The Best AV heuristic analyzer poll

Discussion in 'polls' started by Technodrome, Feb 13, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Well here is the poll for The Best Antivirus heuristic analyzer. Post your comments or whatever you want...

    Technodrome
     
  2. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    DrWeb32's heuristic produces some false positives and KAV's heuristic is too cautous for me. So I choose NOD32. :)

    wizard
     
  3. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Did you try the latest version from DrWeb32 o_O?

    False positives from DrWeb were common in 4.xx-4.19 (if memory serves me right). There has been a great improvement over past DrWebs versions...

    Technodrome
     
  4. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Last one I tried was 4.27a. At the moment I am a little bit unhappy with the DrWeb/Dials people. They do not answer my emails. :(

    wizard
     
  5. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,098
    IMHO, NOD32 tops the pack you have select in heuristics scanning.

    Just my two cents...

    -javacool
     
  6. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    NOD32 is king.
     
  7. DrSeltsam

    DrSeltsam Guest

    Nothing of this above ... .

    trojans: F-Prot
    macro: F/WIN32
    dos: RHBVS
    scripts (VBS, CS, ...): RHBVS / f_mirc
    windows: PEHead (i don't know if ralph integrated it in RHBVS so far)

    Nod32 causes some false postives with dos files and misses many script viruses.

    By the way, f_mirc and rhbvs did a complete analysis of the found malware, too :eek:).

    Adieu, Andreas
     
  8. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    The heuristic of f-prot for trojans is nice indeed but has a big problem. When the trojan is packed or crypted there is no chance for the heuristic. For (backdoor-)trojans TDS-3 might be the better choice because heuristic rules also apply to process memory scanning.

    F/Win32 is outdated. The product is not developed any longer. Last version is from April 2000. It was a good product. For macro viruses heuristic I would vote for NOD32 at the moment.

    For script malware Wormguard is my favourite choice.

    wizard
     
  9. DrSeltsam

    DrSeltsam Guest

    >F/Win32 is outdated. The product is not developed any
    >longer. Last version is from April 2000. It was a good
    >product. For macro viruses heuristic I would vote for
    >NOD32 at the moment.

    *lach* - there weren't any big changes in the macro virus developement since 2000 ;o). You may try it. The F/WIN32 heuristic is still the best.

    >For script malware Wormguard is my favourite choice.

    Do you ever compared f_mirc/RHBVS with wormguard?

    Adieu, Andreas
     
  10. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    So, is DrWeb Russian code?
     
  11. DrSeltsam

    DrSeltsam Guest

    Yes - Headquarter is in St. Petersburg as far as i know.

    Adieu, Andreas
     
  12. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Hi Andreas,

    Thanks for reply. Did some Googleing - here's some company info:

    http://www.dials.ru/english/company/home.htm

    Regards,
    Blacksheep
     
  13. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    The official homepage for DrWeb seems to be:

    St.Petersburg antivirus laboratory by Igor Daniloff
    (SalD Ltd.)

    http://www.sald.com/

    wizard
     
  14. DrSeltsam

    DrSeltsam Guest

    as far as i know its sald.com :eek:).

    Adieu, Andreas
     
  15. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Thanks for sald link - added to bookmarks.

    I must try DrWeb soon...

    Regards,
    Blacksheep
     
  16. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Official site for DrWeb is http://www.dials.ru/english/home.htm

    http://www.sald.com is distribution site!!!

    Technodrome
     
  17. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Dials is a very suspicious company. They do not answer any of my emails. So they would not gain a new costumer. :(

    wizard
     
  18. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    They need more English-language speaking people!!!!  :'(

    You should try German site (in English) http://drweb.imshop.de/index1.asp?sprache=en

    Maybe there is still hope for them  ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.