SAS not detcting Sub7??

Discussion in 'other anti-malware software' started by ChrisP, May 30, 2008.

Thread Status:
Not open for further replies.
  1. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    Just for a laugh, I downloaded sub7 to see how SAS responded - and to my horror, it does not detect it! i scanned server, editserver and subseven - and nothing!
     
  2. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,090
    Location:
    West Chester Pennsylvania.
    What is sub7o_O
     
  3. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    Subseven - the worlds best known trojan - old and easy to detect.
     
  4. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Before you check MBAM does not detect this either .

    I removed this from a girlfriend's computer in 1999 .

    If this actually has a live source still please post it or PM it to me .

    If the only way to contract it is to download a malware archive and install it then I am not interested .

    If I remember correctly this also patched exe files , if that is the case here you should be testing it against antivirus software .
     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,594
    Location:
    Last Breath Farm
    If you fellows won't include out of circulation threats in your detection database (And why is that? Because they take up too much room?), would you consider creating an option in your program where users can download an auxiliary "antique detection database" wherein we are protected against threats from 1999?

    I am hearing quite a lot from developers saying something got past a security program because it is old. Well, isn't that essentially a vulnerability in your software?

    In other words, you once had the threat detection covered, then you said, let's drop it because it is hardly ever seen? What is the problem with keeping the threat detection in place?
     
    Last edited: May 30, 2008
  6. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    thanks for the info i have learned over time to not jump the gun over things like this i use both AS and kinda had the filling it was AV related and not AS related.
     
  7. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Got past a scanner when you downloaded it from an old archive <> got by a scanner after an exploit dropped it yesterday , not even close .

    Its about effective time management and not lieing to our customers . Padding defs with millions of obsolete defs is not honest and does not protect the user .

    Answer this honestly . I take a month off from real time research and instead research malware from 1998-2002 . I , in that month , add detection for millions of variations of infections from that time period . Next I make a big deal about how MBAM detected millions of threats and even have screenshots of us detecting 99% of samples from that time period . At the end of that month would I be a dishonest bastard trying to exploit information to make a $ ? I think so . Would our users be protected from malware that came into existance in that month , not a chance .

    Don't worry though , I will not be doing that .


    EDIT :

    We do not delete old defs BTW .
     
  8. hammerman

    hammerman Registered Member

    Joined:
    Jul 14, 2007
    Posts:
    283
    Location:
    UK
    Can't argue with that really. As a user, I would prefer you work on defs for malware which I have a higher probability of catching.
     
  9. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    Its unforgivable that something like SAS does not detect this. The argument that its an old trojan does not stand up.

    In my opinion, this goes to show that dedicated malware scanners are a waste of time and much less able to detect these nasties than mainstream AVs.

    I have seen review after review where SAS gets poor reviews or where it is beaten by several other scanners. It seems that if anyone remarke on its poor performance they get attacked with some argument about the test having faults.

    Im sure SAS has some wonderful scanning technologies etc, but the fact it fails to spot this trojan has made me loose all faith in it. What else doesnt it detect?

    My license expires in about 30 days. Why should I bother renewing it?

    I would like to see a test where a normal AV like Kaspersky, F-Secure or Norton is pitched against dedicated AMs in detecting non viral nasties. Based on my experience of SAS, I know which ones I would put my money on
     
  10. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    if a person looks at post #4 it's not detected because it's the job of your AV not the job of AS/AM in that case would it not be the same ? why did the AV not detect it.
     
  11. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    F-Secure detected it. Strictly speaking, its NOT the job of an AV to detect this since it is a trojan and NOT a virus.
     
  12. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    you was protected no harm no foul i fill no less secure if my AS does not detect some thing but my AV did thats why i have them both.:D
     
  13. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    You are missing the point. The only function of AMs is to detect trojans and non viral malware. They are not doing this properly.
     
  14. HyperFlow

    HyperFlow Registered Member

    Joined:
    Mar 21, 2008
    Posts:
    115
    No i'm not missing the point i just fail to see the point your trying to make. can you name one AV,AS,AM,AT or any Anti what ever that catches 100% of every thing new or old.if SAS did not stop it but your AV did whats the problemo_O :D
     
  15. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    Jesus, Im sick of idiots. Look SAS is an AM - it should detect TROJANS like one of the most famous in the world - SubSeven - but it does not. Its database is inadiquate.

