Author Topic: I did some testing (Someone from Alwil should read this)  (Read 15234 times)

0 Members and 1 Guest are viewing this topic.

Offline streetwolf

  • Jr. Member
  • **
  • Posts: 34
Re: I did some testing (Someone from Alwil should read this)
« Reply #15 on: August 23, 2008, 06:44:57 PM »


Offline PotatoMan

  • Jr. Member
  • **
  • Posts: 67
Re: I did some testing (Someone from Alwil should read this)
« Reply #17 on: August 23, 2008, 06:47:36 PM »
http://archive.cert.uni-stuttgart.de/bugtraq/2003/06/msg00251.html

Might be helpful in this discussion.

THAT IS THE LINK I GOT OFF OF WIKI!

That is the inspiration for this thread.

Now that someone else has done thesame thing, I guess I am not so stupid, hmm?

Offline Mike Buxton

  • Full Member
  • ***
  • Posts: 155
Re: I did some testing (Someone from Alwil should read this)
« Reply #18 on: August 23, 2008, 07:14:39 PM »
PotatoMan,

You admit to being a plagiarist. Thus, any degrees you may hold are not worth the paper they are written upon. Which non-English speaking institution(s) awarded your claimed qualifications?

Offline PotatoMan

  • Jr. Member
  • **
  • Posts: 67
Re: I did some testing (Someone from Alwil should read this)
« Reply #19 on: August 23, 2008, 07:33:48 PM »
PotatoMan,

You admit to being a plagiarist. Thus, any degrees you may hold are not worth the paper they are written upon. Which non-English speaking institution(s) awarded your claimed qualifications?

O.K. Troll, I will play your way.

No, I did NOT take anything I wrote from above link, merely the ideal, and therefore your accusation of plagiarism is indeed void.

In the future, please make sure that you have read my whole post before proceeding to post stupid stuff.

I graduated from ITT Tech (see link) in 2007. itt-tech.edu/ with a PhD in Computer Science. Ever since 2005, three of my college friends have been running a business out of Toledo, removing Malware from computers.

Anything else?

Offline gdiloren

  • Advanced Poster
  • **
  • Posts: 1178
Re: I did some testing (Someone from Alwil should read this)
« Reply #20 on: August 23, 2008, 10:32:52 PM »
Well, I have no diploma in Computer Science but I think someone can investigate by himself to stimulate assistance in malware fighting and that initiatives like PotatoMan may open new roads to research :-X
Avast protects well!!!

Offline Mike Buxton

  • Full Member
  • ***
  • Posts: 155
Re: I did some testing (Someone from Alwil should read this)
« Reply #21 on: August 24, 2008, 12:26:55 AM »
Hi Avast readers and writers,

Re: Plagiarism:

The evidence is damning: for proof type the word "standing" into a highlight search.
Go to the initial post at the top of this thread on page 1 and look for the highlight.
Then, go to the link kindly given by streetwolf in Reply # 15 at the top of this page;
where about half way down you will again see the word "standing" highlighted.

Then read the words arounds each of the hits or, if you have the time and inclination,
read everything thoroughly as PotatoMan demands and then draw your conclusions.

If PotatoMan understands the value of silence I will not make further comment here.

My regards



Offline jerry12

  • Jr. Member
  • **
  • Posts: 67
Re: I did some testing (Someone from Alwil should read this)
« Reply #22 on: August 24, 2008, 12:43:09 AM »
you guys are way over my head i am just a old country boy from north carolina. ;D
jerry


CPU AMD ATHLON 3000+ 2.10 GHZ 400MHZ Bus
1.5 GB of memory / 80 GB hard drive
comodo pro firewall v3.0.25.378 / spyboot /

Offline PotatoMan

  • Jr. Member
  • **
  • Posts: 67
Re: I did some testing (Someone from Alwil should read this)
« Reply #23 on: August 24, 2008, 08:07:41 AM »
Hi Avast readers and writers,

Re: Plagiarism:

The evidence is damning: for proof type the word "standing" into a highlight search.
Go to the initial post at the top of this thread on page 1 and look for the highlight.
Then, go to the link kindly given by streetwolf in Reply # 15 at the top of this page;
where about half way down you will again see the word "standing" highlighted.

Then read the words arounds each of the hits or, if you have the time and inclination,
read everything thoroughly as PotatoMan demands and then draw your conclusions.

If PotatoMan understands the value of silence I will not make further comment here.

My regards





Wow, a couple words, that is so plagiarist of me, when I clearly stated I got this ideal from a link off of Wikipedia, yes, I did what the man did in that article, but I did it differently

Why must you insist on being a troll?

Well, I refuse to argue with someone that doesn't even know how to use the quote system.

I Agree 100% with gdiloren, wow, the first time on this forum that someone agrees with me/compliments me, atleast, that is how I took it with the "may open new roads of research.

And I hate to be so ready to throw a PhD in someone's face, but he questioned my qualifications, so I answered those questions.

I swear, I would make a good lawyer, hmmm??

