http://img216.exs.cx/img216/2889/antivirheuristics2no.png

Check NOD32 and Norman. And this isn't the first case. AntiVir appears to have similar heuristics to NOD32 because i have seen many such scenarios where all AntiVir,NOD32 and Norman have detected same sample with heuristics.
So conclusion is that H+BEDV guys did a good job but they still need to support some more packers and move some more resources and staff into Heuristics developement (also don't forget about incrimental auto-updater ;) ).
What do you think?

Read this article http://www.viruslist.com/en/analysis?pubid=153595662 about signature-based virus detection and other technology for detection viruses.


Bye,

Izi

-{ Quote: "http://img216.exs.cx/img216/2889/antivirheuristics2no.png

Check NOD32 and Norman. And this isn't the first case. AntiVir appears to have similar heuristics to NOD32 because i have seen many such scenarios where all AntiVir,NOD32 and Norman have detected same sample with heuristics.
So conclusion is that H+BEDV guys did a good job but they still need to support some more packers and move some more resources and staff into Heuristics developement (also don't forget about incrimental auto-updater ;) ).
What do you think?" }-
Hi RejZor. I use antivir as one of my on demand scanners, along with bitdefender free, and avg free. I have antivirs heuristics set to "medium" It picked up a false positive in my trend micro installer.lol. That same installer has been scanned by a lot of different antivirus products. None showed it to be infected. I scanned a few days later with antivir, and it didn't pick up anything. The trend micro installer was still there.

I like antivir as a on demand scanner, but I would never trust it to be resident. I just don't like false positives, even though there will always be some now and then. Just my opinion.

Every antivirus can produce false positives,even without heuristics. It's impossible to remove all possibilities when there is milions of terabytes of data out there. I always set Heuristics in all antiviruses to Highest possible and i never had any problems. It's better to block one good program from time to time than not blocking bad ones... Alwil and H+BEDV teams were always very fast on false positives so they were usually fixed the same day or even within few hours. I just wanted to point out that there is a potential in AntiVir heuristics.

If you run across a false positive with AntiVir's heuristic, please send the file to heuristik@antivir.de so the heuristic can be fixed.

AntiVir's current heuristic is quite old and not very defined, a new version is in development with much better detection but it's still a while until release.
Also note that AntiVir's regular detection got a boost recently. ;D

Are you from H+BEDV team? Sounds like that ;D I'm looking forward in testing new AntiVir heauristics :)

One thing that has always held me back from AntiVir is the lack of email scanning.

-{ Quote: "Every antivirus can produce false positives,even without heuristics. It's impossible to remove all possibilities when there is milions of terabytes of data out there. I always set Heuristics in all antiviruses to Highest possible and i never had any problems. It's better to block one good program from time to time than not blocking bad ones... Alwil and H+BEDV teams were always very fast on false positives so they were usually fixed the same day or even within few hours. I just wanted to point out that there is a potential in AntiVir heuristics." }-
I agree that every antivirus can produce false positives. I do like antivir. It's super fast in scanning, even faster than avg. and I've never had any trouble updating it as some people have. The updates are big, but that is a non issue, as I'm on high speed cable.

When I think of false positives. The first thing that comes in my mind is panda titanium 2004. I downloaded it last year. It started scanning my computer, and cleaned and deleted some files that were necessary for my operating system. When I rebooted, I got the blue screen of death >:( The only thing that saved me from a format was winrescue. I managed to boot into safe mode and delete panda. And restore the registry ;D

I'm getting off topic here. I do like antivir, and I think it has great potential. ;D

-{ Quote: "If you run across a false positive with AntiVir's heuristic, please send the file to heuristik@antivir.de so the heuristic can be fixed.

AntiVir's current heuristic is quite old and not very defined, a new version is in development with much better detection but it's still a while until release.
Also note that AntiVir's regular detection got a boost recently. ;D" }-
Hi Stefan. If I get anymore false positives with antivir. I will send the file to the email you have listed ;D

Hi,

AntiVir is growing in detection rate and this is very good for an AV :)

It's nice to see that they are developer a new heuristic version and the so wanted incremental updates ;D

It's seems that only the pro version have a quarantine. It will be great if the free version also have it to later send the false positive through AntiVir...

