Comments on: CWSandbox – automated online malware analysis http://www.rarst.net/web/cwsandbox/ cynical thoughts on software, web, etc Thu, 09 Sep 2010 16:56:51 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Rarsthttp://www.rarst.net/web/cwsandbox/#comment-28556 Rarst Tue, 03 Aug 2010 04:11:16 +0000 http://www.rarst.net/?p=483#comment-28556 @AnonymousThanks for heads up, hadn't visited site in a while. @Anonymous

Thanks for heads up, hadn’t visited site in a while.

]]> By: Anonymoushttp://www.rarst.net/web/cwsandbox/#comment-28501 Anonymous Mon, 02 Aug 2010 22:08:03 +0000 http://www.rarst.net/?p=483#comment-28501 The CWSandbox service has moved to http://www.mwanalysis.org/ The CWSandbox service has moved to http://www.mwanalysis.org/

]]> By: Rarsthttp://www.rarst.net/web/cwsandbox/#comment-10729 Rarst Tue, 22 Sep 2009 17:56:07 +0000 http://www.rarst.net/?p=483#comment-10729 @RushIsn't it nice when some tool does the work for you? Some tasks like setting up proper sandbox are so troublesome that it lose lose - either you don't start or you spend stupid amount of time building and maintaining it.It's good there are people who aren't afraid of latter. :) I'll go spend some more insane time on my Google Charts plugin. @Rush

Isn’t it nice when some tool does the work for you? Some tasks like setting up proper sandbox are so troublesome that it lose lose – either you don’t start or you spend stupid amount of time building and maintaining it.

It’s good there are people who aren’t afraid of latter. :) I’ll go spend some more insane time on my Google Charts plugin.

]]> By: Rushhttp://www.rarst.net/web/cwsandbox/#comment-10718 Rush Mon, 21 Sep 2009 19:55:44 +0000 http://www.rarst.net/?p=483#comment-10718 This seems to have a lot of potential. I couldnt access it yesterday, but it's working now. I have a pretty extensive A/V software and test library with a couple thousand examples, that are great for detection rate testing. I've kind of wondered what some of them do, but never really felt like booting them in a naked VM and monitoring the changes. This looks to be a good lazy mans alternative. In the past Ive always had to bring up a test machine and run last 100, reg snapshot, hijack this and what changed. A lot of text to go through, and less than interesting. It will be interesting to do it once or twice and compare results with theirs. It also seems like if I had a buddy who has problem (and I always do) with an app that keeps crashing on install, that wasn't necessarily malware, it would be easier to push him the link and have him push me the results, than to have him upload it to me and messing with it myself. Another good find. Thanks! This seems to have a lot of potential. I couldnt access it yesterday, but it’s working now.
I have a pretty extensive A/V software and test library with a couple thousand examples, that are great for detection rate testing. I’ve kind of wondered what some of them do, but never really felt like booting them in a naked VM and monitoring the changes. This looks to be a good lazy mans alternative. In the past Ive always had to bring up a test machine and run last 100, reg snapshot, hijack this and what changed. A lot of text to go through, and less than interesting. It will be interesting to do it once or twice and compare results with theirs.
It also seems like if I had a buddy who has problem (and I always do) with an app that keeps crashing on install, that wasn’t necessarily malware, it would be easier to push him the link and have him push me the results, than to have him upload it to me and messing with it myself.
Another good find. Thanks!

]]> By: Rarsthttp://www.rarst.net/web/cwsandbox/#comment-10715 Rarst Mon, 21 Sep 2009 15:44:33 +0000 http://www.rarst.net/?p=483#comment-10715 @TranscontinentalYou are welcome. And with amount of anti-malware stuff I post about it had to click with your thoughts sooner or later. ;) @Transcontinental

You are welcome. And with amount of anti-malware stuff I post about it had to click with your thoughts sooner or later. ;)

]]> By: Transcontinentalhttp://www.rarst.net/web/cwsandbox/#comment-10706 Transcontinental Mon, 21 Sep 2009 08:40:07 +0000 http://www.rarst.net/?p=483#comment-10706 Now this is most interesting because indeed, the logical brain path of thoughts is that, if tools like Virustotal are great they do deal with installed files, when it seems so obvious that analyzing an install application before actually installing anything is the recommendation! Thanks Rarst, because your article brings an answer to what have been my thoughts since yesterday, this is odd :) Now this is most interesting because indeed, the logical brain path of thoughts is that, if tools like Virustotal are great they do deal with installed files, when it seems so obvious that analyzing an install application before actually installing anything is the recommendation!
Thanks Rarst, because your article brings an answer to what have been my thoughts since yesterday, this is odd :)

]]>