What company is the fastest one in adding definitions?

Lets say that you discovered not detected piece of malware, after submision how long did you wait for detection?

kaspersky lab :D

Kaspersky Lab :-*

this is the order for me: Dr.Web, Kaspersky and AntiVir...all adding them in 48H and sending you an answer with the result of sample analyse in 24H. :) Hope NOD32 will have this response some day....

Panda is fast too lol, at least when I used their products

U're right Brian...and even Sophos surprised me with a 12H reply. ;D

My last experience? I have submitted two files to ESET and they added detection in 4 hours!! I was really surprised:)

well sometimes eset add detection very fast :D

Here is a list from 2005 on response by Andreas Marx

{QUOTE-> What company is the fastest one in adding definitions? <-QUOTE}

How about instantly?

http://www.nod32-av.com/heuristics/threatsense.htm

Seems to me the safest way is to have an antivirus that has good heuristics and a fast response.That way, if heuristics dont catch it it isnt long before it is covered.

{QUOTE-> How about instantly?

http://www.nod32-av.com/heuristics/threatsense.htm <-QUOTE}

Heuristics doesn't always work - some malware writers are discovering ways to avoid detection heuristically:

http://www.viruslist.com/en/weblog?weblogid=186949288

From my personal experience, I think Fortinet is also good at response time.

We have FortiGate antivirus firewall at our corporate network perimeter, FortiGate can effectively catch most of malware (I'd say 99%+) that try to get through our network and then caught by eTrust Antivirus at clients/servers. As far as I've seen, we've always received virus signatures in time so FortiGate can stop all fast-spreading malware (e.g. mass-mailing worms) by its signatures without any problems, if not, we still have other layer defence.

TAP, you posted an add??? !!!

I have never heard af an antivirus company what you told.
I checked google, sure was some with a "fancy" page.

But in this discussion, you posted a newcomer add?

I use Avast, but we all know kaspersky has fastest reply, maybe :P

EDIT:
and checking a language tab in that site it was a chinese site.
Knowing from where you come from, it was really an advertisement????

Lost your reputaion on me TAP.
Maybe in a few years that company is on top, but for now, I feel bad about your reply

@ Jarmo P, I'm sorry.

What I said is my personal experience with FortiGate (luckily FortiGate does a good job for me), if it is considered as some kind of adds, moderators can delete my post with no problems.

I've used Fortinet FortiGate antivirus firewall (hardware), CA eTrust Antivirus and a few other security products at work, and use avast! Home Edition on my personal laptop/desktop and my home network.

I think it's not so strange that you haven't heard about Fortinet, because Fortinet's products (it's a network-based antivirus) mainly focus on corporate network protections, not for home users.

http://www.fortinet.com/
http://www.fortinet.com/FortiGuardCenter/

{QUOTE-> TAP, you posted an add??? !!!

I have never heard af an antivirus company what you told.
I checked google, sure was some with a "fancy" page.

But in this discussion, you posted a newcomer add?

I use Avast, but we all know kaspersky has fastest reply, maybe :P

EDIT:
and checking a language tab in that site it was a chinese site.
Knowing from where you come from, it was really an advertisement????

Lost your reputaion on me TAP.
Maybe in a few years that company is on top, but for now, I feel bad about your reply <-QUOTE}


I don't see Taps post as an add. It was a personal observation as to how well he believes his companys security program seems to work.

bigc

I think symantec also do a quick response on new virus

{QUOTE-> I think symantec also do a quick response on new virus <-QUOTE}


Take a look at the chart in post #9

I was thinking more on how long you usually wait for antivirus company to detect a sample after you submit it to them.

{QUOTE-> Here is a list from 2005 on response by Andreas Marx <-QUOTE}

Marx has been forbidden to test NOD32 - I'll rest my case....

{QUOTE-> Marx has been forbidden to test NOD32 - I'll rest my case.... <-QUOTE}

I'm almost 100% sure that NOD32 detected all those threats proactively without needing to update :-)

From my experience , by far , Kaspersky.
I sent them infected sample , they confirm it in 3 (three) minutes :o and add signature in the next update (about 40 minutes).
This is the fastest response I ever seen.

BTW I sent the same sample to eset and they still don't detect it after 26 hours now!:'(
It's about Trojan-Downloader.Win32.Zlob.pl , ITW , agressive ,and hard to clean from an infected system.

Hello,
please PM me the email address you sent the sample from. TD Zlob is of the highest priority these days so I wonder if we actually received it. Now it's been confirmed no such sample has been received at sample[at]eset.com nor samples[at]eset.com. When re-sending it, use the address samples[at]eset.com.

{QUOTE-> BTW I sent the same sample to eset and they still don't detect it after 26 hours now!:'(
It's about Trojan-Downloader.Win32.Zlob.pl , ITW , agressive ,and hard to clean from an infected system. <-QUOTE}

It has been detected by Nod32 on my system more than a week ago, but it wasn't dealt with properly. It should be moved to Quarantine, but it didn't. All what happened was a report and that's it. I posted about this problem and the answer from Marcos was: emptying the recycle bin should do the trick.

See my post on may 10th in Nod forum called: Trojan Downloader

{QUOTE-> Hello,
please PM me the email address you sent the sample from. TD Zlob is of the highest priority these days so I wonder if we actually received it. Now it's been confirmed no such sample has been received at sample[at]eset.com nor samples[at]eset.com. When re-sending it, use the address samples[at]eset.com. <-QUOTE}
Done. I just forwarded the sample to you.

Is it detected by F-Prot?

