Any of you tested dr web 4.44 beta version ? I installed it just to check its scan speed and false positives on my pc.

It is still scanning 92% and it has been scanning for the past 4 hours and 30+ mins. :

8 False positives so far.

Kis7 scans this pc in just 1 hour (scan all files ticked).


Would 4 hours and 30+ mins be an improvement in scan speed over the previous version ?


Thanks

I cannot comment on your particular numbers, but Dr Web has been a slow, and careful, scanner ever since I can remember. There have been never feature implemented in the beta, such as spidershield, that may be causing you issue. I do know that 4.44 is just a steping stone to v5, which will be drastically improved.
Chris, where are you? You may be able to help more than I.

{QUOTE-> Any of you tested dr web 4.44 beta version ? I installed it just to check its scan speed and false positives on my pc.

It is still scanning 92% and it has been scanning for the past 4 hours and 30+ mins. :

8 False positives so far.

Kis7 scans this pc in just 1 hour (scan all files ticked).


Would 4 hours and 30+ mins be an improvement in scan speed over the previous version ?


Thanks <-QUOTE}
scan speed is the same at the moment, or feels pretty much the same to me.

drwebs scanner is a very 'complete' scan, meaning it scans absolutely everything unlike such scanners as nod32 and many many others. (i think)

not quite sure, but i know drweb keep adding different packers and keep improving their scan, and its nice to see it not getting any slower.

the scanner (and engine) will be completely different in V5 n8chavez as far as im aware, so 4.44 'is' just a stepping stone towards 5.

if all V5 components were ready, i very much doubt there would even be a 4.44 version.

i was told there would be a faster scanner, but i dont think its the one in 4.44 as i dont see any difference.

{QUOTE-> scan speed is the same at the moment, or feels pretty much the same to me.

drwebs scanner is a very 'complete' scan, meaning it scans absolutely everything unlike such scanners as nod32 and many many others. (i think) <-QUOTE}


Kav scans all them files. Yet it takes kav one hour or so to do the same scan.

BTW, scan is now complete.It took dr web 5 hours and 13 mins to finish its job.

It's a long time.

Hi banshee,
how much data do you have?
and how long did the first scan of kaspersky take?
lodore

Lodore,

Re Kis7:The first time it was a little over one hour.Now it is around 5 mins.

I am not sure why they find this drweb so good. Maybe the icon thingy ?

I just bought it few days ago. It's very light, updates are frequent, support is very helpful .. or at least has been for me. It's reliable, no compatibility issues with anything and no errors. Eventhough detection rates are not top3, it shuts up and does it's work quietly and smoothly. Dr.Web is also very configurable. You can always have some extra free antispyware or antivirus ondemand scanners for backup if intrested in detection percentages. As i'm not a newbie/risk user, detection rates don't matter that much. It takes care of itw-malware and runs well, which is good enough for me. ;)

{QUOTE-> I just bought it few days ago. It's very light, updates are frequent, support is very helpful .. or at least has been for me. It's reliable, no compatibility issues with anything and no errors. Eventhough detection rates are not top3, it shuts up and does it's work quietly and smoothly. .. <-QUOTE}

Yes, not top 3.It got "standard" in av-comparatives but did worse of them all avs tested (%wise).It shows.

It must be something like cavs . I don't understand why ppl buy this really.

a)scan speed blows
b) detection is nothing to brag about
c) false positives is nothing to brag about

You got free avs that do way better than this thing.

It can be of use if u like submitting files to virustotal and u don't have files to submit. Download drweb, scan ur pc and voilà you got fps no end. ;D

{QUOTE-> Yes, not top 3.It got "standard" in av-comparatives but did worse of them all avs tested (%wise).It shows. <-QUOTE}If detection is all you weigh, then restricting to top "x" positions is fine, but that's not the only criteria for many.

{QUOTE-> a)scan speed blows <-QUOTE}Endless system scanning, if done, can be scheduled during off hours with any product. Within reason, this is a non-issue for any product.
{QUOTE-> b) detection is nothing to brag about <-QUOTE}Personally, I've not run into issues here, although it is on the lower end of peer group and this does bear watching moving forward. Note that a "Standard" rating from www.av-comparatives.org is a solid rating.
{QUOTE-> c) false positives is nothing to brag about <-QUOTE}At least on my machines, the fp's seem common to most of the AV's I've looked at. I do see them for all products, and they tend to be the same files.
{QUOTE-> You got free avs that do way better than this thing. <-QUOTE}I wouldn't say "way better". Equivalent in broad strokes? Yes.

Of course, that does leave the open the question of why someone would use Dr Web. In my own case, it tends to be a low system footprint option that is generally compatible with other software. For me, those two characteristics are critically important and Dr Web is in the mix of a small number of products I own/still use.

Blue

Blue,

First off, each to his own.But.


c) false positives is nothing to brag about
---
At least on my machines, the fp's seem common to most of the AV's I've looked at. I do see them for all products, and they tend to be the same files.
-------

No false positive here with any product but drweb and avira .Avira just a few tho with slider settings all the way up to max.


Quote:
You got free avs that do way better than this thing.
---
I wouldn't say "way better". Equivalent in broad strokes? Yes.

---

Some free avs are better than drweb.Did you trial antivir ? I did not try cavs yet but I will have to give it a go to see if it does any worse than the doctor.

No wonder this av is cheap. I'd say in this case you get what you pay for.

Enough is enough. This thread took a serious downturn including a number of personal attacks. Seven Posts have been removed and the thread will be locked if it deteriorates and/or strays off topic again.

Menorcaman

I don't really care about false positives, I can filter out what is and what's not a false positive. Scanning speed is not a problem since I can leave my computer scanning when i go to work or sleep. ~removed personal attack....Bubba~

I have absolutely nothing to complain about dr.web(unlike with some of those "better free avs")and that is why I use it.

{QUOTE-> No false positive here with any product but drweb and avira .Avira just a few tho with slider settings all the way up to max. <-QUOTE}What's more germane to my software selection, my own experience or yours? I don't want to state the obvious, but it's mine. For the general reader, I'd hope that they realize that false positives, like software conflicts, depend entirely what you have installed on your system. It's a personal calculation and assessment that one has to make.

{QUOTE-> Some free avs are better than drweb.Did you trial antivir ? I did not try cavs yet but I will have to give it a go to see if it does any worse than the doctor. <-QUOTE}Are better? According to what criteria? It's not a criteria independent result, and here's a hint, different people use different criteria with different weights.

Yes, I've looked at Antivir. It's fine. I don't happen to use it.

{QUOTE-> No wonder this av is cheap. I'd say in this case you get what you pay for. <-QUOTE}OK, that's your opinion. Mine differs from yours.

Blue

I think the original question has been answered already. People who dislike Dr.Web for the slow scanning speed (like me) will still wait. And people who are not bothered by slow scanning speed will keep on using it. I don't know why people take it to their hearts.

{QUOTE-> I think the original question has been answered already. People who dislike Dr.Web for the slow scanning speed (like me) will still wait. And people who are not bothered by slow scanning speed will keep on using it. I don't know why people take it to their hearts. <-QUOTE}

No clue.It has its fans tho. This product is what it is.It is being rated as standard so a "solid" av.No big deal tho.No idea what makes it so special.It works for some and so it is good for them and does not for others and thefore it isn't.

It is relatively cheap compared to others.

{QUOTE-> Yes, not top 3.It got "standard" in av-comparatives but did worse of them all avs tested (%wise).It shows.

It must be something like cavs . I don't understand why ppl buy this really.

a)scan speed blows
b) detection is nothing to brag about
c) false positives is nothing to brag about

You got free avs that do way better than this thing.

It can be of use if u like submitting files to virustotal and u don't have files to submit. Download drweb, scan ur pc and voilà you got fps no end. ;D <-QUOTE}

:) Banshee, just a short comment on what you said about the detection rates. At Av-comparatives they have a collection that has been submitted to all AV companies, so it is not a problem to add them all to Dr.Web's definition base - a matter of 20 minutes, I believe. This is what all Top3 and lower do.
Dr.Web, however, has to be sure that everything is added to the base is a malware, not garbage. Because, unfortunately, garbage is present there.
So, the job is done - but the number of files to check is too big.

So, the conclusion is: AV-comparatives, unfortunately, is not the right measurement of detection rates. Really sorry that people are looking at those results to make their choice.

{QUOTE-> No clue.It has its fans tho. This product is what it is.It is being rated as standard so a "solid" av.No big deal tho.No idea what makes it so special.It works for some and so it is good for them and does not for others and thefore it isn't.

It is relatively cheap compared to others. <-QUOTE}

Banshee, Dr.Web noe is the most expensive one in Russia. And people buy it well.

{QUOTE-> Any of you tested dr web 4.44 beta version ? I installed it just to check its scan speed and false positives on my pc.

It is still scanning 92% and it has been scanning for the past 4 hours and 30+ mins. :

8 False positives so far.

Kis7 scans this pc in just 1 hour (scan all files ticked).


Would 4 hours and 30+ mins be an improvement in scan speed over the previous version ?


Thanks <-QUOTE}

The 4.44 CureIt! has been released yesterday.
Read here: http://info.drweb.com/show/3156/en
Try it here: http://www.freedrweb.com.

The speed has been improved - but the on-demand scan is still slow compared to others, I believe.

{QUOTE-> :) Banshee, just a short comment on what you said about the detection rates. At Av-comparatives they have a collection that has been submitted to all AV companies, so it is not a problem to add them all to Dr.Web's definition base - a matter of 20 minutes, I believe. This is what all Top3 and lower do.
Dr.Web, however, has to be sure that everything is added to the base is a malware, not garbage. Because, unfortunately, garbage is present there.
So, the job is done - but the number of files to check is too big.

So, the conclusion is: AV-comparatives, unfortunately, is not the right measurement of detection rates. Really sorry that people are looking at those results to make their choice. <-QUOTE}
fantastic comment, surely that is something like ive been saying.

good post :thumb:

{QUOTE->
Try it here: http://www.freedrweb.com.

