tot-ltd.org · Domains · Slashdot Mirror

Re:Free alternatives? by idbeholda · 2015-08-14 09:24 · Score: 1 · on Former Employees Accuse Kaspersky Lab of Faking Malware

And if you actually read further, you'll notice a few URLs listed.

http://tot-ltd.org/blacklist/
http://tot-ltd.org/whitelist/
http://tot-ltd.org/files-wl/
http://tot-ltd.org/installatio...
http://tot-ltd.org/ports
http://tot-ltd.org/API
http://tot-ltd.org/packer.db

Re:Free alternatives? by idbeholda · 2015-08-14 09:24 · Score: 1 · on Former Employees Accuse Kaspersky Lab of Faking Malware

And if you actually read further, you'll notice a few URLs listed.

http://tot-ltd.org/blacklist/
http://tot-ltd.org/whitelist/
http://tot-ltd.org/files-wl/
http://tot-ltd.org/installatio...
http://tot-ltd.org/ports
http://tot-ltd.org/API
http://tot-ltd.org/packer.db

Re:Free alternatives? by idbeholda · 2015-08-14 09:24 · Score: 1 · on Former Employees Accuse Kaspersky Lab of Faking Malware

And if you actually read further, you'll notice a few URLs listed.

http://tot-ltd.org/blacklist/
http://tot-ltd.org/whitelist/
http://tot-ltd.org/files-wl/
http://tot-ltd.org/installatio...
http://tot-ltd.org/ports
http://tot-ltd.org/API
http://tot-ltd.org/packer.db

Re:Free alternatives? by idbeholda · 2015-08-14 09:24 · Score: 1 · on Former Employees Accuse Kaspersky Lab of Faking Malware

And if you actually read further, you'll notice a few URLs listed.

http://tot-ltd.org/blacklist/
http://tot-ltd.org/whitelist/
http://tot-ltd.org/files-wl/
http://tot-ltd.org/installatio...
http://tot-ltd.org/ports
http://tot-ltd.org/API
http://tot-ltd.org/packer.db

Re:Free alternatives? by idbeholda · 2015-08-14 09:24 · Score: 1 · on Former Employees Accuse Kaspersky Lab of Faking Malware

And if you actually read further, you'll notice a few URLs listed.

http://tot-ltd.org/blacklist/
http://tot-ltd.org/whitelist/
http://tot-ltd.org/files-wl/
http://tot-ltd.org/installatio...
http://tot-ltd.org/ports
http://tot-ltd.org/API
http://tot-ltd.org/packer.db

Re:Free alternatives? by idbeholda · 2015-08-14 09:24 · Score: 1 · on Former Employees Accuse Kaspersky Lab of Faking Malware

And if you actually read further, you'll notice a few URLs listed.

http://tot-ltd.org/blacklist/
http://tot-ltd.org/whitelist/
http://tot-ltd.org/files-wl/
http://tot-ltd.org/installatio...
http://tot-ltd.org/ports
http://tot-ltd.org/API
http://tot-ltd.org/packer.db

Re:Free alternatives? by idbeholda · 2015-08-14 09:24 · Score: 1 · on Former Employees Accuse Kaspersky Lab of Faking Malware

And if you actually read further, you'll notice a few URLs listed.

http://tot-ltd.org/blacklist/
http://tot-ltd.org/whitelist/
http://tot-ltd.org/files-wl/
http://tot-ltd.org/installatio...
http://tot-ltd.org/ports
http://tot-ltd.org/API
http://tot-ltd.org/packer.db

Re:Free alternatives? by idbeholda · 2015-08-14 06:08 · Score: 5, Interesting · on Former Employees Accuse Kaspersky Lab of Faking Malware

http://tot-ltd.org/techinf.htm...

Project I've been working on for the past 15 years. Take it or leave it.

Hardware Locking by idbeholda · 2015-06-29 09:36 · Score: 0 · on Malwarebytes Offers Pirates Its Premium Antimalware Product For Free

It's pretty easy to lock down these things via hardware. In fact, I have a working model that's (theoretically) infinitely scale-able on any given server, ignoring file number restraints from the hosting provider. http://www.tot-ltd.org/WMSDK.h...

