Dr Web

Discussion in 'other anti-virus software' started by trjam, Sep 21, 2010.

Thread Status:
Not open for further replies.
  1. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I have been using it on 4 computers for a week and a half. I have no complaints and some surprises. I test like most here with my own crappy malware but one thing that I found easy is Malwarebytes support forum. In it members post their new samples with their Virustotal findings for each AV. If you spend some time, and I have, it doesnt take long to see who stands out and who doesnt.

    It also will show which type of malware some do better or worse at. I know, I know, before you give me 500 reasons as to this and that, let me say for me, this is real world testing done, by a multitude of people. Not one testing site, not one set of samples. I like it. My surprise is Dr Web.

    It is coming in very well in finding even new samples that say only 6 others detect. Trojans are its specialty. This isnt earth shattering news, but it does confirm what I had started to believe and that is this vendor is making strong strides in malware protection. I see it. I know it. A pleasant surprise for this paying and satisfied customer.:thumb:
     
    Last edited: Sep 21, 2010
  2. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,530
    Location:
    St. Louis, MO
    Gald you like it. I have been happy with this AV for 4 or 5 years now.
     
  3. Montecristo

    Montecristo Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    72
    I agree with you trjam. I have always had good results with the Dr Web engine. Kudos.
     
  4. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Dr web is one of my favorite.
     
  5. SergM

    SergM Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    236
    Location:
    Saint-Petersburg Russia
    From your signature of it does not follow. :D
     
  6. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    don't go by signatures...or avataars.....they are hourly at times:p
     
  7. Sjoeii

    Sjoeii Registered Member

    Joined:
    Aug 26, 2006
    Posts:
    1,240
    Location:
    52?18'51.59"N + 4?56'32.13"O
    Interesting to see you stay this long with an AV. Is it that good?
     
  8. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    This has been flogged to death and made undead before.

    Just because some AVs in Virustotal flat file scan flagged some file that does not necessarily mean its malicious. It could be a damaged file or even an FP. I think a few months ago Kaspersky conducted an experiment on this Virustotal FP problem.

    IMHO, real world testing is done by almost anyone and everyone when they just do their normal work. If they stay un-infected then their security solution did its job, otherwise it failed.

    However, I respect your opinion and conclusion. I just don't agree with them.

    offtopic: I think at the end of this month AV-Test will release their 0-day malware test on XP machines. Will Dr.Web be in that test?
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    well I also respect your thoughts. My point is that I feel testing itself can be swayed in the direction you want it to be. Ok, lets says that yes, Dr Web is very good at zero day and say here is my proof. That doesnt mean it is true or isnt true. It is just one more site that tests and it does come out well.

    My point with Malwarebytes support forum it, yes some may be damaged files but most are real and the number of different people submitting makes it,at least to me, appear genuine.

    Long story short, Dr Web has gotten very good, others have to.
     
  10. SergM

    SergM Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    236
    Location:
    Saint-Petersburg Russia
    No. Look here or here (It's certainly very old test, but it nevertheless something shows)
     
  11. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    SergM: When will they release the new scan engine or new scanner?

    I'm hoping that it would improve scanning speed and detection. Currently avast5 full scan takes around 20 minutes, Dr.Web complete scan is around 2 hours. Both have heuristics enabled, archives enabled and "all files"
     
  12. SergM

    SergM Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    236
    Location:
    Saint-Petersburg Russia
    It at all an indicator. Look at quantity of the checked up objects (not files) in both AV.
    The new scanner I hope will make after New Year. It will be faster real. But terms can change. Now they became the sponsor of 7 winter Asian games 2011 http://news.drweb.com/show/?i=1294&lng=ru&c=5
     
  13. noblelord

    noblelord Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    162
    Location:
    UK
    I liked Dr. Web, but the one problem I had was slooooow scanning times. When I asked them about it, they suggested it was my laptop at fault. Not convinced about that, seeing as it has run other much heavier AVs previously. Was still a strong suite, though.
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    well if you were told that, they were wrong to imply it.

    Dr Web, like quite a few, takes awhile to scan, which really isnt a issue if you schedule stuff like that for the middle of the night. I also dont even scan anymore to be honest. I really never understood it. I figure if something opens itself, Dr Web will pop it.

