0xDEADBEEF

Members
  • Content count

    125
  • Joined

  • Last visited

1 Follower

About 0xDEADBEEF

  • Rank
    N/A
  1. v7 release info?

    could you elaborate more on this?
  2. How is ESET the lightest?

    I think ESET's lightweight is from dynamic binary translation and extensive caching and whitelisting. Generally in-product sandbox (and heuristics) can hardly be lightweight as there are pre-exec unpacking analysis. However, with some engineering effort, one can optimize for common cases. Most users will not generate tons of new binary/archive in a short period of time, therefore by skipping known good files, the performance impact can be reduced significantly. I noticed ESET recently has further optimization on this by caching the DBT-ed data of binary to further accelerate the scanning. https://support.eset.com/ca6626/ However, if you hit the "corner case", like doing huge compilation job, ESET is no longer the lightest weight product (perhaps this is the case in AV-TEST). The lightest weight solution is -- not to scan anything, so no extra instructions to execute
  3. Nov 10 is the date I submitted to the forum. The initial day I spotted the file and right click submit to ESET was around Nov. 8. This implies the livegrid/background submission has very low priority or even be ignored sometimes. For malware spread in small-scale, yes, one generally cannot put hope on antivirus software to deal with them as vendors put more resources on "main stream" stuffs. However, during my test I also see some top-tier vendors blacklist so-called "rare" malware very rapidly upon first exposure on their cloud, or block the sample with behavior shield. This is much rarer in ESET. I have to keep email submitting the samples and get virus definition updated. I don't want to blame anything here, as I understand how hard it is to balance FPs and detection rate. However, I still would like to see that ESET can perform better.
  4. I am opposed to the attitude of saying everything one doesn’t want to see as “not helpful” And I don’t think simply averaging different viruslab results is appropriate as they can have drastically different testing methodology. I believe that AVC real world test can better reflect the real world cyber attack and defense because the test is performed on a daily basis with fresh new samples. All products are tested throughly across all protection layers with cloud enabled. In contrast, I don’t think tests which perform on monthly basis and perhaps only does scanning of a large number of sample or offline detection is still helpful nowadays. In most cases, the life cycle of a particular sample has been severely shortened because of better reaction speed of security vendors. And to be honest, the eset ranking in this test is about right when cross compared with my own testing experience In addition, their detailed report indicates that most product’s fps are from url tests instead of local binaries. ESET sometimes also has FPs in URL blacklisting. Of course AVC’s local binary fp testing methodology is way too limited and perhaps overlap with the white training set of “nextgen” vendors
  5. AVComparatives...how is this possible?

    didn't know that they talked more in the cumulative report thanks.
  6. AVComparatives...how is this possible?

    OK, according to their more detailed setup mentioned in the cumulative result (see itman's link in this thread), I think their testing methodology is fair, which means ESET could do better.
  7. v7 release info?

    Will HIPS wildcard be supported in v7?
  8. v7 release info?

    Just out of curiosity, when will the endpoint security v7 be released to business users?