Sasser response times

http://www.pcwelt.de/news/viren_bugs/39734/2.html

Looks like NOD32 is excluded again?

 

Command AV detects A variant on May 1st and B and C on May 2nd. There could be a difference in time zone and dates though…
http://www.authentium.com/threats/analysis/VirusDetail.asp?RefNo=665

NOD32 detect B variant on May 1st and C on May 2nd.



tECHNODROME

 

OK, I feel compelled to add my $.02 worth of opinions right NOW:

1) As Technodrome pointed out previously in this thread, I don't think that the times/dates posted on the PC-Welt site are exact, BUT, they don't have to be; what IS important (to me, anyway) is the "relative order" of the products in website's vendor response table.

2) IMHO, the "relative order" of the AV products listed can be used to build a short-list of worthy AV products that can/will protect your critical computing systems. As an example, I typically run Dr. Web as my primary AV with it's on-demand scanning active; I run F-Prot, Extendia (AVK and RAV scanning engines), and Command AV as my backup/second-opinion scanners. After seeing the PC-Welt website data, I feel pretty darn good (i.e. safe) right now.

3) The commercial "main-stream buy-it-off-the-shelf" AV products (by such vendors as Symantec, Trend Micro, and McAfee) should be ashamed of themselves for taking WAY TOO LONG to post updates to detect/fix the Sasser virus, and this is not the first time (Wilder regulars: please back me up here) that they have responded poorly to address other global virus infections.

4) Congratulations to Bitdefender for being the first AV vendor to respond to the Sasser virus and for beating the other products by a potentially critical thirty minutes.

5) If any of your computers were infected by the Sasser virus even though you have/use an on-access AV product with current updates, maybe it's time to switch to a potentially better AV product. A major oil company (five letters - starts with "S") was severely hit by the Sasser virus to a degree that I cannot address in this forum; it was not a pretty sight.

6) If at all possible, stay current with security fixes to your computer's software products via Windows Update, and consider using its "auto-update" feature; I do. I use and recommend the free version of BigFix (www.bigfix.com); it's not bad and the price is right.

7) NO current AV product will catch 100% of virus infections 100% of the time. If you believe otherwise, I will sell you the Golden Gate Bridge for $1 plus some odd change.

Use layers of security products including firewalls, anti-virus, anti-trojan, and anti-spyware components; keep them updated. Bill Gates, the richest man in the world, once said that "PCs will be like toasters; you will just plug them in and they will make toast". I have a dream......

KDCDQ, Security Freak

 

Hi, kdcdq

TOAST be the operative word.

TheQuest

 

Your post is 90% misleading and meaningless!

Update times for Sasser are just more Scheiße from PCWelt!

Even if you have 20 updated anti-virus programs installed, without the Microsoft Critical Update installed, Sasser will still get you!

You sure do!

 

NOD32 can´t be included in the tests cause the signature updates are only available through the NOD32 interface. The tests are made with scripts that fetch updates from public ftp/ww sites afaik. See http://www.av-test.org/down/papers/2004-02_vb_outbreak.pdf for details.

 

>> Looks like NOD32 is excluded again?

> Looks like it; NOD32 databased Sasser.A May 1th 2004.

This was eminently predictable ... NOD32's "zero seconds" heuristic detection was deliberately omitted from an earlier "response times" article in PC-Welt ... even though the author was fully aware that NOD32 detected and blocked the virus on first sight, without needing an update.

 

> Update times for Sasser are just more Scheiße from PCWelt!

Sounds like you're a regular reader.

 

Quote TREllis: "Your post is 90% misleading and meaningless!"

My Response: Everyone is entitled to their own opinions. I must not have learned anything about computers & security during my 23 years in Computer Information Technology and/or by building/reparing/upgrading/trouble-shooting/networking PCs for the last 7 years.


Quote TREllis "Update times for Sasser are just more Scheiße from PCWelt!"

My Response: This is completely possible. I am in the process of trying to formulate my own "Sasser Response Table" like PCWelt did. When I finish, I will publish my own set of numbers with detailed explanations of exactly how the numbers were derived.


Quote TREllis: "Even if you have 20 updated anti-virus programs installed, without the Microsoft Critical Update installed, Sasser will still get you!"

My Response: This statement is partially true; 20 "bad" AV programs may not equal good security. The Microsoft Critical Update to prevent Sasser-like virus infections has long been available; I addressed this in my original post. Sasser did not "get" a lot of computers that were using updated security programs/environments.

KDCDQ, Security Freak

 

Doesn't really matter what the virus is - "zero seconds" heuristic detection really is the main point.

 

Did you set your system time to the correct year?
I mean does it show 2005 in the system try?
Coz you're replying here to a thread - exactly 1 year old

 

pmpl

 

....it took me a year to find it!