GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    :umu: :umu: (a1ba@suya.place)'s status on Saturday, 16-Mar-2024 08:21:55 JST :umu: :umu: :umu: :umu:
    Does anybody on Fediverse actually work in Anti-Virus company?

    Putting aside the whole computer viruses endless hysteria and how it's unrelated to the half of Fediverse here, what's actually happening with all the engines?

    Many engines detecting the small library to be a malware, marked by AI. Didn't you noticed how it's broken yet?
    In conversation about 8 months ago from suya.place permalink
    • :blobcathug: likes this.
    • Embed this notice
      :umu: :umu: (a1ba@suya.place)'s status on Saturday, 16-Mar-2024 08:21:54 JST :umu: :umu: :umu: :umu:
      in reply to
      • Rubikoid
      @rubikoid oh thanks for your story.

      For me, it even triggered on the EXE launcher which is basically single file that loads game engine DLL and calls it's main function, all using system APIs.

      I kinda suspect it might be because of the /MT flag usage in MSVC. It bloats the binary at the cost of not having VC++ Redistributable dependency. I think it also increases the chances of an AI getting triggered at standard library code, which kinda even makes sense.
      In conversation about 8 months ago permalink
      :blobcathug: likes this.
    • Embed this notice
      Rubikoid (rubikoid@social.rubikoid.ru)'s status on Saturday, 16-Mar-2024 08:21:56 JST Rubikoid Rubikoid
      in reply to

      @a1ba I work at sandbox+malware-related department in one ru big infosec company.

      We don’t have AV in their original form (even we have some of EDR products, which replaces AV as well), but i think i can say a few words about a problem.

      About the ML for AVs: it’s cursed.
      Most of AVs can work in two general ways: signature analysis and behaviour analysis.

      I have not seen any AV, that uses ML in behaviour analysis - and this is the only thing where ML works enough good.

      For signature analysis, it is hard to make really good models for malware detection, I think.

      For example, if for hand-written signatures you can run some false-positive tests and don’t release bad signatures, for ML model this action performs even more slower and harder.
      Also, ML models are more harder to fix and retrain.

      Why ML models used? I think, it’s cheaper than department of specialists, who knows how to write good signatures.
      Aaaand in 1% cases it can really be better than human.

      In your case, i *magically guess* this can be happen due to usage of some weird functions imports, or you accidentally wrote code snippet, which seems _like_ packer or something.

      In conversation about 8 months ago permalink

      Attachments

      1. No result found on File_thumbnail lookup.
        http://human.In/
      :blobcathug: likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.