NOD32 in the real world

JimIT, I think you meant "zero were non-ITW viruses"?

 

Prefab - nicely done. At last, someone understands...

 

Depending where you work they might have much more restrictive security policies in place, and maybe that is why people did not run into as many threats?

What I dont understand is why you say "all NOD32 users are now protected against a few pieces of malware that the average user is probably not going to see, and--unless something changed very recently--are not even listed on the supplement to the WildList, not to mention the WildList itself."

I personally hope I will never get infected by 10,000 different ITW virii a day, and hopefully not even 1000, or even 100, or even 10 etc. So is it also pointless to add these detections because I never came across such virii? Isnt prevention one of the main goals of even owning an AV? Who is to say that you will run into an ITW virii that is listed on the wildlist site, and who is to say that you will run into an ITW virii that isnt listed on the wildlist site, but is considered ITW by wildlists' definition? Granted, most people will probably have a greater chance of running across ITW virii listed on the wildlist site but I do not feel that it makes adding detections to other dangerous ITW virii any less significant. Virii spread so fast these days, you never know which one will turn out to be the next sobig or klez.

With that said... No AV is perfect blah blah blah

 

Here are screenshots I pulled off of DSLR forum about viruses and other such things that they say NOD32 didn't detect. The person who posted these screenshots was Motumbo at DSLR. I am currently testing his findings and I will post my results here. So here goes with the first of two screenshots.

 

Here are screenshots I pulled off of DSLR forum about viruses and other such things that they say NOD32 didn't detect. The person who posted these screenshots was Motumbo at DSLR. I am currently testing his findings and I will post my results here. So here goes with the two of two screenshots.

 

That thread is now locked and it is about time to put this one out of its misery.

 

radicalb21
What are your test supose to prove?

 

Well I've seen a lot of tests, but none of the "experts" has provided any info regarding the bugs tested, their frequency ITW and whether they're likely threats to ordinary users.

That's perhaps the most valuable info that could be provided to users, but those who know and/or post their test results do not provide that information. Why not? Surely if the tests are significant that info should be provided to assist users' understanding.

 

Sig,
If you took a minute from posting and did any leg work you could find write ups on some of the files.

 

Hint, McAfee site.

 

Yes, as I did for 8tunes. I can well understand why Motumbo would not want to describe the threat level for that and justify using it in his test.

But you're an expert, no doubt recognizing them by name alone as some others have, why not enlighten the audience and give us all the benefit of your expertise?

 

Here is one, why you all can't do any leg work is beyond me.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100215

 

Here is another one, get the point, do some leg work.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=98906

 

From McAfee's site linked to above:

Name: VBS/Asnar
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 3/18/2003
Date Added: 3/31/2003

Name: W32/Tetris.worm
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 10/25/2000
Date Added: 11/28/2000

"We found no records matching the following criteria:
Virus name containing "Win32.HLLW.Remat".
Please try narrowing your search by using fewer characters."

Ditto for Radex. Perhaps it's a nomenclature thing. That can be a problem and/or confusing. A problem I ran into when looking for some others previously.

For Spth, it appears to be a family:

Name: JS/Spth
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 1/16/2003
Date Added: 1/16/2003
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99968

 

Hi Rerun,

The answer to that is: No. All users have the same access to internet content as you or I--except we block some specific sites at our routers. Attachments aren't blocked, for example, because to do so would restrict functionality too much for our users. (More stress for me, though!)

www.wildlist.org

Check this site out. It will give you some eye-opening information on what malware are the biggest threats to you as a computer user.

No, it's not pointless. It's just not very likely that you're going to see them in day-to-day computer use.

Very true! But I'm sure that you'll agree that it's more important for your AV to be able to detect, oh, Swen, or CIH for example, than a virus that installs Tetris or a bunch of German folk tunes on your computer...

You're right about that! Be comfortable with whatever you use.

 

@sig


Radex is out there here is version .h

http://forum.gladiator-antivirus.com/index.php?showtopic=7455&st=0&#entry29884

 

Stoned, I previously noted, is in NOD's db, but it is a family of viruses with many variants. Again, courtesy of McAfee:

Name: Stoned
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 2/1/1988
Date Added: 2/15/1988
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1169

Only Bolzano I found in McAfee's DB:
Name: W32/BOLZANO.L
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 9/16/1999
Date Added: 9/20/1999
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10363

: JS/Germinal
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 7/14/2001
Date Added: 10/2/2001
http://us.mcafee.com/virusInfo/default.asp?id=alphar

We found no records matching the following criteria:
Virus name containing "Winsurf".

Name: W32/Idele
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 1/10/2001
Date Added: 1/18/2001
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=98977

We found no records matching the following criteria:
Virus name containing "Zhymn".

Name: Cannabis
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 10/1/1991
Date Added: 10/15/1991

For Zombie:
Name: Zombie.747
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 7/1/1993
Date Added: 7/15/1993
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1435

We found no records matching the following criteria:
Virus name containing "Renegy".

We found no records matching the following criteria:
Virus name containing "Funtime".

For "Trivial":
Name: Mini-45
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 4/1/1991
Date Added: 4/15/1991
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=792

 

Thanks, Primrose, but I can't seem to pull up the site right now. I'll check on it later.

Problem with the differences in nomenclature between AV's is one can't always tell if one's found the right description for the target bug. Some sites like Symantec's cross reference but even then may not have the exact name referenced so it can be difficult to tell.

 

@sig

Well actually he has a typo....it is called randex...

 

McAfee has a bunch of Randex, all low threat assessment.
(Link won't work for search results.)

There may be still some real doozies in the test in terms of likely threat, but so far my "random sample" hasn't seemed to find them, at least according to McAfee which appears to categorize the ones I found as "low threat." So people can make up their own minds in how concerned they should be or what they want to use.

 

Oh my goodness...going to have need of Symantec..


http://www.symantec.com/avcenter/venc/data/w32.randex.h.html

 

LOL
Symantec's threat assessment: Low. Which in their terms means:

Wild:
Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low

 

Well, LWM, I think we may have detected a definite trend among the test samples. But for further brevity's sake, I won't ask FireFighter to provide us with a statistical analysis.