Why those big three are so lazy in updates?

You cannot expect 100% perfection. But good response times on analyzing and spreading that signature can prevent any further infections worldwide.
Technically speaking all users are connected into huge immunization system.
One gets nailed, sends the sample to test lab, they make a cure, all others get innoculated. Should we start blaming medicine because they're incapable of providing us 100% health without ever getting the smallest minor flue? Human body works in a behaviour blocking way. You might catch some disease once. But when you get better immune system is most probably already immune to that. But most of the time its reactive (thats when you get high body temperature).
But behavior blocking won't work if you don't define rules regarding whats bad and what is not. And that happens over time. With each submission each user would make it would guarantee itself for not getting that very same file ever again. Bad side of this is most people don't. And thats where we come in. Those who work with these things daily, hourly, minutely worldwide.
Now, ESET is taking quiet huge step into this philosophy of detecting malware in both ways and i really admire that (proactive based on reactive), while Kaspersky Lab for example takes the reactive path to the maximum by providing excellent reaction times and time that takes from getting the sample to making the cure and spreading it among people,filling the gap same way doctors do with cures for that nasty flue. BitDefender did not so long ago, Kaspersky will very soon fill the proactive gap...
I just wonder when the "big" ones will do something similar...

 

When they have to.....not before, innovation usually comes from small companies, the big companies then purchase them and use their technology, thats often how things work out.

With regards the the OP's question, there is still no real excuse for why the big three don't release update with regular intervals 24/7 as viruses are analysed, they can easily do it and despite how BigC feels regarding this, i'm quite sure their costumers would appreciate a more constant flow in signature releases, nobody's saying they should release hourly updates, but 6-8 updates spread evenly over 24 hours would not exactly be a bad thing.

 

Most PC users are not very sophisticated about AV protection. They don't switch from "brand name" AV solutions unless something bad incapacitates their PCs.

The big boys stay on top because
-advertising
-their products are functional
-they get a constant stream of new customers in the form of pre-bundled software on new PCs


To appeal to the majority of the users, their products must be simple to use. Install it and forget it works best. Innovation and cutting-edge performance are low on the priority list. The users, of course, must pay a premium for the product to offset the cost of advertising.

 

There would be some truth in this folks, but when the so called big boy of the virus protection programs is the one responsible for screwing up your system you go looking for an alternative. This is exactly what happened to me almost seven years ago. I haven't looked back since, and have gained a bunch of knowledge in the mean time. I still have many more questions however. This is how I came to find out about Wilders also.

Thanks
Wildman

 

I think that all these philosophies above and their combo's works somehow even today.

I've just achieved the 5 x 100 pole in my new journey in Jotti's.

FF av-test 5 x 100 from Jotti's 17.-22. Nov. 2005:

All samples in these snapshots are NOT with "ZIP", "RAR", "CAB" format (most of all are with "EXE" format) or those "COM" format, that are actually old DOS snapshots.


Checked as viruses/worms!

Total ------- Set 5 ----- Set 6 ---- Set 7 ----- Set 8 ----- Set 9

_6.6 % ----- _6 % ----- _5 % ----- _4 % ----- _8 % ----- 10 %

==============================================================================

Jotti's detection rate!

Total ------ Set 5 ----- Set 6 ----- Set 7 ----- Set 8 ----- Set 9

69.0 % ----- 68 % ----- 70 % ----- 62 % ----- 75 % ----- 70 % -- Kaspersky
67.0 % ----- 69 % ----- 69 % ----- 62 % ----- 69 % ----- 66 % -- DrWeb 4.33
66.4 % ----- 62 % ----- 66 % ----- 77 % ----- 65 % ----- 62 % -- Vba32
55.4 % ----- 51 % ----- 54 % ----- 54 % ----- 58 % ----- 60 % -- NOD32
48.6 % ----- 43 % ----- 46 % ----- 47 % ----- 54 % ----- 53 % -- BitDefender
40.8 % ----- 43 % ----- 32 % ----- 39 % ----- 48 % ----- 42 % -- AntiVir
40.8 % ----- 46 % ----- 37 % ----- 26 % ----- 52 % ----- 43 % -- Fortinet
35.2 % ----- 32 % ----- 35 % ----- 24 % ----- 37 % ----- 48 % -- ArcaVir
31.0 % ----- 32 % ----- 33 % ----- 25 % ----- 40 % ----- 25 % -- AVG
28.4 % ----- 31 % ----- 32 % ----- 18 % ----- 30 % ----- 31 % -- Norman VC
28.2 % ----- 30 % ----- 24 % ----- 27 % ----- 31 % ----- 29 % -- ClamAV
22.4 % ----- 27 % ----- 23 % ----- 18 % ----- 23 % ----- 21 % -- F-Prot
19.0 % ----- 21 % ----- 22 % ----- 17 % ----- 15 % ----- 20 % -- Avast
_8.8 % ----- _9 % ----- _8 % ----- _9 % ----- 10 % ----- _8 % -- UNA