The speed has been improved - but the on-demand scan is still slow compared to others, I believe. <-QUOTE}

also Severyanin, the website seems to be having some HTML problems at the moment, so better to try this link for a direct download of the new CureIt. ~ Site seems fine now therefore direct link to file download disabled - Menorcaman ~

{QUOTE-> :)
So, the conclusion is: AV-comparatives, unfortunately, is not the right measurement of detection rates. Really sorry that people are looking at those results to make their choice. <-QUOTE}
So where would you suggest that people look for accurate detection rates?

And what about Dr Web's results at av-test.org? The results there are very similar to those over at av-comparatives. Should we dismiss them as well?

If you are suggesting that there is a LOT of garbage files in av-comparatives test-bed how do you explain NODs result? Eset also takes a lot of time in assuring only malware is added to their database yet their detection rates are considerably better than Dr Web's ;)

Overall, the results of Dr Web's detection rate in a VARIETY of test sites suggest that it is a second tier AV. But as already stated many times before this should not be a decider in choosing an AV. Its detection rate is more than enough for the majority of users.

In fact if you believe that your true detection rates are greatly underestimated at av-comparatives why is your Company still taking part in the tests? You could just decide to withdraw DW from testing which other vendors have done in the past. It's not very good PR for DW if you know that your product is being seriously underestimated in testing.

Or is it just to receive the missing samples that you will eventually put into your database?

{QUOTE-> So where would you suggest that people look for accurate detection rates? <-QUOTE}

Blackcat, the "garbage" theory has been preached long enough but that I know of no evidence was offered.I also would like to know more about this.

All I heard so far is fiction and wishful thinking.

Let's hope they tell us more.

{QUOTE-> The 4.44 CureIt! has been released yesterday.
Read here: http://info.drweb.com/show/3156/en
Try it here: http://www.freedrweb.com.

The speed has been improved - but the on-demand scan is still slow compared to others, I believe. <-QUOTE}


Yes, slow.

[Scan path] C:\WINDOWS
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 43065
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 1537 Kb/s
Scan time: 00:37:57

IBK has already answered the suggestion that Dr Web's results are due to the high number of "garbage" files in the test-bed;

{QUOTE-> To reach Advanced, Dr.Web would need to discover at least 22.000 real garbage files in the misses of August, which is highly unprobably. <-QUOTE}

It's a pity I think that IBK's methodology has been questioned here and it appears to be more like sour grapes coming from a vendor who has not reached the Advanced-level. If Dr Web are not happy, for whatever reason, follow Panda's example and withdraw your product from testing.

{QUOTE-> 8 False positives so far.
Kis7 scans this pc in just 1 hour (scan all files ticked).
Would 4 hours and 30+ mins be an improvement in scan speed over the previous version ? <-QUOTE}
This sounds cruel, but logical that false positive crown has in most cases always gone to Dr.Web. They search for regsvr32 strings in programs, no wonder that most uninstaller (e.g. AOL Setup) become suspected as potential backdoor. My advice for DrWeb: Use heuristic steppings like e.g. Arcavir or AntiVir.

id like to know the differences between what they actually scan, compared to others, im sure IBK or Firecat or someone like that knows.

also, i dont think drweb is dual core etc compatible.

{QUOTE-> IBK has already answered the suggestion that Dr Web's results are due to the high number of "garbage" files in the test-bed;



It's a pity I think that IBK's methodology has been questioned here and it appears to be more like sour grapes coming from a vendor who has not reached the Advanced-level. If Dr Web are not happy, for whatever reason, follow Panda's example and withdraw your product from testing. <-QUOTE}


Yes, absolutely. A visit to their very useful forums and a search there would pay dividends. Very good source of humor too.

@Banshee

i dont understand your problem, if you dont like the software, simply do not use it, there is no need for your constant bashing of the product.

--- yes, they do have a great sense of humour and are always informative, maybe you just need to learn it a bit more, as the english translation can sometimes wonder off to distant lands.

{QUOTE-> @Banshee

i dont understand your problem, if you dont like the software, simply do not use it, there is no need for your constant bashing of the product.

--- yes, they do have a great sense of humour and are always informative, maybe you just need to learn it a bit more, as the english translation can sometimes wonder off to distant lands. <-QUOTE}


I could tell you the same CSJ. I don't understand your problem-If you like the software, simply use it.There's no need for you constantly presenting fiction as facts.

{QUOTE-> I could tell you the same CSJ. I don't understand your problem-If you like the software, simply use it.There's no need for you constantly presenting fiction as facts. <-QUOTE}
i speak nothing but facts, whether you choose to accept them is your problem.

summary:

Version 4.44 has the following enhancements:
- Full support of Windows Vista;
- 'Curing' a system from rootkits;
- New non-signature unknown virus detection technology (origin);
- Optimized engine that quickly scans;
- Support for new archivers and packers.

im sure drweb will add more information about the version to their news page as soon as its released.

{QUOTE-> i speak nothing but facts, whether you choose to accept them is your problem. <-QUOTE}



CSJ,CSJ,


Until you can back your claims some/most of what you have been saying about the software is fiction and wishful thinking.Period.


This my last on this. Rant on.

{QUOTE-> id like to know the differences between what they actually scan, compared to others, im sure IBK or Firecat or someone like that knows.

also, i dont think drweb is dual core etc compatible. <-QUOTE}

i am a little bit confused.........
i have never heard or seen " this av is dual core compatible " or "this av is not......." . plz recommend some web links . i am curious . thanks .

@031

its quite simple really, some av's are able to max out dual core processers during on demand scans, drweb isnt compatible to do this as far as im aware. Max priority scan will always be about 50% cpu on a dual core cpu.

{QUOTE->
In addition, KV2007 anti-virus software delivers increased speed and enhanced overall performance through multi-threading, based on Intel dual-core processors. Tests show that this software offers higher performance when running on dual-core processor-based PCs after optimization, doubling the virus protection speed from 6,835 files/minute to 10,537 files/minute, compared to previous-generation processors. In the intensely competitive anti-virus software market in China, KV2007 software can rapidly acquire information about computer viruses, allowing Jiangmin SciTech to seize new business opportunities and win more market segment share. <-QUOTE}

@Banshee

F-secure 'sometimes' has a slower on-demand scan than Drweb depending what you have on your machine, also there are others, why dont you bash them for a week? ;)

ok, but to be serious now.

there will always be faster, yeah?
there will always be slower, yeah?

lets not make a big thing out of it all.

its weekend, time for happy posts :D

ok? :)

-------------------------------------------------------------

anyway, to keep this topic heading in the right direction.

The fact is that the version 4.44 knows more archivers and packers. And for the same time of scan, as 4.33.

now version 4.44 scans more objects than version 4.33. Therefore, the total scan time can be the same.

Version 4.44 in particular is much faster at scanning CHM-files and certain types of installations.

If something is flagged as "probably trojan" or "suspicious" etc then how can that count as a false positive? I think false positive would be if it flags it as a Trojan.Example or so. If an exe is small sized, and has code that downloads something/installs something .. then why not flag it as suspicious when usually that kind of programs are. That is why you can choose to ignore/exclude it if you know that it's not a trojan or virus. Better to let user decide if that program is ok or not than to let possible disaster happen. You can also choose to use "heuristic analyzer" or not.

I would understand that "dr.web & false positives" debate if it would be about detecting a valid program with a 100% sure "detection name" or removing those without asking.

{QUOTE-> IBK has already answered the suggestion that Dr Web's results are due to the high number of "garbage" files in the test-bed;



It's a pity I think that IBK's methodology has been questioned here and it appears to be more like sour grapes coming from a vendor who has not reached the Advanced-level. If Dr Web are not happy, for whatever reason, follow Panda's example and withdraw your product from testing. <-QUOTE}

Falks, please read carefully about the garbage:
nobody suggests all 22K samples are garbage. Nobody but IBK. I repeat: finding garbage in several samples means that all of the remaining have to be checked. And this does not prevent us from admitting that there are real samples that are missed.

And they are being checked. IBK was told a few days ago about this. To add the whole collection to the base is a 20 minutes work. This is what IBK is obviously suggesting. However, Daniloff is not sharing this point of view. Thank you for the advise, though.

About withdrawing from the tests: no problem to do that, of course. But the tests like this are becoming to have too much impact on the industry. We prefer to receive the test collection and to find out what the problems are there. And we do not care really about a standard/advanced level - be pretty sure, we have our own measurements. WE hope to finally improve the quality of the tests themselves.

it feels soooo good to not be the only 'target' for any drweb wrong-doings, or what people believe to be so. :D

*PM limit reached, not ignoring the people who have sent me one.

{QUOTE-> If something is flagged as "probably trojan" or "suspicious" etc then how can that count as a false positive? I think false positive would be if it flags it as a Trojan.Example or so. If an exe is small sized, and has code that downloads something/installs something .. then why not flag it as suspicious when usually that kind of programs are. That is why you can choose to ignore/exclude it if you know that it's not a trojan or virus. Better to let user decide if that program is ok or not than to let possible disaster happen. You can also choose to use "heuristic analyzer" or not.

I would understand that "dr.web & false positives" debate if it would be about detecting a valid program with a 100% sure "detection name" or removing those without asking. <-QUOTE}

I believe it is a misunderstanding. Some people call "false positives" what should be called "false alarms".

{QUOTE-> To add the whole collection to the base is a 20 minutes work. This is what IBK is obviously suggesting. <-QUOTE}
BULLSHIT! What I suggest you is to add the real malware, no more, no less.

Btw, we will allow Panda to participate again starting from 2008. Panda wants to participate in the tests and all AV vendors I spoken with (with one exception which I prefer to not say) said that the quality of the test(s) and the test-sets (I am talking about the one of August) is higher than any other tests based on large sample sets.

{QUOTE-> BULLSHIT! What I suggest you is to add the real malware, no more, no less. <-QUOTE}
calm it down chaps :)

im sure they will add the real malware, i take it they have now recieved the dvds?

yes, they got the DVD's.

ok, well im sure they will check them and add what they feel is a threat IBK.

