NOD or DrWeb, quicker against new nasties?

NOD scans inside archives with IMON and the on-demand.

However I totally agree that all AV's should be able to delete _inside_ archives.
I'm really sick and tired of finding the archive in some crazy locations, which usually are hidden and then open the archive and delete the nasty, or just delete the archive all togehter.
I'm quite surprised that NOD, being such a nice program, can't delete inside a basic zip archive - Even my old Panda AV from 2002 could do this.

 

NOD is able to delete infected archives during on-demand scans. Choose the scan option "archives" + "delete".

Best regards,
Firefighter!

 

That just deletes the entire archive, I really can't use that

 

For me it's very good. It's easy to count infected archives.

Best regards,
Firefighter!

 

I just compared the NOD update on the 1:st August 2005 to those normal ones and it was about 30 to 60 times larger than a normal update. Because NOD doesn't update normally on the weekends, that huge update is about 2 months worth of normal updates. That's what I mean that NOD updates takes a long time. In this case about a half a year because of Av-Comparatives.org tests.

PS. I wrote this as a gift because I just became a "Very Frequent Poster".
Here are also those sizes with DrWeb update files recently, quite similar sizes, why? (kt is apparently kb in English)

Best regards,
Firefighter!

 

Congrats

 

Just checking Jotti's a few moments ago it seems DeWeb can be a tad slow also.

Looks like KAV detected this on Jan 24 2005.

Last file scanned at least one scanner reported something about:
svchost128.exe, detected by:

Scanner Malware name
AntiVir TR/Dldr.Small.agq.4
ArcaVir X
Avast X
AVG Antivirus X
BitDefender BehavesLike:Trojan.Downloader
ClamAV X
Dr.Web X
F-Prot Antivirus unknown virus
Fortinet X
Kaspersky Anti-Virus Trojan-Downloader.Win32.Agent.hy
NOD32 a variant of Win32/TrojanDownloader.Small.AWA
Norman Virus Control X
UNA X
VBA32 Trojan.Downloader.Small.1

You're free to (mis)interpret these automated, flawed statistics at your own
discretion.

 

S...t happens everywhere.

My former post was a bit embarrassing to me too, because Av-Comparatives.org tests are only tests. Why so much work to one test if you believe your product?

In cross country ski'ing Finland was on the top a few years ago when they raised the hemoglobin values of their skiers by doping (EPO-hormone, who knows?). They used Hemohes to get quickly lower hemoglobin values. But unfortunately the Norwegians (the president of antidoping community was a Norwegian) were faster and those skiers were caught.

http://hemohes.4t.com/

Can you imagine a similar situation in av-(doping)tests? If so, tell me.

Best regards,
Firefighter!

 

If you believe in your choice of an AV why so much effort to start a thread titled "NOD or DrWeb, quicker against new nasties?"?

Because you use DrWeb and you believe it is the best solution for your
use why start topic like this.

Is it just an effort to put down another AV?

 

The companies which does 'dope' are excluded from tests (but no further comment on what I mean with this). I see no reasons for peoples saying that a company does 'dope' just because it finally implemented the detection improvements. If you do so, you should also consider to call 'doping' companies also e.g. Bitdefender, F-Prot, Avast, HBEDV, TrendMicro, etc., because they all included at some time their detection improvements (and I am the one who can notive this, as I am always watching over all companies status). So, do not worry about 'av-(doping)-tests', and be happy about the improvements.

BTW: AV-Comparatives tests are more than 'just' tests

 

What is your opinion of that impact to detecting rates in the long run, when you are increasing defs drastically twice a year? Do they remain about the same level all the time for the next 5 1/2 months?

It's the Fair Play that I only want, not Facelifts!

This is of course targetted to ALL av-vendors which are doing this just before a famous av-test.

Btw. What do you believe is the detecting rate level a day before that 1:st August in this case?

Best regards,
Firefighter!

 

Usually they remain the same level. Of course companies would like to have tested their latest engines and updates on which they where working for months in the tests, because if they release an update some weeks later it would be a pity. Maybe you or someone from the outside may think that this is not a fair thing, but believe me, it is absolutly ok. And for those that wanted to deliver new engines and updates after the test started (which then could argue: 'yes but with the new version we would be under the firsts') I deliver other stats that show that this is usually not true . Other thing: even if you saw the big updates of some companies, there is still enough things to work on to improve more. The current test-set is now over 420.000 samples big, even if av companies delivers now big updates to be on the ball, also the malware authors do not sleep(/die out) :-(
BTW: the conditions listed in the test report have their reasons; as soon as I notice a company acts unfair, they get punished in some way. Some companies were already punished in past; I keep an eye on all

 

So, in the thread you started, "NOD or DrWeb, quicker against new nasties?",
when you show by using an example that DrWeb detected something and NOD missed it you feel that is relevant but when a current example of NOD and other AVs detecting something that DrWeb missed you post, "S...t happens everywhere",.