================================================================================

Here are those ProActive like detections.

ProActive (heuristics + behaves like + based + BACKDOOR.Trojan + DLOADER.Trojan+ DLOADER.IRC.Trojan + GenPack: + MULDROP.Trojan + STPAGE.Trojan + Win32:Trojan-gen + WIN.IRC.WORM.Virus + gen/generic + modified + probably + variant etc.) detection:

Total ----- Set 5 ----- Set 6 ----- Set 7 ----- Set 8 ----- Set 9

33.6 % ----- 30 % ----- 34 % ----- 33 % ----- 33 % ----- 38 % -- NOD32
14.0 % ----- _7 % ----- 16 % ----- _9 % ----- 18 % ----- 20 % -- DrWeb 4.33
11.8 % ----- 12 % ----- _9 % ----- _9 % ----- 11 % ----- 18 % -- BitDefender
_9.8 % ----- 10 % ----- _9 % ----- _9 % ----- 14 % ----- _7 % -- F-Prot
_8.0 % ----- 10 % ----- _8 % ----- _5 % ----- 11 % ----- _6 % -- AVG
_7.2 % ----- _8 % ----- _7 % ----- _6 % ----- _7 % ----- _8 % -- Avast
_6.4 % ----- _7 % ----- _5 % ----- _2 % ----- _8 % ----- 10 % -- Norman VC
_6.2 % ----- _8 % ----- _7 % ----- _8 % ----- _4 % ----- _4 % -- Vba32
_5.4 % ----- _5 % ----- _5 % ----- _4 % ----- _5 % ----- _8 % -- AntiVir
_4.2 % ----- _5 % ----- _3 % ----- _2 % ----- _6 % ----- _5 % -- ArcaVir
_2.4 % ----- _1 % ----- _1 % ----- _2 % ----- _6 % ----- _2 % -- Kaspersky
_0.8 % ----- _1 % ----- _1 % ----- _1 % ----- _1 % ----- _0 % -- Fortinet
_0.4 % ----- _0 % ----- _1 % ----- _0 % ----- _1 % ----- _0 % -- ClamAV
_0.0 % ----- _0 % ----- _0 % ----- _0 % ----- _0 % ----- _0 % -- UNA

================================================================================

Here are those ProActive like detections from those files MISSED BY SIGNATURE.

43.0 % -- NOD32
29.8 % -- DrWeb 4.33
18.7 % -- BitDefender
15.6 % -- Vba32
11.2 % -- F-Prot
10.4 % -- AVG
_8.4 % -- AntiVir
_8.2 % -- Norman VC
_8.2 % -- Avast
_7.2 % -- Kaspersky
_6.1 % -- ArcaVir
_1.3 % -- Fortinet
_0.6 % -- ClamAV
_0.0 % -- UNA

PS. At least ArcaVir and maybe UNA, were not capable to use their (best) ProActive methods in Jotti's. Those av:s that were in the top 5, were also very frequent updaters or have excellent ProActive methods or both of them.

It seems to be so that Kaspersky is making a small gap!



Best regards,
Firefighter!

 

Cmon, do you have to use Jotti results? I mean they're worthless no matter how often you were taking snapshots...

 

After trying other's i went back to TM 2004 ..strangest thing b4 trend my cpu at night used to go off..like someone was doing something now i put trend back on with firewall..Suprise the CPU @ night when im not on it is quite as a mouse!!! I love TM 2004 always have Might go to the 2006 but 2004 duz what i need..and I double check with KAV online scanner never finds nothing..... U can do a pc security check here... http://www.hackercheck.com/?mode=c Think that's new..anyhooooo Im happy with TM R MD

 

Obviously you already know how to evaluate better av:s against the new all kind of malware?

