Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tiranium.


  • Please log in to reply
14 replies to this topic

#1 NullPointerException

NullPointerException

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 AM

Posted 29 November 2014 - 06:52 AM

It is a very new company. And it has been discussed over MalwareTips, and quite frankly, all the threads have been closed by the forum staff, because the users didn't act so friendly towards the author. Its (probably) founder (Dubseven on MT) is a very secretive man. His profile page claims him to be 50, but on his supposedly "leaving note", he said he is 18. What do you think about this antivirus? Quite frankly, I know some of its secrets, but I am not allowed to post them...

 

What do you think about it? I have never used it, for a painfully obvious reason. 

 

Related articles :

 

Do You Trust Your Antivirus?

Tiranium Premium Security review (and the only review of it).

Tiranium Antivirus  (Wilderssecurity thread)

Their website. (Your AV probably block it)


Edited by NullPointerException, 29 November 2014 - 06:54 AM.


BC AdBot (Login to Remove)

 


#2 kram7750

kram7750

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 29 November 2014 - 10:28 AM

http://uk.pcmag.com/opinion/35745/do-you-trust-your-antivirus Tells me everything I need to know. PCMag aren't going to lie.



#3 NullPointerException

NullPointerException
  • Topic Starter

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 AM

Posted 29 November 2014 - 12:07 PM

http://uk.pcmag.com/opinion/35745/do-you-trust-your-antivirus Tells me everything I need to know. PCMag aren't going to lie.

I don't really trust PcMag or any other site like it. However, I agree with the author (I did include the link in my thread).



#4 titan1

titan1

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal,India
  • Local time:12:03 AM

Posted 29 November 2014 - 10:13 PM

Malwaretips is the site for advanced users.people there are very tech savvy,and many of them test malware samples and test new antimalware softwares.I have seen many of them whole heartedly recommending antiviruses like Qihoo 360 total security ( which our most experienced,kind and helpful computer geek quietman7 advises not to use) tiranium av etc.They know what they are doing and can get by easily if anything bad happens.But IMO it is better to avoid products like tiranium or Qihoo 360.They may have good detection ratio,but also have a higher level of false positive,which is much dreaded.

#5 NullPointerException

NullPointerException
  • Topic Starter

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 AM

Posted 30 November 2014 - 04:02 AM

Malwaretips is the site for advanced users.people there are very tech savvy,and many of them test malware samples and test new antimalware softwares.I have seen many of them whole heartedly recommending antiviruses like Qihoo 360 total security ( which our most experienced,kind and helpful computer geek quietman7 advises not to use) tiranium av etc.They know what they are doing and can get by easily if anything bad happens.But IMO it is better to avoid products like tiranium or Qihoo 360.They may have good detection ratio,but also have a higher level of false positive,which is much dreaded.

I hardly doubt that it is intended for advanced users. I deem "advanced" users as at least on of the following.

  1. At least UNITE is completed (Only Argus and TwinHeadedEagle have done it)
  2. Is a programmer or a software engineer.(Only a handful people know)
  3. Has a lot of interest in computer science
  4. Knows the basic computer science
  5. Has a CS degree (I am the only professional computer scientist there)
  6. Is a QA member

 

It isn't too advanced, since only handful of members test and hunt malware. And then again, most of the members cannot get away if their PC is infected or broken. 

 

They also hate Tiranium (Most call it "Stealarium", should you read Do You Trust Your Antivirus, Malware1 is a staff there). I obviously agree with quietman that Qihoo or Tiranium shouldn't be used, but since both of them are relatively new companies,  I wanted to know how others feel.



#6 titan1

titan1

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bengal,India
  • Local time:12:03 AM

Posted 30 November 2014 - 06:09 AM

Well,at least some of them pretend to pose like experts.I have seen there that when I said using torrent is a security risk,some of them just thought that I am some kind of idiot who doesn't know how to use torrent.Even some of them (like jackuars) think that Qihoo is a better product than Eset Nod 32.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 PM

Posted 30 November 2014 - 07:55 AM

Kaspersky detects one of Tiranium's two main files as malware, and ESET detects them both. Fortinet identifies Tiranium's website as malicious, as does Webroot's BrightCloud service.

I pointed out this detection to my Kaspersky contact and asked if he could explain why Tiranium was flagged as malware. He dug into the question with significantly more skill than I could muster, and came up with a lot. "They're using more than five different obfuscators to obfuscate their code and there's no digital signature," he said "It's a little crazy and looks far from legit." There's no smoking gun here, but these and other malware-like behaviors were sufficient to get the product flagged. He also found traffic from the server referencing VT (VirusTotal), Anubis, and VirScan, suggesting some kind of reliance on third-party sources.

BrightCloud...pointed out that Tiranium's IP address is shared with quite a few phishing websites. Google's safe browsing page for the olympe.in domain used by Tiranium had some alarming news: "Of the 1341 pages we tested on the site over the past 90 days, 13 page(s) resulted in malicious software being downloaded and installed without user consent."

