It's worth keeping in mind that anti-ransomware (and all antivirus software) is forever walking a fine line between blocking all genuine threats, while never touching legitimate software. The packages we are testing are proven to work very well, and our simple test doesn't change that. AV-Comparatives, AV-Test and other labs regularly show that most vendors can detect the huge majority of undiscovered threats from their behavior alone. If a package can't detect our simulator, for instance, that doesn't necessarily mean it won't block undiscovered real-world ransomware. A test fail can seem like a disaster, but it needs to be interpreted with care.
#Crypto locker tester simulator#
Running our own simulator means every anti-ransomware engine would be measured against the same code, giving every package a fair and equal chance of success.Īlthough many anti-ransomware packages successfully block our simulator, many don't. Using different real-world ransomware for one-off reviews means some anti-ransomware packages might be faced with very simple and basic threats, while others got truly dangerous and stealthy examples, depending on what we could find at review time.
#Crypto locker tester code#
Most obviously, using our own simple, unsophisticated code would never provide as effective or reliable an indicator as using real undiscovered ransomware samples for each review.īut there are plus points, too. We would be testing its behavior monitoring only. But because we had developed it, we could be sure that any given antivirus package wouldn't be able to detect our simulator from the file alone.
This would act very much like regular ransomware, spidering through a folder tree, detecting common user files and documents and encrypting them. What we decided to do, instead, was write our own custom ransomware simulator.
0 kommentar(er)
