![]() ![]() AV-Comparatives, AV-Test and other labs regularly show that most vendors can detect the huge majority of undiscovered threats from their behavior alone. If a package can't detect our simulator, for instance, that doesn't necessarily mean it won't block undiscovered real-world ransomware. A test fail can seem like a disaster, but it needs to be interpreted with care. Running our own simulator means every anti-ransomware engine would be measured against the same code, giving every package a fair and equal chance of success.Īlthough many anti-ransomware packages successfully block our simulator, many don't. ![]() Using different real-world ransomware for one-off reviews means some anti-ransomware packages might be faced with very simple and basic threats, while others got truly dangerous and stealthy examples, depending on what we could find at review time. Most obviously, using our own simple, unsophisticated code would never provide as effective or reliable an indicator as using real undiscovered ransomware samples for each review.īut there are plus points, too. We would be testing its behavior monitoring only. But because we had developed it, we could be sure that any given antivirus package wouldn't be able to detect our simulator from the file alone. This would act very much like regular ransomware, spidering through a folder tree, detecting common user files and documents and encrypting them. What we decided to do, instead, was write our own custom ransomware simulator.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |