I have read an Eset Moderator post that the production of Virus signatures are automatic. If this is true, then couldn't a tool be made for the public/nod32 users that would enable us to make our own signatures? Then you could allow the use of an "extended" database in conjunction with this tool.

This of course would all be at the users discretion and labeled advanced....

After all, NOD32 is modular by design. :)

There must have been some kind of misunderstanding - virus signatures are added manually by engineers at Eset's lab.

No, it was not. Perhaps either you or the other moderator are mistaken.

"Extraction of a signature of a sample is an automated process and could be completed in no time."

See this:
http://www.wilderssecurity.com/showthread.php?t=36519

Post #18 by "anton".

Hi ChaosBlizard,

That's a cool idea but I can see one problem with that.

It would rely on the users to decide if the sample is a 'unwanted program' and could then increase 'false positives' when someone adds somthing they should not have.


Cheers

Jlo

{QUOTE-> No, it was not. Perhaps either you or the other moderator are mistaken.

"Extraction of a signature of a sample is an automated process and could be completed in no time."

See this:
http://www.wilderssecurity.com/showthread.php?t=36519

Post #18 by "anton". <-QUOTE}

If you don't selectively quote and read the rest of the post where the IMPORTANT info is

Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.


What can be done automatically is the extraction of the virus code from the file sent in

BUT what needs to be done manually is include the detections for that code to the database and instruct the antivirus how to "SAFELY" disinfect or remove the code from the file or delete the file without causing any damage to windows as well as examining the file to see what other files on the computer it is linked with that also need to be fixed

I'm afraid there is no automatic for taht and that is very time consuming and detailed work

I don't see your point.. Is the statement "Extraction of a signature of a sample is an automated process and could be completed in no time." still not within it's own sentence?

The first statement before that one "Every sample is logged and examined using various methods" does not mean a human is doing this. If the first quote in this text lies true, then that would be part of the process. You wouldn't be able to automatically make a signature without first performing some type of analysis.

If he didn't mean any of this, he should have reworded his statement.

PS- Most people wont care if it's benign or not, would you let cancerous material stay within your body just because the test's come back it is benign? The junk/broken virus/wannabe malware shouldn't be there to begin with.

This is why we need at least some KIND of extended definition database.

It's not a bad idea, however it can be used by malicious people: Malicious people can extract code from good aplication or inclusive system files and then upload a "bad" database to a site. So, when the user install that signature, the AV will detect good files as infected and novice users can delete the "infected" file. If I don't wrong, there were an AV with that feature, however currently there aren't AV with such type of feature. I think that one of the motive is that malicious people can do a bad use of that.





{QUOTE-> I don't see your point.. Is the statement "Extraction of a signature of a sample is an automated process and could be completed in no time." still not within it's own sentence?

The first statement before that one "Every sample is logged and examined using various methods" does not mean a human is doing this. If the first quote in this text lies true, then that would be part of the process. You wouldn't be able to automatically make a signature without first performing some type of analysis.

If he didn't mean any of this, he should have reworded his statement.

PS- Most people wont care if it's benign or not, would you let cancerous material stay within your body just because the test's come back it is benign? The junk/broken virus/wannabe malware shouldn't be there to begin with.

This is why we need at least some KIND of extended definition database. <-QUOTE}

I believe the point that Eset is trying to make is that, yes, they could do (and have the means to do) automatic database additions but that would make NOD32 like many other of the competition (slower and less efficent). But, NOD32 has demonstrated that their seemingly unique approach to selectively adding signatures is more effective, efficent, and faster.

It seems the thread starter is asking why not have an additional module that would use the automatic database that could be turned on or off at the users choice. Although it would seem possible, and correct me if I'm wrong, but I don't think anyone has really complained about getting infected with NOD32 running. Since NOD32 has a 100% track record with ITW viruses, why worry about 100% of zoo viruses since the likelyhood of encountering one is extremely small. Even if you do encounter a zoo virus, the AH have proven that you have a much better chance of detecting it even without a signature then any other anti-virus.

NOD32 seems to be getting better with time. All the hard work Eset has put in to keeping it lean and mean but still effective should not be taken lightly. Otherwise, if they keep adding and adding features, suddenly you'll end up with something like NAV :P.

{QUOTE-> I don't see your point.. Is the statement "Extraction of a signature of a sample is an automated process and could be completed in no time." still not within it's own sentence? <-QUOTE}The point here is that creating single file fingerprint is only a small part of the process of adding to the database. You have to add the various parts of the malware, and most importantly you have to include a full routine for cleaning out an infection (a fair amount of people are going to find NOD32 after being infected.)

Not to mention that they need to do research to find out if they even should include it in the database, if it contains anything new that can be made to detect heuristically, possibly share the findings with other vendors (and/or security community at large), etc etc.

In short, NOD32 has to do more than just detect the installer, and the Eset analysts have more to do than just create one fingerprint.

I also fully agree w/ Sir_Carew, there would be a lot of room for abuse and in the end would probably leave you more vulnerable.

{QUOTE-> NOD32 seems to be getting better with time. All the hard work Eset has put in to keeping it lean and mean but still effective should not be taken lightly <-QUOTE}

I will second that statement. Eset gave people what they asked for as far as features, and at the same time, gave others that don't necessarily want the full bore options the ability to turn them off.

The virus signature databased isn't what really determines the speed, it's the virus programs engine. NOD32's engine, correct me if I am wrong, is written in ASM. The only language faster than AMS would be binary....

Also, someone was talking about how the fingerprint isn't good enough because it also must clean the infection.. Well, NOD32 is ICSA certified for detection, not cleaning. So it looks like you might say this, but it's not holding true with the product itself.

That's true, however I think ICSA sucks. KAV and NOD aren't certified in the cleaning test and I'm 100% segure that NOD and KAV are able to clean ALL ITW malware from the system. Moreover, both, KAV and NOD are certified in detecting and cleaning ITW malware in the Check Mark test.


{QUOTE-> Also, someone was talking about how the fingerprint isn't good enough because it also must clean the infection.. Well, NOD32 is ICSA certified for detection, not cleaning. So it looks like you might say this, but it's not holding true with the product itself. <-QUOTE}

That's your opinion.. However ICSA has some tough standards that must be meet before you can hold one of their certifications.

ICSA for cleaning:
http://www.icsalabs.com/html/communities/antivirus/certification/avcleancrit.shtml

If NOD32 isn't certified for that, it must mean if fails in one of those regards. You shouldn't blame the tester, but what's being tested.