Folks* :)

@ IBK, if it only takes 20 mins to add them all, im sure some av's will just do exactly that, which is a bit of a shame.

{QUOTE-> BULLSHIT! What I suggest you is to add the real malware, no more, no less.

Btw, we will allow Panda to participate again starting from 2008. Panda wants to participate in the tests and all AV vendors I spoken with (with one exception which I prefer to not say) said that the quality of the test(s) and the test-sets (I am talking about the one of August) is higher than any other tests based on large sample sets. <-QUOTE}

No BULLSHIT! Do not be tricky, adding 22K of samples and analysing them all takes a while, you know that. We do not have spare people to do that because there are some hundreds of current ones every day. Pushing them all to the robot is not our style, sorry for this. We'd rather keep those users who respect us for being Dr.Web than acquire new ones who will be seduced by good AV-comparatives test results.

As for the one who is not happy about the AV-comparatives tests quality I think I know them. Doctor Web, Ltd. is their name. But they are not the only one.

{QUOTE->
1.So where would you suggest that people look for accurate detection rates?

2.And what about Dr Web's results at av-test.org? The results there are very similar to those over at av-comparatives. Should we dismiss them as well?
<-QUOTE}

1. The answer is - any test can be trusted if it can be reproduced by third parties. When I am told that my product missed some 25004 samples I have to be sure all of them are the malware to be detected. But if I find 1,2,3,4 files that are NOT viruses - can I agree that the test results mean something for me?
My first question is - HOW DO YOU SELECT FILES FOR THE TESTS? Unless I am told the exact methodology (by the way, do you know it for AV-comparatives?) - I can never be sure that the tests results are relevant for me.

2. No comments, unfortunately. We are going to study these tests, too.
Do not dismiss those results, of course. But give yourself the honest answer - are you sure the methodology is 100% transparent to you?
Anyway, I am waiting for 4.44 to be tested at av-test.org

IBK, cant reply because im maxed out on my PM limit grrrr

but cheers for letting me know, ive never had any problems with drweb, and even you must admit that your tests can make it a some-what easy av to bash.

we both know, there are loads of people too incompetent to use their own brains and their own ideas about such programs. :D

even with my 26 year f-secure licences, i will continue to stay with drweb as its a firm favourite for my laptop :D

Still BULLSHIT. Of course it takes a while, everyone knows that. You got 70k samples and you get tousands of samples every day. All those samples have to be analyzed and of course you are not (and will never be able) to analyze all those samples manually (even if that is DrWeb philosophy) - If this philosophy means that DrWeb scores lower in tests because DrWeb detects less real malware than other products, than you have to live with that, because that is what the test shows. Most other vendors nowadays use automated systems to analyze the files for functionality, maliciousity and add detection (I am not talking about the crappy systems which rely on the [e.g.VT] results of other AV products and just add everything what some other vendors are detecting, no matter if it is garbage or a false positive).
name the other ones, like I name you that also in av-test drweb scores 89%.
You say the test is full of garbage and want to contribute to better tests. Than send me the lists of files you consider garbage and I will show anyone the impact they had on the results, along with my excuses to DrWeb in case that DrWeb would have reached Advanced instead of Standard due garbage.

{QUOTE->
Anyway, I am waiting for 4.44 to be tested at av-test.org <-QUOTE}
you know when this will be Severyanin?

@IBK, i dont think he means 'full of garbage', just that it exists in the test sets, and how much is unknown.

also IBK, a few times this week ive heard 'we dont know the methodology', is this a secret to the companys?

{QUOTE-> 1. The answer is - any test can be trusted if it can be reproduced by third parties. When I am told that my product missed some 25004 samples I have to be sure all of them are the malware to be detected. But if I find 1,2,3,4 files that are NOT viruses - can I agree that the test results mean something for me? <-QUOTE}
It can be reproduced by anyone, as you get the missed samples.
Even IF you would find TOUSANDS of NOT viruses, the results still show that you miss MORE than other products.

{QUOTE-> My first question is - HOW DO YOU SELECT FILES FOR THE TESTS? Unless I am told the exact methodology (by the way, do you know it for AV-comparatives?) - I can never be sure that the tests results are relevant for me. <-QUOTE}
Did DrWeb sign the TOS without reading the methodolody? DrWeb signed the TOS stating that they agree with the methodology. If now because you are at the end of the list of the 17 best products you have a problem with the methodology, it MAY be better to state you do not agree anymore with the methods used and retire the signed TOS and from the tests. So far the only ones who prefer to do not show up in the tests are the ones which rely more on marketing and obscure statements and score low in independent tests based on large test-sets. You may wonder that some products which score e.g. 60% would love to take part in the main tests even if anyone would see that other products are scoring higher, but they stand behind their results, and want to show their improvements over the years.


1. TEST METHODS. The methods used by the Tester are described in a document published on the Test center website www.av-comparatives.org. The Tester reserves the right to improve and or change the methods as necessary. Notice of such changes will be published on www.av-comparatives.org website at least 30 (thirty) days before they take effect. Agreement with changes notified is implied by continuing to participate in testing, subject to terms in (2.)

2. PARTICIPATION. Any vendor of security software (hereinafter referred to as “the Vendor”) has the right to decide whether to participate in tests performed by the Tester. If the Vendor decides to participate in tests performed by the Tester, the Vendor is obliged to send an application for inclusion in testing to the Tester by email or by fax. The application will contain notice that the Vendor accepts this TOS and the current methods published and used by the Tester.

Fortunatly av-comparatives is a little bit more transparent than others, so any user can build up his opinion by himself.

{QUOTE-> Even IF you would find TOUSANDS of NOT viruses, the results still show that you miss MORE than other products. <-QUOTE}Actually, I already did that calculation, shown here (http://www.wilderssecurity.com/showpost.php?p=1078192&postcount=54). Again, the assumptions were roughly half of the set missed (i.e. ~41,000 samples) by Dr Web were junk and that the same number were improperly flagged by every other AV. The simulated calculation is trivial and the overall test results don't (in my view) materially change.

Blue

@BZ: hm, yes, but as "products belonging to one category can be considered as good as the other products belonging to the same category regarding the on-demand detection rate", if half of the files would be garbage (and if mostly only DrWeb does not detect this garbage), DrWeb would be in Advanced.

{QUOTE-> @BZ: hm, yes, but as "products belonging to one category can be considered as good as the other products belonging to the same category regarding the on-demand detection rate", if half of the files would be garbage (and if mostly only DrWeb does not detect this garbage), DrWeb would be in Advanced. <-QUOTE}Agreed. But the calculation is a very extreme example with everything positioned in favor of the final result for Dr Web. Cut the estimate to 25,000 files of junk and the category would be unchanged. In other words, the test is not the issue here.

Blue

{QUOTE-> Actually, I already did that calculation, shown here (http://www.wilderssecurity.com/showpost.php?p=1078192&postcount=54). Again, the assumptions were roughly half of the set missed (i.e. ~41,000 samples) by Dr Web were junk and that the same number were improperly flagged by every other AV. The simulated calculation is trivial and the overall test results don't (in my view) materially change.

Blue <-QUOTE}

@BZ, thank you for the calculation. However, our concern is not there. I am sorry you guys don't get the point. I will try to explain it again.

1. We believe that Dr.Web has missed some (hundreds, thousands) of bad files. We are ready to improve our detection - and we have the material to do it.

2. In the results available to the public we see accurate figures (I don't mention the "few"/"many" words used in the proactive tests before). So, we see, for instance, that there were 44 410 macro viruses submitted to the test. Symantec missed 12 out of them scoring at 99,97%. I am really impressed at this performance but the question comes - what if in fact the missing 12 are NOT macro viruses? Then, the happy 100% would go to Symantec! Here I come to another question: why is the figure 44 410 there? Do we take it for granted? Are they CONFIRMED macro viruses - and who confirmed them? If they are not confirmed - then let us indicate "believed to be macro-viruses". Don't you think the value of the test will be changing then?

Please remark that no explanation to the figure 44 410 is given in the table - what exactly it shows leaves us at guesses. The same can be said about each category, leaving alone "other malware" which is really hardly interpretable.

Actually, the answer is given in the Disclaimer part of the report. No guarantee is given about the correctness and completeness of the tests (see the PDF file). But the figures in the online report are figures - and now we are discussing them.

@BZ, once again, I would point out: any calculations are fine, but we are on a very uncertain ground here. On the other hand, the impact on business is very accurate. I have never seen anybody writing "according to AV-comparatives tests, conducted with no correctness and completeness guaranteed...".

DrWeb says "We have done our best in order to protect your computers and information from all kinds of known and unknown viral threats."
Don't you think it would change the value of your product if you would admit that the best you did means that still tousands of real malware samples are missed or that your product is more likely to give a false alarm compared to some other products? What the "have done our best" means just leaves the users at guesses.
We are talking about the reached levels, which is what peoples look and have to look at, not about the bean-counters.

{QUOTE-> We are ready to improve our detection <-QUOTE}
Looking forward to this. Will this be in the very near future?
{QUOTE-> And we have the material to do it <-QUOTE}
Can you expand on this?

{QUOTE-> DrWeb says "We have done our best in order to protect your computers and information from all kinds of known and unknown viral threats."
Don't you think it would change the value of your product if you would admit that the best you did means that still tousands of real malware samples are missed or that your product is more likely to give a false alarm compared to some other products? What the "have done our best" means just leaves the users at guesses.
We are talking about the reached levels, which is what peoples look and have to look at, not about the bean-counters. <-QUOTE}

IBK, If this is all you can say - I cannot comment it. What we are doing - is our business, we can miss a lot of things that never appear in the wild. But this does not affect your business in any form. When we miss something, we immediately anlayze it and add to the base. On the contrary, your business does directly affect all AV-companies - and you take no responsibility for what you are doing.

By the way, do you mean to say that all that is submitted to the test is a real malware? Can I take it for granted? Please answer this question - this is very important for us.

