The Security Suite/TT Livescan

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


http://www.tot-ltd.org

Details are available on the front page.

Enjoy.

Re: The Security Suite/TT Livescan



0fdfd966e7f1@41g2000yqn.googlegroups.com:

Quoted text here. Click to load it
 
Yeah, right. That's so obvious it stinks!
TR/Dropper.Gen.Trojan

--
        --- Everybody has a right to my opinion. ---

Re: The Security Suite/TT Livescan



Quoted text here. Click to load it

Huh?

Are you saying that your antibadware program detects a threat on that
site?



Re: The Security Suite/TT Livescan



wrote:
Quoted text here. Click to load it

Yes, it looks like everyone is entitled to Lil'Abner's opinion, no
matter how outlandish or farcical it may actually be.  I'm wonder who
will step forward next, saying after they ran TT Livescan or The
Security Suite that they were abducted by space aliens and woke up
naked in a cornfield covered in rum.  Really, if you're going to make
an accusation, back it up with statistical fact.

http://virusscan.jotti.org/en/scanresult/05c4a970207047724ed2f0581332800bf5 =
f5ab5b
http://www.virustotal.com/analisis/40fcde139401b4a87156512de00d7163bdf32226 =
28a163474bfe88dccfd4ca35-1279472728

Symantec picks up just about anything with a .vbs extension as
hostile.  For instance, in The Security Suite, it uses vbscript to do
a quick 80MB defrag of the ram.  How hostile is this piece of code,
you ask?  Let's see.

Mystring = Space(80000000)

Yeah, that's really gonna hose your system.  Way to go, Symantec.

a-squared, AntiVir, and Ikarius, from personal experience, usually cry
wolf on just about anything, which is why I avoid using them.

Anyone got any more questions they'd like cleared up?

Re: The Security Suite/TT Livescan



wrote:
Quoted text here. Click to load it

Yes, it looks like everyone is entitled to Lil'Abner's opinion, no
matter how outlandish or farcical it may actually be.  I'm wonder who
will step forward next, saying after they ran TT Livescan or The
Security Suite that they were abducted by space aliens and woke up
naked in a cornfield covered in rum.  Really, if you're going to make
an accusation, back it up with statistical fact.

http://virusscan.jotti.org/en/scanresult/05c4a970207047724ed2f0581332800bf5f5ab5b
http://www.virustotal.com/analisis/40fcde139401b4a87156512de00d7163bdf3222628a163474bfe88dccfd4ca35-1279472728

Symantec picks up just about anything with a .vbs extension as
hostile.  For instance, in The Security Suite, it uses vbscript to do
a quick 80MB defrag of the ram.  How hostile is this piece of code,
you ask?  Let's see.

Mystring = Space(80000000)

Yeah, that's really gonna hose your system.  Way to go, Symantec.

a-squared, AntiVir, and Ikarius, from personal experience, usually cry
wolf on just about anything, which is why I avoid using them.

Anyone got any more questions they'd like cleared up?

***
I just wanted to know what piece of crap antibadware application Lil'
Abner was using, if indeed he was getting that alert.
***



Re: The Security Suite/TT Livescan



wrote:
Quoted text here. Click to load it

Obviously, not a very good one.

Re: The Security Suite/TT Livescan




Quoted text here. Click to load it

Avira

On other people's computers I use Malwarebytes, SuperAntispyware, GMer,
HijackThis, ComboFix and a variety of other tools as needed.
I may be a dumb shit but I'm not going to use a tool that raises that
many flags unless I have been convinced by someone I trust that these are
all false positives.

--
        --- Everybody has a right to my opinion. ---

Re: The Security Suite/TT Livescan



Quoted text here. Click to load it

What do you mean by "that many"? You only mentioned one alert, and it
was apparently from heuristic methods. I would always treat such alert
with suspicion (that is to say I would suspect a false positive). Avira
is good, but in my experience has been exhibiting a rather high FP rate
if set for high heuristic weighting.



Re: The Security Suite/TT Livescan



@news.eternal-september.org:

Quoted text here. Click to load it
 OK, for starters, I downloaded Security Suite.rar and ran it through
VirusTotal. Results:
http://www.virustotal.com/analisis/40fcde139401b4a87156512de00d7163bdf32226
28a163474bfe88dccfd4ca35-1279512757
or http://tinyurl.com/284wms2 .
Then, when I unrared it, Avira popped up
http://mewnlite.com/PortStub.gif
With all the rogue antimalware/antivirus that is being put out,
"Security Suite" sounds suspicious in the first place.
Avira has always gotten pretty good reviews. Are you telling me that
PortStub.exe is just a false positive?
And that a-squared, AntiVir, Ikarus, and Symantec are all full of it as
well?