PS- There is a reason why the next version of NOD32 is listed as having a better cleaning algorithm. The one NOD32 has now most likely isn't ICSA certifiable.

I don't trust in ***ANY*** test. Anyway, NOD32 passed the cleaning test in Check Mark. There're others AVs like NAV that are certified in the cleaning test at ICSA and believe that NOD32 is thousand of time better than NAV in all aspects. So, that test sucks. ICSA doesn't include other important points like the heuristic (very important).

{QUOTE-> That's your opinion.. However ICSA has some tough standards that must be meet before you can hold one of their certifications.

ICSA for cleaning:
http://www.icsalabs.com/html/communities/antivirus/certification/avcleancrit.shtml

If NOD32 isn't certified for that, it must mean if fails in one of those regards. You shouldn't blame the tester, but what's being tested. <-QUOTE}

The heuristics aren't, in my opinion, as important as the virus signature database. Your telling me, you would rather have your AV guessing than truly knowing what it's reading...

You don't trust any test, and yet you are talking about how NOD32 passed the checkmark test? I do trust those tests, it's not like they can fake them. They don't favor one over the other. They aren't going to go "Opps, I disabled the AH and scanned instead so KAV could get a better score.."

If all AV are subjected to the same test, using the same methods, it is scientific. The only thing you can't compare is one AV companys tests over any others. As they each use different methods/virus code to test.

{QUOTE-> The heuristics aren't, in my opinion, as important as the virus signature database. Your telling me, you would rather have your AV guessing than truly knowing what it's reading...

You don't trust any test, and yet you are talking about how NOD32 passed the checkmark test? I do trust those tests, it's not like they can fake them. They don't favor one over the other. They aren't going to go "Opps, I disabled the AH and scanned instead so KAV could get a better score.."

If all AV are subjected to the same test, using the same methods, it is scientific. The only thing you can't compare is one AV companys tests over any others. As they each use different methods/virus code to test. <-QUOTE}I'm not quite getting you.. are you trying the straw man argument here? What does this have to do with users making virus database signatures? Is your line of reasoning that because it's not ICSA certified for cleaning they should just throw out the cleaning engine?

{QUOTE-> The heuristics aren't, in my opinion, as important as the virus signature database. <-QUOTE}I would disagree with you on this point. Eset have the database covered, as do all others in the top 5 or so AV manufacturers. Where Eset excel is in capture of the unknown or day zero viruses/trojans etc through advanced heuristics...

Cheers ;D

Notok, you assumed yourself I tried to start something. I have been listing facts, unless you want to disagree with that, then I suggest you stop trying to start something.

PS- Because NOD32 uses heuristics it gets false positives... This wouldn't happen as much if it used the signature database more.

Blackspear, you claim how good AH are, yet your company has them disabled by default....

This conversation has been led way off topic and should be closed.

{QUOTE->

PS- Because NOD32 uses heuristics it gets false positives... This wouldn't happen as much if it used the signature database more.
<-QUOTE}

You are beating a dead horse here. False positives are common case with products without heuristics as well (KAV, NAV etc).

Nowadays, a heuristics engine has been tweaked in the way that they don’t produce as much FPs as they used to in the old days. Good (made quality) heuristics engines such as NOD32’s or Norman’s sandbox have minimized FAs. Possibility to get a FA is just as equal as with the product relying on classic virus database detection.

Heuristics= False positives is very, very dated.



tECHNODROME

This conversation is "off topic" due to the fact the requested addition to NOD32 is contrary to Eset's philosophy/approach to virus protection.

Eset believes (like many here that use NOD32) that heuristics is extremely important in protecting a computer system. ChaosBlizzard and others believe that signatures are more important.

As the signature database grows the amount of time required to compare the tested file grows as well. Therefore, keeping the database as small as possible keeps the impact on performance as small as possible. Since Eset usually takes more time to add a signature to their database then other AV companies, probably due to studying the virus more in depth, they rely on heuristics to give them the extra time they need to properly analyse a virus before adding it to the database. The proposed addtion to NOD32 flies in the face of this idea and is why so many are here discussing heuristics instead of the "extended database" idea.

ChaosBlizzard, I don't mean this personally, but this your topic is almost a flame subject here and that's why you've seen this kind of response. I doubt you'll find many NOD32 supporters interested in a signature-centric approach to virus detection. If there were, we'd probably not be using NOD32. We are trying to explain why NOD32 is not the product to add this kind of feature because the belief in heuristics is why most of us use NOD32 in the first place.

In a NOD32 world, there isn't as much import placed on virus removal. The key is prevention. Therefore, you won't need to remove a virus in the first place. Eset concentrates on prevention more than removal. Start with a clean machine...and keep it that way, with the least amount of impact on performance. There are a blue million free removal tools for viruses out there, but there is only one AV like NOD32.

No, you have the definition of "off topic" incorrect. I am the original poster. Since my original post obviously has a topic, anything related to that post is ON topic. Anything not related to that original post is OFF topic. Besides, who are you to say it's against their beliefs? Did you discuss this matter with them?

You think adding signatures to the database, a small "text" based file, will somehow increase the amount of time needed to scan a file? I assure you, with even a 1.0Ghz machine and a modern hard drive, you aren't going to notice anything. The other anti viruses, such as McAfee are slow because of the way they are programmed, not because of their "large definition databases".

I wasn't aware suggesting improvements were considered flames. How silly of me to offer feedback to a product I BOUGHT.

I haven't had one thing caught due to heuristics yet, so if I didn't have those signature files, I guess I would be infected.

You don't have to lecture me on safe computing. I have been training myself for 7+ years with computers, I have one year of CISCO training. I am also in ITT-Tech right now studying CNS. I tested out of their PC Introduction course. I have even had a computer with something running RAM modules about the size of your arm, and the operating system was before DOS went to 16 bit.

"Heuristics= False positives is very, very dated." I never said this, you are twisting my words. I said if an ENGINE RELYS on heuristics it gets more false positives.

I believe NOD32 had the most false positives out of any other tested product.

If you do wish to negate my statements, first read:
http://www.pcworld.com/reviews/article/0,aid,115939,pg,4,00.asp

...."at the other end of the scale, Eset's NOD32 misidentified 31 clean files."

I am not bashing NOD32, it is a very good product. However I feel you reject any and all suggestions to your product because you feel it can't be improved, and that it is FAR SUPERIOR than all of it's counterparts. This is a misconception, NOD32 still needs improvements, and or isn't perfect.

{QUOTE->

I believe NOD32 had the most false positives out of any other tested product.

