Antivirus

How to test anti-ransomware: This is how we do it

Ransomware may not make the headlines quite as often as it did in the past, but it hasn’t gone away. In December 2018, for instance, a new threat apparently created by a single hacker managed to infect at least 100,000 computers in China, encrypting files, stealing passwords and generally trashing users’ systems.Antivirus companies like to…


Ransomware may not make the headlines quite as often as it did in the past, but it hasn’t gone away. In December 2018, for instance, a new threat apparently created by a single hacker managed to infect at least 100,000 computers in China, encrypting files, stealing passwords and generally trashing users’ systems.

Antivirus companies like to claim they’ll keep you safe, with vague but impressive sounding talk about ‘multi-layered protection’, ‘sophisticated behavior monitoring’ and the new big thing: ‘machine learning’. But do they really deliver?

The easiest way to get an idea is to check the latest reports from the independent testing labs. AV-Comparatives Real-World Protection Tests and AV-Test’s reports are an invaluable way to compare the accuracy and reliability of the top antivirus engines, for instance.

The problem is that the test reports only give you a very general indicator of performance with malware as a whole. They won’t tell you how an engine performs specifically with ransomware, how quickly it can respond, how many files you might lose before a threat is stopped, and other nuances. That’s exactly the sort of information we really want to know, and that’s why we’ve devised our own anti-ransomware test.

Ransomware simulator

It’s possible to test anti-ransomware software by pitting it against known real-world threats, but the results aren’t often very useful. Typically, the antivirus will detect the threat by its file signature, ensuring it never reaches any specialist anti-ransomware layer.

What we decided to do, instead, was write our own custom ransomware simulator. This would act very much like regular ransomware, spidering through a folder tree, detecting common user files and documents and encrypting them. But because we had developed it, we could be sure that any given antivirus package wouldn’t be able to detect our simulator from the file alone. We would be testing its behavior monitoring only.

There are weaknesses with this concept. Most obviously, using our own simple, unsophisticated code would never provide as effective or reliable an indicator as using real undiscovered ransomware samples for each review.

But there are plus points, too.

Read More

Be the first to write a comment.

Leave a Reply

Antivirus

Apps in the Microsoft Store caught illegally mining cryptocurrencies

A shocking new report by security firm Symantec alleges that at least eight apps on the Microsoft Store have been mining for cryptocurrency in the background after being downloaded.In a blog post describing the security threats, the apps, which include Fast-search Lite, Battery Optimizer, VPN Browsers+, Downloader for YouTube Videos, Clean Master+, FastTube, Findoo Browser…


A shocking new report by security firm Symantec alleges that at least eight apps on the Microsoft Store have been mining for cryptocurrency in the background after being downloaded.

In a blog post describing the security threats, the apps, which include Fast-search Lite, Battery Optimizer, VPN Browsers+, Downloader for YouTube Videos, Clean Master+, FastTube, Findoo Browser 2019 and Findoo Mobile & Desktop Search all engaging in ‘cryptojacking’.

  • The best antivirus software 2019
  • A closer look at Windows 10 S, Windows 10 on ARM and Windows 10 IoT
  • Microsoft’s Lite OS could run on almost any device

This means that unbeknownst to the users that download these apps, they secretly use the processors of the PC they are installed on to mine fo

Read More

Continue Reading
Antivirus

Google makes Chrome bug detection tool open-source

In its latest effort to aid developers in finding bugs in their software, Google has announced that its scalable fuzzing tool ClusterFuzz will now be open-source and available to all.The search giant has been using the tool internally for some years now and it has allowed developers to find over 16,000 bugs in Chrome.A few…


In its latest effort to aid developers in finding bugs in their software, Google has announced that its scalable fuzzing tool ClusterFuzz will now be open-source and available to all.

The search giant has been using the tool internally for some years now and it has allowed developers to find over 16,000 bugs in Chrome.

A few years ago, Google launched its OSS-Fuzz service which utilised ClusterFuzz, though it was only available to open-source projects.

  • EU to fund bug bounty program for top open-source software
  • HP launches bug bounty program for printers
  • Bitcoin bug exploited to print millions of Pigeoncoins

Fuzzing is a

Read More

Continue Reading
Antivirus

88% of UK businesses have been breached in 2018

Cyberattacks are growing in volume and the average number of breaches in the UK has increased according to Carbon Black’s second UK Threat Report.The endpoint security firm surveyed over 250 UK CIOs, CTOs and CISOs from organisations across a range of industries to compile its report which builds on its first survey conducted in August…


Cyberattacks are growing in volume and the average number of breaches in the UK has increased according to Carbon Black’s second UK Threat Report.

The endpoint security firm surveyed over 250 UK CIOs, CTOs and CISOs from organisations across a range of industries to compile its report which builds on its first survey conducted in August of last year.

Carbon Black found that 88 percent of UK organisations reported suffering a breach during the last 12 months with the average number of breaches per organisation over the past year reaching 3.67, up from 3.48 in its last report.

  • Over 59,000 data breaches reported in EU since GDPR
  • Remote working is

Read More

Continue Reading
Antivirus

Researchers exploit Intel SGX to hide malware

A team of researchers have discovered a way to run malicious code on systems with Intel chips in such a way that antivirus software is unable to detect it.When the chip giant released its Skylake processors back in 2015, the company included a new feature called Software Guard eXtensions (SGX) that allows developers to isolate…


A team of researchers have discovered a way to run malicious code on systems with Intel chips in such a way that antivirus software is unable to detect it.

When the chip giant released its Skylake processors back in 2015, the company included a new feature called Software Guard eXtensions (SGX) that allows developers to isolate applications inside secure enclaves. 

The enclaves operate within a hardware-isolated section of the CPU’s processing memory where applications can carry out operations dealing with sensitive details such as encryption keys, passwords, user data and more.

  • Intel launches neural network on a stick
  • Malware threats continue to rise and target IoT
  • Half a billion Android users downloaded malware from Play Store

Researchers Michael

Read More

Continue Reading