{QUOTE-> DrWeb says "We have done our best in order to protect your computers and information from all kinds of known and unknown viral threats."
Don't you think it would change the value of your product if you would admit that the best you did means that still tousands of real malware samples are missed or that your product is more likely to give a false alarm compared to some other products? What the "have done our best" means just leaves the users at guesses.
We are talking about the reached levels, which is what peoples look and have to look at, not about the bean-counters. <-QUOTE}

IBK, If this is all you can say - I cannot comment it. What we are doing - is our business, we can miss a lot of things that never appear in the wild. But this does not affect your business in any form. When we miss something in our daily work, we immediately anlayze it and add to the base. On the contrary, your business does directly affect all AV-companies - and you take no responsibility for what you are doing.

By the way, do you mean to say that all that is submitted to the test is a real malware? Can I take it for granted? Please answer this question - this is very important for us.

{QUOTE-> Looking forward to this. Will this be in the very near future?

Can you expand on this? <-QUOTE}

Since we have at last the missed samples from Andreas Clementi.

{QUOTE-> Since we have at last the missed samples from Andreas Clementi. <-QUOTE}
But what about the missed samples from previous tests? I presume you were also sent these?

Overall, Dr Web is the slowest vendor in adding these missed samples to their database. So I assume you will take the same amount of time to add these present samples?

{QUOTE-> By the way, do you mean to say that all that is submitted to the test is a real malware? Can I take it for granted? Please answer this question - this is very important for us. <-QUOTE}
Did you miss the passage where I said that we will make public the amount of garbage that was in the August test-set and what impact it had on the results? I think everyone knows and will have no problem to say that any large set of malware is not free of garbage. We get lot of stuff submitted and lot of that stuff is garbage - and nearly all of the garbage is sorted out. So far we found 437 damaged files in the 808000 files, which could not be recognized as garbage by automated tools. I am sure we will find some more stuff and all which we find or that vendors (like you) will report us and will be confirmed by us to be garbage will be noted in the report of January along with its impact to the results, and if needed along with our mea culpa. That's all we can do for being transparent. All you can do is to add the real malware and if you really want to improve the tests (or even if you just want to dismiss the tests) you can report all real garbage you find in the DVD I gave to Daniloff.

{QUOTE-> we can miss a lot of things that never appear in the wild. <-QUOTE}
well, as this is not a test based on the wildlist, the lot of things you miss has its impact on the results, which is why you scored standard and not advanced or a+.

{QUOTE-> Did you miss the passage where I said that we will make public the amount of garbage that was in the August test-set and what impact it had on the results? I think everyone knows and will have no problem to say that any large set of malware is not free of garbage. We get lot of stuff submitted and lot of that stuff is garbage - and nearly all of the garbage is sorted out. So far we found 437 damaged files in the 808000 files, which could not be recognized as garbage by automated tools. I am sure we will find some more stuff and all which we find or that vendors (like you) will report us and will be confirmed by us to be garbage will be noted in the report of January along with its impact to the results, and if needed along with our mea culpa. That's all we can do for being transparent. All you can do is to add the real malware and if you really want to improve the tests (or even if you just want to dismiss the tests) you can report all real garbage you find in the DVD I gave to Daniloff.
<-QUOTE}

I am happy you said this.
I still can not understand what makes you publish the results based on the uncertain collection. When you produce a figure - it looks very accurate. And most people look at the figures, %s. You will probably make amendments in January - I am sure you will. But the bad impact occurs today, it will not be annulated in January.

{QUOTE-> @BZ, thank you for the calculation. However, our concern is not there. I am sorry you guys don't get the point. I will try to explain it again. <-QUOTE}Severyanin,

The calculation is a tool to simply crystallize certain points of discussion. For me, the best outcome of these tests is not necessarily 100% detection, but a balance between run performance and detection. I realize that all too many readers focus on numerical differences in the tables provided that likely fall below the intrinsic noise in the determination, however the tiered ratings provided do mitigate this tendency. Personally, I believe the soon to be released V4.44 Dr Web, with it's current detection performance, strikes a very reasonable balance. I use it and I'd recommend it to virtually anyone. As I've noted elsewhere, it's a solid product, a solid product that can be improved.
{QUOTE-> 1. We believe that Dr.Web has missed some (hundreds, thousands) of bad files. We are ready to improve our detection - and we have the material to do it. <-QUOTE}Excellent, that's exactly what one has to do.
{QUOTE-> Here I come to another question: why is the figure 44 410 there? Do we take it for granted? Are they CONFIRMED macro viruses - and who confirmed them? If they are not confirmed - then let us indicate "believed to be macro-viruses". Don't you think the value of the test will be changing then? <-QUOTE}In a macroscopic examination of the test results, the categorization might be an interesting nuance. As a consumer, the detailed categorization is irrelevant to me. Potential issues of valid malware vs. junk files is a detail that captures my attention, hence the calculation that I performed to provide some indication of the scope required to materially impact the results. The change required is rather substantial.
{QUOTE-> Please remark that no explanation to the figure 44 410 is given in the table - what exactly it shows leaves us at guesses. The same can be said about each category, leaving alone "other malware" which is really hardly interpretable.

Actually, the answer is given in the Disclaimer part of the report. No guarantee is given about the correctness and completeness of the tests (see the PDF file). But the figures in the online report are figures - and now we are discussing them. <-QUOTE}This is actually a somewhat disingenuous comment. Are you trying to make the point that you believe, in broad strokes, that the final results are completely compromised?
{QUOTE-> @BZ, once again, I would point out: any calculations are fine, but we are on a very uncertain ground here. On the other hand, the impact on business is very accurate. I have never seen anybody writing "according to AV-comparatives tests, conducted with no correctness and completeness guaranteed...". <-QUOTE}I'm quite aware of the potential impact that these results may have on your business. It may be immediate and quite real. On the other hand I would seriously question whether the mass market even knows that this test exists. I would imagine that lead adopters who interface to the mainstream market do know of this test, what it does and does not imply, and provide the typical advice you see offered here - which is to develop a palette of options given broad criteria and advise the customer to trial within that palette and make a selection which best fits their personal needs.

Of course, when you dismissively note that{QUOTE-> To add the whole collection to the base is a 20 minutes work. <-QUOTE}you really do start to erode the authority of your technical position given the sample addition profiles exhibited in the periods between successive on-demand tests.

The ground here is likely firmer than you are willing to acknowledge. We are discussing the results of the 8th on-demand test, with results stretching back 4 years. Over that period, I'm sure that there has been ample opportunity to raise and address technical concerns that may have emerged. Obviously, if you believe the results are untrustworthy, you can either work to encourage or develop remedies or step away from participation.

It had been previously mentioned, and reinforced by comments made above, that the issue of junk file content is currently being directly assessed. If you believe this is a serious issue, I assume that it is based on quite firm information developed in house based on past test results. Given the obvious importance that you've placed on this specific issue in this thread, have those details been communicated to the testing group? That would seem to be the obvious place to start the entire exercise.

Blue

{QUOTE-> But what about the missed samples from previous tests? I presume you were also sent these?

Overall, Dr Web is the slowest vendor in adding these missed samples to their database. So I assume you will take the same amount of time to add these present samples? <-QUOTE}

If they are not the ones that bother our users, I am sure it will take a wile.
The alternative: make them detectable tomorrow, by using "automated tools".
Our Lab will never do that, though.

{QUOTE-> Severyanin,

It had been previously mentioned, and reinforced by comments made above, that the issue of junk file content is currently being directly assessed. If you believe this is a serious issue, I assume that it is based on quite firm information developed in house based on past test results. Given the obvious importance that you've placed on this specific issue in this thread, have those details been communicated to the testing group? That would seem to be the obvious place to start the entire exercise.

Blue <-QUOTE}

Yes, we do communicate the data to the right person. And we are trying to have as much attention to the collections we receive as possible.

I would prefer to wait for the report from the Lab about the tests on the last collection.

{QUOTE-> Severyanin,


This is actually a somewhat disingenuous comment. Are you trying to make the point that you believe, in broad strokes, that the final results are completely compromised?

Blue <-QUOTE}

We are speaking from different positions, probably. For us - though you may smile at it - the results are compromised when we find a single junk file in what was told on the website to be a virus. Or a virus in what was told to be a false alarm. For the public, of course, thousands and tens of thousands of missed samples always prevail. They don't bother to ask what those samples are (in the wild viruses, junk files, dumps, old viruses etc.). But the difference is really there.

The collection on which the test is based contains files believed to be bad. That is all. But I am still here with you because we are speaking about the AV-comparative test. Because some people here judge the product quality by the test results. If you reported me something that bothered you on your computer today, you would hear nothing from me but apologies - then it comes directly to our job. It is the last thing I want to hear from the users who trust us - that we miss a real malware on their computer.

{QUOTE-> We are speaking from different positions, probably. For us - though you may smile at it - the results are compromised when we find a single junk file in what was told on the website to be a virus. Or a virus in what was told to be a false alarm. For the public, of course, thousands and tens of thousands of missed samples always prevail. They don't bother to ask what those samples are (in the wild viruses, junk files, dumps, old viruses etc.). But the difference is really there. <-QUOTE}You're quite right. When you get down to it, the perfect AV has a signature base of 1, and that's of the next piece of malware that the owner is about to be exposed to. At best, this is a product that would miss all but 1 sample. That's a state which is not realizable in practice. Stepping back a bit, missed samples which the user will not be exposed to are a hypothetical issue. The one change that has been occurring over the past few years is that the increasingly extensive and hastening connectivity between everyone. Operationally means that we are tending to be exposed to the same pool of malware. That changes the scope of coverage needed, and perhaps how one goes about developing that coverage.

{QUOTE-> It is the last thing I want to hear from the users who trust us - that we miss a real malware on their computer. <-QUOTE}Let me put it this way - I'm one of your paying customers, so by definition I trust your product. I've not seen anything - even with the current test standing as is - which suggests that trust is misplaced. Like all of us, improvements can be made. It's really a question of how to best spend limited resources to make the improvements that matter most. There have been some obvious changes in V4.44 that do matter a lot to me as a user and those changes have been for the better.

