As of late, it seems people have been shying away from posting results of personal testing scenarios. I find this disturbing, because in my opinion that seems like they are just taking others "advice" and not trying things out for themselves. Or I could be completely wrong, and way off the mark.

Well, who knows. Any how I have been testing a few AV's against my personal collection(s) and have posted the results, along with the lame test bed log file. You can view them here (http://oem.zer0-tec.net/testing/DISCLAIMER.html)

But please read the Disclaimer (http://oem.zer0-tec.net/testing/DISCLAIMER.html) and form your own opinions. As this is currently a work in progress, it is fairly lame. You also need some understanding of log files to grasp the information provided. But please remember, as you will see in the Disclaimer (http://oem.zer0-tec.net/testing/DISCLAIMER.html), I am no Professional and this is merely a test for myself I felt others might enjoy.
And if you don't read the Disclaimer (http://oem.zer0-tec.net/testing/DISCLAIMER.html) , then don't even bother posting a reply to this thread.

Also, if you feel something should be changed, or you need some kind of more information please say so.

//01MAY05//
I had to move the site so the links are updated now
http://oem.zer0-tec.net/testing/DISCLAIMER.html

Thanks!
Are you only testing two AVs?

I'm sure there's more coming soon :)

-{ Quote: "I'm sure there's more coming soon :)" }-

I've absolutely no doubts about this :-X

I enjoy seeing personal tests here, as long as were not talking about sample sizes of 10-100.

likuidkewl, my only suggestion would be that you try to count the number of undetected files after the scanner has been set to delete infected samples.

This will reduce the time spent looking through the log-files and may be more accurate, as in some situations such as packed malware, some AV scanners count the same sample several times.

Just copy your collection to CD/flashdrive and then use the delete.

Keep testing ;)

What proportion of your test-beds, particularly your large collection of over 57,000 samples, were DOS viruses?

could you please if possible also provide a CRC32 list of the used files? if u are interested to get from me a feedback about the samples based on the crc32 lists just let me know by PM.

No offence or anything, but personally, I find this very inaccurate.

First of all, your samples aren't unique. Some examples:
E:\Live\ANARKIA1.COM : infected Jerusalem.Curse.1653.b
E:\Live\ANARKIA2.COM : infected Jerusalem.Curse.1653.b
E:\Live\ANARKIA2.EXE : infected Jerusalem.Curse.1653.b

E:\Live\B-560P.COM : infected Burger.560.z
E:\Live\B-560Q.COM : infected Burger.560.z
E:\Live\B-560S.COM : infected Burger.560.z
E:\Live\B-560V.COM : infected Burger.560.z
E:\Live\B-560W.COM : infected Burger.560.z

E:\Live\BAMMPC1.COM : infected PS-MPC-based.a
E:\Live\BAMMPC10.COM : infected PS-MPC-based.a
E:\Live\BAMMPC2.COM : infected PS-MPC-based.a
E:\Live\BAMMPC3.COM : infected PS-MPC-based.a
E:\Live\BAMMPC4.COM : infected PS-MPC-based.a
E:\Live\BAMMPC5.COM : infected PS-MPC-based.a
E:\Live\BAMMPC6.COM : infected PS-MPC-based.a
E:\Live\BAMMPC7.COM : infected PS-MPC-based.a
E:\Live\BAMMPC8.COM : infected PS-MPC-based.a
E:\Live\BAMMPC9.COM : infected PS-MPC-based.a
E:\Live\BAMST-01.COM : infected PS-MPC-based.a
E:\Live\BAMST-02.COM : infected PS-MPC-based.a
E:\Live\BAMST-03.COM : infected PS-MPC-based.a
E:\Live\BAMST-04.COM : infected PS-MPC-based.a
E:\Live\BAMST-05.COM : infected PS-MPC-based.a
E:\Live\BAMST-06.COM : infected PS-MPC-based.a
E:\Live\BAMST-07.COM : infected PS-MPC-based.a
E:\Live\BAMST-08.COM : infected PS-MPC-based.a

You say you have a collection of 4112 viruses. How much of those are actually unique, and not duplicates ? The TWO(!) antiviruses you tested both detected around 95%(94% and 96%, to be exact). How am I supposed to know they didn't both detect 100% ? How do I know the remaining 5% are actually viruses, since there's no list of them ALL anywhere ?

