Author Topic: CyberCapture  (Read 90418 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9364
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #30 on: June 23, 2016, 02:31:46 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Visit my webpage Angry Sheep Blog

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: CyberCapture
« Reply #31 on: June 23, 2016, 02:52:22 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.

Thanks, that sounds like something that could be implemented very easily.

Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: CyberCapture
« Reply #32 on: June 23, 2016, 02:53:37 PM »
If at first you don't succeed, then skydiving's not for you.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9364
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #33 on: June 23, 2016, 03:11:02 PM »
You're mentioning server side polymorphic malware, since you guys often mention contextual detections, is your system designed to combat this in such a way that if CyberCapture spots several different malicious samples on a same domain, that it blacklists that domain (or IP) automatically and feeds it into Web Shield URL blocker? Because once you block a fixed URL address, they can spawn trillions of new malware samples and they'd all get blocked by URL:Mal part of the Web Shield proactively.
Visit my webpage Angry Sheep Blog

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
Re: CyberCapture
« Reply #34 on: June 23, 2016, 04:07:47 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Why leftout Free? :(
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70578
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: CyberCapture
« Reply #35 on: June 23, 2016, 04:15:19 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Why leftout Free? :(
Because, there is no sandbox. ;)
Win 8.1 [x64] - Avast PremSec 21.5.6346.B5i [UI.645] - EEK - Firefox ESR 78.11 [NS/uBO/PB] - TB 78.11
Avast-Tools: Secure Browser 91.0 - Cleanup 21.1 - SecureLine 5.12 - Driver Updater 21.1 - CCleaner 5.81
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2234
Re: CyberCapture
« Reply #36 on: June 23, 2016, 04:19:39 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.

+1.

This is a great idea.
Windows 10 Home 64-bit • Avast Free (latest stable version) •  Malwarebytes 4 Premium (On-Demand) • Windows Firewall Control • Google Chrome • LastPass • CCleaner • O&O ShutUp10 •

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
Re: CyberCapture
« Reply #37 on: June 23, 2016, 04:20:00 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Why leftout Free? :(
Because, there is no sandbox. ;)
But many users used this and avast! send the basic product to testing companies..so why not avast! implement somthing that good for all. :)
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 45414
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: CyberCapture
« Reply #38 on: June 23, 2016, 04:26:11 PM »
Here is an explanation of CyberCapture directly from Ondrej:
https://blog.avast.com/cybercapture-protection-against-zero-second-attacks
Hopefully this will be a better answer than NG in defending against the latest and as yet unknown threats.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2238
Re: CyberCapture
« Reply #39 on: June 23, 2016, 04:41:18 PM »
You're mentioning server side polymorphic malware, since you guys often mention contextual detections, is your system designed to combat this in such a way that if CyberCapture spots several different malicious samples on a same domain, that it blacklists that domain (or IP) automatically and feeds it into Web Shield URL blocker? Because once you block a fixed URL address, they can spawn trillions of new malware samples and they'd all get blocked by URL:Mal part of the Web Shield proactively.
Yes, we have already implemented this.

Milos

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9364
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #40 on: June 23, 2016, 05:09:47 PM »
@Vlk I have one more idea. Currently, when CyberCapture locks the file into custody, you can opt to run it without waiting for verdict. You could add "Run in Sandbox" as an option for Pro, Internet Security and Premier editions since they already employ sandbox tech. This way users can run the suspicious stuff risk free in an isolated environment (if the app will work in it of course since not all do) even before they get definitive answer from CyberCapture servers. This way you add additional layer of security when users decide to run it anyway.
Why leftout Free? :(
Because, there is no sandbox. ;)
But many users used this and avast! send the basic product to testing companies..so why not avast! implement somthing that good for all. :)

Because:
a) Free version doesn't have sandbox component, at least not one that allows execution of files like paid versions do
b) In the end, they need paying customers and this tiny feature separates Free from paid versions without really affecting user security (if you just wait for the verdict to arrive back).
Visit my webpage Angry Sheep Blog

Offline TrueIndian

  • Poster
  • *
  • Posts: 434
Re: CyberCapture
« Reply #41 on: June 23, 2016, 06:43:58 PM »
Interesting stuff would love to see this feature cover all the entry points.Yep would definately like this.

Right i will try to get this thing triggered :)

Have been too hard coming down on avast!.Can't blame anyone because this program is very reputated and so if it fails its a big no no  for its fanbase.Keep up the good work!
« Last Edit: June 23, 2016, 06:46:29 PM by True Ind »
Malware Hunter/Tester/Analysis
https://twitter.com/avman1995

“When I despair, I remember that all through history the way of truth and love have always won. There have been tyrants and murderers, and for a time, they can seem invincible, but in the end, they always fall. Think of it--always.”
― Mahatma Gandhi

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9364
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #42 on: June 23, 2016, 08:56:43 PM »
Don't feel bad for giving honest criticism. Constructive criticism, even if it looks harsh at first, only makes things better. Pretending everything is fine and praising things to death leads to stagnation. avast! has once again proven it has one of the best communities in the world. Not like for example product which starts with C and ends with O, where I got banned like 3 times on their forums because I was just concerned and honest about the issues it had. Fine, then have your broken crap and praise it to death even though it's broken like a llama which fell off Mount Everest... But fanboys will be fanboys. I used to be avast! fanboy so to speak in the past, but no more. I am a fan, but not a fanboy. Because being fanboy is harmful, not productive.
Visit my webpage Angry Sheep Blog

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9364
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: CyberCapture
« Reply #43 on: June 23, 2016, 09:06:26 PM »
@Vlk

I have one more concern or question about CyberCapture, regarding AV-C and AV-TEST. Will their testing methodologies adapt to how your product works? I mean, if results are sometimes returned in 2 hours time, will they wait for a verdict and flag it as miss or hit based on that or how will they operate with it now? I mean, before it was very clear verdict with NG since it took just few seconds and tester could instantly see what happened. With CyberCapture, that changes drastically. And it would be nice to see realistic scores in tests based on how it actually operates.
Visit my webpage Angry Sheep Blog

Offline Be Secure

  • Long Time Avast User(10years.....) Security Enthusiast.
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1910
Re: CyberCapture
« Reply #44 on: June 24, 2016, 02:53:40 AM »
Don't feel bad for giving honest criticism. Constructive criticism, even if it looks harsh at first, only makes things better. Pretending everything is fine and praising things to death leads to stagnation. avast! has once again proven it has one of the best communities in the world. Not like for example product which starts with C and ends with O, where I got banned like 3 times on their forums because I was just concerned and honest about the issues it had. Fine, then have your broken crap and praise it to death even though it's broken like a llama which fell off Mount Everest... But fanboys will be fanboys. I used to be avast! fanboy so to speak in the past, but no more. I am a fan, but not a fanboy. Because being fanboy is harmful, not productive.
+100. :D
PC- Windows10 EDU 64Bit,avast! free 21.1.2449,uBlock Origin,NVT_OSA,GoogleChrome(64bit),CCleaner,Unchecky,ZAM Free,Shadow Defender.
Security Enthusiast