Blue

im sure improvements can be made by both parties, but people should not be to quick to judge.

ive certainly realised since this last test, that drweb has gone out of favour with quite a few people on here.... people who obviously just look at the percentages, which is a terrible! way to judge an antivirus

Severyanin is in a perfect place to make any improvements, or to take any comments/improvements and then to try and implement them, or to totally dismiss them as im sure he will :)

im sure when i have any, i will dish them out :

{QUOTE-> ive certainly realised since this last test, that drweb has gone out of favour with quite a few people on here.... people who obviously just look at the percentages, which is a terrible! way to judge an antivirus <-QUOTE}Test detection percentages are the singular focus of all too many people here, which is unfortunate. How that translates into market performance, I have no idea.

As for Dr Web going out of favor...., programs move in and old of favor with users on a daily (hourly?) basis. We've had threads here in which current top performers in detection have fallen out of favor in some circles for specific issues unrelated to detection. That obviously presents opportunities for the remainder of the market, but it's up to the vendor to understand the current market dynamics in order to capitalize on that opening.

Blue

{QUOTE-> Test detection percentages are the singular focus of all too many people here, which is unfortunate. How that translates into market performance, I have no idea.

As for Dr Web going out of favor...., programs move in and old of favor with users on a daily (hourly?) basis. We've had threads here in which current top performers in detection have fallen out of favor in some circles for specific issues unrelated to detection. That obviously presents opportunities for the remainder of the market, but it's up to the vendor to understand the current market dynamics in order to capitalize on that opening.

Blue <-QUOTE}
yep, its a sad world we live in.

seen as this started to be about scan speed, i will continue it :)

@Severyanin - why does drweb have a slow scan speed? I know it adds many packers etc, but surely others do aswell and their on-demand is much quicker than Drwebs, it doesnt really bother me, but it does to some.

will their be any changes to improve this in the near future?

{QUOTE-> I believe it is a misunderstanding. Some people call "false positives" what should be called "false alarms". <-QUOTE}
Well, in today's world these two terms are used interchangeably - for the average user, a heuristic detection on a clean file bears pretty much the same "importance" as a signature detection on a similar clean file. In either case the average user is going to think that this might be malware, is going to quarantine or delete it. Next thing you know, his/her programs are not working properly due to the false detection. The effect is the same anyway. :)

{QUOTE->
1. We believe that Dr.Web has missed some (hundreds, thousands) of bad files. We are ready to improve our detection - and we have the material to do it.
<-QUOTE}

Okay, glad to hear that. :D

{QUOTE->
2. In the results available to the public we see accurate figures (I don't mention the "few"/"many" words used in the proactive tests before). So, we see, for instance, that there were 44 410 macro viruses submitted to the test. Symantec missed 12 out of them scoring at 99,97%. I am really impressed at this performance but the question comes - what if in fact the missing 12 are NOT macro viruses? Then, the happy 100% would go to Symantec! Here I come to another question: why is the figure 44 410 there? Do we take it for granted? Are they CONFIRMED macro viruses - and who confirmed them? If they are not confirmed - then let us indicate "believed to be macro-viruses". Don't you think the value of the test will be changing then? <-QUOTE}

1) What if in fact the 12 ARE macro viruses? :D
2) What if the figure 44410 is indeed mostly accurate?

Given that nothing is confirmed either way regarding those files, you cannot decisively say the test set is flawed. How are they classified? I do not know. Obviously there has been *some* basis - and based on this the files have been classified. While classifying, I guess one can assume a mostly correct classification - after all, a Zlob trojan is detected as Zlob and Trojan by all AVs out there (Dr.Web detects it as Trojan.Popuper, McAfee as Puper, etc. etc.). :)

{QUOTE->
Please remark that no explanation to the figure 44 410 is given in the table - what exactly it shows leaves us at guesses. The same can be said about each category, leaving alone "other malware" which is really hardly interpretable.
<-QUOTE}

The "other malware" category consists of those kinds of malware which are not in significant enough numbers to be given their own category (flooders, nukers, exploits and stuff like that I think).

It may indeed leave us at guesses - But it doesn't provide a conclusive decision either way. PR teams of AV companies show off VB100 awards. Now whats to say about the malware over there? Or AV-test? :)

One can raise several questions, about anything. ;)

{QUOTE-> On the contrary, your business does directly affect all AV-companies <-QUOTE}

In both positive and negative ways. And there is nothing intentionally being done to defame Dr.Web.....

{QUOTE-> By the way, do you mean to say that all that is submitted to the test is a real malware? Can I take it for granted? Please answer this question - this is very important for us. <-QUOTE}

I don't know the answer to this question. I do know that no test set is 100% garbage free and there will always be some amount of garbage in each test set.

But I will ask you a similar question: Does Dr.Web always detect only real malware 100% of the time? Can I take it for granted that Dr.Web never creates false alarms, or that it never detects malware in corrupt files at all?

{QUOTE->
I still can not understand what makes you publish the results based on the uncertain collection. When you produce a figure - it looks very accurate. And most people look at the figures, %s. You will probably make amendments in January - I am sure you will. But the bad impact occurs today, it will not be annulated in January. <-QUOTE}

I know you have your doubts, and I also know that there is no decisive conclusion on the presence and impact of garbage files on the final result. So I am not sure why you are expressing disapproval and questioning the validity of the tests based on unproven theories.

Would you rather have AV-comparatives say "do not trust these scores" and potentially let people have "blind faith" in assuming that Dr.Web has very good protection rates until something happens in January and all those customers get dissatisfied (assuming that the events turn out opposite to what you expect)?

As such, a "Standard" rating is a very good score by itself, and Dr.Web can indeed be a very solid product, but to make assumptions and theories the way you are is going a bit far IMO.

{QUOTE->
The ground here is likely firmer than you are willing to acknowledge. We are discussing the results of the 8th on-demand test, with results stretching back 4 years. Over that period, I'm sure that there has been ample opportunity to raise and address technical concerns that may have emerged. Obviously, if you believe the results are untrustworthy, you can either work to encourage or develop remedies or step away from participation. <-QUOTE}

Judging from older posts by Dr.Web staff in this forum about AV-comparatives, this is not the first time the company has had a problem with this test. Of course, it didn't get so ugly back then.

{QUOTE->
2. No comments, unfortunately. We are going to study these tests, too.
Do not dismiss those results, of course. But give yourself the honest answer - are you sure the methodology is 100% transparent to you?
Anyway, I am waiting for 4.44 to be tested at av-test.org <-QUOTE}

I am pretty sure 4.44 will do OK at AV-test.org. But I already have an idea of what may happen. Of course, I may be wrong. :)

{QUOTE->
We are speaking from different positions, probably. For us - though you may smile at it - the results are compromised when we find a single junk file in what was told on the website to be a virus. <-QUOTE}

Of course, we are speaking from different positions. Taking a similar analogy, having a lot of FPs in any AV severely compromises its impression upon some users. You cannot really prevent the FPs from happening - you can only fix them when they are reported, AFTER verifying whether it is really a FP (for example, riskware type software).

The same applies to this as well....If you find such files, you need to report them. :)

On an ending note for this post, I want to say that I am a Dr.Web license holder (for now at least) and also hold a license for its "sister" (though it is independently developed) Virus Chaser. In my experience Dr.Web's scan engine is very thorough and scans very deeply. I believe the scan speed can indeed be improved. And I also believe Dr.Web offers decent protection, and the 4.44 version is a good improvement over its predecessors - now if you only got an encrypted quarantine working! :)

AV-comparatives makes clear about the ratings achieved, and it also makes clear that even Standard rated products are worthy of use. And we know that vendors like Eset, which go into great lengths to verify malicious samples, also scored pretty good in the test. I am sure you have doubts, maybe not unjustified - but unless there is concrete proof of it, and unless there is a conclusive, definite explanation on WHY the test is untrustworthy, one cannot bash it. All I have seen so far is theories and the fact that Dr.Web's analysts found what they claim to be a significant number of files that are not really malware. There have been claims of various things, lots of paranoia but nothing definite.

Until something concrete is seen to show why AV-comparatives' results are bad, it is difficult to believe many things....:-\

P.S: To everyone who has sent me a private message over the past few days, please bear with me for the delay in replying, I am currently unwell and barely able to get out of bed. I will try to reply to your messages in the coming days. Thank you for your patience! :)

{QUOTE->
ive certainly realised since this last test, that drweb has gone out of favour with quite a few people on here.... people who obviously just look at the percentages, which is a terrible! way to judge an antivirus <-QUOTE}



I personally do not think that drweb "went out of favor" just because of the percentages. I think it also has to do with the expectation you (CSJ) "created" and then the bubble went burst.

Let me explain:

Many people ask on the forum for advice.Some of them are completely green.


Here you come with your suggestions that the doctor is great, that it is fantastic and this and that.Now what happened ? Some people believed it.

Those who did not bother to investigate your claims/fantasies (have ur pick) and bought it eventually found out that the doctor is not what they thought it was.It is not a top tier. Simple. No big deal to some but a big deal others.

It is like comparing a wheelbarrow with a ferrari. Makes no sense.


Couple this with a few other things they did not like and boom.They ditched the doctor.

That is why I told you to backup your claims.

Thanks

{QUOTE-> I think it also has to do with the expectation you "created" and then the bubble went burst.

Here you come with your suggestions that the doctor is great, that it is fantastic and this and that.Now what happened ? Some people believed it.