Amusing. by idbeholda · 2013-05-14 19:37 · Score: 0 · on Major Advance Towards a Proof of the Twin Prime Conjecture

I've been using a similar practice for a few years when implementing the API database for TT Livescan.

http://tot-ltd.org/API/
http://tot-ltd.org/API/main.db

Use prime numbers 2 or higher to map API calls to a "number" specific family (add the collective values of the API calls from main.db, then convert the value to hexadecimal), based on the API functions (Windows 3.11 to Windows 7). The rate at which it can catch malware based on API calls alone is grotesquely efficient.

Amusing. by idbeholda · 2013-05-14 19:37 · Score: 0 · on Major Advance Towards a Proof of the Twin Prime Conjecture

I've been using a similar practice for a few years when implementing the API database for TT Livescan.

http://tot-ltd.org/API/
http://tot-ltd.org/API/main.db

Use prime numbers 2 or higher to map API calls to a "number" specific family (add the collective values of the API calls from main.db, then convert the value to hexadecimal), based on the API functions (Windows 3.11 to Windows 7). The rate at which it can catch malware based on API calls alone is grotesquely efficient.

Re:Good to see things like this. by idbeholda · 2013-04-23 17:45 · Score: 1 · on Harvard/MIT Student Creates GPU Database, Hacker-Style

Map the human genome with a parallel database. The only "downtime" would be sequencing, but query times to test for different factors in a particular splice would be relatively short. The downside to this would be the amount of space required to group, and tie together relevant data. Something like this would probably be a start, which I still haven't gotten around to releasing in its entirety yet, given that I don't have much free time nowadays.

Same process I've been using for about 4 years. by idbeholda · 2013-04-08 02:36 · Score: 1 · on Google Uses Reputation To Detect Malicious Downloads

http://tot-ltd.org/techinf.html

NSRL is also a pretty good site to get a comprehensive whitelist from. Best of all, the whitelist database is free, and used for forensic file analysis. The only mildly difficult part is sometimes keeping up with the release of new malware, but that's why I implement several other databases, including one based on API calls in known hostile applications. The really interesting thing with API groups, is that you can identify which piece of new malware most likely belongs to a specific family. So far, I've had no false positives on whitelisted files checked against the API database. ( http://www.tot-ltd.org/API )

Same process I've been using for about 4 years. by idbeholda · 2013-04-08 02:36 · Score: 1 · on Google Uses Reputation To Detect Malicious Downloads

http://tot-ltd.org/techinf.html

NSRL is also a pretty good site to get a comprehensive whitelist from. Best of all, the whitelist database is free, and used for forensic file analysis. The only mildly difficult part is sometimes keeping up with the release of new malware, but that's why I implement several other databases, including one based on API calls in known hostile applications. The really interesting thing with API groups, is that you can identify which piece of new malware most likely belongs to a specific family. So far, I've had no false positives on whitelisted files checked against the API database. ( http://www.tot-ltd.org/API )

The most troubling aspect... by idbeholda · 2013-01-18 02:57 · Score: 1 · on Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Is the fact that these competing antimalware companies do not openly publish and/or share detection methods or datasets. This ultimately does little more than give the users a false sense of security no matter which product is being used. What should be done (and what I've been attempting to do for quite some time) is to have a centralized/universal database of definitions, and from there, the real competition would be who, or what company can write the most effective *scanner*, thus benefiting the user, and weeding out ineffective coding practices, half-baked theories and groundless conjecture. To illustrate what I'm referring to, here are the datasets I maintain on a fairly regular basis. Keep in mind that 0-F is not an actual URL, but some of the datasets are defined as single characters, and sorted accordingly.

http://www.tot-ltd.org/blacklist/0-F/
http://www.tot-ltd.org/whitelist/0-F/
http://www.tot-ltd.org/API
http://www.tot-ltd.org/heuristics.dat
http://www.tot-ltd.org/installation.db
http://www.tot-ltd.org/packer.db
http://www.tot-ltd.org/files-wl/
http://www.tot-ltd.org/files-bl/

In the end, sure, there are several million files, but each specific group is only a few hundred bytes in size, which reduces a LOT of overhead and brings individual scantimes to near zero with a halfway decent connection speed. By doing this, a single scan is limited only by your hardware and internet latency.

