HazardShield has been abandon since 2013, so it isn't going to detect anything. I have never heard of Smadav before, but judging by Cnet and Softpedia, I would say it is not a good AV. Looks more like a USB filter anyways.
I remember using web crawler and it use to be good until Spyware Terminator became rouge and AVS started marking it as adware.
As for MSE, it is a shared database and a simple construction. I use to work for them a little when 1.0 came out and stopped right before 4.0 came out. I did not like the way they were going, but it is suppose to be a simple AV for non-knowlegible PC users.
If I am not mistaking, I think Avast uses the BitDefender engine.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Smadav isn‘t that bad, infact it‘s updated frequently .It is almost at the same level as ClamAv, but it‘s the virus signatures is what I was concerned with, of all those antiviruses only MSE has more reliable signatures.
You worked on MSE !, that‘s awesome if i‘m not wrong can u share the source of their engine ?.
About Hazard Shield , I could not acess the sources, if u know where I can download them from please link me.
Thanks.
Last edit: kennedy cheskaki 2015-03-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-03-11
I was not a programmer/coder for MSE, I was a malware hunter and beta tester. They shared how MSE worked and how/where their signatures came from etc. At first, I thought a shared database would be cool, all AVs sending signatures too MSE. Then after sometime, it turned out to be the opposite. The AVs were sending them weeks old signature that were already outdated. Once in a while, they would receive signature that are already in the wild. MSE also has trouble quarantine infections that are already infected on a system. You have to also know that there is a difference between how a AV quarantines/removed a virus when its inactive and how it quarantines/removes a virus when its already active on a system. Archive malware will also vary.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The original 1.0 version of MSE was written in Israel--don't know if it was
contract or MS employees. I don't know what they have done to MSE/Windows
Defender since then except Windows Defender malware/AV incorporated the old
Windows Defender Antispyware plus antirootkit technology that looks at
drivers early in the boot up process.
Here's my take: If you can detect a large amount of malware via heuristics,
you don't need a lot of signatures and the infrastructure to support it.
If you can prevent a lot of malware via web protection/filter, it's the
same thing. Most signatures are only good for a few days to a few weeks
anyway until the malware version changes. Clam AV may improve their
signatures (both quantity and quality) at some point in the future. Clam
AV signatures are free and there is an infrastructure to support it. The
Clam AV/ClamWin AVs are free/open source, and they work. Stick with Clam
AV/ClamWin, code, improve the Clam Sentinel heuristics, and use either a
web filter or a host file that is automatically updated once or twice a
week.
I was not a programmer/coder for MSE, I was a malware hunter and beta
tester. They shared how MSE worked and how/where their signatures came from
etc. At first, I thought a shared database would be cool, all AVs sending
signatures too MSE. Then after sometime, it turned out to be the opposite.
The AVs were sending them weeks old signature that were already outdated.
Once in a while, they would receive signature that are already in the wild.
MSE also has trouble quarantine infections that are already infected on a
system. You have to also know that there is a difference between how a AV
quarantines/removed a virus when its inactive and how it
quarantines/removes a virus when its already active on a system. Archive
malware will also vary.
That's very much true, or it could be Microsoft are playing low so as not create conflicts with the current Antivirus industries. I think they have almost everything they need in terms of offering security for their products.
About Hazard Shield , I could not access the source code, if u know where I can download them from please link me.
Thanks.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-03-12
I can't find the Hazard Sheild's source code either, so I assume they destroyed it after it was abandon or maybe they never posted one.
I also find this: http://sourceforge.net/projects/winpooch/ It could be useful. The sourcecode is posted on sourceforge. It uses sometype of behavioral techniques to detect modifications on systems. It does not support anything above Windows XP, though.
Email me once your project reaches beta phase and I will help you test and send feedback.
Last edit: Anonymous 2015-03-12
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
By the way, I think Clamwin/ClamSentinel might want to add something I discovered on SmadAv, relating to the prevention of autoruns from drives.
Smadav adds a folder called autorun.inf as a way of protection.
Here is what it looks like:
D:\autorun.inf\Protection for Autorun\
I think we might include this in our design also.
Good day.
Last edit: kennedy cheskaki 2015-03-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Clam Sentinel monitors USB/drives for executables and files with Clam AV
signatures. Clam AV has some signatures for specific inf autorun malware.
To my knowledge, there has not been much autorun malware since Microsoft
made autorun a user choice instead of a standard configuration.
I think that further development has pretty much stopped on Clam Sentinel,
but the developer has not put out any word about it. It used to be that
there was always a new version being tested, but the current version was
released last July and there has bee nothing since then.