If you do wish to negate my statements, first read:
http://www.pcworld.com/reviews/article/0,aid,115939,pg,4,00.asp

...."at the other end of the scale, Eset's NOD32 misidentified 31 clean files."

<-QUOTE}
"AV-Test also scanned 20,000 clean files .... at the other end of the scale, Eset's NOD32 misidentified 31 clean files."

I find that test a bit unbelievable in my real world experence with NOD and AH. I notice an occasional FP posted here but not that many. I use AH with the NOD32 on demand scanner on a machine. On that 80GB drive it scans 285,000 files with no FPs.

Are you seeing a lot of FPs with AH when you scan your hard drives? Do your scans with AH show around 31 FPs per 20,000 clean files?

{QUOTE->

"Heuristics= False positives is very, very dated." I never said this, you are twisting my words. I said if an ENGINE RELYS on heuristics it gets more false positives.

I believe NOD32 had the most false positives out of any other tested product.

If you do wish to negate my statements, first read:
http://www.pcworld.com/reviews/article/0,aid,115939,pg,4,00.asp

...."at the other end of the scale, Eset's NOD32 misidentified 31 clean files."
<-QUOTE}

I was generally speaking for those people who still believe that modern heuristics means a load of FAs.
Regarding that test, I have over a million files on my computers and I have yet to see a False Positive from NOD32.


tECHNODROME

Virus signature can detect only yet known malware. That's very good when you had a known malware on your system. What happend if you had a yet unknown malware?
My experience: I recommend to bought NOD32 to a friend. I analyzed her system using AH, and NOD32 recognized many malware as Probably unknown.... I packed all of these files into a RAR package. Later, I scanned it using KAV with latest update and KAV detected 18 of 20 of these files. NOD using AH detected the 20. I submited such trojans to Eset, and they now detect the 20 using signatures, so, the 20 files are infected. If she has choosen KAV, she will still with infected with these 2 trojans that KAV with its huge database doesn't detected. Thanks to NOD Heuristic, she hasn't now these 20 trojans. Isn't heuristic important? That's 100% incorrect.
I recall Check mark test because NOD passed a similar test that in other test failed. Strange... If I recall check mark is to show you that NOD was able to desinfect ITW malware, however I still don't trust in those test. Anyway, if NOD has many FPs, why Eset has a record in winning VB 100% test? Even more than KAV and NAV that hasn't a good heuristic. FYI an AV need to detect 100% of ITW malware without any FPs to get the VB 100% award.
Currently, heuristic is much more important than virus signature.


{QUOTE-> The heuristics aren't, in my opinion, as important as the virus signature database. Your telling me, you would rather have your AV guessing than truly knowing what it's reading...

You don't trust any test, and yet you are talking about how NOD32 passed the checkmark test? I do trust those tests, it's not like they can fake them. They don't favor one over the other. They aren't going to go "Opps, I disabled the AH and scanned instead so KAV could get a better score.."

If all AV are subjected to the same test, using the same methods, it is scientific. The only thing you can't compare is one AV companys tests over any others. As they each use different methods/virus code to test. <-QUOTE}

Sir_Carew - That is 100% KNOWN ITW..

Yes, you described the use of a signature, exactly why I like them, they are records of A SURE THING.

So you have good experience with 20 files... How many viruses/Trojans/worms/malware other than those 20 are out there?

To stan9, no I don't see any misidentified files; however you are suggesting all systems have similar files. This is a false understanding of a computer system. Regardless of how many similarities one system has with another, it is different.

I don't see what's so strange about NOD32 passing one test and failing another. It would only be consecutive if all companies used the same malware to test, which of course isn't the case.

"..heuristic is much more important than virus signature. " - If that is the case, then why bother with signature updates? If that technology is more important then you should be fine with that alone.

Also, the highest detection rate I have seen AT ALL with just heuristics is just around 80%. Other's claim only about a 53% detection rate of unknown malware with AH enabled in NOD32.

Heuristics are a backup technology, even the Eset Company would agree on this. It is not meant to replace definitions.

{QUOTE-> Sir_Carew - That is 100% KNOWN ITW..


To stan9, no I don't see any misidentified files; however you are suggesting all systems have similar files. This is a false understanding of a computer system. Regardless of how many similarities one system has with another, it is different.

<-QUOTE}

Hi ChaosBlizzard,

I still find it very strange that in the test you referenced they found 31 FPs using NOD and AH when checking with just 20,000 clean files.

However, you just stated you don't see any. I don't see any checking 285,000 files and tECHNODROME posted none with over a million files.
I do see a few FPs posted from time to time here but no where anything remotely close to 31 FPs per 20,000?

{QUOTE->
Heuristics are a backup technology, even the Eset Company would agree on this. It is not meant to replace definitions. <-QUOTE}

I don't agree that Heuristics are just a "backup technology". I view NOD's AH as a good proven first line defence that can help identify major zero-day infections in a lot of cases.

http://www.wilderssecurity.com/showthread.php?t=42010
http://www.wilderssecurity.com/showthread.php?t=58482

Also Retrospective/ProActive Test:
http://www.av-comparatives.org

I have NOD on one machine, and one of the other top AVs two machines. They are both good at detecting current infections with definitions. However, I feel more comfortable with NOD running resident, (both AMON and the HTTP scanner) because NOD stands a better chance of detecting 'zero-day' infections then a lot of other AVs.

{QUOTE-> Hi ChaosBlizzard,

I still find it very strange that in the test you referenced they found 31 FPs using NOD and AH when checking with just 20,000 clean files.

However, you just stated you don't see any. I don't see any checking 285,000 files and tECHNODROME posted none with over a million files.
I do see a few FPs posted from time to time here but no where anything remotely close to 31 FPs per 20,000? <-QUOTE}

Like I said every system is different. There is no way of telling what they had installed, or what websites they visited before they ran the scan...

{QUOTE-> I don't agree that Heuristics are just a "backup technology". I view NOD's AH as a good proven first line defence that can help identify major zero-day infections in a lot of cases.

http://www.wilderssecurity.com/showthread.php?t=42010
http://www.wilderssecurity.com/showthread.php?t=58482

Also Retrospective/ProActive Test:
http://www.av-comparatives.org

I have NOD on one machine, and one of the other top AVs two machines. They are both good at detecting current infections with definitions. However, I feel more comfortable with NOD running resident, (both AMON and the HTTP scanner) because NOD stands a better chance of detecting 'zero-day' infections then a lot of other AVs.




