Hi all
I have a question about Symantec detection, all we know that this is very good company and have big experience, in all tests Symantec have very good results, but for me it s strange.. I will explain why: Yes, we know Symantec have very good research and it's important, but

1. At this time Symantec AV products have only 73389 virus signatures ( http://www.symantec.com/enterprise/security_response/definitions.jsp)

2. Their AV products updates once at day and more important is that these updates usually contains only 2-3 signatures ( http://www.symantec.com/avcenter/defs.added.html )

3. Their Bloudhound Heuristic and new SONAR aren t such effective to detect unknown threats as other AV 's heuristic

4. They hever listen to customers and when I used NIS 2007 (moths ago) I each day send them unknown, undetected viruses via quarantine, but these viruses are still undetected by Symantec, while other AV s already detects them ???

I know that number of signatures isn t very important, I know that other AV may add to signatures big number off not important viruses, but anyway, there are many AV's who have much more signatures in database and have more effective heuristic but Symantec (according tests) always have better result in detection. So what do you think, why it happens?

Sorry for my bad english, I hope you will understand what I mean :)

I think they either use generic signatures or name a lot of malware under the same category - Many different samples of various types of trojan/downloader/dropper that I have are all detected as "Downloader" by Symantec.

even though it doesn't look as if there are very many defs compaired to other av companys you have to remember that symantec will list a given definition as 1 def but it will cover the vairants of that piece of malware as well which will make them actually have many more defs than it appears. They don't seem to need to show impressive numbers to boost their ego.

Yes i understand that, but their respons on unknown theats is bad, I often send them Trojan/zlobs but these threats still undetected by Symantec, I often submit different viruses to virustotal and Symantec rarely detecs them.. Nobody noticed it?

pyyko stated that nortons virus submission was currently the best actually, automatic, i dont know if this is true or not but he usually knows what he is talking about :) ... usually.

norton also gave outstanding performance in polymorphic viruses and its detection rate is again outstanding.

cant fault it too much, maybe there updates dont arrive as quick as most, but the detection is there, so i wouldnt be too worried and there is always sonar as a backup, great software i must say & even more so especially with the software being now a 'low resource usage; one.

Symantec virus submisiion maybe is the best, because AV automatically sends viruses via quarantine to Symantec but response.. is far from the best.

Thanks tsilo for posting that link that lists the definitions that are uploaded each day. :)

No problem, you are Symantec user right? what can you say about symantec detection, do you ever send viruses to Symantec and how fast is their response?

I have only been using it for about a couple of months and so far all I have gotten is two Downloader trojans that were blocked from downloading. So I haven't anything to submit so far. I guess I have been lucky, lol.

I have used Norton off and on for a long time, and have never been infected with anything to submit. My first Norton antivirus came on three floppy disc's, that ought to give you an idea how long I have used Norton.:)

{QUOTE-> ...I guess I have been lucky, lol. <-QUOTE}

Or it could be a testament to Vista's security.

However I do know someone on a Vista forum that got hit with what appears to be the Win32/Jowspry trojan that is downloaded via the Background Intelligent Transfer Service (BITS). He stated that the Update icon appeared in the systray indicating updates to the installed so he installed them. Right afterwards none of his .exe files would run and he had to reinstall.

I don't know what AV he was using, if UAC was enabled, or if he was running as Admin or User. But if I understand how this trojan works correctly, I don't think it would matter anyway.

The story about this new threat is here (http://news.bbc.co.uk/1/hi/technology/6657677.stm).