{QUOTE-> Heuristics doesn't always work - some malware writers are discovering ways to avoid detection heuristically:

http://www.viruslist.com/en/weblog?weblogid=186949288 <-QUOTE}

That may be so, but for purposes of the posted outbreaks, heuristics DID work, and there was no update needed.

You are right however: for those AV's that have no/poor heuristics, and have to depend on timely signatures, you can be caught with your proverbial pants down.

mediacodec-v4.403.exe

AntiVir 6.34.1.27 05.22.2006 TR/Drop.Zlob.FK.2.A
Authentium 4.93.8 05.22.2006 no virus found
Avast 4.6.695.0 05.22.2006 no virus found
AVG 386 05.22.2006 Downloader.Zlob.AFD
BitDefender 7.2 05.22.2006 no virus found
CAT-QuickHeal 8.00 05.21.2006 no virus found
ClamAV devel-20060426 05.22.2006 no virus found
DrWeb 4.33 05.22.2006 Trojan.Popuper
eTrust-InoculateIT 23.72.14 05.21.2006 no virus found
eTrust-Vet 12.4.2221 05.22.2006 no virus found
Ewido 3.5 05.22.2006 no virus found
Fortinet 2.77.0.0 05.22.2006 W32/Zlob.AFD!tr.dldr
F-Prot 3.16c 05.22.2006 no virus found
Ikarus 0.2.65.0 05.22.2006 Trojan-Downloader.Win32.Zlob.ni
Kaspersky 4.0.2.24 05.22.2006 Trojan-Downloader.Win32.Zlob.pl
McAfee 4767 05.22.2006 no virus found
Microsoft 1.1440 05.22.2006 no virus found
NOD32v2 1.1553 05.22.2006 Win32/TrojanDownloader.Zlob.OI
Norman 5.90.17 05.22.2006 no virus found
Panda 9.0.0.4 05.22.2006 no virus found
Sophos 4.05.0 05.22.2006 no virus found
Symantec 8.0 05.22.2006 no virus found
TheHacker 5.9.8.146 05.22.2006 no virus found
UNA 1.83 05.22.2006 no virus found
VBA32 3.11.0 05.22.2006 Trojan-Downloader.Win32.Zlob.pl

{QUOTE-> mediacodec-v4.403.exe

AntiVir 6.34.1.27 05.22.2006 TR/Drop.Zlob.FK.2.A
Authentium 4.93.8 05.22.2006 no virus found
Avast 4.6.695.0 05.22.2006 no virus found
AVG 386 05.22.2006 Downloader.Zlob.AFD
BitDefender 7.2 05.22.2006 no virus found
CAT-QuickHeal 8.00 05.21.2006 no virus found
ClamAV devel-20060426 05.22.2006 no virus found
DrWeb 4.33 05.22.2006 Trojan.Popuper
eTrust-InoculateIT 23.72.14 05.21.2006 no virus found
eTrust-Vet 12.4.2221 05.22.2006 no virus found
Ewido 3.5 05.22.2006 no virus found
Fortinet 2.77.0.0 05.22.2006 W32/Zlob.AFD!tr.dldr
F-Prot 3.16c 05.22.2006 no virus found
Ikarus 0.2.65.0 05.22.2006 Trojan-Downloader.Win32.Zlob.ni
Kaspersky 4.0.2.24 05.22.2006 Trojan-Downloader.Win32.Zlob.pl
McAfee 4767 05.22.2006 no virus found
Microsoft 1.1440 05.22.2006 no virus found
NOD32v2 1.1553 05.22.2006 Win32/TrojanDownloader.Zlob.OI
Norman 5.90.17 05.22.2006 no virus found
Panda 9.0.0.4 05.22.2006 no virus found
Sophos 4.05.0 05.22.2006 no virus found
Symantec 8.0 05.22.2006 no virus found
TheHacker 5.9.8.146 05.22.2006 no virus found
UNA 1.83 05.22.2006 no virus found
VBA32 3.11.0 05.22.2006 Trojan-Downloader.Win32.Zlob.pl <-QUOTE}

These Zlob variants are getting annoying - new variants every 24 hours. You know the URLs, so why not automate collection with a simple wget script. These shouldn't need to be submitted by members of the public for AVs to obtain samples and add them if they're a priority.

Ned

{QUOTE-> Marx has been forbidden to test NOD32 - I'll rest my case.... <-QUOTE}
Maybe not?
{QUOTE-> The success was confirmed by the independent testing labs AV-Test.org. Andreas Marx, AV-Test CEO, said “Eset was not only one of the first anti-virus companies which had signatures in place to stop the already known attacks used by the Win32/GenWui Trojan, but they also had the first generic detection in place on May 21 around midnight (GMT). This effectively prevents all future malware attacks attempting to exploit this zero-day vulnerability in Microsoft Word.” <-QUOTE}
http://www.eset.com/company/article.php?contentID=1404

Well, I've not a big experience in virus/trojan-submission ;D , but the few times I've sent undetected files, Avira/H+BEDV were the fastest ;) - I'm still waiting for a reply from few other companies, which are not detecting theses samples yet .. (I'm wondering if they've flagged my mails as spam indeed :shifty: ).

Cheers,
nicM

This morning I sent an infected file ( trojan Zlob) to este & kaspersky.
They detect it now.;D
But I have a common sense question for now :WHAT ARE ALL THE OTHER ANTIVIRUS VENDORS DOING ?(except DrWeb).How do they protect their clients ????

179158

Adding it later? Relax, it aint the end of the world you know..

yeah, but Bit Defender seems to be really out of the matter...out of my 7 variants of Trojan.Zlob it detects only one. :(