Regards,
On Fri, Mar 13, 2015 at 4:09 AM, kennedy cheskaki kenkit@users.sf.net
wrote:
By the I think Clamwin/ClamSentinel might want to add something I
discovered on SmadAv, relating to the prevention of autoruns from drives.
Smadav adds a folder called autorun.inf as a way of protection.
Here is what it looks like:
D:\autorun.inf\Protection for Autorun\
I think we might include this in our design also.
Good day.
Hi guys I've made some documentation as to what we are to come up with, please note you will have to register to download it.
It's currently on my site. http://digital-dragons.net/wordpress/
Thanks guys.
EDIT:Anyone can work on any component separately (as documented), we will come up with a repo to host all our code.
Last edit: kennedy cheskaki 2015-03-14
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-03-14
I registered and reviewed the documentation. Everything looks good. Just don't develop some metro/app looking GUI and everything should be fine. Also, you should develop a quick scan option, as well, as ClamWin lacks it currently. ClamWin has a memory scan, however, but it needs to be expanded. I suggested this a year ago to Alch, but still haven't seen it done. This should help detecting malware on systems by only scanning known areas to speed up the scanner.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I also registered. Like Alex said, looks good. Any idea about a timeline
or time budget?
For a quick scan, I always scan memory, the main user under %appdata%,
system32, and sysWOW64. This takes about 11 minutes with ClamWin at
present. A real quick scan would be memory and startup folder.
If you want the UI simple, look at Security Essentials/Windows
Defender--the user has very little work to do, which I think is good. I've
also always liked the ClamWin GUI choices--except that setting up the
whitelist and custom extensions is too hard. You could eliminate the
custom extensions and just use a default extension set that the user never
sees. I think Alex and I could come up with some extensions if you need
them. Clam Sentinel uses about 120 or so, which is probably too many. I
know Emsisoft uses about 60 extensions.
I registered and reviewed the documentation. Everything looks good. Just
don't develop some metro/app looking GUI and everything should be fine.
Also, you should develop a quick scan option, as well, as ClamWin lacks it
currently. ClamWin has a memory scan, however, but it needs to be expanded.
I suggested this a year ago to Alch, but still haven't seen it done. This
should help detecting malware on systems by only scanning known areas to
speed up the scanner.
Unfortunately since our topic is not related to ClamSentinel,this will have to be the last comment about Platonic developement on this thread.
The discussion has been continued on the link below.
Don‘t forget to subscribe at the bottom of the blogpost.
Have a nice day :)
HazardShield has been abandon since 2013, so it isn't going to detect anything. I have never heard of Smadav before, but judging by Cnet and Softpedia, I would say it is not a good AV. Looks more like a USB filter anyways.
I remember using web crawler and it use to be good until Spyware Terminator became rouge and AVS started marking it as adware.
As for MSE, it is a shared database and a simple construction. I use to work for them a little when 1.0 came out and stopped right before 4.0 came out. I did not like the way they were going, but it is suppose to be a simple AV for non-knowlegible PC users.
If I am not mistaking, I think Avast uses the BitDefender engine.
Smadav isn‘t that bad, infact it‘s updated frequently .It is almost at the same level as ClamAv, but it‘s the virus signatures is what I was concerned with, of all those antiviruses only MSE has more reliable signatures.
You worked on MSE !, that‘s awesome if i‘m not wrong can u share the source of their engine ?.
About Hazard Shield , I could not acess the sources, if u know where I can download them from please link me.
Thanks.
Last edit: kennedy cheskaki 2015-03-11
I was not a programmer/coder for MSE, I was a malware hunter and beta tester. They shared how MSE worked and how/where their signatures came from etc. At first, I thought a shared database would be cool, all AVs sending signatures too MSE. Then after sometime, it turned out to be the opposite. The AVs were sending them weeks old signature that were already outdated. Once in a while, they would receive signature that are already in the wild. MSE also has trouble quarantine infections that are already infected on a system. You have to also know that there is a difference between how a AV quarantines/removed a virus when its inactive and how it quarantines/removes a virus when its already active on a system. Archive malware will also vary.
The original 1.0 version of MSE was written in Israel--don't know if it was
contract or MS employees. I don't know what they have done to MSE/Windows
Defender since then except Windows Defender malware/AV incorporated the old
Windows Defender Antispyware plus antirootkit technology that looks at
drivers early in the boot up process.
Here's my take: If you can detect a large amount of malware via heuristics,
you don't need a lot of signatures and the infrastructure to support it.