--
        --- Everybody has a right to my opinion. ---
                  (even if it's wrong)

Re: The Security Suite/TT Livescan



Quoted text here. Click to load it

Yes, I strongly suspect that this is the case.



Re: The Security Suite/TT Livescan



The alert you're getting for PortStub.exe would be a false positive.
When the scanner initializes, PortStub.exe is activated, which
produces a list of ACTIVE processes, and their active port numbers,
then it exits.  The items in this list are checked against the online
whitelist database.  The reason both The Security Suite and TT
Livescan are as small as they are is because a full local install of
the database AND the application will be close to 2GB.  The only way
for me to make my project available to the public, is to make it to
where the current database format is remotely accessed.

The experimental, unreleased version that I have at my own personal
disposal has database access times that are only limited by the
physical speed of the hardware architecture that it's installed on.
The downside is, the way the unreleased database is formatted, it
takes up nearly 160GB.  Yes, you read that correctly, and no, it's not
science fiction or an urban legend.  The reason I bring this up, is
that if it were commercially viable for me to make this version
available to the public, I would.  Unfortunately, I have neither the
time OR the resources to do so at this point in time.  In the future,
it's a possibility.

Now, onto the second part...  Since the last time I explained
something similar to this (the ftp uploader), and was accused of
writing a worm, again, unlike other companies, I will OPENLY discuss
my work if asked politely.  The following code is the only part of the
code that "drops" anything.  And yes, it was modified from a project
on pscode that I downloaded quite some time ago.  The dropped file in
question being ports.map, as we can see below.


If Not Privilege Then
    If Not (LoadPrivilege(SE_DEBUG_NAME)) Then
        End
    End If
End If
Privilege = True

If OpenPort() Then
    For i = 0 To 65535
        If ResultPorts(0, i) Then
                PPCode = Replace(Str(i) + vbTab +
ProcessPathByPID(ResultPorts(0, i)), " ", "")
                If InStr(PPCode, "SYSTEM") < 1 Then
                Open "ports.map" For Append As #2
                Print #2, PPCode
                Close #2
                End If

        End If
        If ResultPorts(1, i) Then
                PPCode = Replace(Str(i) + vbTab +
ProcessPathByPID(ResultPorts(1, i)), " ", "")
                If InStr(PPCode, "SYSTEM") < 1 Then
                Open "ports.map" For Append As #2
                Print #2, PPCode
                Close #2
                End If
        End If
    Next i
End If
Unload Me
End Sub

Gathering the list of processes by port, and then outputting the
results to a plain text file.  There it is.  There is the so-called
"hostile" code.

If you have any more questions, I'll be more than happy to answer them.

Re: The Security Suite/TT Livescan



c6796fffcdbd@d16g2000yqb.googlegroups.com:

Quoted text here. Click to load it
 
OK. Please accept my apologies. I leaped before I looked. "Security Suite"
was a red flag for me and I was bound and determined to prove myself right.
And a few false positives were all it took. And yes, I am quite aware that
false positives exist. Other people's antiviruses are always wiping
legitimate tools off my memory stick.
I was also not aware that the OP (you) was the author of the app. Then when
some of the others for whom I have a great deal of respect started slamming
me, I knew I'd been had!
So again, sorry to all of you. I'll be more careful in my future
assessments!

--
                          --- Peace? ---

Re: The Security Suite/TT Livescan




Quoted text here. Click to load it

I should have spoken up earlier myself. The software and it's author
are legit. Apologies for ignoring this...


--
Too cold to start a fire. I'm burning diesel burning dinosaur bones.
I'll take the river down to still water and ride a pack of dogs!
But I'm gonna break. I'm gonna break my... I'm gonna break my rusty
cage and run.. Yea i'm gonna break.. I'm gonna break my... I'm gonna
break my rusty cage... and run!

Re: The Security Suite/TT Livescan



Quoted text here. Click to load it


No worries.

Re: The Security Suite/TT Livescan



Quoted text here. Click to load it


Site Timeline