No matter how fast a AV puts out a definition there is a time lag in which NOD's AH <-QUOTE}

Well, it is a backup technology. What do you think came out first? Virus databases technologies or AHs? Seeming the AH's are designed to GUESS if something is bad or not, that seems pretty seems like something for “backup” to me...

Call me crazy, but if something is only making an estimate if something else MIGHT be no good for the system, that isn't something you would want to rely off of. If so, then as Eset why AH isn't enabled by default.. If you ask me, it is a false sense of security.

I will be going into Network Security for my major. There is NO way I would tell a corporation they are "safe" because their anti-virus can guess. Do you have any idea how fast you would get fired? You are letting their network take a risk because the anti-virus can guess.

{QUOTE-> Like I said every system is different. There is no way of telling what they had installed, or what websites they visited before they ran the scan... <-QUOTE}

Almost seems statically impossible for them to have 31 FPs for 20,000 clean files when compared to what others post from real world experience.

Yes, the use and the bad point of signatures too: ONLY YET KNOWN MALWARE.
No, I've experience with about 7.000 differents class of malware. I collect malware and NOD32 with AH without signature is able to detect close to 70% and are ZOO, I'm NOT considering ITW, because NOD32 can detect close to 90% of ITW malware.
Is strange that NOD32 passed one test and the other *similar* not, because both test are based in the WildList (SAME SAMPLES).
Backup technology? nah, signatures are a backup technology, to add malware by name because if heuristic detect the malware, isn't so important that the signature detect that too, only for give them a name.
Anyway, you're wrong, with signatures, there're FPs too. And I prefer a AV with strong heuristic with few FPs than a AV based on signatures that in any case, is impossible too (I found FPs in KAV too).



{QUOTE-> Sir_Carew - That is 100% KNOWN ITW..

Yes, you described the use of a signature, exactly why I like them, they are records of A SURE THING.

So you have good experience with 20 files... How many viruses/Trojans/worms/malware other than those 20 are out there?

To stan9, no I don't see any misidentified files; however you are suggesting all systems have similar files. This is a false understanding of a computer system. Regardless of how many similarities one system has with another, it is different.

I don't see what's so strange about NOD32 passing one test and failing another. It would only be consecutive if all companies used the same malware to test, which of course isn't the case.

"..heuristic is much more important than virus signature. " - If that is the case, then why bother with signature updates? If that technology is more important then you should be fine with that alone.

Also, the highest detection rate I have seen AT ALL with just heuristics is just around 80%. Other's claim only about a 53% detection rate of unknown malware with AH enabled in NOD32.

Heuristics are a backup technology, even the Eset Company would agree on this. It is not meant to replace definitions. <-QUOTE}

{QUOTE-> Almost seems statically impossible for them to have 31 FPs for 20,000 clean files when compared to what others post from real world experience. <-QUOTE}

Since when are computer security statistics always uniform?

{QUOTE-> Yes, the use and the bad point of signatures too: ONLY YET KNOWN MALWARE.
No, I've experience with about 7.000 differents class of malware. I collect malware and NOD32 with AH without signature is able to detect close to 70% and are ZOO, I'm NOT considering ITW, because NOD32 can detect close to 90% of ITW malware.
Is strange that NOD32 passed one test and the other *similar* not, because both test are based in the WildList (SAME SAMPLES).
Backup technology? nah, signatures are a backup technology, to add malware by name because if heuristic detect the malware, isn't so important that the signature detect that too, only for give them a name.
Anyway, you're wrong, with signatures, there're FPs too. And I prefer a AV with strong heuristic with few FPs than a AV based on signatures that in any case, is impossible too (I found FPs in KAV too). <-QUOTE}

I'm wrong? I assume you work with Computers for a living? Or at least have some kind of training to come to this conclusion?

Funny how you know say 90% ITW viruses... I could have sworn you said 100% earlier. How can a signature be backup technology? If something matches the signature 100%, it isn't backing anything up, it's doing the identification without any help. I think you are getting the term backup confused.

Also, you are wrong, not all testing companies use the same samples. What's considered ITW is up to the testing company to determine. ITW might be different in certain parts of the world. You must remember the Internet is very large, so ITW might not be the same for one region as it is the other...

{QUOTE->

Call me crazy, but if something is only making an estimate if something else MIGHT be no good for the system, that isn't something you would want to rely off of. If so, then as Eset why AH isn't enabled by default.. If you ask me, it is a false sense of security.

I will be going into Network Security for my major. There is NO way I would tell a corporation they are "safe" because their anti-virus can guess. Do you have any idea how fast you would get fired? You are letting their network take a risk because the anti-virus can guess. <-QUOTE}

Not a false sense of security for me but actual experence.
As noted: http://www.wilderssecurity.com/showthread.php?t=42010
http://www.wilderssecurity.com/showthread.php?t=58482

I guess we will just have to agree to disagree about the value of NOD's AH as a proven first line of defence against some major "zero-day" infections.
I much rather have that real time warning as opposed to waiting for the time span when a definition is available and also updated by the end user in which during that time span they may be infected.

WildList consider the same ITW samples, so, if a test is based on WildList, the samples are the same. Please write here when I said that NOD detect the 100% of ITW samples using heuristic. I said in other post that NOD with signature detect the 100% of known ITW samples.
Do you think that I've no experience with PCs? Please said me your argue. A valid argue, please.

{QUOTE-> Since when are computer security statistics always uniform?



I'm wrong? I assume you work with Computers for a living? Or at least have some kind of training to come to this conclusion?

Funny how you know say 90% ITW viruses... I could have sworn you said 100% earlier. How can a signature be backup technology? If something matches the signature 100%, it isn't backing anything up, it's doing the identification without any help. I think you are getting the term backup confused.

Also, you are wrong, not all testing companies use the same samples. What's considered ITW is up to the testing company to determine. ITW might be different in certain parts of the world. You must remember the Internet is very large, so ITW might not be the same for one region as it is the other... <-QUOTE}

I myself would not prefer to get a false warning. You could end up deleting something vital to the system operation. Eset themselves warn that this can happen.

Most Students and all the Professors in my tech school recommend you should not put so much trust in a technology as to lead you to a sense of security. That sense of security may be false. In any case, if both the technologies fail, you can become infected and not even know it.

So it is important to monitor your own process list in any event.

I will agree to not agree, but as a professional I wouldn't advise any of my clients to put that much faith in Heuristics... Most IT professionals won’t either.