Second, you didn't mention what settings you ran the antiviruses on.

I'm sorry, but I find this test highly inaccurate, and it doesn't in any way alter my opinion about any of those two products. Despite your disclaimer, you're just confusing less experienced people with this test. :/

-{ Quote: "E:\Live\B-560P.COM : infected Burger.560.z
E:\Live\B-560Q.COM : infected Burger.560.z
E:\Live\B-560S.COM : infected Burger.560.z
E:\Live\B-560V.COM : infected Burger.560.z
E:\Live\B-560W.COM : infected Burger.560.z
" }-

When i see THIS FILENAMES i already know from which Zip file it was downloaded from the internet! It was together with 3500 other old dos viruses. And nearly 35% of the samples out of this 3500 are DEAD! I know that because i did analyse this samples! This collection does also include wrong cleaned dos viruses - McAfee was some years back the master of turning corrupting samples during cleaning - such files are in this collection! Even with the tag inside the files from NORTON ANTIVIRUS that it did clean it!

And with this i prove to you what i just said:

-{ Quote: "*** E:\VIRUS!\Live\817.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\ANTIQUIT.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\ANTITEL.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\ANTIVIRA.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\ARCVVIR.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\BALOOCH.EXE -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\BEBE2.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\BOOT.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\BOOT2.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\C-JOJOB.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\CANADIAN.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\CI2000.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\CRACKY-V.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\CSJOJO.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\CYBERNET.EXE -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\D-MIR.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\DRIP.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\FRAC.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\GREEK.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\HARA.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\J-F13VAR.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\J-FRI13X.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\JOJO.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\KILL1.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\KILLER1.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\LOOKTHIS.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\NICHOLS.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\NICHOLSD.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\NOLITE.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\NPLAGUE.COM -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\OFF.EXE -> Unfunctional virus remnant Garbage_file ()
*** E:\VIRUS!\Live\OH-3544.COM -> Unfunctional virus remnant Garbage_file ()" }-

OUT OF YOUR OWN SCANLOGS !!! And this is only a part! I didn't quote here all samples! Beside of this there is MORE trash which Norman doesnt flag as garbage!

This are all WRONG CLEANED samples from McAfee and Norton! But nobody believes me because i have to be evil to disagree with such tests ::)
EOT.

Every morning when i get up from the bed i spend atleast 10 minits in praying that only people which know how to calculate a MS DOS Executable Entrypoint only with the help of a hexeditor should do antivirus tests... ::)

...doesn't work :o

That said: AV tests are not a game - the tester needs experience in this field - not only how to use a antivirus program! Normally he should be able to verify his own samples with a disassembly without the need of other scanners!

But on the other hand,checking of 30k samples 1 by 1 is no fun ;)

Wow, nothing like waking up seeing people just straight trashing something you said from the begining was not scientific nor accurate. But a personal test, that you would like to share with others.

As for the constructive comments, thanks and I will try what was suggested.

*Removed*

Good day!

You have to REPLICATE virus samples before you do such tests!

Otherwise every scanner can CHEAT! They just need to add a CRC for difficult to detect polymorphic viruses out of such test sets! And the result
out of this is that the scanner might fail to detect a REAL WORKING virus in another file!

There is a very simple rule - replicate 5 generations of file infectors, and take the 3rd generation for you test! (cause you know then that this files are working because they did infect already 2 other generation samples) IS THIS REALLY TO MUCH EXPECTED TO UNDERSTAND THIS SIMPLE PROCEDURE FOR TESTING FILEINFECTOR VIRUSES WHICH ARE NON-METHAMORPHIC ????

What do you expect from helping? That i teach you disassembly?

Thanks for that information.

-{ Quote: "You have to REPLICATE virus samples before you do such tests!

Otherwise every scanner can CHEAT! They just need to add a CRC for difficult to detect polymorphic viruses out of such test sets! And the result
out of this is that the scanner might fail to detect a REAL WORKING virus in another file!

There is a very simple rule - replicate 5 generations of file infectors, and take the 3rd generation for you test! (cause you know then that this files are working because they did infect already 2 other generation samples) IS THIS REALLY TO MUCH EXPECTED TO UNDERSTAND THIS SIMPLE PROCEDURE FOR TESTING FILEINFECTOR VIRUSES WHICH ARE NON-METHAMORPHIC ????

What do you expect from helping? That i teach you disassembly?" }-

If there would be a REAL interest i would even give a workshop here how to do this in a proper way, but i'm afraid (and this is not personally against you) that most of the people wouldn't understand the in-depth procedures.

It's very complex, and not only done with collecting a few samples. If the community here is interested then reply in this thread - otherwise don't shut at me when i say it's a amateurish test. It's easy as this. At least 50 interested people are needed, otherwise it makes no sense to spend so much time into details. Up to the readers here :-*

I proposed to help likuidkewl and FireFighter to sort out the garbage from their collection by sending my CRC32 logs (as I guess they would not like to send me the samples); but so far I did not got such logs neither from FireFighter (which I asked already last week) nor from likuidkewl (which I asked some hours ago). My question is: why you do not let you help a little bit to sort out known garbage files to improve a bit your sets?

-{ Quote: "I proposed to help likuidkewl and FireFighter to sort out the garbage from their collection by sending my CRC32 logs (as I guess they would not like to send me the samples); but so far I did not got such logs neither from FireFighter (which I asked already last week) nor from likuidkewl (which I asked some hours ago). My question is: why you do not let you help a little bit to sort out known garbage files to improve a bit your sets?" }-
I will work on that some more. I do want some help weeding them out, that was a big reason I posted it here at Wilders. Also, IBK, I am in a completely different time zone and you were all (well mostly) posting while I was in bed.
Also as I am not a Professional, as previously stated, I have other things to attend to before I can start again. Mainly a wife ;)

-{ Quote: "I will work on that some more. I do want some help weeding them out, that was a big reason I posted it here at Wilders. Also, IBK, I am in a completely different time zone and you were all (well mostly) posting while I was in bed." }-

Ok, good :), just let me know when ready.
Now I am waiting for FireFighter CRC32 logs ;)

-{ Quote: "No offence or anything, but personally, I find this very inaccurate.

First of all, your samples aren't unique. Some examples:
E:\Live\ANARKIA1.COM : infected Jerusalem.Curse.1653.b
E:\Live\ANARKIA2.COM : infected Jerusalem.Curse.1653.b
E:\Live\ANARKIA2.EXE : infected Jerusalem.Curse.1653.b

E:\Live\B-560P.COM : infected Burger.560.z
E:\Live\B-560Q.COM : infected Burger.560.z
E:\Live\B-560S.COM : infected Burger.560.z
E:\Live\B-560V.COM : infected Burger.560.z
E:\Live\B-560W.COM : infected Burger.560.z

E:\Live\BAMMPC1.COM : infected PS-MPC-based.a
E:\Live\BAMMPC10.COM : infected PS-MPC-based.a
E:\Live\BAMMPC2.COM : infected PS-MPC-based.a
E:\Live\BAMMPC3.COM : infected PS-MPC-based.a
E:\Live\BAMMPC4.COM : infected PS-MPC-based.a
E:\Live\BAMMPC5.COM : infected PS-MPC-based.a
E:\Live\BAMMPC6.COM : infected PS-MPC-based.a
E:\Live\BAMMPC7.COM : infected PS-MPC-based.a
E:\Live\BAMMPC8.COM : infected PS-MPC-based.a
E:\Live\BAMMPC9.COM : infected PS-MPC-based.a
E:\Live\BAMST-01.COM : infected PS-MPC-based.a
E:\Live\BAMST-02.COM : infected PS-MPC-based.a
E:\Live\BAMST-03.COM : infected PS-MPC-based.a
E:\Live\BAMST-04.COM : infected PS-MPC-based.a
E:\Live\BAMST-05.COM : infected PS-MPC-based.a
E:\Live\BAMST-06.COM : infected PS-MPC-based.a
E:\Live\BAMST-07.COM : infected PS-MPC-based.a
E:\Live\BAMST-08.COM : infected PS-MPC-based.a

You say you have a collection of 4112 viruses. How much of those are actually unique, and not duplicates ? The TWO(!) antiviruses you tested both detected around 95%(94% and 96%, to be exact). How am I supposed to know they didn't both detect 100% ? How do I know the remaining 5% are actually viruses, since there's no list of them ALL anywhere ?

Second, you didn't mention what settings you ran the antiviruses on.

I'm sorry, but I find this test highly inaccurate, and it doesn't in any way alter my opinion about any of those two products. Despite your disclaimer, you're just confusing less experienced people with this test. :/" }-

Which is why I think he put a disclaimer on the site. I am sure that I will see your testing up soon. Thanks

-{ Quote: "If there would be a REAL interest i would even give a workshop here how to do this in a proper way, but i'm afraid (and this is not personally against you) that most of the people wouldn't understand the in-depth procedures.

It's very complex, and not only done with collecting a few samples. If the community here is interested then reply in this thread - otherwise don't shut at me when i say it's a amateurish test. It's easy as this. At least 50 interested people are needed, otherwise it makes no sense to spend so much time into details. Up to the readers here :-*" }-


With respect Happy Bytes. I find you very knowledgeable. I was wondering if you have done any testing of your own and what the results have been??

Thanks

-{ Quote: "With respect Happy Bytes. I find you very knowledgeable. I was wondering if you have done any testing of your own and what the results have been??

Thanks" }-

I analyse complex viruses since years, including polymorphic & methamorphic there is no need for me to prove this with a own antivirus test. Beside of this it would be unfair, cause i work for ESET.

Files are in the process of being weeded out, new scans will be up shortly.
Thank you for your inputs.
*Logs will now be organized by CRC32 with the same information as before*

I got the CRC32 logs from likuidkewl and I sent him a list of files that should be removed as they are known garbage. The list is huge but not complete, anyway atm I can not do more without having the samples in front of me. HappyBytes was right when he said that quite much garbage is contained. likuidkewl please check your mailbox and remove the reported files, after that I will try to check more in depth the crc32 logs in order identify more known garbage ;-) in order to improve your set.

-{ Quote: "HappyBytes was right when he said that quite much garbage is contained." }-

::) ::) ::) ::) ::) ::) ::) ::) ::) ::)

-{ Quote: "I got the CRC32 logs from likuidkewl and I sent him a list of files that should be removed as they are known garbage. The list is huge but not complete, anyway atm I can not do more without having the samples in front of me. HappyBytes was right when he said that quite much garbage is contained. likuidkewl please check your mailbox and remove the reported files, after that I will try to check more in depth the crc32 logs in order identify more known garbage ;-) in order to improve your set." }-
Thank you. This will help others out also.
Very constructive NOT destructive! ::)

Just so everyone knows, 34 (0.1%) files were removed from small collection, 3299 is the new number.
Large is still getting groomed.

35 garbage files in 3333 is 1% (and not 0,01%!)
811 garbage files in the large collection, which is 1,5%

Sorry about the typo.

CRC32 Log is now updated for the small, working on the large, not the zip though.

I'd totally and completely agree with Happy Bytes, because he's been in the industry for quite some time now, and is a very active malware analyser. He knows what he says perfectly well.

@HB: I'd be interested in having your guidelines for AV testing, though I usually dont look upon just detection.

Please remove also those from the small set and update it later again please:
E:\VIRUS!\Live\VIRUS\0\00\00C8F6A9.COM
E:\VIRUS!\Live\VIRUS\1\10\10E92B3F.COM
E:\VIRUS!\Live\VIRUS\1\17\173B7FD8.COM
E:\VIRUS!\Live\VIRUS\1\19\19145773.COM
E:\VIRUS!\Live\VIRUS\1\19\1999EC1D.bat
E:\VIRUS!\Live\VIRUS\1\1D\1DDBC2B6.COM
E:\VIRUS!\Live\VIRUS\2\20\20F9F9CA.EXE
E:\VIRUS!\Live\VIRUS\2\25\2592C58A.COM
E:\VIRUS!\Live\VIRUS\2\28\281CDB60.COM
E:\VIRUS!\Live\VIRUS\2\2A\2A2E159D.COM
E:\VIRUS!\Live\VIRUS\3\31\319FB6D6.COM
E:\VIRUS!\Live\VIRUS\3\31\31D150CE.COM
E:\VIRUS!\Live\VIRUS\3\32\32C8B783.COM
E:\VIRUS!\Live\VIRUS\3\36\368812A6.COM
E:\VIRUS!\Live\VIRUS\3\3B\3B945CAA.COM
E:\VIRUS!\Live\VIRUS\3\3C\3CD7F76F.COM
E:\VIRUS!\Live\VIRUS\3\3D\3D60F342.COM
E:\VIRUS!\Live\VIRUS\3\3F\3F4791C8.COM
E:\VIRUS!\Live\VIRUS\4\45\4555A480.COM
E:\VIRUS!\Live\VIRUS\4\46\4628793E.COM
E:\VIRUS!\Live\VIRUS\4\47\47F89B9E.COM
E:\VIRUS!\Live\VIRUS\5\51\51A614C4.COM
E:\VIRUS!\Live\VIRUS\5\52\523CE5C2.COM
E:\VIRUS!\Live\VIRUS\5\53\537F7F50.exe
E:\VIRUS!\Live\VIRUS\5\54\5493ECC8.COM
E:\VIRUS!\Live\VIRUS\5\5D\5DCD8EF7.COM
E:\VIRUS!\Live\VIRUS\5\5F\5FD51BB1.COM
E:\VIRUS!\Live\VIRUS\6\63\63135C6A.COM
E:\VIRUS!\Live\VIRUS\6\67\674717E2.COM
E:\VIRUS!\Live\VIRUS\6\6B\6B7B7232.COM
E:\VIRUS!\Live\VIRUS\6\6C\6CE5D2FA.COM
E:\VIRUS!\Live\VIRUS\7\78\7830ED9C.plugin
E:\VIRUS!\Live\VIRUS\7\7C\7C5070F5.COM
E:\VIRUS!\Live\VIRUS\7\7E\7ED2BDBC.eml
E:\VIRUS!\Live\VIRUS\8\83\83D2248E.COM
E:\VIRUS!\Live\VIRUS\8\84\843898AF.EXE
E:\VIRUS!\Live\VIRUS\8\8C\8C1D2060.COM
E:\VIRUS!\Live\VIRUS\9\91\9184085F.COM
E:\VIRUS!\Live\VIRUS\9\9C\9C36573F.COM
E:\VIRUS!\Live\VIRUS\9\9E\9EAB7747.EXE
E:\VIRUS!\Live\VIRUS\A\A1\A134C9C7.exe
E:\VIRUS!\Live\VIRUS\A\A4\A482CBD8.COM
E:\VIRUS!\Live\VIRUS\A\AD\AD9A92E5.COM
E:\VIRUS!\Live\VIRUS\A\AF\AF607D1E.COM
E:\VIRUS!\Live\VIRUS\B\B0\B0E5F81F.COM
E:\VIRUS!\Live\VIRUS\B\B7\B72504B1.COM
E:\VIRUS!\Live\VIRUS\B\B9\B9BF2AAA.COM
E:\VIRUS!\Live\VIRUS\B\BD\BDB08E25.COM
E:\VIRUS!\Live\VIRUS\C\C3\C373299A.COM
E:\VIRUS!\Live\VIRUS\C\C6\C6A157D5.COM
E:\VIRUS!\Live\VIRUS\C\C7\C7942545.COM
E:\VIRUS!\Live\VIRUS\C\C8\C89AAF19.COM
E:\VIRUS!\Live\VIRUS\C\CE\CED2F9B0.ex
E:\VIRUS!\Live\VIRUS\D\D9\D90B05AC.COM
E:\VIRUS!\Live\VIRUS\D\DA\DA3211B8.COM
E:\VIRUS!\Live\VIRUS\D\DB\DB549023.EXE
E:\VIRUS!\Live\VIRUS\D\DE\DEA46F9E.COM
E:\VIRUS!\Live\VIRUS\D\DE\DEAC286A.COM
E:\VIRUS!\Live\VIRUS\E\E1\E17BD388.COM
E:\VIRUS!\Live\VIRUS\E\EC\ECE53E86.COM
E:\VIRUS!\Live\VIRUS\F\F4\F4A099D8.COM
E:\VIRUS!\Live\VIRUS\F\F6\F603FB9A.COM
E:\VIRUS!\Live\VIRUS\F\FD\FD583789.EXE

I post it here as this is faster than uploading etc.

Testing AV's can be fairly difficult. The main problem is acquiring a collection that is representative of what is out there.

It takes a lot of time and effort. IMO, it is best to rely on an expert, like AV-Comparatives.

-{ Quote: "Please remove also those from the small set and update it later again please:

=======================

I post it here as this is faster than uploading etc." }-Still there are over 97 % of samples left, how accurate must those "private tests" be?

Best regards,
Firefighter!

They have to be so much accurate as possible.

-{ Quote: "Still there are over 97 % of samples left, how accurate must those "private tests" be?

Best regards,
Firefighter!" }-


Well, I guess you could also say, how inaccurate are the "private test". It would seem to me that it would be prudent for you to do the same for your collection.

I see where you got the latest list from IBK, and I am working on that now.
I don't know how much longer I will be working on this today, but I would just like to thank you for helping me sort this out.

I would disregard any test beds that contained almost 1000 non-viral files. ;)



-{ Quote: "Still there are over 97 % of samples left, how accurate must those "private tests" be?

Best regards,
Firefighter!" }-

-{ Quote: "I see where you got the latest list from IBK, and I am working on that now.
I don't know how much longer I will be working on this today, but I would just like to thank you for helping me sort this out." }-

Np ;)

-{ Quote: "I would disregard any test beds that contained almost 1000 non-viral files. ;)" }-
If you are refferencing my large testbed, it has so far 811 out of 53,992. I am not going to disregard that for 811.

But to each there own. :)

//Edit//
In retrospect, this s great excersize for all who have "collections" you learn something new all the time. ;)

likuidkewl

I will commend you for your efforts. It is nice to see someone actualy
testing for themselves instead taking every other persons word for it.

How far will you be taking your testing? Will you be doing a detection after infection test? Will you be hexediting any of your samples to test?
Are you sticking to only testing those to AV's?

Thank You

Bruce

-{ Quote: "likuidkewl

I will commend you for your efforts. It is nice to see someone actualy
testing for themselves instead taking every other persons word for it.

How far will you be taking your testing? Will you be doing a detection after infection test? Will you be hexediting any of your samples to test?
Are you sticking to only testing those to AV's?

Thank You

Bruce" }-
Well as of right now it seems most of my time will be spent cleaning the crap out fo the collections, the large one will take longer but the smaller collection should be good to go soon. thanks to IBK. I don't believe I have the capacity to fully test an outbreak so more than likely it will be Od testing only. I plan on testing more than just those to but I need to get my ducks in a row first.
Thanks for the input.

Liku...,

You da man.

Although you may not achieve the same complexity as the pro's, you are giving it a shot.

And every bit of info we get can be utilized in to form a total picture.

Appreciate your time and effort.

