Virus Database Tool Idea:

Well, now we're agreed in the same point.

 

Well at least it ends in some kind of agreement.

Maybe this thread will have answers to some of the browsers in this forum. It could save us a few extra repetitive threads.

 

Well, I don't have a formal degree related directly to IT but I have been working with computers on and off from 1961 starting with the US Navy. I am older then dirt. I am a retired CFO and CPA and have been responsible for the Data processing departments with several companies. Also, as a hobby I ran several BBS systems for the fun of it before the Internet was available to most folks. Over the years I have used most of the AVs, Norton (when it was Norton), McAfee, F-Prot, etc. and started using KAV around 1998. I still use KAV on some machines but went to NOD on another box about 3 or 4 years ago when there was a problem with KAV and a Win2K beta. I have built a large number of PC systems over the years, again as a hobby, and overclocked a number of CPUs and video cards just for the fun of it to test the limits.

With this real world background and years of direct experience I am impressed with the advancement and improvement of NOD's AH to help detect zero-day threats.

 

I think all ChaosBlizzard wanted was simply a larger Db of Virus, and his point is if speed will not decrease / or resource will not increase by 1-2% than why not add more. There is nothing wrong with having larger db with Zoo Varient as an extended DB.

And others Belived that H is very mch needed, would the best idea would be Eset improve boh AH and have extended Db as well as Interface improvement

We can then have best of both world.

 

Ever use Norman on Windows 3.1?

If you are looking to gather more knowledge, there is a really good book written by Scott Mueller. It's about 1500-2000 pages of nothing but Computer information.

Also, was that version of KAV a beta? Or are you talking about a beta of Windows? In either case there were bound to be problems.

 

The speed would decrease. Not with all the power of today's computer systems. To top it off it's not only CPU speed that is increasing. I am not sure if you know yet or not, but they are replacing PCI with PCI-e. They have already begun to replace HDD technology with the next type.

I myself am using RAID and an SMP enabled machine.

 

I never used Norman on Windows 3.1. Basically used DESQview for the BBS with Norton or McAfee to check the uploads/downloads.

It was a problem with KAV and a W2k beta. No fault of KAV but I needed an AV and started using NOD also at that time.

 

I guess I'll weigh in on this and help feed the troll...

A little background. I am the administrator for a combination of approximately 2600 desktops, laptops and servers for my company. We have users in 17 different locations, across multiple continents, speaking a number of different languages. I've been in the PC arena since the TRS-80 Model 1, and have also used Norton, McAfee and a number of other AV packages over the years.

An exercise: If you assume that our standard PCs have (conservatively) 80,000 files per unit, and considering that we use MANY different software types, you can say that I'm responsible for 208 MILLION files. Probably more. In the time that we've been running NOD32 (a couple of years), I have had TWO false positives. Two. Zwei. Dos. Deux. (Insert favorite translation of "two" here). Let's do the math, eh? That comes out to a .0000009% FP rate, at least for my users. YMMV. Check my math, I may have a zero too many or few in there.

In that same period of time, NOD/AMON has triggered 12 times using AH, all on "Zero day" exploits or files that were later (usually by the next update) added to the database.

Now for some unasked-for advice:

ChaosBlizzard - Give it up and realize that there are people here who have been really, really patient with you who have been in this business since before you were born. Your constant "I know more that you because..."
a) "I have one year of Cisco training." Whoopee. Since when does Cisco training bestow AV knowledge?
b) "I've been teaching myself computers for 7+ years." Good for you. Do it another 10 - 20 years, then someone may care.
c) "I work as a computer repair technician" Whee. Been there, done that. Ten years ago.
d) "I have also repaired motherboards before using a soldering gun station" My 15 year old son solders, too. I used to build process control computers from a pile of discrete parts, a circuit board and a blank chassis. Sooo?
e) "I myself am using RAID and an SMP enabled machine" Wow. Considering that many, MANY motherboards come with "plug and RAID" functionality built in, that's nothing special any more. RAID 0, 1, 0+1, 5, 10, what? SMP enabled? It's got two processor sockets. Huzzah!

