I
idbeholda
The online database now contains 4613270 definitions for malware.
http://www.tot-ltd.org/TT-Livescan.rar
Enjoy.
http://www.tot-ltd.org/TT-Livescan.rar
Enjoy.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
F
FromTheRafters
idbeholda said:The online database now contains 4613270 definitions for malware.
That's an impressive number, especially if you add the commas.
4,613,270
Whew - but what does it mean?
Does "malware" share a one-to-one correspondence with malware
"definitions"?
....or are there instances where one definition can "detect" more than
one "malware" or is there certain malware that more than one
"definition" will suffice to detect? Are all those definitions for
"identification", for "detection", or a mix of both?
I
idbeholda
That's an impressive number, especially if you add the commas.
4,613,270
Whew - but what does it mean?
Does "malware" share a one-to-one correspondence with malware
"definitions"?
...or are there instances where one definition can "detect" more than
one "malware" or is there certain malware that more than one
"definition" will suffice to detect? Are all those definitions for
"identification", for "detection", or a mix of both?
Depends on how you want to look at it. 4163270 is in correspondence
with the number of md5 hashes, or "definitions".
F
FromTheRafters
That's an impressive number, especially if you add the commas.
4,613,270
Whew - but what does it mean?
Does "malware" share a one-to-one correspondence with malware
"definitions"?
...or are there instances where one definition can "detect" more than
one "malware" or is there certain malware that more than one
"definition" will suffice to detect? Are all those definitions for
"identification", for "detection", or a mix of both?
Depends on how you want to look at it. 4163270 is in correspondence
with the number of md5 hashes, or "definitions".
So detection is based entirely on md5 hashes of known malicious files?
D
David H. Lipman
From: "T.H" <[email protected]>
| To FTR and the other regular posters in these newsgroups...
| What does the community say as to this TT Livescan application? I have
| not seen Leythos, Lipman, or others who are held in high regard remark
| on this utility. Is it a worthwhile addition to tools such as
| Malwarebytes' and SAS?
| What do the folks think?
| Thanks.
| My referenced individual list is not exhaustive...just a few people who
| post regular quality comments. I will also mention Malke gets high marks...
I have NOT tested it but, at the same time, I will not reject it (at this time).
| To FTR and the other regular posters in these newsgroups...
| What does the community say as to this TT Livescan application? I have
| not seen Leythos, Lipman, or others who are held in high regard remark
| on this utility. Is it a worthwhile addition to tools such as
| Malwarebytes' and SAS?
| What do the folks think?
| Thanks.
| My referenced individual list is not exhaustive...just a few people who
| post regular quality comments. I will also mention Malke gets high marks...
I have NOT tested it but, at the same time, I will not reject it (at this time).
T
Toxic
I'm sorry but if you hold David and Leythos in high regard them
something is wrong with you. They are both liars, they are both trolls,
David likes to sign up email addresses of people he does not like to
spam sites, and Leythos knows nothing about nothing he just pretends and
agrees with everything Lipman says. They are both evil.
But Dave's so ubiquitous here,
as if presence connotes expertise,
Yet you seem to be suggesting otherwise?
I
idbeholda
Depends on how you want to look at it. 4163270 is in correspondence
with the number of md5 hashes, or "definitions".
So detection is based entirely on md5 hashes of known malicious files?
Yes, the primary method of detection and identification is based on
md5 hashes. I gather the md5 hashes primarily from google's malware
blacklist, clamav.net's database, along with countless other sites
that openly publish and distribute their lists for all to make use
of. As of right now, the database is approximately 223MB in size,
with each category from 0000 to FFFF spread across 65536 files, each
ranging anywhere from 2-8KB in size. When a drive is mapped, it only
grabs the sections of the database it needs to check. Unfortunately,
the server that this is hosted on does have an upper limit in the
number of files allowed in a given directory.
The private, unreleased version that I have installed for my own use
is approximately 13GB in size, but can scan almost any system
(regardless of how much data is installed) in less than 3.5 minutes,
as opposed to the 10-15 minutes or less scantimes that TT Livescan
offers at the moment. Until I can find a provider that allows a
limitless number of files in a given directory, this aforementioned
private version will not likely see the light of day anytime soon.
