testing out cures before posting them at nsanedown

[demonon]

Hi,

I came up with the idea to first test out a cure in a VM to look it's not malware and if it's works correctly before adding it to the frontpage. This way nsane can guarantee that all the cures are 100% safe.

I personally have a VM with WinXP and could do the testing.

Regards,

-demonon.

[Bizarre™]

Don't worry, we test the programs before and after posting them :)

[DKT27]

I think that (testing) is in the rules.

[demonon]

Don't worry, we test the programs before and after posting them :)

Why is there still a way to report malware then if you happen to find one in the cures? :blink:

[Peace_Angel]

Why is there still a way to report malware then if you happen to find one in the cures? :blink:

Simply because running an executable in VMWare , Sandboxed environment and Scanning it with 200 antiviruses doesn't guarantee that it is safe!

It can be that a trojan was hidden in a clean file (You would find different executables being launched, but legitimate files too launch other executables sometimes; so can you be sure???) and not detected by current antivirus definitions at the time it was fontpaged... And suppose the definitions were released after it was published in the frontpage! You und??? :->

Peace.

[Bizarre™]

Rest assured we never upload fixes that contain malware.

We make sure that the fixes have been scanned by various online AV's.

If a members AV picks up our chosen fixes as malware, it's his AV's shortcoming for giving a false positive.

[Rock Lee]

I've posted "better" fixes if I found one with a bad ratio also. Here are the one's I've changed:

MBAM Keygen

YourUninstaller!

I would've posted a different keygen for WinPatrol due to it's high false positive rate but Jalaffa and I discussed that in a PM.

I also posted clean fixes for ASC, Babylon, and AnyDVD (even though that fix is now obsolete).

Trust me, if I find a keygen or patch or any other fix with a bad ratio I'll find a new one to post. They're all clean, the ones I post and the ones that nsane.down posts ;)

[DKT27]

Don't worry, we test the programs before and after posting them :)

Why is there still a way to report malware then if you happen to find one in the cures? :blink:

I think, even after all the things mentioned before, your unsure about its safety, you can go onto the thread where the program is posted and select report button, but I also think you should have a proof that the program is not safe. ANW I truly believe in the site's safety and the programs scanned by the staff and the mods.;)

[Lite]

I have more thorough ways of analysing malware if needed, its a good offer though.

[demonon]

Ok, I understand.

[shought]

Don't worry, we test the programs before and after posting them :)

Why is there still a way to report malware then if you happen to find one in the cures? :blink:

It's because we want to give people the opportunity to try and prove us wrong whilst in practice they're only making fools of themselves by questioning our judgment :P

Nah, for real: we're human, it's in our nature to fuck up and it's our luck that there's still some people out there who will be pointing at those mistakes, for if there were no people doing so, a lot of things would go wrong, eventually...

Anyhow we do properly check fixes before we upload them to the frontpage ;)

The topics about 'Infected fix' is just because we noticed an increase in topics telling us that some fix included a virus or any other kind of malware and this was an easy way for us to provide people with a 'DIY(and find out it's safe)' procedure.

I should add some additional details about ThreatExpert though :)

[Ugfufu]

threatexpert---I think I've heared about it somewhere in raymond.cc before. I want to hear more bout it

[demonon]

Threatexpert is a a online virtual environment. You just post a file there and it is run in the virtual environment.

The file will be analysed in a way that there is looked what it does:

what registry keys does it touch?

what files does it modify?

does it access the internet?

Then, if the file is malevolent, it is classified at malware.

If all these files are reported to threatexpert or any other sort of online sandbox, then running it again in a VM is useless of course.

[Bizarre™]

Not entirely useless :bag:

We check if the current license / fix we have for a specific program is still working.

[shought]

Also I believe this online virtual environment only watches what happens when the file is executed, if some smarter viruses would appear they could 'hide' the virus behind a button or so ;)