AntiVir Heuristics on the right track!

[izi]

Quote:

Originally Posted by RejZoR

Well i have access to Jotti statistics and i can say Norman has the biggest signatures to heuristic ratio. This means that difference between signature and heuristic detections is the biggest among all AVs. Norman and NOD32 are switching places,but main problem is that Norman lacks signatures...

If I understand U correct Norman has the best heuristic detection. Coool!!!! About lacks of signature detection.
Signature detection:
Update 0207: Total new entries: 463
Update 0203: Total new entries: 260
Update 0202: Total new entries: 29
Update 0131: Total new entries: 1388
Update 0127b: Total new entries: 24
Update 0127: Total new entries: 8
Update 0126: Total new entries: 1847

[bellgamin]

AV-PE is great & getting better all the time. Their daily signature updates are now averaging ~2.4MB in size, whereas they ran 1.9MB not long ago. This is good news & bad news...

Good news -- AV-PE's signature base has been increased by a magnum amount, plus they have inserted a new recognition module. See comments at the AVPE forum HERE.

Bad news -- The larger daily downloads add to the problem for users who are on dial-up. Also, per *jacko* (a moderator at the AVPE forum), the AVPE download server is running "at its power boundaries."

An incremental update is on-the-way, but when?

Best time to update AVPE is when it's between 1AM & 4:30AM in Germany. That way, there is much less competition from AVPE users in the European area.

To get a GRRREAT *World Time Clock* for free, go HERE, then click the "Download" button, then scroll down to "World Time Clock" & grab it. Just a 148K download.

[RejZoR]

Few days ago whenever H+BEDV updated their VDF files,their homepage timed-out if you tried to connect to it. Smaller and incrimental updates are NEED for them. Can you imagine how much overhead do 2,4MB updates do?

[Stefan Kurtzhals]

As far I understand, it's not the amount of traffic that is causing the problems with the update servers, but the amount of connections open at the same time.
Of course, this is indirectly affected by the size of the VDF aswell.

Incremental updates are going good, as soon I have finished the VDF/engine tech for incremental updates I can move on to more interesting stuff such as Heuristic 2.0.

Oh and when I asked the Windows development team boss about the quarantine option he mumbled something which sounded positive to me. ;-)

[Unity]

Awesome , thank you for letting us know

btw is there any way to see a changelog when there is a new version of Antivir ?

[Stefan Kurtzhals]

There is a newsletter mail service you can subscribe to, it should contain at least the important new features of the new releases.
I think it's not very detailed, but hey I don't need a list of bugs which I added to the engine going around in the public.

[Unity]

Quote:

I don't need a list of bugs which I added to the engine going around in the public

lol ! thank you for the info

[izi]

Quote:

Originally Posted by RejZoR

Well i have access to Jotti statistics and i can say Norman has the biggest signatures to heuristic ratio. This means that difference between signature and heuristic detections is the biggest among all AVs. Norman and NOD32 are switching places,but main problem is that Norman lacks signatures...

Could you please post here Jotti statistics?

[quexx88]

Quote:

Originally Posted by izi

If I understand U correct Norman has the best heuristic detection. Coool!!!! About lacks of signature detection.
Signature detection:
Update 0207: Total new entries: 463
Update 0203: Total new entries: 260
Update 0202: Total new entries: 29
Update 0131: Total new entries: 1388
Update 0127b: Total new entries: 24
Update 0127: Total new entries: 8
Update 0126: Total new entries: 1847

I'm pretty sure the whole "Signatures to Heuristic" thing means that what Norman was able to find via its heuristics, NOD32 was able to find with its signatures. That does not mean that Norman's engine is better than NOD32's.