Jotti Results

Seems to be an old Nasty? Why is F-Prot not detecting it?
It is an e-mail file & I submitted it a half dozen times.

 

Most likely its not detected as F-Prot doesnt have unpacking supporting for *.eml files.

 

probably the sample is password protected in a zip file and so no real need to be detected... (as it will be detected when unencrypted)

 

IBK

I don't think it is password protected but it is Zipped & I guess a zipped file is of no harm as you say.

Maybe this is why not many AV's were detecting it a few weeks ago?
No I think they didn't have the sample then

Strange thing is I blocked the e-mail senders address but keep getting the same viri from them.

Kinda interesting because the e-mail address is named something that might be someone I know. it has my town initials followed by blonde. LOL
Something a not savy user might easy click on.

I would like to know how they did that?

IBK , Are you saying that if I open the zipped file in winzip & click on it F-prot might kick in? Since you can do that withoiut extracting the file.



controler

 

For the past few days I no longer see ANY test results at Jotti's. All I see there is the text portions. Am I doing something wrong or... what gives

 

Jotti has stopped publishing test results. But if u submit a file for analysis, id does give u the result. But its not publically displayed!

 

That is lame. Given I have the source code for the original Jotti site, I might just have to put up my own. I certainly have the bandwidth and hardware available.

 

That would be very interesting.

 

They stopped publishing the statistics because someone from this board complained (cried) that their AV didn't do well.

 

Oh OH Did i reopen a c an of worms? LOL

The next time I will try unzipping the file before submitting it at Jotti's.
Can I just look at the e-mail body code to get the password? I am guessing it
will extract even if clicking on the Zip file, This e-mail came with a gif also
and so I am not sure how that works? Dod you have to click the gif to get the file to extract & execute?

controler

 

Too bad. Another source of information succumbs to banner-ad advertising dollars. Well, SDS909, let us know if you put something up - with or without ads.

Rich

 

Such wild speculation.. Any evidence for any of these claims behind the reasoning to such action? Hm I guess we can all speculate then... I think Jotti pulled the stats because too many people began bonking them around as scientific statistics even though the site disclaimer stated that they definitely were not.

 

Detox, to me and many others that was the truth we were looking for because noone had manipulated the data or the statistics and you could get a clear picture of what AVs found the most malware period. For me its hard to take most of the so called "AV tests" seriously becuuse there is often a company that is sponsoring the test and thus gets good grades. When someone sent in a malware to Jotti the AV engines searched and if they found something they flagged it and then you saw the results, period. No manipulation was made, no "special" viruscollections just plain and simple the viruses that infects us right now. I also understand that you can not judge an AV from just a couple of statistcs here and there but if you followed the statistics like I and some other people did for 3,4 days even a week you could see a pattern and you got a feal of what the AV was made of. Thats why I and many others think its sad that the statistics are gone and we now have to listen to all the image BS and how some functions are so cool but then really dont work in real life. WE WANT THE STATISTICS BACK

 

Hi Flaw,

I agree. It was another "research point" for me. Just another source of information - of many. Now, instead of statistics, I only see banners. For me, as a user, this is much less useful than it was before for information gathering. However, if I actually have some malware to be checked, it is still useful. So, if selling banners and suppressing statistics, is the way that the owner of the site had to go, in order to maintain the service, I understand. It is just interesting to me how "free enterprise" works. It seems, on the whole, it works toward "less information" for the user so that "more product can be sold". An interesting consequence.

Rich

 

On Jottis site the total statistics are and were usually always around those:
Kaspersky ~83%
VBA32 ~65%
BitDefender ~63%
Dr.Web ~63%
NOD32 ~56%
AntiVir ~54%
ArcaVir ~52%
Fortinet ~48%
ClamAV ~40%
Norman ~39%
AVG Antivirus ~36%
F-Prot ~35%
Avast ~34%

The random screenshots taken and the results deriven are anyway very flawed and the conclusions taken by most readers are simply wrong.
1) it runs on linux, where some AV do not have all options set to the maximum available protection, delivering lower results for those products
2) the files uploaded there are mostly (new) adware and spyware, things that some AV a) do not detect or b) do not have options enabled for detecting them
3) another part of the files are old and/or damaged samples, the rest is usually new malware (mostly backdoors and trojans), which is good.
4) those random picks taken by visitors say absolutly nothing, because a) you do not see the whole picture, b) you do not know if the poster wants to promote his (or his favorite) AV product, c) it does just start flames on forums, where other peoples then start to post other pictures that shows the contrary etc.
If you just look on the cumulative stats above of Jottis site, you see how usually the various scanners score based on the files submitted on that site, making it senseless to just pick some files out and creating other stats.