Offline PapaSmurf

  • Full Member
  • ***
  • Posts: 159
Re: I did some testing (Someone from Alwil should read this)
« Reply #24 on: August 24, 2008, 08:11:43 AM »
Well, I have no diploma in Computer Science but I think someone can investigate by himself to stimulate assistance in malware fighting and that initiatives like PotatoMan may open new roads to research :-X
Well said. I learn new things just reading thru this forum.
In addition to ways that viruses can mutate, there is also the matter of
opening up holes in your system intentionally . For example, online gaming.
Not only does an anti-virus software have to be designed to detect all sorts of
malicious behavior, it must also be given the ability to allow such behavior that
could lead to malicious behavior. My hat is off to any of the hundreds of software
engineers that have to stay on top of this every day. ;D
Thanks to the avast! engineers for creating a really good product..(gratuitous sucking up)
BTW, any screen shots of version 5 available?  ;D ;D ;D
PapaSmurf is running Windows XP  Professional (SP3)
NVIDIA GeForce 7600 GT
Pentium 4/ 3.* Ghz  Memory 1024MB
avast! Antivirus  v5.05 Home Edition, Outpost Firewall Pro 7.0, Mozilla FireFox/NoScript/AdBlock Plus

Offline PotatoMan

  • Jr. Member
  • **
  • Posts: 67
Re: I did some testing (Someone from Alwil should read this)
« Reply #25 on: August 24, 2008, 09:38:59 AM »
Well, I have no diploma in Computer Science but I think someone can investigate by himself to stimulate assistance in malware fighting and that initiatives like PotatoMan may open new roads to research :-X
Well said. I learn new things just reading thru this forum.
In addition to ways that viruses can mutate, there is also the matter of
opening up holes in your system intentionally . For example, online gaming.
Not only does an anti-virus software have to be designed to detect all sorts of
malicious behavior, it must also be given the ability to allow such behavior that
could lead to malicious behavior. My hat is off to any of the hundreds of software
engineers that have to stay on top of this every day. ;D
Thanks to the avast! engineers for creating a really good product..(gratuitous sucking up)
BTW, any screen shots of version 5 available?  ;D ;D ;D

I wish :D :D :D :D ;D :D

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9271
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: I did some testing (Someone from Alwil should read this)
« Reply #26 on: August 24, 2008, 10:24:54 AM »
There is a strict policy about EICAR. You can find it on their page. If modification isn't bound to those rules, AV not detecting it is not really the one to blame.

Changing three letters is not even a real modification, all it does is make the message say something different when the EICAR file is launched. I swear, does everyone think I am stupid? Have you ever heard of EICAR_TEST.Modified? I got this idea from a link on wikipedia by the way.

No, we don't think you're stupid, but we do think you have problems understanding what you read (if you have read anything at all).

Quote from EICAR sample site:
Quote
The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero.

If AV doesn't detect the sample which is not bound to these rules it's not AV's fault not to detect that.
And yes, changing three letters is not even a real modification. But then again, EICAR is not a real malware either so that doesn't apply.
Ppl miss the point of EICAR sample alone. It's not there to test antivirus heuristics capability or generic detection.
It's solely for testing if AV detects anything at all. If it does, it's working. If it's not something is wrong. Could be the POP3 scaning part, maybe filesystem filter, maybe something third, depends on what you're testing. Thats what EICAR is really meant for.
Visit my webpage RejZoR's Flock of Sheep

Offline PotatoMan

  • Jr. Member
  • **
  • Posts: 67
Re: I did some testing (Someone from Alwil should read this)
« Reply #27 on: August 24, 2008, 11:19:51 AM »
There is a strict policy about EICAR. You can find it on their page. If modification isn't bound to those rules, AV not detecting it is not really the one to blame.

Changing three letters is not even a real modification, all it does is make the message say something different when the EICAR file is launched. I swear, does everyone think I am stupid? Have you ever heard of EICAR_TEST.Modified? I got this idea from a link on wikipedia by the way.

No, we don't think you're stupid, but we do think you have problems understanding what you read (if you have read anything at all).

Quote from EICAR sample site:
Quote
The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero.

If AV doesn't detect the sample which is not bound to these rules it's not AV's fault not to detect that.
And yes, changing three letters is not even a real modification. But then again, EICAR is not a real malware either so that doesn't apply.
Ppl miss the point of EICAR sample alone. It's not there to test antivirus heuristics capability or generic detection.
It's solely for testing if AV detects anything at all. If it does, it's working. If it's not something is wrong. Could be the POP3 scaning part, maybe filesystem filter, maybe something third, depends on what you're testing. Thats what EICAR is really meant for.

Even so, if Rising, F-Prot, and Authentium STILL detect it, that has to mean something, right? If avast! doesnt detect a three char modification, and those three do, avast! must only be recognizing certain parts of file?

Rising, Authentium, and Fprot for all my knowledge use advanced heuristics.

See my reply about VBscripting

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9271
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: I did some testing (Someone from Alwil should read this)
« Reply #28 on: August 24, 2008, 12:06:35 PM »
You should ask yourself why only those 3 are detecting it and NO one else...
My answer is that all others follow the very specific detection rules for EICAR and these 3 AV's don't.
Visit my webpage RejZoR's Flock of Sheep