Those who did not bother to investigate your claims/fantasies (have ur pick) and bought it eventually found out that the doctor is not what they thought it was.
<-QUOTE}
i can smell what your talking,

im completly happy with my drweb and always have been, drweb has certainly matched my 'expectations'.

you speak of claims and fantasies, but i speak no lies, if you can surely prove this, i will admit im wrong.

many av's can be bashed you know, kaspersky with its chkdsk problems, avira with its program and update problems, nod32 with its default settings with no advanced heuristics, what would detection be to the majority that dont tweak their settings, 20%? , because nod32 relys more than others on them.

maybe IBK's tests should be done on default settings, avira might not flag alot of things, nod32 would be forced to turn on their advanced heuristics or get dropped from the test more likely. etc etc

i could go on and on, but what you speak of, misguiding people and creating fantasys or wishes for drweb is absolute bullshit!

ive stated the facts, the truth, you choose not to accept this because it shows drweb in a better light, sure you will say ive spoken such things to 'make' drweb show in a better light, this would be correct, i dont deny this, but if you can show me something that i have said to be a lie, or a misguided truth, please tell me.

drwebs false alarm rate - overreaction
drwebs detection rate - overreaction

any who bases a detection rate on a test set of such a large test set that is not indivdually checked is talking out of their ass, and yes... your breath smells :)

but all jokes aside,

at least with small tests, no disrespect at all towards you IBK, they can be checked throughout, checking for code, its acts on ones computer, its removal properties etc.

{QUOTE-> We are ready to improve our detection <-QUOTE}

its good enough for me, it should be for anyone else who 'uses' drweb.

{QUOTE-> Couple this with a few other things they did not like and boom <-QUOTE}

like what?

{QUOTE->
Those who did not bother to investigate your claims/fantasies (have ur pick) and bought it eventually found out that the doctor is not what they thought it wa <-QUOTE}

people ive recommended drweb to personally, are very happy with drweb, i assure you.
I think it is infact you, who is making misguided accusations, i believe these to be your thoughts, and nobody elses.

{QUOTE-> That is why I told you to backup your claims. <-QUOTE}

i believe Severyanin has also made quite a valid 'backup' of my claims.


:wacko:

CSJ,

---
i could go on and on, but what you speak of, misguiding people and creating fantasys or wishes for drweb is absolute bullshit! [....rest of the fiction clipped]
--------


I did not say that u on purpose misguided people.

You prob spoke because u were excited about the product.And in your mind the product was absolutely great. What is true in your mind is not always true in reality.

Look you even went as far as saying that the tests were setup for drweb to fail.

This alone makes me think you are a bit unwell.


You also did not realise that some ppl looked up to you.


Remember that we were all green once and you know how easy it is to believe stuff.- It's not rocket science.


To make a long story short.You like the software, use it.You want to say stuff say it.Make sure you back it tho.

If you can't back it up don't say it.

{QUOTE->
Look you even went as far as saying that the tests were setup for drweb to fail.
<-QUOTE}
taken out of context, the past 2 pages or so from one av expert to the next is all about the same thing.

{QUOTE->
And in your mind the product was absolutely great. What is true in your mind is not always true in reality. <-QUOTE}

it is, you just refuse to believe it so. ;)

Oops I missed a few,

CSJ,


l>like what?


I think some left because they had problems with support being either rude or not cooperative...I am sure the are more reasons besides the obvious.



.
>I think it is infact you, who is making misguided accusations, i believe these >to be your thoughts, and nobody elses.

BUt then again you also believe that drweb is a fantastic antivirus. There you go.

{QUOTE->
I think some left because they had problems with support being either rude or not cooperative...I am sure the are more reasons besides the obvious.
<-QUOTE}
any proof?

support have always been fantastic to me, 3 minutes for a reply at the weekend, very informative too.

who else can offer this?

so people left drweb because of support, i highly doubt this.

{QUOTE-> If you can't back it up don't say it. <-QUOTE}

:D

CSJ,


I think that this thread started to get interesting with IBK and a drweb "expert" discussing stuff. Why don't we let them talk instead of cluttering the thread ?

You could also open a new thread about drweb so that u can rant over there.

I really want to find out how this whole things pans out.so I'll sit and read.


Ok. done.

{QUOTE-> ive certainly realised since this last test, that drweb has gone out of favour with quite a few people on here.... people who obviously just look at the percentages, which is a terrible! way to judge an antivirus

<-QUOTE}
I am still a licensed user of Dr Web but no longer run it as a primary AV. The reasons have nothing to do with the tests over at av-comparatives as most members here realise that most of this zoo malware will never come into contact with their machines.

My main reason is that Dr Web seems to be treading water/going backwards compared to other AV vendors.

In the late 90's Dr Web was considered one of the best choices as an AV, as apart from its low footprint, among its strengths was considered its strong heuristics, good unpacking engine and its great detection of polymorphic viruses, and trojans.

However, over time its strong points seem to have diminished. For example, with NT/2000/XP sytems, Spider-Netting did not work. Smart-mode is the only one that can be used with SpIderGuard as trying to use the "other" options to scan, "run and open" and "create and write" will take for ever for any program to open. The same heuristic engine is still being used with some minor tweaks and heuristic, polymorphic and trojan detection have all apparently dropped compared to other AV vendors.

The web-scanner, SpIderGate has still not appeared after extensive beta-testing and small bugs such as the common freezing after updating are still not fixed in the full version. And the sparse Help-File, IMHO, still needs a lot of work. A Vista-compatible version is as yet still in the beta-stage.

As Technodrome pointed out in a past post here, " there has not been any major changes to the code in a very long time".

The results over at av-comparatives per se are not critical for most users in choosing an AV; but comparing the results again suggest a falling AV. Compare Dr Web with AVG, Avast, and Avira for example; Dr Web last reached an Advanced award in 2005 ( on-demand). In contrast, Avira for example has reached the Advanced-level in seven out of the last 8 tests. Further, DW is the slowest in adding missed samples of all the vendors.

Overall, Dr Web is still a good choice as an AV, particularly for safe users on older machines.

So although most of the above points are due to the constraints of a small Company, I have moved on to other AVs, which have the same minimal effect on performance as DW. But more importantly, they appear not to be stagnating but improving in both features and perceived detection rates.

{QUOTE-> The same heuristic engine is still being used with some minor tweaks and heuristic, polymorphic and trojan detection have all apparently dropped compared to other AV vendors.
<-QUOTE}
sure, i understand your comments, and i agree with alot of it.

but doesnt this change for 4.44 on tuesday?

i certainly understand drweb seem to be in 1st gear, they certainly have the resources to push it into 2nd or 3rd, but the new release with new .orgin detection of complicated malware, and the better removal is certainly a step ahead of 4.33 :)

4.44 is an improvement on 4.33, and v5 will be an improvement on 4.44, so this is definatly the correct way.

I, like you blackcat, want it all quicker though ;)

{QUOTE-> The web-scanner, SpIderGate has still not appeared after extensive beta-testing <-QUOTE}
its been discontinued, a http scanner will still arrive for v5 though, unless they change this.

{QUOTE-> ...and small bugs such as the common freezing after updating are still not fixed in the full version. <-QUOTE}This specific issue absolutely drove me crazy. It appears fixed in the latest 4.44 release (at least as I've installed it - which is without SpiderMail - on my machine)

Blue

{QUOTE-> I am still a licensed user of Dr Web but no longer run it as a primary AV. The reasons have nothing to do with the tests over at av-comparatives as most members here realise that most of this zoo malware will never come into contact with their machines.

My main reason is that Dr Web seems to be treading water/going backwards compared to other AV vendors.

In the late 90's Dr Web was considered one of the best choices as an AV, as apart from its low footprint, among its strengths was considered its strong heuristics, good unpacking engine and its great detection of polymorphic viruses, and trojans.

However, over time its strong points seem to have diminished. For example, with NT/2000/XP sytems, Spider-Netting did not work. Smart-mode is the only one that can be used with SpIderGuard as trying to use the "other" options to scan, "run and open" and "create and write" will take for ever for any program to open. The same heuristic engine is still being used with some minor tweaks and heuristic, polymorphic and trojan detection have all apparently dropped compared to other AV vendors.

The web-scanner, SpIderGate has still not appeared after extensive beta-testing and small bugs such as the common freezing after updating are still not fixed in the full version. And the sparse Help-File, IMHO, still needs a lot of work. A Vista-compatible version is as yet still in the beta-stage.

As Technodrome pointed out in a past post here, " there has not been any major changes to the code in a very long time".

The results over at av-comparatives per se are not critical for most users in choosing an AV; but comparing the results again suggest a falling AV. Compare Dr Web with AVG, Avast, and Avira for example; Dr Web last reached an Advanced award in 2005 ( on-demand). In contrast, Avira for example has reached the Advanced-level in seven out of the last 8 tests. Further, DW is the slowest in adding missed samples of all the vendors.

Overall, Dr Web is still a good choice as an AV, particularly for safe users on older machines.

So although most of the above points are due to the constraints of a small Company, I have moved on to other AVs, which have the same minimal effect on performance as DW. But more importantly, they appear not to be stagnating but improving in both features and perceived detection rates. <-QUOTE}



Has an avid drweb user I have to agree, Excellent post Blackcat. No Bullshit here.
Badcompany. :thumb:

blue: yes i was told a while back, that issue will be fixed in 4.44

to be honest, i never really noticed it till someone posted about it, i checked and it did give a cpu spurt

I still don't understand why Dr.Web doesn't add an encrypted quarantine into v4.44....It should be a farily minor feature to implement, and lets face it - every good AV has an encrypted quarantine these days...:)

An encrypted quarantine has its uses, maybe Dr.Web doesn't agree on the use of such a quarantine?

{QUOTE-> I still don't understand why Dr.Web doesn't add an encrypted quarantine into v4.44....It should be a farily minor feature to implement, and lets face it - every good AV has an encrypted quarantine these days...:)

An encrypted quarantine has its uses, maybe Dr.Web doesn't agree on the use of such a quarantine? <-QUOTE}
ask em for it ;)

you dont get anything without a little asking. :D

i still think 4.44 is only a product, because certain parts of v5 aint ready, maybe this is one of those things firecat.

{QUOTE-> any proof?
so people left drweb because of support, i highly doubt this.



:D <-QUOTE}

I left Dr.Web because of support.
It was non-responsive via e-mail for me.

{QUOTE-> I left Dr.Web because of support.
It was non-responsive via e-mail for me. <-QUOTE}
hello tester, did you try a support ticket?

i think support is no reason to leave an antivirus, it should be the antivirus itself, and nothing else.

what about norton, they dont have any do they?