 

I prefer to test the files on Virus Total...

This service runs on Windows, so we can have all the AV's running with the maximal settings for detection...

 

me too, but IBK said in this thread: https://www.wilderssecurity.com/showthread.php?t=85098 that it isnt worth putting much trust in Virus Total. Maybe IBK will explain why.

 

Vlk, from avast! team, said that the owner of VirusTotal is a malware collector...

But what is the problem of that?

The owner of VirusTotal send all the samples to the AV's companies for analysis, so I don't see where is the problem...

 

I do not really want to comment VirusTotal. Just some thoughts / own opinions:
1) they do NOT send ALL files that are uploaded on their site to the AV companies, delivering a "good" service also for malware authors which can so test their creations against various scanners without that the file is send to the AV companies
2) they keep all harvested samples also for themselves, and who knows how much trust can be put to those guys there?

 

Hello all,

I would like to comment on some posts here.
I must say, some of you have a very vivid imagination...

Apart from calling me lame (I prefer OggEnc any day anyway), I welcome competition. Go right ahead. By the way, you don't have the source code to my web page. You probably have a "lite" version every PHP scripter on this earth could have created

Let me first state that these so-called "statistics" are automated, and therefore flawed (as IBK explains later in the thread quite nicely).
Have you ever considered that without the ads, this web service costs me money? I don't mind spending a couple of dollars, but having to pay a huge amount (bandwidth isn't exactly free) every month for other people's convenience is quite the other way around. Forgive me for trying to cover the costs and investments I made the last year (although donations did help).
I'd like to think this service makes me rich. I'll send you a bottle of champagne as soon as it does.

Your sarcasm is duly noted. Please let me know your IP number and I'll be sure not to show you ads any more.

Quite right. I don't like people stating "Jotti said: ...." when I actually had no active participation in the discussion. Automated systems are bound to be flawed.

You (as well as others) seem to want them back very badly. Then who am I to disappoint you. Just bear in mind these results are flawed, not to be taken without a proper amount of skepticism... I added a disclaimer. I trust this will suffice?

Thanks for pointing these out. You're quite right

I have no grudge against VirusTotal at all (again: I welcome competition). But they have never ever been as specific about results as my service has been.

Furthermore: do you have any idea how many gateways/email servers run on other operating systems than Windows? I think it's better to have one service (VirusTotal) judging the "average Windows" situation, and another (mine) evaluating the next-best (in terms of popularity) operating system. Your ISP might be running Linux. Or Unix. Or something else. Besides, most vendors' detection rates are equal across operating systems. But, granted, not all.

In VirusTotal's defense: I used to "collect" malware too. Just for fun. Just to be able to think "I've got X viruses". I try to think of myself as a respectable guy. I don't know these people, so I won't vouch for them, but the same might just apply to them. Of course, in a technical sense, I still am collecting samples. I lost interest in these a long time ago though.

For all people considering setting up a similar service: please go ahead. Competition is good for everyone. But do bear in mind VirusTotal and I have an established track record... samples uploaded will be distributed to AV vendors. Not just AV vendors listed on the website. Not every individual, with all due respect, can be considered trustworthy. Malware can do a lot of damage. (oh, and I would like to thank the anonymous person who e-mailed me today expressing his concerns if my machine wasn't getting infected by all these viruses... trust me: the machine's got a clean bill of health).

 

I agree with your answers Jotti. Keep your good service up. Thanks.
Dankjewel
Best regards,

Gerard

 

Hi Jotti,

Thanks for your comments. They are always welcome...

Please keep in mind that I didn't criticize your work, just commented some aspects...

Maybe you have a more transparent service than VirusTotal, but I prefer to test the files in an OS that can give all the possible results for that file.
If on Linux some AV's can't detect some kind of malware or doesn't have some features enabled, why should I will make the test on Linux?

If I had a service like this, certainty that would make the same...

Regards

 

I will fully fund a Windows version of Jotti's site if anyone wants to take part. I do have Jotti's scripts from back when he used to release then as freeware if that will help.

Otherwise, I volunteer to fund the servers, bandwidth, and all associated costs. I guess i'd need someone with the expertise to put the scripts and software together to make it happen. The bandwidth of my blog sites and FTP server probably use 10 times the bandwidth Jotti uses anyway, so whats a few more megs. ;-)

Anyone up for it? No ads on mine, and the statistics will not be hidden.

 

Thats cool! Go for it dude!

 

BTW, Jotti is not hiding the statistics anymore!