Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I am uncertain about how public malware detection rulesets are? By a \"ruleset\"

ID: 659817 • Letter: I

Question

I am uncertain about how public malware detection rulesets are? By a "ruleset" I mean the rules, usually written in Yara, that malware detection engines use to determine whether a file or memory sequence is potentially malware.

I know that different detectors definitely use different rulesets, because if you use Virus Total or some similar service, you can see that for a given binary some of the vendors will flag the binary and others will not. I would expect a vendor's ruleset to be "secret sauce" that they would not release publicly.

Nevertheless, I can't see how it would be secret. For example, I have Symantec Endpoint running on my desktop, so in theory it has a file somewhere it is reading which has the ruleset in it. Therefore, getting the rules should be as simple as finding that file. Of course, there is the possibility that the ruleset on my desktop is different than the one Symantec has on its servers. So, on the desktop I might just be getting the "old" stuff that everybody knows, and all the really valuable rules are only on their servers and thus inaccessible.

So, are these rulesets considered "secret" or are they publicly available or somewhere in between?

Explanation / Answer

I really think that the signature database ( containing malware signatures and blacklisted dns and domains ) that all antiviruses have are on the device the software has been installed to, but this not a big deal as most of them have the SAME threats but with different identifications and names and removal methods ( depends on how they did that in their labs ) { they literally cheat from each others }

BUT THE BIG DEAL is around the AUTO-PROTECT and Sandboxing technologies and of course INTRUSION DETECTION and REAL TIME and END POINT and FIREWALL Features and ANTI-EXPLOITING functions. Those mentioned are all private codes that really took them a lot of good work. These are already implemented algorithms and thresholds and testing functions made when programming the software itself they tend to update those once in a while. The earlier mentioned ones ( which are databases of signatures and websites ) are on the other hand updated on a daily basis as new threats are identified every day.

So basically, you can find the database on your computer with some digging ... I even think you can get that list ( fresh ) somewhere on the internet or darknet ... can't remember its name .. but am sure it is there somewhere.

It's useless anyway unless you need to make sure your codes aren't identified as malicious OR you are thinking about building your own AV.

Related Questions

I am trying to write a program in C that will read an undetermined amount of tex
Question #3937348
I am trying to write a program in C++ that will read a file, then output into a
Question #3547691
I am trying to write a program in C++ that will verify a user has entered a pass
Question #3545983
I am trying to write a program in c++ that will read the text from a fle and cou
Question #3550008
I am trying to write a program in which I allow the user to inputand initial tim
Question #3613758
I am trying to write a program out of pseudocode (I used the LEGO mindstorm NXT
Question #3678035
I am trying to write a program that can be saved in notepad as an .html, and the
Question #3552625
I am trying to write a program that generates a table of temperature conversions
Question #3528764
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I am unable to write a file .In Java Eclipse. This is what I have: public static
Next
I am uncertain what I am suppose to be solving in this problem. Can someone expl

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.