There is also optional user defined heuristics scanning (yes, you can
design and include your own heuristics). In addition, if you know the
commandlines to other scanners you have installed, you can also
implement them as plugins. There is also an option for parental
control scanning based which can also be customized, and you can even
design your own skin for the scanner as well.
With low internet latency (hence why I do not recommend this
application for those who use satellite internet), TT Livescan can
process up to 50GB of data per minute. As of yesterday, with the
newest database update, the total number of md5 hashes now stands at
4627060, and once I get the data pulled from my temporarily defunct
laptop, and both versions of the database cross referenced, that total
will stand at nearly 5 million hashes used to implement detection of
malware.
The next planned major release of new database implementations
(sometime within the next 6 months, spare time allowed) will include a
heuristics file approximately 600k in size that will offer comparable
detection rates to the database itself. In addition to that, I plan
to also release a whitelist database used for integrity checking of
the operating system currently installed, thus adding an additional
layer of detection and defense.
If there are any further questions that anyone has, feel free to drop
me a line. You all know my email address.
F
FromTheRafters
Depends on how you want to look at it. 4163270 is in correspondence
with the number of md5 hashes, or "definitions".
So detection is based entirely on md5 hashes of known malicious files?
Yes, the primary method of detection and identification is based on
md5 hashes. I gather the md5 hashes primarily from google's malware
blacklist, clamav.net's database, along with countless other sites
that openly publish and distribute their lists for all to make use
of. As of right now, the database is approximately 223MB in size,
with each category from 0000 to FFFF spread across 65536 files, each
ranging anywhere from 2-8KB in size. When a drive is mapped, it only
grabs the sections of the database it needs to check. Unfortunately,
the server that this is hosted on does have an upper limit in the
number of files allowed in a given directory.
The private, unreleased version that I have installed for my own use
is approximately 13GB in size, but can scan almost any system
(regardless of how much data is installed) in less than 3.5 minutes,
as opposed to the 10-15 minutes or less scantimes that TT Livescan
offers at the moment. Until I can find a provider that allows a
limitless number of files in a given directory, this aforementioned
private version will not likely see the light of day anytime soon.
There is also optional user defined heuristics scanning (yes, you can
design and include your own heuristics). In addition, if you know the
commandlines to other scanners you have installed, you can also
implement them as plugins. There is also an option for parental
control scanning based which can also be customized, and you can even
design your own skin for the scanner as well.
With low internet latency (hence why I do not recommend this
application for those who use satellite internet), TT Livescan can
process up to 50GB of data per minute. As of yesterday, with the
newest database update, the total number of md5 hashes now stands at
4627060, and once I get the data pulled from my temporarily defunct
laptop, and both versions of the database cross referenced, that total
will stand at nearly 5 million hashes used to implement detection of
malware.
The next planned major release of new database implementations
(sometime within the next 6 months, spare time allowed) will include a
heuristics file approximately 600k in size that will offer comparable
detection rates to the database itself. In addition to that, I plan
to also release a whitelist database used for integrity checking of
the operating system currently installed, thus adding an additional
layer of detection and defense.
If there are any further questions that anyone has, feel free to drop
me a line. You all know my email address.
***
Thank you for the explanation.
....and good luck with your ongoing project - it sounds very interesting.
F
FromTheRafters
T.H said:To FTR and the other regular posters in these newsgroups...
What does the community say as to this TT Livescan application? I
have not seen Leythos, Lipman, or others who are held in high regard
remark on this utility. Is it a worthwhile addition to tools such as
Malwarebytes' and SAS?
What do the folks think?
That's why I was asking questions. From the answers I got I feel the
program is at least a legitimate attempt to help people fight malware.
The number of "definitions" may well be a good measure of how many
malware programs it addresses of the type it is designed to address, and
according to the OP it allows you to 'plug in' additional scanning of
your choice (a nice touch).
Still, context scanning has its benefits. Especially in the specific
identification of malware.