... stuff gets tedious after a few pages. The Wilders forums can be a great source of useful, pertinent, freely available information, should you decide to sit back and LISTEN every once in a while, instead of tooting your own horn.

BTW, ask your professor about S.M.A.R.T. HDD technology and whether or not you should wait until a drive actually fails before replacing it, or replace it when the device predicts it will fail? Isn't that relatively similar to heuristics?

Jack

 

Conclusion: We consider (at least many people that choosen NOD32) the heuristic as the most important thing. NOD32 is the only AV that has a good heuristic with few FPs.
Good points about heuristic:
-Zero day detection,
-Proactively detection,
-There's no need to get update to get protected.

I want to congratulate all people from Eset for their good work. I'm very happy to be a NOD32 user.

PS: If some people yet think that heuristic isn't the most important method of detection, I'm most sure that this will change in the future. A probe of that is that Eset is getting more clientes every day.
I think I post all of my points of view in that thread.

André

 

Very well said Anotherjack.

Cheers

Blackspear.

 

So you’ve worked with Computers starting when they were useless. Computers just started to get up there in the past 10 or so years. So working with a punch-card system and a vacuum tube system doesn't necessarily count as a Computer. I can say I used a Computer if I broke out the abacus. Would that make me more knowledgeable with an AV system? No it wouldn't, so your argument that you’ve worked with ancient systems somehow makes you more knowledgably than me can be thrown out right there.

If you secured your Networks to start with you wouldn't have to worry about if your AV's AH are good enough to protect your systems. Go tell your boss the Network you are protecting is in good hands because your AV can guess.

Why bother teaching myself something before 10 years to this date? It is all useless information. Go ask a current repair technician what a DIN connector is, let's see if they know what you’re talking about.

Yeah, by SMP enabled that doesn't mean it has two sockets and I am not using them. It's a shame you don't understand that I am using two processors. But just in case that didn't sink in... I am using two processors.

Regarding S.M.A.R.T, I would replace the drive before it completely fails. Although that shouldn't matter too much if you are smart enough to take backups of the data on your Network to start with.

Basically you have stated that my education is useless, which makes you more of an idiot that you claim me to be. Your just mad because "kids" like me are taking your jobs. Get use to it, as most "kids" are better at using a Computer than any other adult aged 30 or higher.

Congratulations on your ability to solder old outdated technology together and make a calculator out of it. The founder of the Apple company did more than that in one week than your did the entire time you were engineering.. If you want to call it that.

If you are so good at it, why don't you go build your PC from scratch? Maybe because that skill is useless for anything other than repair.

By the way, those are more FPs than anyone would care to have, two or not. That's like saying I only got shot twice, but that's just fine with me, because it was only twice...

What I have listed as my experience doesn't necessarily make it everything I have knowledge of. You assume too much.

You didn't say anything about programming, so I take it you can build hardware but have no idea how software works. So basically you have talked out your backside regarding software AVs. Seeming how you have only listed a bunch of blue collar experiences.

Go program and tell me how easy that is just because you have been work with PCs for a useless 20+ years. Being older means nothing in the real world. It just shows your ignorance that you used that as your entire basis to your argument.

I bet your 15 year old son knows more than you do.

Oh and seeming how you took my list of training as some kind of reference to AV software, let me break it down for you old man. That simply means I know what I am talking about in various technologies. This wasn’t some kind of reference to my high level knowledge regarding AV software. I thought such a high caliber individual such as your self would have gotten that part.

 

You said me that you know how program in VB? Please let me said you that VB is a language for lammers. A good language is ASM, C++, not VB or at least Delphi.
There's no people in the earth that can be an expert of hardware and software at the same time. That's impossible. The computer world had many sub worlds, each of them very complex. Unlike you, I probe my statements. One probe of that it's impossible, is that you aren't an expert of antiviruses. Think that FP only occurs with heuristic is false. this is the enought probe that you aren't an antivirus expert. I think you're so selfcentered. Please let me said you that selfcentered people doesn't have a good future.
Well, I've no time to waste in such type of thread. I think this thread is off topic. And as I said before, I gave all of my points of view.

André