{QUOTE-> WildList consider the same ITW samples, so, if a test is based on WildList, the samples are the same. Please write here when I said that NOD detect the 100% of ITW samples using heuristic. I said in other post that NOD with signature detect the 100% of known ITW samples.
Do you think that I've no experience with PCs? Please said me your argue. A valid argue, please. <-QUOTE}
I have given you a valid argument. I asked you if you worked with Computer systems, and you answered that question with a question. Therefore I can't assume you work with them. That would be a false judgment on my part.

Would you provide something that says all ITW samples are the SAME.

I do have something you can read:
http://viruspool.vanderkooij.org/

The archive of ITW samples are not ORGANIZED.

http://www.plastic-buckles.com/catalog.html

Those ITW samples are governed by region, as noted in the above URL.

You obviously didn't know this, or you wouldn’t have stated what you did.

And do you recommend to your clients to put much faith in signatures? Sorry, but if you recommend to not put to much faith in heuristic, in signature you should do the same. With signatures, you're protected only from known malware that was analyzed first by the analyzers at the company.
I recall again, with signatures there're FPs too. Doesn't you think that?

{QUOTE-> I myself would not prefer to get a false warning. You could end up deleting something vital to the system operation. Eset themselves warn that this can happen.

Most Students and all the Professors in my tech school recommend you should not put so much trust in a technology as to lead you to a sense of security. That sense of security may be false. In any case, if both the technologies fail, you can become infected and not even know it.

So it is important to monitor your own process list in any event.

I will agree to not agree, but as a professional I wouldn't advise any of my clients to put that much faith in Heuristics... Most IT professionals won’t either. <-QUOTE}

{QUOTE-> And do you recommend to your clients to put much faith in signatures? Sorry, but if you recommend to not put to much faith in heuristic, in signature you should do the same. With signatures, you're protected only from known malware that was analyzed first by the analyzers at the company.
I recall again, with signatures there're FPs too. Doesn't you think that? <-QUOTE}

I never said that either. There is a reason why most administrators block executables and or installations by the user, such as I do.

I put more faith into signatures yes, but NOT as much as standard safe computing or security on the network to beginning with in a proper manor.

Work with computers doesn't meant that you're a professional in computers. You can work with computers cleaning the screen and you aren't an expert but you're working with PCs too :D
And you're wrong, I work with PCs and I got money from that.
Oh, I forgave something: Many hackers aren't "professional" in computers because they doesn't have title however many of them known many more than experts with title.



{QUOTE-> I have given you a valid argument. I asked you if you worked with Computer systems, and you answered that question with a question. Therefore I can't assume you work with them. That would be a false judgment on my part.

Would you provide something that says all ITW samples are the SAME.

I do have something you can read:
http://viruspool.vanderkooij.org/

The archive of ITW samples are not ORGANIZED.

http://www.plastic-buckles.com/catalog.html

Those ITW samples are governed by region, as noted in the above URL.

You obviously didn't know this, or you wouldn’t have stated what you did. <-QUOTE}

{QUOTE-> Work with computers doesn't meant that you're a professional in computers. You can work with computers cleaning the screen and you aren't an expert but you're working with PCs too :D
And you're wrong, I work with PCs and I got money from that.
Oh, I forgave something: Many hackers aren't "professional" in computers because they doesn't have title however many of them known many more than experts with title. <-QUOTE}

I work in the IT industry; this does make me a professional. My professor could argue with you on that one. I work as a computer repair technician; I don't clean any other screen than my own.

I also stated before I have CISCO training. I am also continuously gaining more knowledge through schooling. Even though I have 7+ years of working with PC's in the past. This is my career, it's what I do.

I think that there're 2 main areas into the computers: Hardware and Software. I don't think that a good expert in hardware can know the same as an a good expert in software and viceversa.
>>I don't clean any other screen than my own.
Don't feel you that I'm insulting you. I put that if I work with computers doesn't meant that I'm an expert. I don't know if you're an expert or not, but if you said you are an expert, I trust you, even considering that in Internet anyone can lie.
WildList: http://www.wildlist.org/wild_desc.htm
Many experts from many companies and countries report different samples to consider that as ITW samples and thus create a list with "ITW" malware considering many samples that aren't massive in all countries.


{QUOTE-> I work in the IT industry; this does make me a professional. My professor could argue with you on that one. I work as a computer repair technician; I don't clean any other screen than my own.

I also stated before I have CISCO training. I am also continuously gaining more knowledge through schooling. Even though I have 7+ years of working with PC's in the past. This is my career, it's what I do. <-QUOTE}

{QUOTE-> I think that there're 2 main areas into the computers: Hardware and Software. I don't think that a good expert in hardware can know the same as an a good expert in software and viceversa.
>>I don't clean any other screen than my own.
Don't feel you that I'm insulting you. I put that if I work with computers doesn't meant that I'm an expert. I don't know if you're an expert or not, but if you said you are an expert, I trust you, even considering that in Internet anyone can lie.
WildList: http://www.wildlist.org/wild_desc.htm
Many experts from many companies and countries report different samples to consider that as ITW samples and thus create a list with "ITW" malware considering many samples that aren't massive in all countries. <-QUOTE}

So you are now agreeing that not all companies use the same ITW samples? Also, I program lightly in Visual Basic 6 SP6. I also use to program for years in HTML 4.1. If you need that much proof I can send you, or post somehow, on of my written applications.

I have written a database program for any company or person that wants to store employee information. Granted I did it for educational use, it would probably function just fine in a real environment.

I am not taking any of your information as an insult. I am fine arguing, trust me, I do this sort of thing everyday. Rather it is a debate in class or on the Internet.

PS- As for hardware, I have built a dual pentium III system with RAID and other varuous features. I have also repaired motherboards before using a soldering gun station... The capacitors went bad on a few of my motherboards and some friends, I replaced them with Panasonic caps.

{QUOTE->
I will agree to not agree, but as a professional I wouldn't advise any of my clients to put that much faith in Heuristics... Most IT professionals won’t either. <-QUOTE}

I believe some folks shoot themselves in the foot by limiting themselves to just one school of thought. Heuristics is improving all the time and NOD's AH has a proven track record to date and continues to improve with very few FPs. Even definitions can result in FPs.

http://www.wilderssecurity.com/showthread.php?t=58482

Some AV's Heuristic can provide that all important "zero-day" defense if used correctly. To just advise folks to rely solely upon good computer practices and AV definitions may be a disservice in my mind.

You keep making reference to this very forum. Isn't that one school of thought?

We all do it, however I am going to stick to my views. I haven't had a client complain or become infected with any major threat yet. If they keep their dat's updated then I don't have problems. It's when they neglect their updates that I have issues I have to fix for them. That is the only reason why I said "no major" threats yet.. If you secure the system/network to begin with you can make it almost impossible to compromise.