I like AntiVir a lot ;D

Regards

How good is Norman's Sandbox? Does detect all major viruses with Sandbox?

Also don't forget some false positive that may occur by heuristics too. ;D

-{ Quote: "How good is Norman's Sandbox? Does detect all major viruses with Sandbox?" }-

Unfortunately, judging by what I've seen from Jotti's, Norman is next to useless. It routinely misses what nearly all the other AV's are able to catch, including AVG, avast! and AntiVir.

I find Dr. Web and Antivir are very effective at catching viruses/trojans. ;)

Well, I heard it can be done and because of this thread i'm doing it. It's amazing that I can run NOD32 and Avast as resident together without any conflict. (just can't run IMON - I guess because Webshield is running)

I find Norman's Sandbox quite impressive, but it is too slow. VB stopped scanning with Norman in one of their tests because Norman took too long (over 3 days ;-) ). Detection doesn't look that bad:

http://sandbox.norman.no/live_2.html

Of course, it always depends on what kind of malware you are scanning.

Currently, AntiVir's heuristic is no match at all against either NOD32 or Norman, but I am quite satisfied with the current internal tests of AntiVir's Heur 2.0.

If you are going after freeware, use Bitdefender (free edition has no guard but excellent detection) + AntiVir or BD+Avast. Avast has nice protection modules which AntiVir Personal Edition is missing, but Avast's detection is not so good.

Well i have access to Jotti statistics and i can say Norman has the biggest signatures to heuristic ratio. This means that difference between signature and heuristic detections is the biggest among all AVs. Norman and NOD32 are switching places,but main problem is that Norman lacks signatures...

RejZoR, are those statistics available to the public?

Both VirusTotal and Jotti could publish very interesting statistics.

As i can see you are AntiVir developer so that should be no problem. Just contact Jordi and he will enable you statistics. Just tell him that you work for H+BEDV (AntiVir).

Hello guys!!

I've been following up on this thread for some time now...Well it seems AntiVir is fast becoming a very good Antivirus scanner; if there was an email scan with incremental update, then I might even consider the paid version (Vexira I think) in the future. AntiVir's detection is also increasing rapidly. Keep up the good work, H+BEDV!!

I see that the free version currently lacks a quarantine. Does this mean that free versions delete suspicious files. If so, I feel suspicious files must be renamed, NOT deleted (or no action should be taken).

And yes, the heursitics have amazing potential!

All of you, have a good day, don't get too serious and have some fun too!

Regards,
Firecat

There are actually 2 paid versions of Antivir if i'm not mistaken.

One is Antivir professionnal and the other one is Avira (www.avira.com ).

Vexira is not using Antivir engine anymore i think.

I do believe that the paid versions have an e-mail scanner.

The only thing that i miss with antivir free edition is the lack of knowledge of
what has been updated in each program version or in each virus DB update.

Well, I made a mistake...Thanks for that Unity!! But I'll wait for my eScan and McAfee to expire first...

I agree,Quarantine is a must have,especially if product supports heuristic detection. Just moving file to some folder and attaching .vir extension to it isn't enough, because if you use On-Access set to check all files you'll fall into infinite loop of detections (not good).

-{ Quote: "I find Norman's Sandbox quite impressive, but it is too slow. VB stopped scanning with Norman in one of their tests because Norman took too long (over 3 days ;-) ). Detection doesn't look that bad:

http://sandbox.norman.no/live_2.html

Of course, it always depends on what kind of malware you are scanning.

Currently, AntiVir's heuristic is no match at all against either NOD32 or Norman, but I am quite satisfied with the current internal tests of AntiVir's Heur 2.0.

