another independent AV review

point your eyes at this http://www.eset.com/resources/Colby_...hite_paper.pdf and come back spluttering

[SDS909]

Seems rather limited, only 30 test viruses? LOL!

Also there seems to be very little data about the actual tests. Clearly I think we can speculate that some of the threats were dubious at best, otherwise KAV would have included them after submission. My guess is they were corrupt or something.

I wouldn't put too much stock in this smallscale and rather simplistic test.

[RejZoR]

I haven't read the above document,but from the mentioned number of malware i suspect it was the ItW test of the very latest threats.

Besides, the test results rank them in the order most people here would expect anyway. Esset/NOD32, KAV, Bitdefender etc..

[Firefighter]

Quote:

Originally Posted by ChrisMorris

point your eyes at this http://www.eset.com/resources/Colby_...hite_paper.pdf and come back spluttering

Nowadays I'm collecting cracks to pick up those "hottiest" nasties hiding us. This kind of nasty was picked up from several different crack sites and combined to several different very popular proggies lately. That's absolutely one of the newest "baddies". Now I scanned that nasty in Jotti's just a few minutes ago.

My former snapshot you can find it here in post 4.

http://www.wilderssecurity.com/showt...140#post504140

Best regards,
Firefighter!

[rothko]

Quote:

Originally Posted by Firefighter

Nowadays I'm collecting cracks to pick up those "hottiest" nasties hiding us. This kind of nasty was picked up from several different crack sites and combined to several different very popular proggies lately. That's absolutely one of the newest "baddies". Now I scanned that nasty in Jotti's just a few minutes ago.

Strange, because Eset issued a signature for Win32/TrojanDownloader.IstBar.JA on 29th June, and from that screenshot it seems that this is what the threat is

[Firefighter]

Quote:

Originally Posted by rothko

Strange, because Eset issued a signature for Win32/TrojanDownloader.IstBar.JA on 29th June, and from that screenshot it seems that this is what the threat is

Maybe UNA is really that GOOD what some people were claiming in here lately. Look at what UNA found in my linked post 4. before and what it found today, it's amasing. UNA is better than AntiVir, ArcaVir, Avast, BitDefender, ClamAV, Dr.Web, F-Prot, Fortinet and Kaspersky to correcting mistakes. Maybe I have to switch to UNA from DrWeb straight now!

Best regards,
Firefighter!

[JRCATES]

The "tests" conducted at Colby-Sawyer College seem a little too radical in the results to put a lot of stock in them. As SDS909 said, there is very little data provided about them. Besides, these results fly in the face of some previous tests that were conducted by different sources just a month or so earlier.

[Don Pelotas]

Are you sure you didn't mix two different samples Firefighter, because Istbar.ja has been detected be Kaspersky since 8-5-2005?

[rothko]

Quote:

Originally Posted by Firefighter

Maybe UNA is really that GOOD what some people were claiming in here lately. Look at what UNA found in my linked post 4. before and what it found today, it's amasing. UNA is better than AntiVir, ArcaVir, Avast, BitDefender, ClamAV, Dr.Web, F-Prot, Fortinet and Kaspersky to correcting mistakes. Maybe I have to switch to UNA from DrWeb straight now!

dont think i understand what you mean - UNA found the Istbar trojan in your first post but not when you submitted it today? am i just not getting your sarcasm?! and rather than relying on Jotti, have you personally tested each of the AVs, because Jotti isnt the best place for AV omparisons due to max settings not always being available

lee

[SDS909]

FYI Firefighter, I submitted Istabar.JA variant you tried around 3-4 weeks ago. At the time, almost no AV picked it up except BitDefender. I found this threat in the wild, active, and causing infections.

I sent it off to ALL the AV companies, including VBA32 - and it STILL doesn't detect it to this day. My email records show I submitted it to VBA32 @ the address newvirus@anti-virus.by on 7/5/2005. My opinion of VBA32 has dropped considerably based on their reactions - or lack of - to my submittals.

PS: To my knowledge, I discovered this threat within 1 hour of its release - unless my dates are wrong. Which would explain why many AV companies added detections for this after I submitted it to them all on 7/5.

[dan_maran]

Quote:

Originally Posted by SDS909

FYI Firefighter, I submitted Istabar.JA variant you tried around 3-4 weeks ago. At the time, almost no AV picked it up except BitDefender. I found this threat in the wild, active, and causing infections.

I sent it off to ALL the AV companies, including VBA32 - and it STILL doesn't detect it to this day. My email records show I submitted it to VBA32 @ the address newvirus@anti-virus.by on 7/5/2005. My opinion of VBA32 has dropped considerably based on their reactions - or lack of - to my submittals.

PS: To my knowledge, I discovered this threat within 1 hour of its release - unless my dates are wrong. Which would explain why many AV companies added detections for this after I submitted it to them all on 7/5.

Kind of OT, but I too have seen a decrease in responses to new malware submitted to them. I know there are a few issues in Belarus now but I hope that has nothing to do with this. This AV has much promise and I hope they are just sorting out the "quirks".