You shouldn't allow the typical user to install anything.

Besides, I believe my Professor knows enough. He does have two master degrees and is working on his PHD.

Also, if the Eset company takes such care with their AH, as you say they do, then their definitions should have less FPs then their AH...

It's a good discussion in any case.

One thing I have learned in the years I have been testing and useing antivirus programs is that I won't use one that does not have decent hueristics, viri are written much faster than the av companies can release definations. Even if hueristics only give me a small percentage of extra protection over just straight definations it is worth it to protect my computer. I have to much invested in it to not give it that little extra bit of protection. But everyone to their own preference.

bigc

{QUOTE-> One thing I have learned in the years I have been testing and useing antivirus programs is that I won't use one that does not have decent hueristics, viri are written much faster than the av companies can release definations. Even if hueristics only give me a small percentage of extra protection over just straight definations it is worth it to protect my computer. I have to much invested in it to not give it that little extra bit of protection. But everyone to their own preference.

bigc <-QUOTE}

This is why anti-virus companies combine them. I prefer definitions over heuristics, but if you choose to use heuristics you should make sure the dats are up to date. Also, if you are going to use heuristics, you should always consider things the anti-virus nabs using them. The "thing" it nabs might not be something you want to get rid of.

At least we all use AV software here.. You would be amazed at the amount of people who use NOTHING. No AV, no spy ware scanner, and no firewall. Almost every time I get a call is when the user lacks one of the three.

Agreed.
Heuristic isn't a technology of "guess that file is infected and the other not".
Heuristic report a suspicious file because it know that there're something strange in the file. Heuristic is something like a artificial inteligence.
Well, anyone can prefer/think anything. I gave the enought argues about why I prefer heuristic over signatures.
Many people use AV too, but without updating them.

{QUOTE-> One thing I have learned in the years I have been testing and useing antivirus programs is that I won't use one that does not have decent hueristics, viri are written much faster than the av companies can release definations. Even if hueristics only give me a small percentage of extra protection over just straight definations it is worth it to protect my computer. I have to much invested in it to not give it that little extra bit of protection. But everyone to their own preference.

bigc <-QUOTE}

Here's a good article to consider. IMO relevant to the whole of this thread..

Detecting Complex Viruses
http://www.securityfocus.com/infocus/1813
{QUOTE-> These examples are all worth a few days (and nights) of work at the least, taking into account reverse-engineering, replicating the virus, and writing the detection signature. It can help a researcher to start writing the detection as a standalone C program before integrating it into one's AV product. <-QUOTE}


{QUOTE-> I believe some folks shoot themselves in the foot by limiting themselves to just one school of thought. <-QUOTE}Agreed, balance is key.. as is much in life ;)

{QUOTE-> Agreed.
Heuristic isn't a technology of "guess that file is infected and the other not".
Heuristic report a suspicious file because it know that there're something strange in the file. Heuristic is something like a artificial inteligence.
Well, anyone can prefer/think anything. I gave the enought argues about why I prefer heuristic over signatures.
Many people use AV too, but without updating them. <-QUOTE}

How is it not guessing if it is suspecting a file due to suspicious activity? That doesn't really make any sense. It can't be suspicious if it you are not guessing. A definition is exactly what it states, it either is or it isn't. Heuristics however labels things that are unknown or "in-between". If it's unknown and being identified, then it sounds like a guess to me.

A.I. isn’t as advanced right now as you think it is, not in consumer products anyway. Currently we are in the fourth generation of Computers. A.I. is considered to be a fifth generation technology.

I know I used to have people come in my shop with a computer that wouldn't run that had an antivirus program that had never been updated and no firewall. they can sure get screwed up like that.

bigc

{QUOTE-> I know I used to have people come in my shop with a computer that wouldn't run that had an antivirus program that had never been updated and no firewall. they can sure get screwed up like that.

bigc <-QUOTE}

Yes and they usually don't know how to run standard maintenance.. Oh well, it's money in our pockets.. :P

"http://www.securityfocus.com/infocus/1813"

Whilst written by workers from the Symantec Company it was still a nice read. It’s nothing that you probably haven't read in pursuit of a good AV, but none the less worth reading.

Well, now we're agreed in the same point. ;D

{QUOTE-> Yes and they usually don't know how to run standard maintenance.. Oh well, it's money in our pockets.. :P <-QUOTE}

{QUOTE-> Well, now we're agreed in the same point. ;D <-QUOTE}


Well at least it ends in some kind of agreement. :P

Maybe this thread will have answers to some of the browsers in this forum. It could save us a few extra repetitive threads.

{QUOTE-> You keep making reference to this very forum. Isn't that one school of thought?

We all do it, however I am going to stick to my views. I haven't had a client complain or become infected with any major threat yet. If they keep their dat's updated then I don't have problems. It's when they neglect their updates that I have issues I have to fix for them. That is the only reason why I said "no major" threats yet.. If you secure the system/network to begin with you can make it almost impossible to compromise.

You shouldn't allow the typical user to install anything.

Besides, I believe my Professor knows enough. He does have two master degrees and is working on his PHD.

Also, if the Eset company takes such care with their AH, as you say they do, then their definitions should have less FPs then their AH...

It's a good discussion in any case. <-QUOTE}


Well, I don't have a formal degree related directly to IT but I have been working with computers on and off from 1961 starting with the US Navy. I am older then dirt. :) I am a retired CFO and CPA and have been responsible for the Data processing departments with several companies. Also, as a hobby I ran several BBS systems for the fun of it before the Internet was available to most folks. Over the years I have used most of the AVs, Norton (when it was Norton), McAfee, F-Prot, etc. and started using KAV around 1998. I still use KAV on some machines but went to NOD on another box about 3 or 4 years ago when there was a problem with KAV and a Win2K beta. I have built a large number of PC systems over the years, again as a hobby, and overclocked a number of CPUs and video cards just for the fun of it to test the limits.

With this real world background and years of direct experience I am impressed with the advancement and improvement of NOD's AH to help detect zero-day threats.

I think all ChaosBlizzard wanted was simply a larger Db of Virus, and his point is if speed will not decrease / or resource will not increase by 1-2% than why not add more. There is nothing wrong with having larger db with Zoo Varient as an extended DB.

And others Belived that H is very mch needed, would the best idea would be Eset improve boh AH and have extended Db as well as Interface improvement :D

We can then have best of both world.