{QUOTE-> I left Dr.Web because of support.
It was non-responsive via e-mail for me. <-QUOTE}

Hi the Tester,
The support from drweb is second to none, i sent a e-mail last night ( Saturday.) to support at 20:00 and received a reply at 20:25.You must be taking about along time ago, When the support was not so good.
Badcompany.

{QUOTE-> i think support is no reason to leave an antivirus, it should be the antivirus itself, and nothing else. <-QUOTE}C.S.J,

Basically anything a customer deems appropriate in rendering a selection is sufficient reason. That's the way this planet operates.

As for support, I also had a spell in which I thought DrWeb was being quite unresponsive. It turned out my ISP (Comcast) was filtering their attempts to contact me at the server level via originating IP address block. I discovered this by assuming, since they were located in Russia, that a block was possible and using a second, non-comcast account. The cause was not obvious since no notification appeared in my mail or screened mail inboxes. Dr Web had received notification of the bounce, but had no way to contact me - it was a perfect Catch-22.

Blue

{QUOTE-> C.S.J,

Basically anything a customer deems appropriate in rendering a selection is sufficient reason. That's the way this planet operates.

As for support, I also had a spell in which I thought DrWeb was being quite unresponsive. It turned out my ISP (Comcast) was filtering their attempts to contact me at the server level via originating IP address block. I discovered this by assuming, since they were located in Russia, that a block was possible and using a second, non-comcast account. The cause was not obvious since no notification appeared in my mail or screened mail inboxes. Dr Web had received notification of the bounce, but had no way to contact me - it was a perfect Catch-22.

Blue <-QUOTE}
yeah, isp spam filtering can be a b1tch, i always miss my ebay auctions because of it. *lol*

comcast, like my ISP Sky, offer free Mcafee, and to be fair, it aint too bad.

i havnt really tried 'email' but the support tickets are fantastic, so id recommend people to do that instead.

{QUOTE-> I am happy you said this.
I still can not understand what makes you publish the results based on the uncertain collection. When you produce a figure - it looks very accurate. And most people look at the figures, %s. You will probably make amendments in January - I am sure you will. But the bad impact occurs today, it will not be annulated in January. <-QUOTE}
I can not say (mainly because I and neither you know) what impact it will have on the results, so it is yet not even sure that DrWeb has to expect any excuses - could even be that I have to expect excuses from Dr.Web. We will see how accurate it was.
Than what about the even more important tests like VB? They are also not always fool-proof and just 1 little error makes you fail to get the VB100 award (which peoples look at and spread results in forums when it gets released and not later when it gets amended):
http://www.virusbtn.com/news/2006/10_06_vb.xml
http://www.virusbtn.com/news/2007/04_18a_vb.xml
http://www.virusbtn.com/news/2002/07_29_vb.xml
http://www.virusbtn.com/news/2002/12_01_vb.xml
http://www.virusbtn.com/news/2004/02_28_vb.xml
http://www.virusbtn.com/news/2006/09_01_vb.xml
etc.

In case of false alarms, Dr.Web gets from us the samples weeks before we publish the results, giving them the opportunity to report in case a false alarm is not a false positive.
I am sorry that this time it took that long to get the DVD's with the misses, but you got if I remember correctly (at least the mails I have confirm that) 1 week before publication some ten tousands misses by FTP (mainly from those categories where you miss less). Not that it makes a difference, but as usual I did not get any report about that files. But at that time you did not know that DrWeb was going to be on place 17th.
But at least in the meantime you already detect over 7000 samples that you missed in August (compared to the 5 months you needed before to add this amount after the previous tests).

{QUOTE-> But at least in the meantime you already detect over 7000 samples that you missed in August (compared to the 5 months you needed before to add this amount after the previous tests). <-QUOTE}

goooooood, :D

so far, Severyanin is keeping his word ;)

{QUOTE->

i think support is no reason to leave an antivirus, it should be the antivirus itself, and nothing else.
<-QUOTE}

It is a premium reason for me to leave an AV company. What good is 99.99 detection rate if you can't make it work properly on your computer and there is complete silence on the support side?

Softwin is starting to get on my nerve with the 2008 version on that account and if I drop them it will be because of that.

And at work we have Norton deployed on over 2000 computers, their v10 is causing us some problem and if we had not good support they would be out of there before the next renewal for sure, you can't leave 2000 workstations vulnerable(and some of the people working there are virus honeypot. Webmail is a scourge for that since we have no control over it.) Fortunately, we have good experience with Norton support so far(on the corporate side, dunno about the home version)

{QUOTE->
But at least in the meantime you already detect over 7000 samples that you missed in August (compared to the 5 months you needed before to add this amount after the previous tests). <-QUOTE}
Let's hope they can maintain this increase in the addition rate of the missed samples. But for now this is a definite step in the right direction.

{QUOTE-> I left Dr.Web because of support.
It was non-responsive via e-mail for me. <-QUOTE}

I am sorry to read this but to avoid mail exchange we introduced the online web-based support.
It is working, I believe, because many people of the company controll the tickets status and do their best to be responsive as possible.

{QUOTE-> C.S.J,

Basically anything a customer deems appropriate in rendering a selection is sufficient reason. That's the way this planet operates.

As for support, I also had a spell in which I thought DrWeb was being quite unresponsive. It turned out my ISP (Comcast) was filtering their attempts to contact me at the server level via originating IP address block. I discovered this by assuming, since they were located in Russia, that a block was possible and using a second, non-comcast account. The cause was not obvious since no notification appeared in my mail or screened mail inboxes. Dr Web had received notification of the bounce, but had no way to contact me - it was a perfect Catch-22.

Blue <-QUOTE}

Yes, everything that concerns the mail exchange is subject to filtering. We had many problems with our responses not coming to users, whit our licence numbers not reaching those who have paid for them.
We are trying to extend the support service to another, US-based server.
But then Russian users will not get our notification mails.

{QUOTE-> ask em for it ;)

you dont get anything without a little asking. :D

i still think 4.44 is only a product, because certain parts of v5 aint ready, maybe this is one of those things firecat. <-QUOTE}

There will be a quarantine, managed in a special databse - not in the V5, probably, but in the Control Center which will be ready earlier than V5 (V5 is basically the new engine for all the products in the line, not just a desktop version).

The scanner speed is being revised now - looking for some external reasons not directly related to the engine.
The new SpIDer will be a wonder, I hope. It will be multi-threaded, with an ability to scan up to 4 files simultaniously on a workstation and much-myuch more on a server. This will be in 4.44.

Mobile solution for Windows Mobile is about to be released in beta (we are too busy now to work on this beta these days).

{QUOTE-> There will be a quarantine, managed in a special databse - not in the V5, probably, but in the Control Center which will be ready earlier than V5 <-QUOTE}
very good news,

there you go firecat :)

ask, and they respond *lol*

{QUOTE-> Hi the Tester,
The support from drweb is second to none, i sent a e-mail last night ( Saturday.) to support at 20:00 and received a reply at 20:25.You must be taking about along time ago, When the support was not so good.
Badcompany. <-QUOTE}

It was 2004.
According to your experience they have made improvements.That's good for customers and the company.
Support,particularly for a pay-for program is essential.
I have dropped a few programs for poor support and I'm sure I will continue to do so.I will not tolerate poor support.
Regarding BlueZannetti's explanation...I don't know if I had the "bounce" problem with my ISP.I never had the problem with other foreign e-mails.That's not to say it couldn't have been an issue in my case.

{QUOTE-> I never had the problem with other foreign e-mails. <-QUOTE}I've had two multiple email events, different companies, separated in time, both Russian based, where this has happened. Given what was getting through the gateway level screening only to be picked off at the mail server which I could examine to my "screened mail" inbox, I was rather surprised. I've also had plenty of other foreign communications which were fine.

Blue

{QUOTE-> I left Dr.Web because of support.
It was non-responsive via e-mail for me. <-QUOTE}
Maybe you should not expect that much, russian mentality is a bit colder. ;D ;D

Nothing has changed in their anti-chinese-numerology-version, only mass of false positives, here´s the prove:

http://i24.tinypic.com/5l58ch

Stubborness at expense of the customers

{QUOTE-> Nothing has changed in their anti-chinese-numerology-version, only mass of false positives, here´s the prove:

http://i24.tinypic.com/5l58ch <-QUOTE}
anyone could create a similar screenshot for most of the antiviruses, as they all create FP's.

im sure if you look on the internet, you will even find them all.

but anyway, 'ignore' is an option for a reason :D

{QUOTE-> Maybe you should not expect that much, russian mentality is a bit colder. ;D ;D <-QUOTE}

whats wrong with the russians, they are fine.... some speak very good english and are down-to-earth as any of my mates are.

if your nice with them, im sure they will be nice back ;)

@Severyanin - i hope Drweb dont pull out of the tests, that would leave a v.negative thought in most peoples minds, and surely drweb do benefit from the dvds, but i worry, as i know drweb have never really had the marketing skills of others.

{QUOTE-> whats wrong with the russians, they are fine.... <-QUOTE}
There´s nothing wrong, I did not judge I only tried to explain him a bit of their mentality, so that he can prevent disappointments, no more no less.

No other Antivirus in this world create more obvious fp´s then dr.web.

{QUOTE->
No other Antivirus in this world create more obvious fp´s then dr.web. <-QUOTE}
ouchies,

a little harsh i think :)

{QUOTE-> Still BULLSHIT. Of course it takes a while, everyone knows that. You got 70k samples and you get tousands of samples every day. All those samples have to be analyzed and of course you are not (and will never be able) to analyze all those samples manually (even if that is DrWeb philosophy) - If this philosophy means that DrWeb scores lower in tests because DrWeb detects less real malware than other products, than you have to live with that, because that is what the test shows. Most other vendors nowadays use automated systems to analyze the files for functionality, maliciousity and add detection (I am not talking about the crappy systems which rely on the [e.g.VT] results of other AV products and just add everything what some other vendors are detecting, no matter if it is garbage or a false positive).
name the other ones, like I name you that also in av-test drweb scores 89%.
You say the test is full of garbage and want to contribute to better tests. Than send me the lists of files you consider garbage and I will show anyone the impact they had on the results, along with my excuses to DrWeb in case that DrWeb would have reached Advanced instead of Standard due garbage. <-QUOTE}

Just a couple of quick questions.

