Question for Vlk

Congrats on a job well done on Avast's #1 showing on the the best mac malware test as of yet.

How can Avast improve it's detection rate on partial malware files linked into system location as per the how Intego 2013 beat all the others in finding partial malware in these key spots or "real world spots" not just a file filled with malware on the desktop of OS X.

IS Avast looking it bring up it's score in detection in this key area, in the future?


https://www.wilderssecurity.com/showthread.php?t=354208.


.

 

Hi Blueshoes,

I'm sorry but I don't understand what you mean... Can you please be a bit more specific? What do you mean by partial malware, exactly?

Cheers
Vlk

 

He/she probably means the "trace" detection.

 

Thanks inside out, yes like he said, trace detection. Intego 2013 has the best trace detection. See the test in the link I posted and the tester gave exact locations of the trace malware and the malware name, what appears to be in "real world" locations and not in a file on the desktop with a right click engagement.

http://securityspread.com/S0urce/LatestDetectionRates.pdf



1) Will Avast be trying to improve its detection rate in this area.

2) Can you explain to me why when there are only hundreds to low thousands of Mac malware samples out there and if you are an AV developer with all the money and access to ALL the malware holding/sniffing organizations like Virustotal and VirusShare and many of the other Mac malware researchers that would be happy to give AV companies malware samples to the AV industry.


Why do so many of AV's miss the 300 well known Mac samples in the test I have linked. Bitdefender did horrible and we all know it is a top tier AV program. This above comment does not relate to Windows based malware because there we are talking 20 million variants. All or most of the testers 300 samples came from VirusShare. Shouldn't all AV vendors have the MD5 hashes of the malware and shouldn't they all have caught at least 98% of them?

Using Blue Coat Systems as an example of the use of automation to copy fresh malware URLS/IP's Just like enterprise filtering Blue Coat Systems, don't you think they have automated scripting to copy and paste in all the new MalwareDomainLists dot com lists of URL/IPs of the malware links posted on their site daily to block them? Why wouldn't say Bitdefender use scripting to copy all Virustotal and VirusShares Mac malware and get 98% just like you guys did?

I can see missing Windows based polymorphic malware and new daily malware when you get 30 to 50,000 new samples a day. But OLD rock solid Mac malware that has been known for years in some cases are missed by some of the best in the industry. WHY? Isn't that a "simple" engineering way to get usable Mac malware definition if you were an AV company ? (VirusTotal/VirusShare)

I know there is way more to this then I get. But can you explain to me why top names (not you guys, your won the #1 spot) missed so so much with very old very well known Mac malware that is "common place" in the industry.

.

 

It looks like Intego did some extra work on the definitions after I talked to them about this test. Intego took over the #1 spot.