149
    Location:
    Australian Capital Territory
    MRG test with programs at default settings. If age/popularity based heuristics were increased, I would assume Prevx's detection rate would increase in these tests.

    I have always run max program heuristics and high age/popularity and don't find false positives to be excessive, but am now considering an increase to max for both.

    PrevxHelp (Joe) are you able to tell from your end what difference an increase in age/popularity based heuristics would have made in each of the missed samples from the MRG tests?
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'm not sure - I haven't been able to find who within Prevx is receiving the samples from MRG so I still don't have visibility into them. I'm still investigating and should hopefully have an answer by the morning.
     
  11. d0t

    d0t Registered Member

    Joined:
    Apr 23, 2011
    Posts:
    181
    Could you get ur hands on them? I'm curious eheh
     
Thread Status:
Not open for further replies.