AVs having a real impressive day

Come on! how come SBIE and PE only can tel u for sure that a file is malware!

 

Is there a reason why symantec was not tested?

trjam and dr.web .

 

Well of course you know sandboxie feature of multiple sandboxes running at the same time.I open the the suspicious file in one sandbox and the genuine from the vendor site in other sandbox.Other than the fact that i have some experience ,this simple method never failed me until now.There is also hijack this,and if u grant it, for example direct acces in the sandbox,you will have a accurate picture(not 100%procent like a real pc but very close) ,of what the "suspicious"file does.Since all of this can be done with freeware tools try for yourself ,don't have to take my word for it.

 

ShadowSever needs to learn how to make a website, GAWD it's awful trying to look at it with a 19" CRT, the need to scroll the site left and right to look at it.

That webmaster should be horse whipped, LOL...

 

That is a *spanish* dialer, hence no wonder that Panda detects that ofc. The only question remaining now is why on earth is that sample so many times on their server. I assume what they are detecting is the dialer *DLL* files. There is another executable together with it. The whole dialer package is known as Montil Dialer. So it could be possible that this specific dialer dll has some "manual polymorphism" (server side) and that there are quite some different binaries of that file.

Mike

 

Update: Just added detection for it so just forget it now

 

Is that Kaspersky 3.0 they used with virus definitions from 1999.12.25 ?

(When they don't post any details like versions numbers, I don't consider the results credible.)

 

They do;

They even list what options were used for each scanner.

Kaspersky Anti-Virus for File Server Kaspersky $190.00 US 5.5.18 kav4fs-kavscanner

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.Viruses

 

Same old psychological problem I have seen displayed here hundreds of times. If your AV is low rated, there must be something wrong with the test. If your AV is highly rated, the test is credible.

 

Huh? My answer had zero to do with whether the test is valid or not. Someone said they didn't post version numbers, I said they did. I did not state one way or the other how any of the AV's I use do/did, or what my opinion of the validity of said tests were.

 

Quoting you was not a response to you, but rather I was making a generic observation of the statement you responded to. No criticism intended, and you simply provided the fact that the scanner engine versions are delineated .

 

cor, look at m c a f e e !

 

LOLS! Stop doing that it makes me laugh each time.

 

N O R T O N

 

I still say this is pretty damn accurate. Check the end of day totals and they look pretty accurate to me.

http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.VirusDailyStats

 

Agreed. Probably more reflective of an AV's ability (or lack thereof) to stop zero-day malware which exists in the real world.

 

Hello all,

Anyone can correlate accuracy and relevancy of http://www.shadowserver.org/wiki/

 

Norman is doing great the last days

 

The results look fine, sure...but I have a really hard time believing that the majority of the programs (including my own F-prot6) are really doing this well against threats that are out there - I mean, the majority with 99%+ ??

It also seemed a bit odd when suddenly a large number of samples of a particular piece of malware appeared that were only detected by one program, so that program got 99% on that day and the others got all 68% or so. What makes this odd is that on that day we did not receive a *single* copy of that particular malware from sources like VirusTotal, Jotti or others like that, so it was clearly not in wide distribution.

I'm wondering whether someone is feeding samples like that into the system for one reason or another, but that is just pure speculation, of course.

 

Yes, I have wondered exactly where they get their samples from as well. I keep an eye on this site, but i am, like a lot of others here, not sure what to make of it.

 

its just strange isn't it? one day an av is really good, next day is crap... the tests don't really seem stable and reliable to me. any opinions?

 

Have a look at weekly, monthly or yearly stats... scroll down and it'll be on the left

 

Very intresting results the way F-Secure detected far more than Kaspersky (although they were the same malware names)... Settings of products play a very large role in the results.

 

no not really. Deep Guard is catching most that dont have a Kaspersky signature. F-Secure is really very underated in its ability.