On Topic this test was good for resource usage and support info and that is about it. .02

[iwod]

Does NOD32 provide NOD32 to whole college? So would their college computer be updating via collage server? ( Like other virus product )

[Firefighter]

Quote:

Originally Posted by Don Pelotas

Are you sure you didn't mix two different samples Firefighter, because Istbar.ja has been detected be Kaspersky since 8-5-2005?

If you check out the MD5 checksum from my former scan link in post 4, you will see that the checksums are the same in both scans. I corrected my picture in this thread today with an uncompressed file of that IstBar sample.

http://www.wilderssecurity.com/showt...140#post504140

Best regards,
Firefighter!

[Firefighter]

Quote:

Originally Posted by rothko

...have you personally tested each of the AVs, because Jotti isnt the best place for AV omparisons due to max settings not always being available

lee

No, I've checked that sample only by McAfee VSE 8.0i with 5000 scanning engine and AntiSpy module within, DrWeb 4.32b w/o Beta Adware/Spyware bases, NOD32 2.51.3 Beta w AH and Ewido 3.5 Plus. From these programs mentioned only DrWeb detected that sample with and without Beta Adware/Spyware bases. Here is the NOD result scanned today.

Best regards,
Firefighter!

[Don Pelotas]

Quote:

Originally Posted by Firefighter

If you check out the MD5 checksum from my former scan link in post 4, you will see that the checksums are the same in both scans. I corrected my picture in this thread today with an uncompressed file of that IstBar sample.

http://www.wilderssecurity.com/showt...140#post504140

Best regards,
Firefighter!

Ok, i only meant that since it has been detected since 8-5-2005, it wasn't that new.

[Firefighter]

Quote:

Originally Posted by Don Pelotas

Ok, i only meant that since it has been detected since 8-5-2005, it wasn't that new.

OK, are you trying to say that the situation with some scanners isn't that bad but even worse? I mean that because Symantec, McAfee, ETrust, AVG etc. couldn't detect that nasty one, over 70 % of the PC:s in the world are vulnerable to this IstBar.

Best regards,
Firefighter!

[Don Pelotas]

Quote:

Originally Posted by Firefighter

OK, are you trying to say that the situation with some scanners isn't that bad but even worse? I mean that because Symantec, McAfee, ETrust, AVG etc. couldn't detect that nasty one, over 70 % of the PC:s in the world are vulnerable to this IstBar.

Best regards,
Firefighter!

No No, Firefighter. You misunderstand me completely, i meant that it wasn't that new since it was detected over 1 month ago, not that it wasn't important to convey the message that a large number of users are unprotected. No disrespect was intended towards you or your findings.

[Firefighter]

Quote:

Originally Posted by Don Pelotas

...i meant that it wasn't that new since it was detected over 1 month ago, not that it wasn't important to convey the message that a large number of users are unprotected. No disrespect was intended towards you or your findings.

OK, sometimes I just can't be without thinking that close tho whose interest is this when av:s are not detecting these cracks? Anyhow, these cracks are capable to activate all kind of payable programs? Why not detect them when so you can get important data about those cracked proggie users?

Best regards,
Firefighter!

Firefighter,

I used nod32 and looking through this thread it seems that nod32 has a signature for this threat, if it is Win32/TrojanDownloader.IstBar.JA.

Do you know why nod32 doesnt detect it? is it maybe a broken/non-functional file so actually isnt a real threat in this form?

Maybe of course that nod32 refers to a different threat with its Istbar.JA signature, and this threat really isnt added to their database. Would just like to know what you think

[Firefighter]

Quote:

Originally Posted by boredatwork

Firefighter,

I used nod32 and looking through this thread it seems that nod32 has a signature for this threat, if it is Win32/TrojanDownloader.IstBar.JA.

Do you know why nod32 doesnt detect it? is it maybe a broken/non-functional file so actually isnt a real threat in this form?

Maybe of course that nod32 refers to a different threat with its Istbar.JA signature, and this threat really isnt added to their database. Would just like to know what you think

I don't know about the broken/non-functional thing about this, but after executing my sample, I got this.

Best regards,
Firefighter!

[Firefighter]

Quote:

Originally Posted by boredatwork

Firefighter,

I used nod32 and looking through this thread it seems that nod32 has a signature for this threat, if it is Win32/TrojanDownloader.IstBar.JA.

As you see here in VGrep, there are several variants of this IstBar. If you look at the sample name above with Panda in VirusTotal, you can see that it isn't either of these mentioned in VGrep.

Best regards,
Firefighter!

[tiagozt]

Quote:

Originally Posted by ChrisMorris

point your eyes at this http://www.eset.com/resources/Colby_...hite_paper.pdf and come back spluttering

I disagree and I think that Kaspersky was diminished in the test.
It's not right, but is ok...

[Firefighter]

Quote:

Originally Posted by boredatwork

Firefighter,

I used nod32 and looking through this thread it seems that nod32 has a signature for this threat, if it is Win32/TrojanDownloader.IstBar.JA.

Do you know why nod32 doesnt detect it? is it maybe a broken/non-functional file so actually isnt a real threat in this form?

Maybe this is the sample what NOD does detect, but it is much older according to DrWeb sample name.

Best regards,
Firefighter!