The most troubling aspect... by idbeholda · 2013-01-18 02:57 · Score: 1 · on Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Is the fact that these competing antimalware companies do not openly publish and/or share detection methods or datasets. This ultimately does little more than give the users a false sense of security no matter which product is being used. What should be done (and what I've been attempting to do for quite some time) is to have a centralized/universal database of definitions, and from there, the real competition would be who, or what company can write the most effective *scanner*, thus benefiting the user, and weeding out ineffective coding practices, half-baked theories and groundless conjecture. To illustrate what I'm referring to, here are the datasets I maintain on a fairly regular basis. Keep in mind that 0-F is not an actual URL, but some of the datasets are defined as single characters, and sorted accordingly.

http://www.tot-ltd.org/blacklist/0-F/
http://www.tot-ltd.org/whitelist/0-F/
http://www.tot-ltd.org/API
http://www.tot-ltd.org/heuristics.dat
http://www.tot-ltd.org/installation.db
http://www.tot-ltd.org/packer.db
http://www.tot-ltd.org/files-wl/
http://www.tot-ltd.org/files-bl/

In the end, sure, there are several million files, but each specific group is only a few hundred bytes in size, which reduces a LOT of overhead and brings individual scantimes to near zero with a halfway decent connection speed. By doing this, a single scan is limited only by your hardware and internet latency.

The most troubling aspect... by idbeholda · 2013-01-18 02:57 · Score: 1 · on Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Is the fact that these competing antimalware companies do not openly publish and/or share detection methods or datasets. This ultimately does little more than give the users a false sense of security no matter which product is being used. What should be done (and what I've been attempting to do for quite some time) is to have a centralized/universal database of definitions, and from there, the real competition would be who, or what company can write the most effective *scanner*, thus benefiting the user, and weeding out ineffective coding practices, half-baked theories and groundless conjecture. To illustrate what I'm referring to, here are the datasets I maintain on a fairly regular basis. Keep in mind that 0-F is not an actual URL, but some of the datasets are defined as single characters, and sorted accordingly.

http://www.tot-ltd.org/blacklist/0-F/
http://www.tot-ltd.org/whitelist/0-F/
http://www.tot-ltd.org/API
http://www.tot-ltd.org/heuristics.dat
http://www.tot-ltd.org/installation.db
http://www.tot-ltd.org/packer.db
http://www.tot-ltd.org/files-wl/
http://www.tot-ltd.org/files-bl/

In the end, sure, there are several million files, but each specific group is only a few hundred bytes in size, which reduces a LOT of overhead and brings individual scantimes to near zero with a halfway decent connection speed. By doing this, a single scan is limited only by your hardware and internet latency.

The most troubling aspect... by idbeholda · 2013-01-18 02:57 · Score: 1 · on Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Is the fact that these competing antimalware companies do not openly publish and/or share detection methods or datasets. This ultimately does little more than give the users a false sense of security no matter which product is being used. What should be done (and what I've been attempting to do for quite some time) is to have a centralized/universal database of definitions, and from there, the real competition would be who, or what company can write the most effective *scanner*, thus benefiting the user, and weeding out ineffective coding practices, half-baked theories and groundless conjecture. To illustrate what I'm referring to, here are the datasets I maintain on a fairly regular basis. Keep in mind that 0-F is not an actual URL, but some of the datasets are defined as single characters, and sorted accordingly.

http://www.tot-ltd.org/blacklist/0-F/
http://www.tot-ltd.org/whitelist/0-F/
http://www.tot-ltd.org/API
http://www.tot-ltd.org/heuristics.dat
http://www.tot-ltd.org/installation.db
http://www.tot-ltd.org/packer.db
http://www.tot-ltd.org/files-wl/
http://www.tot-ltd.org/files-bl/

In the end, sure, there are several million files, but each specific group is only a few hundred bytes in size, which reduces a LOT of overhead and brings individual scantimes to near zero with a halfway decent connection speed. By doing this, a single scan is limited only by your hardware and internet latency.