The above is not opinion by the PC mag writer but a report on findings provided by Kaspersky, ESET and Webroot.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 PM

Posted 30 November 2014 - 08:06 AM


herdProtect analysis of tiraniumantiviruscloudscanner2.exe

Analysis
Scanner detections: 9/68
Status: Malware

Lavasoft Ad-Aware - Gen:Variant.Symmi.37544
Bitdefender - Gen:Variant.Symmi.37544
Bkav FE - HW32.CDB
Emsisoft Anti-Malware - Gen:Variant.Symmi.37544
F-Secure - Gen:Variant.Symmi.37544
G Data - Gen:Variant.Symmi.37544
MicroWorld eScan - Gen:Variant.Symmi.37544
Rising Antivirus - PE:Malware.XPACK/RDM!5.1
Trend Micro House Call - TROJ_GEN.F47V0120


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:33 PM

Posted 30 November 2014 - 10:15 AM

Well,at least some of them pretend to pose like experts.I have seen there that when I said using torrent is a security risk,some of them just thought that I am some kind of idiot who doesn't know how to use torrent.Even some of them (like jackuars) think that Qihoo is a better product than Eset Nod 32.

They are just members with their own opinions for the most part. Qihoo does have a good detection rate and is free, but has had a lot of controversy surrounding it. That is probably why they think it is better than ESET.
 
IMO, I don't trust any company or their product which has had (and perhaps still does have) dodgy practices like Tiranium or Qihoo. Best to stick with companies who are legitimate. 
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 NullPointerException

NullPointerException
  • Topic Starter

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 AM

Posted 30 November 2014 - 10:28 AM

I agree, I kind of hate Tiranium and Qihoo for their dodgy practices. Dubseven is, by the most trusted members at MT, caught selling malware. Would not trust this person at all. It's kind of informal for an AV vendor to sell malware.

 

 

 

Kaspersky detects one of Tiranium's two main files as malware, and ESET detects them both. Fortinet identifies Tiranium's website as malicious, as does Webroot's BrightCloud service.

I pointed out this detection to my Kaspersky contact and asked if he could explain why Tiranium was flagged as malware. He dug into the question with significantly more skill than I could muster, and came up with a lot. "They're using more than five different obfuscators to obfuscate their code and there's no digital signature," he said "It's a little crazy and looks far from legit." There's no smoking gun here, but these and other malware-like behaviors were sufficient to get the product flagged. He also found traffic from the server referencing VT (VirusTotal), Anubis, and VirScan, suggesting some kind of reliance on third-party sources.

BrightCloud...pointed out that Tiranium's IP address is shared with quite a few phishing websites. Google's safe browsing page for the olympe.in domain used by Tiranium had some alarming news: "Of the 1341 pages we tested on the site over the past 90 days, 13 page(s) resulted in malicious software being downloaded and installed without user consent."

The above is not opinion by the PC mag writer but a report on findings provided by Kaspersky, ESET and Webroot.

 

I agree. It's not a mere opinion but rather an evidence.



#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 30 November 2014 - 03:24 PM

 

there's no digital signature

 

A security tool you give system rights that has no digital signature. Not something I would trust, unless I can look at the source code.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 NullPointerException

NullPointerException
  • Topic Starter

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 AM

Posted 01 December 2014 - 01:38 PM

 

 

there's no digital signature

 

A security tool you give system rights that has no digital signature. Not something I would trust, unless I can look at the source code.

 

The Tiranium antivirus has a LOT of obfuscators. It's heavily-encrypted. What's even more creepy, is that ESET blocks it its official website for its SSL encryption technics.



#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 01 December 2014 - 05:00 PM

Yeah, some problems:

https://www.ssllabs.com/ssltest/analyze.html?d=tiranium-antivirus.olympe.in


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 kram7750

kram7750

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 28 February 2015 - 03:49 PM

Malwaretips is the site for advanced users.people there are very tech savvy,and many of them test malware samples and test new antimalware softwares.I have seen many of them whole heartedly recommending antiviruses like Qihoo 360 total security ( which our most experienced,kind and helpful computer geek quietman7 advises not to use) tiranium av etc.They know what they are doing and can get by easily if anything bad happens.But IMO it is better to avoid products like tiranium or Qihoo 360.They may have good detection ratio,but also have a higher level of false positive,which is much dreaded.

MalwareTips is not a site for advanced users. It's a site for anyone from beginner expertise with security to advanced expertise. A lot of new users have very little background with security, and within a few months of sticking around and reading the information provided by more experienced users they improve their knowledge and become more knowledgable with malware and other securtiy related things.



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 PM

Posted 28 February 2015 - 03:57 PM

It's the same here...anyone from beginner to advanced are welcome.

BTW...the poster who started this topic has been banned.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users