593 Viruses in zip

I have a zip file of 593 viruses. I found this on a message board. A lot of the other anti-virus programs were giving great results. Sadly NOD32 only caught 540. I have sent the zip to ESET in mid February. I haven't gotten a reply nor have the definitions been added. I'm going to send the zip again for the third time. Please take a look at it!

 

Hi linx05,

This section is for LooknStop Firewall

The NOD32 is here: Official Eset NOD32 Antivirus Forum

Regards

 

Yeah I noticed that. I went into the NOD32 forum and couldn't find my post. I accidently posted it in the wrong forum :/

 

Hi linx05 - I have moved your thread from the Look'n'Stop forum and into the Nod32 forum. I also noticed you made a similiar post here. Please stay with one thread when it's about the same subject and not cross-post as it can confuse things for those wanting to answer your questions.

Regards,

snap

 

if some samples are NOT in-the-wild viruses, but instead "zoo" viruses, as used in "testing" AV solutions, NOD32 will not find them BY DESIGN.

 

These collections of 400-500 viruses contain old DOS viruses, mostly COM files, out of which most are simple a sort of garbage and shouldn't be detected whatsover. (as far as I remember, there were also some virus removal programs among them). What's more, most of DOS viruses are not functional on Win32 platforms.

 

I strongly disagree with the BY DESIGN part. NOD32 detects zoo viruses too but not files incapable to replicate...

 

NOD prides itself on its "in the wild" detection", not on it's total detection ability (this can be seen in its promotions of "Since May 1998, NOD32 has been the only antivirus product in the world that has not missed a single (ItW) worm or virus in the rigorous testing conducted by the Virus Bulletin." However, we all know that there are problems with the definition of "in the wild", and that the lesser detected complex "zoo" viruses that are commonly poo-pooed by Eset and loyal followers present all those on the internet a real problem. NOD needs to focus on these rather than relying solely on VB tests as an indicator of the efficacy of their product. Please read the following link for further info:

http://www.securityfocus.com/infocus/1813


Neil

 

ok - qualification ...

if they are zoo viruses incapable of reproduction, and/or dos viruses incapable of running under win32... they would not be detected BY DESIGN.

Clearer now?

 

I don't believe that is correct.

See: http://www.av-comparatives.org/
On-demand comparative February 2005

"The anti-virus scanner must detect 100% of the
ITW-samples and at least 85% of our zoo-samples
on demand"

Note:
Total Detection rate (including DOS and otherOS)

It looks to me like they have really improved their zoo detection
from that test.

 

I see no reason to exclude DOS viruses from detection.... if they are able to replicate in dos

 

Even if something is incapable of replication, can't it still cause damage?

 

both this and the previous post by mrtwolman probably deserve some clarification from the good folks at Eset...

 

Eset picks up signatures of all threats, regardless whether they are capable of replication or not, whether they are DOS-based, Win32 or Linux viruses. We just don't pick up signatures from corrupted files and files which are actually harmless and should not be detected whatsover.

 

ok - there we have it...

those zip files contain files which are either corrupt, harmless or simply should not be detected, AS WELL as viruses (DOS and otherwise), that ARE detected - ergo, the difference in file count and NOD32 detection.

 

Item to note:

When sending samples that appear to not be detected by NOD32, add the .bat extension to them before submission. Some Vx sites have many of these "samples" and as such are not executable and harmless. If one was to add the appropriate extension (i.e. .bat), AMON will spring into action.