-{ Quote: "Well, I guess you could also say, how inaccurate are the "private test". It would seem to me that it would be prudent for you to do the same for your collection." }-

At least i have some "respect" for this likuidkewl guy, because he's taking advices based on facts and does do actually something to correct the things, that means i'm willing to help this guy if he has more questions. That's a thing what will never happen for Firefighter 'tests', cause he's not willing to let him help. Andreas Clementi uses every possible chance to ask him for CRC checksums etc - no reply.

@HB: I got today a reply from FF, asking me for how to make the CRC lists, so maybe I will get the list from FF soon (better late than never).

-{ Quote: "If there would be a REAL interest i would even give a workshop here how to do this in a proper way, but i'm afraid (and this is not personally against you) that most of the people wouldn't understand the in-depth procedures.

It's very complex, and not only done with collecting a few samples. If the community here is interested then reply in this thread - otherwise don't shut at me when i say it's a amateurish test. It's easy as this. At least 50 interested people are needed, otherwise it makes no sense to spend so much time into details. Up to the readers here :-*" }-You can sign me up too HB. ;) But you already know that, I'm just making it official. ;)

-{ Quote: "You can sign me up too HB. ;) But you already know that, I'm just making it official. ;)" }-

I count 3 replies so far ;) ;D
Only El Presidente Paul Wilders could add 5 voices at once ;D

You can sign me up too HB.

3.5 ;)

Are you already adult?
Oh well... 4 ;)

Hey--not putting you down. Keep on rockin'! At least you're trying to clean it up. ;)



-{ Quote: "If you are refferencing my large testbed, it has so far 811 out of 53,992. I am not going to disregard that for 811.

But to each there own. :)

//Edit//
In retrospect, this s great excersize for all who have "collections" you learn something new all the time. ;)" }-

-{ Quote: "3.5 ;)

Are you already adult?
Oh well... 4 ;)" }-
mesa 5...

HB, u need 1.5 more for the record:)

-{ Quote: "mesa 5..." }-
You been watching too much of The Phantom Menace? ;D

-{ Quote: "You been watching too much of The Phantom Menace? ;D" }-
Everyone was talking about Episode III today.. i thought I shud remind them of the new Lucas style... i couldn't understand the first three 'classic' movies really well... i thank God that I can't make sense of his new work.

Make it 6, sign me up HB. I am in.

OT/personal comment removed. Let's stick to the topic please.

I'd be interested, too :D

7 ;) can you please add the +1 number to such posts? Thanks 8)

-{ Quote: "When i see THIS FILENAMES i already know from which Zip file it was downloaded from the internet!" }-

LOL i have this zip too ;D ;D

-{ Quote: "
Even with the tag inside the files from NORTON ANTIVIRUS that it did clean it!" }-

luckily no complex analysis is needed to reveal that, just a quick look with winhex

as for calculating entrypoints, well thank god for PeID ;D its priceless :D
if it gets more complex than that.. well thank god that i know a couple virus analysts *g*

i could use some tutoring in disassembly though ;D

-{ Quote: "well thank god that i know a couple virus analysts *g*
" }-

The kasperky guys will tell me when you try to cheat! ;D

xe xe ;D
Happy Bytes, u never sleep? ::) Eset never sleeps:)

Watching virus radar with chips & beer, chatting with a few other av guys, speaking about the latest mytob worms....

...did you sleep again ? :o If yes i have missed the last 2 days going to bed :o

Sign me up HB

+8 or +9 if you take into account illukka's comment: i could use some tutoring in disassembly though

Cheers ;D

-{ Quote: "Sign me up HB

+8 or +9 if you take into account illukka's comment: i could use some tutoring in disassembly though

Cheers ;D" }-

thats why its there ;D

Don't sign me up.

I'd love to do it, but it would be like taking calculus without ever having algebra.

But I'm glad that the knowledge base in this forum will expand and deepen.


Cheers.

If anyone was insterested in the personal non-scientific results, they are back up. I have no idea what happened to the sub-domain, it just quit working, so I moved them to another one here (http://oem.zer0-tec.net/testing/DISCLAIMER.html)

I like this. Do it again.
Sincerely
Cadoul