 

Because NOD is too good av to schedule this kind of things in the future, I only wish that they can rise drastically their databases more randomly.

It's only the timing that happened a few weeks ago that irritates me, not the action itself.

Best regards,
Firefighter!

 

If nods big update was beneficial to users,then why leave it to the last minute ,so they gain in the test

 

Well, for example NOD32 does also now where the tests are finished continue to release big updates every day (look on the updates after the 5th august). Also note that NOD32 adds more than just the malware they list on their site, I mean, if they release a modified signature to detect more malware of the same type they will not list it again separatly on their site. Some of the big update lists you see on their site I think are things that arrives by ThreatSense and where they add signatures for them.

@waters: your question was already answered in a thread some weeks ago; such big signatures have e.g. to pass huge false positive test and otehr tests before they can be released; it is more efficient and pratice to do it this way, instead of e.g. making just little FP and QA test and release signatures immediatly and then be flooded by users with false positives. just my opinion...
for things that need urgent updates (like single itw worms) they anyway release very fast updates.
better do it late (like some companies does) than never (like some other companies does); don't you agree?

 

Off topic but I tried to play that "HemoHes World Championshit 2001" game from my link in post 58. but not succeed to manipulate those ski'ing results. Can anybody help me?

Best regards,
Firefighter!

 

It was actually that 1:st August happening that pissed me off against NOD this time, the topic was only a slow start.

Look back a bit over 6 months in NOD's updates and you understand why now my feedback was that it is now.

Before this kind of policy, NOD didn't improve much in the Total without DOS & OtherOS detection rates.

After 1. test NOD improved 0.25 %, when they invented this "wheel", after the second test, NOD improved 3.78 %, let's see how much now they have improved after some weeks?

In my mind this isn't a fair corporate policy, just my opinion of cource.

Best regards,
Firefighter!

 

IBK, are you now speaking on behalf of Eset? Because for someone who is supposed to represent an independent testing-org................?

 

From my end I think it is good that NOD has added those old "DOS & OtherOS detections". However, I fail to see how this fits in your thread, " NOD or DrWeb, quicker against new nasties"? I don't see where old DOS nasties have anything to do with who is quicker with "new nasties".

If that is what you wanted the topic to be in the first place why didn't you
start it as such? However, you kept postings screen captures of Istbar
for a long time in this thread?

It seems to me that NOD's new ThreatSense and ever improving AH is having some good results detecting "new nasties" so I think their overall detection rate will keep improving daily.

 

BTW, just took a look at Jotti's:

On topic with your orignal thread.

You're free to (mis)interpret these automated, flawed statistics at your own discretion.

Last file scanned at least one scanner reported something about:
asdf.exe.zip, detected by:

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Trojan.Downloader.Small.GJ
ClamAV X
Dr.Web X
F-Prot Antivirus unknown virus
Fortinet X
Kaspersky Anti-Virus Trojan-Downloader.Win32.Small.bhf
NOD32 Win32/TrojanDownloader.Small.NEU
Norman Virus Control Sandbox: W32/Downloader
UNA X
VBA32 Worm.Bagle-NetSky.2


You're free to (mis)interpret these automated, flawed statistics at your own
discretion.

 

My calculated improving percents were under Total without DOS & OtherOS environment. The first time, on February 2005, when ESET made this thing before, was acceptable as an mistake. But now, it seems to be a corporate policy.

A victory without honour is a SHAME. Where can you detect GLORY in this kind of policy?

PS. Forgive me the last paragraph. I'm naive, where you can met HONOUR in business anyway?

Best regards,
Firefighter!

 

He seems to be just relating an observation of how Eset does business just as he probably has observed how Kaspersky, BitDefender, Dr. Web does things.

 

Then why did you start the topic as "NOD or DrWeb, quicker against new nasties", and keep posting screen captures of Istbar for a number of times in this thread?

Was that just to waste everyones time reading your posts while you worked yourself to this rant of yours about adding the old DOS stuff?

If you were just wasting mine and other folks time with your original Topic then that is "without honour" also.

Just my view.

 

My fault, when we were the former noblemen of the kingdom of Sweden and after 1818, the members of Finnish house of knights, we knew what HONOUR was. Nowadays only $ counts thanks of those to the west of Atlantic Ocean!

After this the main question still remains, was that kind of policy fair?

Best regards,
Firefighter!