Do you know if all the samples are real malware?
If yes, how do you come to that conclusion?
Is each sample individually tested by a skilled technician or done automatically?
If no, do you know the percentage that are real malware?

Thank you.

{QUOTE->
No other Antivirus in this world create more obvious fp´s then dr.web. <-QUOTE}
Ikarus does.

{QUOTE->

@Severyanin - i hope Drweb dont pull out of the tests, that would leave a v.negative thought in most peoples minds, and surely drweb do benefit from the dvds, but i worry, as i know drweb have never really had the marketing skills of others. <-QUOTE}

Well, it isn't a problem to acquire the missed samples even if Dr.Web was not involved in AV-comparatives' tests, only that they would have to look for another source.

{QUOTE-> ouchies,

a little harsh i think <-QUOTE}
Okay lets turn off the heuristic.

{QUOTE->
Quote:
Originally Posted by SystemJunkie
No other Antivirus in this world create more obvious fp´s then dr.web.
Ikarus does. <-QUOTE} I only tested it once but did not remember exactly, I guess I will check that when I find the time.

{QUOTE-> what about norton, they dont have any do they? <-QUOTE}

Are you suggesting that Dr.Web has as poor support as Norton?

{QUOTE-> Are you suggesting that Dr.Web has as poor support as Norton? <-QUOTE}
me?....... i would never say such things

norton have loads of customers, yet no support, i was merely saying support is no reason to leave an antivirus.

Well, I paid my dr.web with wire transfer and got my license the next day. I also found some false alarms with origin detections and they were fixed also the next day. I received good, informative responses by email and a private message here from an expert. There is also new "my dr.web" under construction that I believe is a support feature.

Allow me to add something positive:

The freezing after DrWeb updates is gone in this version, hooray:D :D

If this has already been mentioned, I apologize. I just could not bear to continue reading all the bickering.:(

My positive comments: Drweb is definetly not that bad with detection on highly infected systems compared with other more populair av s out there, cleanup is good but not perfect, support is better then any other, support is faster then any other, it s definety cheap from the get go but migrate and price is a joke really, never encountered a company giving out discounts on demand, light on system resources, very fast updating on par with nod32, best default settings.

Negative comments: Im still wondering how special drweb technology is, they are way behind concerning features,detection,looks may not seem important but this aint the stone ages anymore.

Does drweb still have a future: Only if they come out banging anytime soon or they can stay isolated in russia and neighbouring countries cause outside we want to see software blazing.

They have a future if the detection rate of Malware remains on a high level, related to crypted/packed malware they belong to the top 5 (even better then nod). But as we all know the heuristic must be enhanced.

Name your top5 please and some additional info.

{QUOTE-> Name your top5 please and some additional info. <-QUOTE}No, let's not turn this thread into an AV vs. AV thread, please, or I'll have to close it. The thread is about DrWeb 4.44. Thanks.

Regards,

Snap

{QUOTE-> Thanks for all the replies. Intresting that Dr. Web takes so long on a scan - i now understand why. Realisically how often is a full scan required...

Decisions, decisions..... <-QUOTE}

Weekly, or even monthly..... you can always do express scans after that, and they only use 25% of the time, compared to a complete.

http://live.drweb.com

-13,685 signatures have been removed! ... yes, removed.

i hope they are not the ones from IBK's dvds.

i hope drweb, will comment on this.. when they have stopped having fun at their convention (probably playing ps3 *lol* )

very curious. :dry:

----------
maybe a mistake of some kind?

{QUOTE-> http://live.drweb.com

-13,685 signatures have been removed! ... yes, removed.

i hope they are not the ones from IBK's dvds. <-QUOTE}

Maybe just an optimisation of existing definitions, replacing some groups of them with generic definitions and application of better compression/ algorithms? :-\

yep, that exact thing did pass my mind,

however, im always a little weary when things like this happen, i always need the confirmation!

;)

{QUOTE-> I cannot comment on your particular numbers, but Dr Web has been a slow, and careful, scanner ever since I can remember. There have been never feature implemented in the beta, such as spidershield, that may be causing you issue. I do know that 4.44 is just a steping stone to v5, which will be drastically improved.
Chris, where are you? You may be able to help more than I. <-QUOTE}

just dont have too much on your computer n8chavez.

i always keep mine light and i optimize absolutely everything i can play around with ;)

this is my 'complete scan', as you can see... its not very long really.

193822

also my express scan, much more eye-pleasing.
I am curious to know why it has scanned more files apparently according to the count.

193823


also, my avatar is soooo much better than drwebs on their program :D

Remember that 4.44 always had smaller number of signatures, can't remember why but they are displaying the 4.44 amount now.

hello,i've another problem with 4.44 the number of signatures is always the same.I've send this to dr web forum(in france) they replie me "all is ok"?

@CSJ,
My complete scans have been all taking about 1hr. 15mins. Is there any chance that you could show us other Dr. Web users how you have your Dr. Web configured--that is, how you have your settings? I realize that we all have different numbers of files on our systems, but I, for one, would really be interested in how you have yours set. I would love to have my complete scans take 36 mins.:D Thanks in advance!:)

{QUOTE-> @CSJ,
My complete scans have been all taking about 1hr. 15mins. Is there any chance that you could show us other Dr. Web users how you have your Dr. Web configured--that is, how you have your settings? I realize that we all have different numbers of files on our systems, but I, for one, would really be interested in how you have yours set. I would love to have my complete scans take 36 mins.:D Thanks in advance!:) <-QUOTE}
i dont have much on my machine, thats all ;)

its what i would call a perfect balance, but i understand when people do moan... but for me, its never a problem

nod32 can scan my setup on max settings in just 7 minutes, but we know it doesnt scan as much ;D

guard - report everything
scanner - report everything
priority - highest

now, Drweb just need to work on lowering the ram usage of spidermail, if it wasnt for this.... it would be less than 1mb ram!

193827

{QUOTE-> @CSJ,
My complete scans have been all taking about 1hr. 15mins. I would love to have my complete scans take 36 mins.:D Thanks in advance!:) <-QUOTE}
You probably have more Files/archived files/installers/CD Images on your computer compared to Chris ;)

Once you have carried out a full scan by the Scanner, deselect archives in file types, then watch the scan speed markedly improve.

New downloaded archives can then be checked with the context-menu scanner.

{QUOTE-> You probably have more Files/archived files/installers/CD Images on your computer compared to Chris ;)

Once you have carried out a full scan by the Scanner, deselect archives in file types, then watch the scan speed markedly improve.

New downloaded archives can then be checked with the context-menu scanner. <-QUOTE}
i wonder if...

with the guard running,

after you do a complete scan, do you really need to do another?

wouldnt express scans be sufficient after that......

{QUOTE-> i wonder if...

with the guard running,

after you do a complete scan, do you really need to do another?

wouldnt express scans be sufficient after that...... <-QUOTE}
I agree, but I was suggesting to cdr that his present long full scan times need not be a regular occurrence if he tweaks his settings.

The express scans, together with the right-click menu, would be fine after he knows he has a clean system ;)

The operating memory is most important, if you don't have a virus running in your operating memory, then it's not active and doesn't need immediate attention. The guard would alert at computer startup/after update/etc. if a virus is active. One full scan per month and weekly express scans should be enough .. I don't scan even that often. People are too paranoid because of continuous intimidation from media/security vendors etc. ;D

@Black Cat, CSJ & Risl,
Thanks for the suggestions! Under the File Types to scan tab, should I have it set to "all files," "selected file types," or "by file name mask?" I have had it on the default, "all files" setting. Below that, I do not have "archives" or "e-mail files" selected. How would I tell it to not scan archives? I think what all of you are saying is: with realtime scanning active (which it always is), a complete scan can be done maybe once a month, with express scans done maybe once per week. If ever there were a "safe surfer," that's me!:D So, this program for scanning should be more than adequate for me. And I agree, our paranoia is mostly "...because of continuous intimidation from media/security vendors etc." Thanks again! I truly do like Dr. Web!

{QUOTE-> @Black Cat, CSJ & Risl,
Thanks for the suggestions! Under the File Types to scan tab, should I have it set to "all files," "selected file types," or "by file name mask?" I have had it on the default, "all files" setting. Below that, I do not have "archives" or "e-mail files" selected. How would I tell it to not scan archives? I think what all of you are saying is: with realtime scanning active (which it always is), a complete scan can be done maybe once a month, with express scans done maybe once per week. If ever there were a "safe surfer," that's me!:D So, this program for scanning should be more than adequate for me. And I agree, our paranoia is mostly "...because of continuous intimidation from media/security vendors etc." Thanks again! I truly do like Dr. Web! <-QUOTE}
yes, keep it all on 'all files' (guard and scanner settings)

if you dont want to scan archives for on-demand, just untick the 'archives' selection in the settings for the scanner. (F9)

glad you are enjoying the doctor ;)

without archive scanning, my machine does a complete scan in just 9 minutes. (similar to an express scan... if your wondering)

CSJ,
:) You were right! I ran a complete scan with "archives" unchecked, and it took 37 minutes! And after that, an express scan with "archives" unchecked took 6 minutes. That's certainly a very acceptable scan time to me. Thanks again for your help!:D

{QUOTE-> CSJ,
:) You were right! I ran a complete scan with "archives" unchecked, and it took 37 minutes! And after that, an express scan with "archives" unchecked took 6 minutes. That's certainly a very acceptable scan time to me. Thanks again for your help!:D <-QUOTE}
of course, you didnt doubt me did you? ;)

the scanner speed is very acceptable, but people forget that drweb has massive packer support and scans soooooo deeply, probably more than any other scanner, so with archives enabled, it can take a while.

archive scanning is not needed, but i prefer to enable it, your guard will find such threats if you try to open any archives with malware inside.