If you can prevent a lot of malware via web protection/filter, it's the
same thing. Most signatures are only good for a few days to a few weeks
anyway until the malware version changes. Clam AV may improve their
signatures (both quantity and quality) at some point in the future. Clam
AV signatures are free and there is an infrastructure to support it. The
Clam AV/ClamWin AVs are free/open source, and they work. Stick with Clam
AV/ClamWin, code, improve the Clam Sentinel heuristics, and use either a
web filter or a host file that is automatically updated once or twice a
week.
Regards,
On Wed, Mar 11, 2015 at 2:06 PM, Alex Boehm rocknrollkid@users.sf.net
wrote:
That's very much true, or it could be Microsoft are playing low so as not create conflicts with the current Antivirus industries. I think they have almost everything they need in terms of offering security for their products.
About Hazard Shield , I could not access the source code, if u know where I can download them from please link me.
Thanks.
I can't find the Hazard Sheild's source code either, so I assume they destroyed it after it was abandon or maybe they never posted one.
I also find this: http://sourceforge.net/projects/winpooch/ It could be useful. The sourcecode is posted on sourceforge. It uses sometype of behavioral techniques to detect modifications on systems. It does not support anything above Windows XP, though.
Email me once your project reaches beta phase and I will help you test and send feedback.
Last edit: Anonymous 2015-03-12
Yes, let me know if there's anything I can do to help also.
Regards,
On Thu, Mar 12, 2015 at 10:12 AM, Alex Boehm rocknrollkid@users.sf.net
wrote:
I appreciate all your support, i‘ve actually started working on it.
I‘ll contact you if anything.
Good day.
Last edit: kennedy cheskaki 2015-03-12
By the way, I think Clamwin/ClamSentinel might want to add something I discovered on SmadAv, relating to the prevention of autoruns from drives.
Smadav adds a folder called autorun.inf as a way of protection.
Here is what it looks like:
D:\autorun.inf\Protection for Autorun\
I think we might include this in our design also.
Good day.
Last edit: kennedy cheskaki 2015-03-13
Clam Sentinel monitors USB/drives for executables and files with Clam AV
signatures. Clam AV has some signatures for specific inf autorun malware.
To my knowledge, there has not been much autorun malware since Microsoft
made autorun a user choice instead of a standard configuration.
I think that further development has pretty much stopped on Clam Sentinel,
but the developer has not put out any word about it. It used to be that
there was always a new version being tested, but the current version was
released last July and there has bee nothing since then.
Regards,
On Fri, Mar 13, 2015 at 4:09 AM, kennedy cheskaki kenkit@users.sf.net
wrote:
Hi guys I've made some documentation as to what we are to come up with, please note you will have to register to download it.
It's currently on my site.
http://digital-dragons.net/wordpress/
Thanks guys.
EDIT:Anyone can work on any component separately (as documented), we will come up with a repo to host all our code.
Last edit: kennedy cheskaki 2015-03-14
I registered and reviewed the documentation. Everything looks good. Just don't develop some metro/app looking GUI and everything should be fine. Also, you should develop a quick scan option, as well, as ClamWin lacks it currently. ClamWin has a memory scan, however, but it needs to be expanded. I suggested this a year ago to Alch, but still haven't seen it done. This should help detecting malware on systems by only scanning known areas to speed up the scanner.
I also registered. Like Alex said, looks good. Any idea about a timeline
or time budget?
For a quick scan, I always scan memory, the main user under %appdata%,
system32, and sysWOW64. This takes about 11 minutes with ClamWin at
present. A real quick scan would be memory and startup folder.
If you want the UI simple, look at Security Essentials/Windows
Defender--the user has very little work to do, which I think is good. I've
also always liked the ClamWin GUI choices--except that setting up the
whitelist and custom extensions is too hard. You could eliminate the
custom extensions and just use a default extension set that the user never
sees. I think Alex and I could come up with some extensions if you need
them. Clam Sentinel uses about 120 or so, which is probably too many. I
know Emsisoft uses about 60 extensions.
Regards,
On Sat, Mar 14, 2015 at 3:50 PM, Alex Boehm rocknrollkid@users.sf.net
wrote:
Unfortunately since our topic is not related to ClamSentinel,this will have to be the last comment about Platonic developement on this thread.
The discussion has been continued on the link below.
Don‘t forget to subscribe at the bottom of the blogpost.
Have a nice day :)
The new thread is at:
http://digital-dragons.net/wordpress/?page_id=25
Last edit: kennedy cheskaki 2015-03-15