{QUOTE-> Well, I don't have a formal degree related directly to IT but I have been working with computers on and off from 1961 starting with the US Navy. I am older then dirt. :) I am a retired CFO and CPA and have been responsible for the Data processing departments with several companies. Also, as a hobby I ran several BBS systems for the fun of it before the Internet was available to most folks. Over the years I have used most of the AVs, Norton (when it was Norton), McAfee, F-Prot, etc. and started using KAV around 1998. I still use KAV on some machines but went to NOD on another box about 3 or 4 years ago when there was a problem with KAV and a Win2K beta. I have built a large number of PC systems over the years, again as a hobby, and overclocked a number of CPUs and video cards just for the fun of it to test the limits.

With this real world background and years of direct experience I am impressed with the advancement and improvement of NOD's AH to help detect zero-day threats. <-QUOTE}


Ever use Norman on Windows 3.1? :P

If you are looking to gather more knowledge, there is a really good book written by Scott Mueller. It's about 1500-2000 pages of nothing but Computer information.

Also, was that version of KAV a beta? Or are you talking about a beta of Windows? In either case there were bound to be problems.

{QUOTE-> I think all ChaosBlizzard wanted was simply a larger Db of Virus, and his point is if speed will not decrease / or resource will not increase by 1-2% than why not add more. There is nothing wrong with having larger db with Zoo Varient as an extended DB.

And others Belived that H is very mch needed, would the best idea would be Eset improve boh AH and have extended Db as well as Interface improvement :D

We can then have best of both world. <-QUOTE}

The speed would decrease. Not with all the power of today's computer systems. To top it off it's not only CPU speed that is increasing. I am not sure if you know yet or not, but they are replacing PCI with PCI-e. They have already begun to replace HDD technology with the next type.

I myself am using RAID and an SMP enabled machine.

{QUOTE-> Ever use Norman on Windows 3.1? :P

If you are looking to gather more knowledge, there is a really good book written by Scott Mueller. It's about 1500-2000 pages of nothing but Computer information.

Also, was that version of KAV a beta? Or are you talking about a beta of Windows? In either case there were bound to be problems. <-QUOTE}

I never used Norman on Windows 3.1. Basically used DESQview for the BBS with Norton or McAfee to check the uploads/downloads.

It was a problem with KAV and a W2k beta. No fault of KAV but I needed an AV and started using NOD also at that time.

I guess I'll weigh in on this and help feed the troll... ;)

A little background. I am the administrator for a combination of approximately 2600 desktops, laptops and servers for my company. We have users in 17 different locations, across multiple continents, speaking a number of different languages. I've been in the PC arena since the TRS-80 Model 1, and have also used Norton, McAfee and a number of other AV packages over the years.

An exercise: If you assume that our standard PCs have (conservatively) 80,000 files per unit, and considering that we use MANY different software types, you can say that I'm responsible for 208 MILLION files. Probably more. In the time that we've been running NOD32 (a couple of years), I have had TWO false positives. Two. Zwei. Dos. Deux. (Insert favorite translation of "two" here). Let's do the math, eh? That comes out to a .0000009% FP rate, at least for my users. YMMV. Check my math, I may have a zero too many or few in there. :P

In that same period of time, NOD/AMON has triggered 12 times using AH, all on "Zero day" exploits or files that were later (usually by the next update) added to the database.

Now for some unasked-for advice:

ChaosBlizzard - Give it up and realize that there are people here who have been really, really patient with you who have been in this business since before you were born. Your constant "I know more that you because..."
a) "I have one year of Cisco training." Whoopee. Since when does Cisco training bestow AV knowledge?
b) "I've been teaching myself computers for 7+ years." Good for you. Do it another 10 - 20 years, then someone may care.
c) "I work as a computer repair technician" Whee. Been there, done that. Ten years ago.
d) "I have also repaired motherboards before using a soldering gun station" My 15 year old son solders, too. I used to build process control computers from a pile of discrete parts, a circuit board and a blank chassis. Sooo?
e) "I myself am using RAID and an SMP enabled machine" Wow. Considering that many, MANY motherboards come with "plug and RAID" functionality built in, that's nothing special any more. RAID 0, 1, 0+1, 5, 10, what? SMP enabled? It's got two processor sockets. Huzzah!

... stuff gets tedious after a few pages. The Wilders forums can be a great source of useful, pertinent, freely available information, should you decide to sit back and LISTEN every once in a while, instead of tooting your own horn.

BTW, ask your professor about S.M.A.R.T. HDD technology and whether or not you should wait until a drive actually fails before replacing it, or replace it when the device predicts it will fail? Isn't that relatively similar to heuristics?

Jack

Conclusion: We consider (at least many people that choosen NOD32) the heuristic as the most important thing. NOD32 is the only AV that has a good heuristic with few FPs.
Good points about heuristic:
-Zero day detection,
-Proactively detection,
-There's no need to get update to get protected.

I want to congratulate all people from Eset for their good work. I'm very happy to be a NOD32 user.

PS: If some people yet think that heuristic isn't the most important method of detection, I'm most sure that this will change in the future. A probe of that is that Eset is getting more clientes every day.
I think I post all of my points of view in that thread.

André

Very well said Anotherjack.

Cheers

Blackspear.

{QUOTE-> I guess I'll weigh in on this and help feed the troll... ;)

A little background. I am the administrator for a combination of approximately 2600 desktops, laptops and servers for my company. We have users in 17 different locations, across multiple continents, speaking a number of different languages. I've been in the PC arena since the TRS-80 Model 1, and have also used Norton, McAfee and a number of other AV packages over the years.

An exercise: If you assume that our standard PCs have (conservatively) 80,000 files per unit, and considering that we use MANY different software types, you can say that I'm responsible for 208 MILLION files. Probably more. In the time that we've been running NOD32 (a couple of years), I have had TWO false positives. Two. Zwei. Dos. Deux. (Insert favorite translation of "two" here). Let's do the math, eh? That comes out to a .0000009% FP rate, at least for my users. YMMV. Check my math, I may have a zero too many or few in there. :P

In that same period of time, NOD/AMON has triggered 12 times using AH, all on "Zero day" exploits or files that were later (usually by the next update) added to the database.

Now for some unasked-for advice:

ChaosBlizzard - Give it up and realize that there are people here who have been really, really patient with you who have been in this business since before you were born. Your constant "I know more that you because..."
a) "I have one year of Cisco training." Whoopee. Since when does Cisco training bestow AV knowledge?
b) "I've been teaching myself computers for 7+ years." Good for you. Do it another 10 - 20 years, then someone may care.
c) "I work as a computer repair technician" Whee. Been there, done that. Ten years ago.
d) "I have also repaired motherboards before using a soldering gun station" My 15 year old son solders, too. I used to build process control computers from a pile of discrete parts, a circuit board and a blank chassis. Sooo?
e) "I myself am using RAID and an SMP enabled machine" Wow. Considering that many, MANY motherboards come with "plug and RAID" functionality built in, that's nothing special any more. RAID 0, 1, 0+1, 5, 10, what? SMP enabled? It's got two processor sockets. Huzzah!

