The Best AV heuristic analyzer poll

Discussion in 'polls' started by Technodrome, Feb 13, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Well here is the poll for The Best Antivirus heuristic analyzer. Post your comments or whatever you want...

    Technodrome
     
  2. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    DrWeb32's heuristic produces some false positives and KAV's heuristic is too cautous for me. So I choose NOD32. :)

    wizard
     
  3. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Did you try the latest version from DrWeb32 o_O?

    False positives from DrWeb were common in 4.xx-4.19 (if memory serves me right). There has been a great improvement over past DrWebs versions...

    Technodrome
     
  4. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Last one I tried was 4.27a. At the moment I am a little bit unhappy with the DrWeb/Dials people. They do not answer my emails. :(

    wizard
     
  5. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    IMHO, NOD32 tops the pack you have select in heuristics scanning.

    Just my two cents...

    -javacool
     
  6. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    NOD32 is king.
     
  7. DrSeltsam

    DrSeltsam Guest

    Nothing of this above ... .

    trojans: F-Prot
    macro: F/WIN32
    dos: RHBVS
    scripts (VBS, CS, ...): RHBVS / f_mirc
    windows: PEHead (i don't know if ralph integrated it in RHBVS so far)

    Nod32 causes some false postives with dos files and misses many script viruses.

    By the way, f_mirc and rhbvs did a complete analysis of the found malware, too :eek:).

    Adieu, Andreas
     
  8. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    The heuristic of f-prot for trojans is nice indeed but has a big problem. When the trojan is packed or crypted there is no chance for the heuristic. For (backdoor-)trojans TDS-3 might be the better choice because heuristic rules also apply to process memory scanning.

    F/Win32 is outdated. The product is not developed any longer. Last version is from April 2000. It was a good product. For macro viruses heuristic I would vote for NOD32 at the moment.

    For script malware Wormguard is my favourite choice.

    wizard
     
  9. DrSeltsam

    DrSeltsam Guest

    >F/Win32 is outdated. The product is not developed any
    >longer. Last version is from April 2000. It was a good
    >product. For macro viruses heuristic I would vote for
    >NOD32 at the moment.

    *lach* - there weren't any big changes in the macro virus developement since 2000 ;o). You may try it. The F/WIN32 heuristic is still the best.

    >For script malware Wormguard is my favourite choice.

    Do you ever compared f_mirc/RHBVS with wormguard?

    Adieu, Andreas
     
  10. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    So, is DrWeb Russian code?
     
  11. DrSeltsam

    DrSeltsam Guest

    Yes - Headquarter is in St. Petersburg as far as i know.

    Adieu, Andreas
     
  12. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Hi Andreas,

    Thanks for reply. Did some Googleing - here's some company info:

    http://www.dials.ru/english/company/home.htm

    Regards,
    Blacksheep
     
  13. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    The official homepage for DrWeb seems to be:

    St.Petersburg antivirus laboratory by Igor Daniloff
    (SalD Ltd.)

    http://www.sald.com/

    wizard
     
  14. DrSeltsam

    DrSeltsam Guest

    as far as i know its sald.com :eek:).

    Adieu, Andreas
     
  15. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Thanks for sald link - added to bookmarks.

    I must try DrWeb soon...

    Regards,
    Blacksheep
     
  16. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Official site for DrWeb is http://www.dials.ru/english/home.htm

    http://www.sald.com is distribution site!!!

    Technodrome
     
  17. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Dials is a very suspicious company. They do not answer any of my emails. So they would not gain a new costumer. :(

    wizard
     
  18. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    They need more English-language speaking people!!!!  :'(

    You should try German site (in English) http://drweb.imshop.de/index1.asp?sprache=en

    Maybe there is still hope for them  ;)
     
Loading...
Thread Status:
Not open for further replies.