Unveiling of Epsilon Anti-Virus

Pages: 123456... 10
closed account (G309216C)
Hi,

I am not ignoring anyone nor am I in the state of doing so, if anyone felt that I apologize for that affect.

Anyway, as I did say if you feel like you can trust then download it besides you can send the exe provided into AV scanning websites and also feel free to try run it in a old computer, which is not used much.

There are so many options, but the reason I am not handing complete source code is because, giving away a effective heuristics algorithm is not good idea as the heuristics algorithm can easily be manipulated and changed and integrated into a commercial AV engine which is not fair keeping in mind it take several months to complete a successful heuristic algorithm.

That is not all, if I give a source code away the chances are that others will use the code to create a Malware because obviously many of the drivers the AV uses as part of its core engine use hooking methods to build a successful protection unit, and giving it to public is like trusting hungry lion not to eat.

The source code may come out slowly at a time to gain attention (good thing in Software Industry), and also make the people more happy and keep them going for a long period of time.

@cire, Catfish4, computerquip
Haha, wow, I can be so blind to bugs that should be obvious when reading my own code sometimes. Thanks. I really need to be more careful.
I'd like to see it. Can you post some screen shots of the GUI?
Superdude, did you even look at the first post at all?
closed account (G309216C)
Yes, sure:

When AV protection is off:

http://i.imgur.com/WiYrt1W.png

Epsilon Sandbox Read to be run:

http://i.imgur.com/EIt3Ocs.png

Epsilon Successfully Registered:

http://i.imgur.com/NE0LfJK.png

These are few of the images, I took of Epsilon AV.

What do you think?
Blueberry Software is already taken, by the way...
Last edited on
I guess he just looked at a random file to scan, just for demo purposes?
Ah, yeah, I misunderstood the GUI.
It looks good, though I think that it should have a firewall maybe??
Maybe restricting program's access to the internet?

How did you make the GUI? What graphics lib?

@L B: I meant more screenshots. Sorry. :/
closed account (G309216C)
Hi,

The AV does have a Firewall which is operated from the Kernel and the User-Mode the Firewall is operated by NDIS drivers and in User-Mode it hooks DNS and LSP related functions in order to control the Network from User-Mode and Kernel which can be very powerful.

Next sorry, but the graphics library I used is not public, therefore I am forbidden to share it, sorry for that.

Anyway expecting from the reaction am, I right to say you like the GUI.
I like it. I think you might tone down on the bright, eccentric colors a little, but that is not at all a big problem, just something you might want to change before you release? it.

EDIT: 111 posts!!
Last edited on
closed account (G309216C)
Thanks!

Yes, as you may know solution for this project is almost a GB until now and I finished almost all "Important" features but there are few important feature to finish such as hiding MBR sector (sector 0) in order to persist there so no Malware can even install themselves to MBR so then all the bootkits will be no use.

I am trying to improve the false positive : positive ratio. If any one is interested the ratio is as following for Heuristic based detection and blocking:

Root-kits- 4: 100 - 94% accuracy

Bot - 20 - 100 - 80% accuracy

RAT's - 30 - 100 70% accuracy

Bootkit's - 0 - 100 - 100% PERFECT, as it denies access to MBR

Worms - 30 - 100 - 70% accuracy

As you may see the results are quite outstanding although bootkits do not come around regularly so it can be obvious why the results are so good here.
Do be aware these results could change. These are not permanent.
Thanks!
Last edited on
closed account (3qX21hU5)
Yes, as you may know solution for this project is almost a GB


Ummm anyone else going to call this out?

Yes, as you may know solution for this project is almost a GB


Ummm anyone else going to call this out?


What's the matter with that?
1 gig is not that big.




Worms - 30 - 100 - 70% accuracy

Did it deny you access then SpaceWorm?

hehe
1 gig is not that big.


It depends what he's measuring.

If he's measuring just the solution/project files, that's absurdly huge.
If he's measuring the source code, it's pretty big (but not unreasonably big)
If he's measuring intermediate/obj/pdb/etc files then it's practically nothing.
What about for compiled exe, data files, etc?

If he's measuring the source code, it's pretty big (but not unreasonably big)
If he's measuring intermediate/obj/pdb/etc files then it's practically nothing.

I must be dreaming! What year is it?

Hey Disch maybe you were thinking megabyte instead of gigabyte?
Or maybe I'm just used to working on very large projects? =P
closed account (G309216C)
Hi,

The executable at the moment is 14mb including the drivers which are embedded into the exe, read for dropping.

Anyway the source code is the one which is 1GB.
Anyone else think those UI "screenshots" look like mockups? Also, buttons that are grouped together should be the same width and height. Doesn't anybody care about aesthetics any more?
Last edited on
Pages: 123456... 10