If you are going after freeware, use Bitdefender (free edition has no guard but excellent detection) + AntiVir or BD+Avast. Avast has nice protection modules which AntiVir Personal Edition is missing, but Avast's detection is not so good." }-

AntiVir Guard and Bit Defender Scheduled Scan thats exactly what I do. I agree its quite a good freebie combination.

-{ Quote: "I agree,Quarantine is a must have" }-

I agree, but so is email scanning, which this product(free at least) lacks. I use safe surfing habits, so the only way anything virus wise tries to sneek into my system is through email.

-{ Quote: "Well i have access to Jotti statistics and i can say Norman has the biggest signatures to heuristic ratio. This means that difference between signature and heuristic detections is the biggest among all AVs. Norman and NOD32 are switching places,but main problem is that Norman lacks signatures..." }-

If I understand U correct Norman has the best heuristic detection. Coool!!!! About lacks of signature detection.
Signature detection:
Update 0207: Total new entries: 463
Update 0203: Total new entries: 260
Update 0202: Total new entries: 29
Update 0131: Total new entries: 1388
Update 0127b: Total new entries: 24
Update 0127: Total new entries: 8
Update 0126: Total new entries: 1847

AV-PE is great & getting better all the time. Their daily signature updates are now averaging ~2.4MB in size, whereas they ran 1.9MB not long ago. This is good news & bad news...

Good news -- AV-PE's signature base has been increased by a magnum amount, plus they have inserted a new recognition module. See comments at the AVPE forum HERE (http://www.free-av.de/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic&f=1&t=001641).

Bad news -- The larger daily downloads add to the problem for users who are on dial-up. Also, per *jacko* (a moderator at the AVPE forum), the AVPE download server is running "at its power boundaries."

An incremental update is on-the-way, but when?

Best time to update AVPE is when it's between 1AM & 4:30AM in Germany. That way, there is much less competition from AVPE users in the European area.

To get a GRRREAT *World Time Clock* for free, go HERE (http://www.programming.de/), then click the "Download" button, then scroll down to "World Time Clock" & grab it. Just a 148K download.

Few days ago whenever H+BEDV updated their VDF files,their homepage timed-out if you tried to connect to it. Smaller and incrimental updates are NEED for them. Can you imagine how much overhead do 2,4MB updates do?

As far I understand, it's not the amount of traffic that is causing the problems with the update servers, but the amount of connections open at the same time.
Of course, this is indirectly affected by the size of the VDF aswell.

Incremental updates are going good, as soon I have finished the VDF/engine tech for incremental updates I can move on to more interesting stuff such as Heuristic 2.0.

Oh and when I asked the Windows development team boss about the quarantine option he mumbled something which sounded positive to me. ;-)

Awesome , thank you for letting us know ;)

btw is there any way to see a changelog when there is a new version of Antivir ?

There is a newsletter mail service you can subscribe to, it should contain at least the important new features of the new releases.
I think it's not very detailed, but hey I don't need a list of bugs which I added to the engine going around in the public. ;D

-{ Quote: "I don't need a list of bugs which I added to the engine going around in the public" }-

lol ! thank you for the info ;D

-{ Quote: "Well i have access to Jotti statistics and i can say Norman has the biggest signatures to heuristic ratio. This means that difference between signature and heuristic detections is the biggest among all AVs. Norman and NOD32 are switching places,but main problem is that Norman lacks signatures..." }-

Could you please post here Jotti statistics?

-{ Quote: "If I understand U correct Norman has the best heuristic detection. Coool!!!! About lacks of signature detection.
Signature detection:
Update 0207: Total new entries: 463
Update 0203: Total new entries: 260
Update 0202: Total new entries: 29
Update 0131: Total new entries: 1388
Update 0127b: Total new entries: 24
Update 0127: Total new entries: 8
Update 0126: Total new entries: 1847" }-

I'm pretty sure the whole "Signatures to Heuristic" thing means that what Norman was able to find via its heuristics, NOD32 was able to find with its signatures. That does not mean that Norman's engine is better than NOD32's.