PS. If the results were other what you wanted, why just pick up your own snapshot collection by collecting only those snapshots your favourite picks up? It's 100 % proof!

Best regards,
Firefighter!

 

Don't underestimate RejZoR. As far as i can tell he has more expierence (in AV general) than most of the other posters in this thread.

 

I'm just trying to say that ALMOST every av-test has something add value to bring up, WORTHLESS, brings me thinking more like computer terminology in this case, 1 or 0, black or white, unfortunately, this world isn't that simple my friends.

Best regards,
Firefighter!

 

It should be taken into consideration that a lot of files submitted are false positives. Advanced heuristics is quite smart to distinguish between functional and non-functional samples, however, this does not work 100% and a very low percentage of corrupted files may still be flagged by AH.

 

Still I presume, that THE VAST MAJORITY of these snapshots were taken after some people have met problems, so where is the beef?

Actually, there were not so many snapshots, when some of these TOP 5 av:s detected some sample as ONLY av.

Found by TOP 5 av:s ONLY:

Total -------- Set 5 ---- Set 6 ---- Set 7 ----- Set 8 ----- Set 9

_4.0 % ----- _1 % ----- _3 % ----- 11 % ----- _0 % ----- _5 % -- Vba32

_1.8 % ----- _1 % ----- _3 % ----- _2 % ----- _2 % ----- _1 % -- DrWeb 4.33

_1.8 % ----- _2 % ----- _0 % ----- _1 % ----- _5 % ----- _1 % -- NOD32

_0.6 % ----- _1 % ----- _0 % ----- _0 % ----- _2 % ----- _0 % -- Kaspersky

_0.0 % ----- _0 % ----- _0 % ----- _0 % ----- _0 % ----- _0 % -- BitDefender


Best regards,
Firefighter!

 

A bit later on this conversation, but...

I think that the major problem of the big companies is that they have a lot of users to mantain their profit, but unhappyly they didn't care much about them...

Happyly, exist "small" companies, in size not in quality, that are growing very well and put their users in the first place and this should be the way that all the companies, of every product, should work...

 

I totally agree!

But to be honest, the quality of those small companies is the ONLY way to survive!

Best regards,
Firefighter!

 

Right, and hope that they continue with this way of working

 

I know what you're saying. Earlier I saw an advert on TV for a well-known computer store here in the UK, and one of their offers was for a PC bundled with a Symantec product. The yellow box was unmistakable!

 

I am always late to the conversation .

Jumping into the NAV part of this. This was my experience.

Postives:
NAV kept my machine clean when I used it. It never failed to scan on time as instructed. It was easy to load and I never noticed that it was longer to load then anyother AV.

Negatives:
LiveUpdate problems from time to time Large footprint on Hard drive compared to others (minor issue for me). Resource hog compared to others took to much RAM. Difficult to uninstall. Left stuff everywhere.

All above experiences are with NAV 2004 and earlier.

It has been my experience dealing with users: They are not like most of us keeping up on all of this. They just want something to keep their system clean and running. If it comes with NAV or what ever they will keep using it rather then switch. Sure BigC is correct users are smart enough to move on if they have a bad experince. They will look else where and word of mouth is very powerful advertising too.

I don't subscribe to the theory that the big three are lazy.

 

For anyone interested, Eugene Kaspersky has an interesting article about the AV industry as a whole, which includes a section showing the annual turnover of different AV companies. [See: here]

With reference to the top 3 under discussion here, he quotes the IDC giving their annual turnover in $m for 2003 and 2004. They sure do make a lot of money!

 

And who said having a decent product with good advertising doesn't pay off

 

Reference the article linked by TonyW... Mr. Kaspersky wrote in part...

Ohhhh YEAH!!!

Seriously though, folks -- this was a very illuminating article. Many thanks to TonyW for calling it to attention.

I am happy for av-comparatives because of the well-deserved recognition they received in the article. VirusBulletin also received *recognition* (of a sort).

Mr. Kaspersky also wrote...

It makes me happy that my front-line AV (DrWeb) is a "third-tier company" -- hopefully big enough to survive, but small enough not to raise a major blip on the radar scopes of the hackers.