    No, I cant name any AT that detects 100% of nasties. The fact is that SAS should detect SubSeven as every AV in the world does when it is not their job to do so.

    You, my friend are a prime example of the idiots who come up with the same pathetic arguments supporting badly performing AMs.


     
  16. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    It is not that hard to make a scanner that catches 95% of legacy malware and takes 3 hours to do a scan while missing all the malware that came out within the last week .

    Antimalware is about blocking what you have the ability to be infected by with normal computer use today .

    Reading through this thread I get the feeling that some people might think SpyBot is better than SAS and MBAM because it has better defs for malware that existed years before SAS and MBAM existed .


    A simple search on HJT forums will quickly show that SAS and MBAM are used to disinfect computers , not SpyBot even though all three can scan and remove for free .
     
  17. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    "It is not that hard to make a scanner that catches 95% of legacy malware and takes 3 hours to do a scan while missing all the malware that came out within the last week "

    Completely false and illogical argument.

    1) AVs detect viruses AND malware (inc legacy) etc, yet dont take that long to scan.
    2) AMs are made by small businesses that employ very few people and dont have the resources to add defs or analyse malware, whereas the AV cos employ hundreds of people and so have the resources to do this.

    Explain to me how it is that the main AVs detect more non viral malware than AMs and also detect thousands of viruses that the AMs dont, and yet scan as fast.

    Im 99% sure a major AV like F-Secure will pick up new threats faster than any AM and be better at detecting them.

    Its arguments like yours that help make my mind up - AM software is a waste of time.
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    53,069
    Location:
    Texas
    Let's keep the discussion on an even keel without personal potshots and stay on the topic. "SAS not detcting Sub7??"
     
    Last edited: May 30, 2008
  19. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    Wilders is not the place it was. Quality of members has dropped.
     
  20. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    People like you are why I stay up till 4 AM working on defs for MBAM , thanks for the motivation . :thumb:

    You may be upset that an old infection got by a new scanner but I bet that both MBAM and SAS have detections for new malware that every scanner you do have faith in miss .
     
  21. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    From what I have seen, you add defititions based on what people think is nasty because they dont like the vendor (see thread on EE) and not on weather the app is actually malware.

    You stay up til 4 to make money, the same as me. If I were you, I would give up as you and SAS dont seem to be doing too well.
     
  22. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Hop on google and start telling everyone that they are wrong , you have a long list so you had better get started . :thumb:

    Me , ill get back to making MBAM great , sorry we cant see eye to eye .
     
  23. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    The bottom line is, I wont be giving SAS any more of my money and I wont purchase an altrtnative AM. I have F-SEcure at the moment and will use this until the new version of KAV comes out - as I have a license for this, but the current version is too slow, but new version is fine.

    AM = waste of time. End of argument
     
  24. ChrisP

    ChrisP Suspended Member

    Joined:
    Jun 6, 2003
    Posts:
    447
    Location:
    UK
    What on earth are you talking about? Tell "everyone" they are wrong.

    Its you who are wrong and the few who believe in your snaik oil. Shouldnt take me more than 5 minutes.
     
  25. kencat

    kencat Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    47
    Location:
    Ontario, Canada
    .....for you.

    As for me, I understand the limitations of the smaller companies, and therefore accept their business model of providing protection for current malware within the scope of their model for the software. As long as it is understood, then users can plan their security software layout appropriately. I have learned from my brief time here at Wilders that one security app cannot "do it all".

    This thread has brought to light interesting information as to how some software developers approach their business, which helps in understanding those software and how different approaches are taken.

    I don't care that SAS or MBAM do not detect this old-timer trojan. I will use them for their strengths, and find other products that fill in the spaces. We should be thankful for the efforts put forth by all the private developers out there, past, present and future, otherwise......well, who knows.

    Keep up the good work dudes (you know who you are) :thumb:
     
Thread Status:
Not open for further replies.