    Also in line with what SergM said, fast doesnt mean better.;)
     
  15. noblelord

    noblelord Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    162
    Location:
    UK
    I tend to agree - but I scheduled the scan for 1m and it was still running at 10.30am. Too long for me to wait!

    Now using ESET and the whole thing is wrapped up under an hour.
     
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    sounds good. What matters is a product meets your needs. I honestly thought the Web was going hog my computers down and found out just the opposite. Pleasant surprises every day.:)
     
  17. noblelord

    noblelord Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    162
    Location:
    UK
    Indeed. I was actually very happy with Dr. Web's performance on my system, I found it very light. Was just the scan times that dragged it down. Would otherwise have shelled out for a yearly package or something.
     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
  19. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    Does Dr. Web have a behavior blocker or any other components besides signatures? Heuristic ability?
     
  20. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    The Origins Tracing™ technology has been added to traditional signature scan and heuristic analysis. It significantly improves detection of yet unknown viruses. Malicious objects detected using the new technology get the .Origin extension to their names.
     
  21. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Origins tracing: On completion of signature analysis, the Dr.Web anti-virus solutions use the unique Origins Tracing™ method to detect new and modified viruses which use the known infection mechanisms. Thus the Dr.Web users are protected against such viruses as notorious blackmailer Trojan.Encoder.18 (also known as gpcode). In addition to detection of new and modified viruses, the Origins Tracing mechanism allowed to considerably reduce the number of false triggering of the Dr.Web heuristics analyser.

    Heuristic analyzer: The detection method used by the heuristics analyser is based on certain knowledge about attributes that characterize malicious code. Each attribute or characteristic has weight coefficient which determines the level of its severity and reliability. Depending on the sum weight of a file, the heuristics analyzer calculates the probability of unknown virus infection. As any system of hypothesis testing under uncertainty, the heuristics analyser may commit type I or type II errors (omit viruses or raise false alarms).

    FLY-CODE technology: FLY-CODE is a unique universal decompression technology enabling Dr.Web to unpack data compressed with unknown packers. If there is a detection from FLY-CODE, it will notify as "Probably Trojan.Packed"

    SpiDer Guard also has a section called "Prevent suspicious actions", where you can select "Block autoruns from removable media" "Protect system HOSTS file" and "Protect critical system objects". I have no idea what the protect critical system objects actually means. I guess it will block access to some registry features or so.

    .. Then there are traditional signatures, and generic signatures
     
  22. LODBROK

    LODBROK Guest

    I've observed over time the zero day threats I download and run through Hitman Pro are flagged mostly by Dr. Web and G Data's engine A (BitDefender). Prevx and Ikarus rank pretty high, too. I don't have metrics; it's just what I've gotten used to seeing FWIW.
     
  23. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    I totally agree with that. Infact AVG or Avast conducted such a test to show that they detect something which no one detects.

    I wouldn't put much faith on user-conducted-tests for reasons stated earlier. But if you're happy with the product and if it kept you safe then I don't think there can be a better reason to keep on using it.

    I couldn't understand the 2nd link as it was completely Russian. As far as Shadowserver is concerned, BitDefender's result shows that there is something wrong with it. Can it be that bad?

    Russian AVs were good at catching trojans when viruses rampaged. Possibly they are still good (atleast KAV still is as per AVC) but I have trouble digesting the Shadowserver results. Maybe Dr.Web should start participating in AVC and AV-Test tests. :p

    Yes, scanning speed is poor. It definitely needs to improve.
     
  24. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,811
    Location:
    Kolkata, India
    Very true...:p
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    By no means am I implying one should rush out and buy Dr Web. It like all shoud be trialed to see if it meets your standards. Dr Web was given a bad rap here awhile back, not by the site, but by folks pushing it as the end all cure all. Times change as they do with all products. ShadowServer is not perfect, as all testing sites. Dr Web choses not to participate in some and that is between them and the testing organizations.

    It is a good product like a lot here and I find it is currently meeting, actually exceeding my criteria. It is very good at cleaning and yes scanning speed will be addressed at some point. But, no matter how easy it is to find good in a product, it is a lot easier to find fault. And that my friends is what we need to get past because different users have different criteria. Choose what you wish and be happy with it. That is all.:)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.