... stuff gets tedious after a few pages. The Wilders forums can be a great source of useful, pertinent, freely available information, should you decide to sit back and LISTEN every once in a while, instead of tooting your own horn.

BTW, ask your professor about S.M.A.R.T. HDD technology and whether or not you should wait until a drive actually fails before replacing it, or replace it when the device predicts it will fail? Isn't that relatively similar to heuristics?

Jack <-QUOTE}

So you’ve worked with Computers starting when they were useless. Computers just started to get up there in the past 10 or so years. So working with a punch-card system and a vacuum tube system doesn't necessarily count as a Computer. I can say I used a Computer if I broke out the abacus. Would that make me more knowledgeable with an AV system? No it wouldn't, so your argument that you’ve worked with ancient systems somehow makes you more knowledgably than me can be thrown out right there.

If you secured your Networks to start with you wouldn't have to worry about if your AV's AH are good enough to protect your systems. Go tell your boss the Network you are protecting is in good hands because your AV can guess.

Why bother teaching myself something before 10 years to this date? It is all useless information. Go ask a current repair technician what a DIN connector is, let's see if they know what you’re talking about.

Yeah, by SMP enabled that doesn't mean it has two sockets and I am not using them. It's a shame you don't understand that I am using two processors. But just in case that didn't sink in... I am using two processors.

Regarding S.M.A.R.T, I would replace the drive before it completely fails. Although that shouldn't matter too much if you are smart enough to take backups of the data on your Network to start with.

Basically you have stated that my education is useless, which makes you more of an idiot that you claim me to be. Your just mad because "kids" like me are taking your jobs. Get use to it, as most "kids" are better at using a Computer than any other adult aged 30 or higher.

Congratulations on your ability to solder old outdated technology together and make a calculator out of it. The founder of the Apple company did more than that in one week than your did the entire time you were engineering.. If you want to call it that.

If you are so good at it, why don't you go build your PC from scratch? Maybe because that skill is useless for anything other than repair.

By the way, those are more FPs than anyone would care to have, two or not. That's like saying I only got shot twice, but that's just fine with me, because it was only twice...

What I have listed as my experience doesn't necessarily make it everything I have knowledge of. You assume too much.

You didn't say anything about programming, so I take it you can build hardware but have no idea how software works. So basically you have talked out your backside regarding software AVs. Seeming how you have only listed a bunch of blue collar experiences.

Go program and tell me how easy that is just because you have been work with PCs for a useless 20+ years. Being older means nothing in the real world. It just shows your ignorance that you used that as your entire basis to your argument.

I bet your 15 year old son knows more than you do.

Oh and seeming how you took my list of training as some kind of reference to AV software, let me break it down for you old man. That simply means I know what I am talking about in various technologies. This wasn’t some kind of reference to my high level knowledge regarding AV software. I thought such a high caliber individual such as your self would have gotten that part.

You said me that you know how program in VB? Please let me said you that VB is a language for lammers. A good language is ASM, C++, not VB or at least Delphi.
There's no people in the earth that can be an expert of hardware and software at the same time. That's impossible. The computer world had many sub worlds, each of them very complex. Unlike you, I probe my statements. One probe of that it's impossible, is that you aren't an expert of antiviruses. Think that FP only occurs with heuristic is false. this is the enought probe that you aren't an antivirus expert. I think you're so selfcentered. Please let me said you that selfcentered people doesn't have a good future.
Well, I've no time to waste in such type of thread. I think this thread is off topic. And as I said before, I gave all of my points of view.

André


{QUOTE-> So you’ve worked with Computers starting when they were useless. Computers just started to get up there in the past 10 or so years. So working with a punch-card system and a vacuum tube system doesn't necessarily count as a Computer. I can say I used a Computer if I broke out the abacus. Would that make me more knowledgeable with an AV system? No it wouldn't, so your argument that you’ve worked with ancient systems somehow makes you more knowledgably than me can be thrown out right there.

If you secured your Networks to start with you wouldn't have to worry about if your AV's AH are good enough to protect your systems. Go tell your boss the Network you are protecting is in good hands because your AV can guess.

Why bother teaching myself something before 10 years to this date? It is all useless information. Go ask a current repair technician what a DIN connector is, let's see if they know what you’re talking about.

Yeah, by SMP enabled that doesn't mean it has two sockets and I am not using them. It's a shame you don't understand that I am using two processors. But just in case that didn't sink in... I am using two processors.

Regarding S.M.A.R.T, I would replace the drive before it completely fails. Although that shouldn't matter too much if you are smart enough to take backups of the data on your Network to start with.

Basically you have stated that my education is useless, which makes you more of an idiot that you claim me to be. Your just mad because "kids" like me are taking your jobs. Get use to it, as most "kids" are better at using a Computer than any other adult aged 30 or higher.

Congratulations on your ability to solder old outdated technology together and make a calculator out of it. The founder of the Apple company did more than that in one week than your did the entire time you were engineering.. If you want to call it that.

If you are so good at it, why don't you go build your PC from scratch? Maybe because that skill is useless for anything other than repair.

By the way, those are more FPs than anyone would care to have, two or not. That's like saying I only got shot twice, but that's just fine with me, because it was only twice...

What I have listed as my experience doesn't necessarily make it everything I have knowledge of. You assume too much.

You didn't say anything about programming, so I take it you can build hardware but have no idea how software works. So basically you have talked out your backside regarding software AVs. Seeming how you have only listed a bunch of blue collar experiences.

Go program and tell me how easy that is just because you have been work with PCs for a useless 20+ years. Being older means nothing in the real world. It just shows your ignorance that you used that as your entire basis to your argument.

I bet your 15 year old son knows more than you do.

Oh and seeming how you took my list of training as some kind of reference to AV software, let me break it down for you old man. That simply means I know what I am talking about in various technologies. This wasn’t some kind of reference to my high level knowledge regarding AV software. I thought such a high caliber individual such as your self would have gotten that part. <-QUOTE}

This has now got out of hand and has nothing to do with the original topic and has degenerated into a name calling and slanging match which serves no useful purpose so I am closing this thread bfore it wanders even further off track