hsobrevilla02
October 1st, 2007, 02:32 AM
--->>>
"Please review the information posted in THIS THREAD regarding samples and how ESET handle them.
THREAD CLOSED.
Blackspear."
<<<---
good day to all!
after reading this post of Mr.Blackspear, and after closing my thread, may I ask again, what will happen to sample "VIRUS" files submitted to eset if NOD32 signature has not detected it after almost 11 days?
correct me if I am wrong or MAYBE i just misunderstood this quote
--->>>
"Hi Guys,
Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.
Some of the forum participants may recall the Rosenthal Utilities (RU) tests performed by CNET two years ago. All the 'simulated viruses' generated by the RU were benign (non-viral). 100% detection of the RU samples (achieved by some of the products) meant 100% False Alarm Rate. Detection of non-viral samples may lead to a couple of things: excellent results in some 'tests' combined with a false sense of security, a huge 'virus' signature database and 'dinosaur' update files.
Exponential increase of the number of new malware samples may often lead to a 'path-of-least-resistance' approach: automatic addition of all sample signatures, regardless of their viral nature.
Eset exchanges samples with several av vendors. Opposite statement is incorrect.
Speed of update and reaction time is of essence. Eset is fully aware of that. Advanced Heuristics has been developed and implemented with that in mind. The only acceptable reaction time is equal to zero. NOD32 achieves that often, e.g. it detected the infamous Netsky.A and Bagle.A heuristically.
Once again, I would like to thank you all: for both the samples and your patience :-)
anton
Last edited by anton : June 17th, 2004 at 05:11 PM. "
<<<---
does it mean that (1)eset only adds signatures that they think is mass propagating or is (2)neglecting virus that is only affecting one or two(out of so many) users of nod32?
if the answer is (1), I understand.maybe this is the company rule.
if the answer is (2), maybe eset could fix it?
I know that my original thread was closed by a moderator.
I am sorry for that if I made a mistake in that thread(maybe that is the reason why my thread was closed)
If this thread is also closed or deleted, I respect the moderator.
I just feel so "PARANOID"(although I am just a user of the trial 30 days) that until now my sample file was not detected by nod32.
any answers would be greatly appreciated
thanks in advance...
"Please review the information posted in THIS THREAD regarding samples and how ESET handle them.
THREAD CLOSED.
Blackspear."
<<<---
good day to all!
after reading this post of Mr.Blackspear, and after closing my thread, may I ask again, what will happen to sample "VIRUS" files submitted to eset if NOD32 signature has not detected it after almost 11 days?
correct me if I am wrong or MAYBE i just misunderstood this quote
--->>>
"Hi Guys,
Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.
Some of the forum participants may recall the Rosenthal Utilities (RU) tests performed by CNET two years ago. All the 'simulated viruses' generated by the RU were benign (non-viral). 100% detection of the RU samples (achieved by some of the products) meant 100% False Alarm Rate. Detection of non-viral samples may lead to a couple of things: excellent results in some 'tests' combined with a false sense of security, a huge 'virus' signature database and 'dinosaur' update files.
Exponential increase of the number of new malware samples may often lead to a 'path-of-least-resistance' approach: automatic addition of all sample signatures, regardless of their viral nature.
Eset exchanges samples with several av vendors. Opposite statement is incorrect.
Speed of update and reaction time is of essence. Eset is fully aware of that. Advanced Heuristics has been developed and implemented with that in mind. The only acceptable reaction time is equal to zero. NOD32 achieves that often, e.g. it detected the infamous Netsky.A and Bagle.A heuristically.
Once again, I would like to thank you all: for both the samples and your patience :-)
anton
Last edited by anton : June 17th, 2004 at 05:11 PM. "
<<<---
does it mean that (1)eset only adds signatures that they think is mass propagating or is (2)neglecting virus that is only affecting one or two(out of so many) users of nod32?
if the answer is (1), I understand.maybe this is the company rule.
if the answer is (2), maybe eset could fix it?
I know that my original thread was closed by a moderator.
I am sorry for that if I made a mistake in that thread(maybe that is the reason why my thread was closed)
If this thread is also closed or deleted, I respect the moderator.
I just feel so "PARANOID"(although I am just a user of the trial 30 days) that until now my sample file was not detected by nod32.
any answers would be greatly appreciated
thanks in advance...