The most troubling aspect... by idbeholda · 2013-01-18 02:57 · Score: 1 · on Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Is the fact that these competing antimalware companies do not openly publish and/or share detection methods or datasets. This ultimately does little more than give the users a false sense of security no matter which product is being used. What should be done (and what I've been attempting to do for quite some time) is to have a centralized/universal database of definitions, and from there, the real competition would be who, or what company can write the most effective *scanner*, thus benefiting the user, and weeding out ineffective coding practices, half-baked theories and groundless conjecture. To illustrate what I'm referring to, here are the datasets I maintain on a fairly regular basis. Keep in mind that 0-F is not an actual URL, but some of the datasets are defined as single characters, and sorted accordingly.

http://www.tot-ltd.org/blacklist/0-F/
http://www.tot-ltd.org/whitelist/0-F/
http://www.tot-ltd.org/API
http://www.tot-ltd.org/heuristics.dat
http://www.tot-ltd.org/installation.db
http://www.tot-ltd.org/packer.db
http://www.tot-ltd.org/files-wl/
http://www.tot-ltd.org/files-bl/

In the end, sure, there are several million files, but each specific group is only a few hundred bytes in size, which reduces a LOT of overhead and brings individual scantimes to near zero with a halfway decent connection speed. By doing this, a single scan is limited only by your hardware and internet latency.

The most troubling aspect... by idbeholda · 2013-01-18 02:57 · Score: 1 · on Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Is the fact that these competing antimalware companies do not openly publish and/or share detection methods or datasets. This ultimately does little more than give the users a false sense of security no matter which product is being used. What should be done (and what I've been attempting to do for quite some time) is to have a centralized/universal database of definitions, and from there, the real competition would be who, or what company can write the most effective *scanner*, thus benefiting the user, and weeding out ineffective coding practices, half-baked theories and groundless conjecture. To illustrate what I'm referring to, here are the datasets I maintain on a fairly regular basis. Keep in mind that 0-F is not an actual URL, but some of the datasets are defined as single characters, and sorted accordingly.

http://www.tot-ltd.org/blacklist/0-F/
http://www.tot-ltd.org/whitelist/0-F/
http://www.tot-ltd.org/API
http://www.tot-ltd.org/heuristics.dat
http://www.tot-ltd.org/installation.db
http://www.tot-ltd.org/packer.db
http://www.tot-ltd.org/files-wl/
http://www.tot-ltd.org/files-bl/

In the end, sure, there are several million files, but each specific group is only a few hundred bytes in size, which reduces a LOT of overhead and brings individual scantimes to near zero with a halfway decent connection speed. By doing this, a single scan is limited only by your hardware and internet latency.

The most troubling aspect... by idbeholda · 2013-01-18 02:57 · Score: 1 · on Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Is the fact that these competing antimalware companies do not openly publish and/or share detection methods or datasets. This ultimately does little more than give the users a false sense of security no matter which product is being used. What should be done (and what I've been attempting to do for quite some time) is to have a centralized/universal database of definitions, and from there, the real competition would be who, or what company can write the most effective *scanner*, thus benefiting the user, and weeding out ineffective coding practices, half-baked theories and groundless conjecture. To illustrate what I'm referring to, here are the datasets I maintain on a fairly regular basis. Keep in mind that 0-F is not an actual URL, but some of the datasets are defined as single characters, and sorted accordingly.

http://www.tot-ltd.org/blacklist/0-F/
http://www.tot-ltd.org/whitelist/0-F/
http://www.tot-ltd.org/API
http://www.tot-ltd.org/heuristics.dat
http://www.tot-ltd.org/installation.db
http://www.tot-ltd.org/packer.db
http://www.tot-ltd.org/files-wl/
http://www.tot-ltd.org/files-bl/

In the end, sure, there are several million files, but each specific group is only a few hundred bytes in size, which reduces a LOT of overhead and brings individual scantimes to near zero with a halfway decent connection speed. By doing this, a single scan is limited only by your hardware and internet latency.

The most troubling aspect... by idbeholda · 2013-01-18 02:57 · Score: 1 · on Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Is the fact that these competing antimalware companies do not openly publish and/or share detection methods or datasets. This ultimately does little more than give the users a false sense of security no matter which product is being used. What should be done (and what I've been attempting to do for quite some time) is to have a centralized/universal database of definitions, and from there, the real competition would be who, or what company can write the most effective *scanner*, thus benefiting the user, and weeding out ineffective coding practices, half-baked theories and groundless conjecture. To illustrate what I'm referring to, here are the datasets I maintain on a fairly regular basis. Keep in mind that 0-F is not an actual URL, but some of the datasets are defined as single characters, and sorted accordingly.

http://www.tot-ltd.org/blacklist/0-F/
http://www.tot-ltd.org/whitelist/0-F/
http://www.tot-ltd.org/API
http://www.tot-ltd.org/heuristics.dat
http://www.tot-ltd.org/installation.db
http://www.tot-ltd.org/packer.db
http://www.tot-ltd.org/files-wl/
http://www.tot-ltd.org/files-bl/

In the end, sure, there are several million files, but each specific group is only a few hundred bytes in size, which reduces a LOT of overhead and brings individual scantimes to near zero with a halfway decent connection speed. By doing this, a single scan is limited only by your hardware and internet latency.

Enjoy ;) by idbeholda · 2013-01-02 13:22 · Score: 1 · on Antivirus Software Performs Poorly Against New Threats

http://www.tot-ltd.org/API/

TT Livescan by idbeholda · 2012-09-24 10:19 · Score: 1 · on Ask Slashdot: Actual Best-in-Show For Free Anti Virus?

I've been working on this beast since around 2002.

http://www.tot-ltd.org/

http://www.tot-ltd.org/TT-Livescan-2011.rar

Technical information - http://www.tot-ltd.org/techinf.html

As a side note, you will need to manually install the dependencies if you're running Vista or 7. Run the command prompt as an administrator, then use regsvr32 as you normally would to register the .ocx files. As I have the free time, I'm currently working on a newer version that a lot more streamlined. Once it's done, TT Livescan should consume about half as many resources as it currently does, and run about 20%-25% faster. Also keep in mind that an internet connection of some kind is required in order to use TT Livescan.

TT Livescan by idbeholda · 2012-09-24 10:19 · Score: 1 · on Ask Slashdot: Actual Best-in-Show For Free Anti Virus?

I've been working on this beast since around 2002.

http://www.tot-ltd.org/

http://www.tot-ltd.org/TT-Livescan-2011.rar

Technical information - http://www.tot-ltd.org/techinf.html

As a side note, you will need to manually install the dependencies if you're running Vista or 7. Run the command prompt as an administrator, then use regsvr32 as you normally would to register the .ocx files. As I have the free time, I'm currently working on a newer version that a lot more streamlined. Once it's done, TT Livescan should consume about half as many resources as it currently does, and run about 20%-25% faster. Also keep in mind that an internet connection of some kind is required in order to use TT Livescan.

TT Livescan by idbeholda · 2012-09-24 10:19 · Score: 1 · on Ask Slashdot: Actual Best-in-Show For Free Anti Virus?

I've been working on this beast since around 2002.

http://www.tot-ltd.org/

http://www.tot-ltd.org/TT-Livescan-2011.rar

Technical information - http://www.tot-ltd.org/techinf.html

As a side note, you will need to manually install the dependencies if you're running Vista or 7. Run the command prompt as an administrator, then use regsvr32 as you normally would to register the .ocx files. As I have the free time, I'm currently working on a newer version that a lot more streamlined. Once it's done, TT Livescan should consume about half as many resources as it currently does, and run about 20%-25% faster. Also keep in mind that an internet connection of some kind is required in order to use TT Livescan.

Most "paid" solutions suck... by idbeholda · 2012-01-12 14:52 · Score: 1 · on Symantec Sued For Running Fake "Scareware" Scans

Got tired of paying yearly subscription fees, so I've spent over 10 years developing my own scanner (http://www.tot-ltd.org).

http://www.tot-ltd.org/blacklist/0-F - Info obtained from pretty much any site that makes honeynet/honeypot, malware md5 information available online.
http://www.tot-ltd.org/whitelist/0-F - Info obtained from National Software Resourece Library (http://www.nsrl.nist.gov/) public archive, along with archives of legit applications and os installation files.
http://www.tot-ltd.org/installation.db - Default malware install paths/file names.
http://www.tot-ltd.org/ports/ - Default trojan ports. Only returns a positive hit if file fails detection in the blacklist database.
http://www.tot-ltd.org/API/ API based heuristics.
And there's more info at http://www.tot-ltd.org/techinf.html and http://www.tot-ltd.org/techinf2.html