My review of eXtendia AVK Antivirus System.

Discussion in 'other anti-virus software' started by Kobra, May 25, 2004.

Thread Status:
Not open for further replies.
  1. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,024
    Location:
    Christchurch, UK
    Yes, although your proxy scrambler seems to be working fine for some reason your level of expression of the English language seems to have regressed :rolleyes:

    Maybe you can hone your language skills on your home forum of 250k users before you post here again ;) :rolleyes:
     
  2. GermanKid

    GermanKid Guest

    i have friend translate before when i post before sending in the post but now i just type as I know how to type i am sorry i dont know what you mean about the other things you say but i try to type as the best I can
     
  3. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Blackcat and solarpowered candle, do you really think so? i think you should report this to Paul or LWM before issuing any remarks. i don't think its Kobra as he is much gentle and never boasted about anything. and NO i'm not Kobra.

    dear Firefighter, can you give me the link of this file? i never thought BD will be so ruthless. i hope you read my old post.
     
  4. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear GermanKid, don't worry about those messages. just register with this forum otherwise your username can be spoofed by someone.
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    Actually, it's rarely a good idea to guess at a person's identity online, simply because there are such things as coincidences and explainable similarities.

    Everyone is welcome to post here so long as they stay within forum TOS, and stay on topic to the thread they are in. So let's just keep going forward. ;)
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To AMRX from Firefighter!

    > dear Firefighter, can you give me the link of this file? i never thought BD will be so ruthless. i hope you read my old post.

    Actually u are right just now. I made my scan first over a week ago. According to VGREP, KAV is detecting that file just now.

    Thank's to KAV, the quickest updater ever!

    Unfortunately I can't show you the link, it's forbidden in here, but I can only say that the site was apparently Polish.

    But here are those files totally that KAV missed about a week ago, some of them seems to be now detected by KAV.

    Object: "Constructor.Kit.AVP4SRU.ZIP" in path "D:\Check\Infected_1378_eXtendia KAV_1272\Riskware_85\Constructors_26". Status: "Virus detected". Virus: "Tool:Win32/AVP4SRU (RAV engine)"
    Object: "Monitor.HomeKeyLogger.162..170.zip" in path "D:\Check\Infected_1378_eXtendia KAV_1272\Riskware_85\Keyloggers_2". Status: "Virus detected". Virus: "SpyTool:Win32/KeyLogger.AI (2x) (RAV engine)"
    Object: "kvpe01.zip" in path "D:\Check\Infected_1378_eXtendia KAV_1272\Riskware_85\Polymorphic Engines_28". Status: "Virus detected". Virus: "VBS/Generic2* (RAV engine)"
    Object: "SNAIL.ZIP" in path "D:\Check\Infected_1378_eXtendia KAV_1272\Riskware_85\VirTools_25". Status: "Virus detected". Virus: "MSIL.Gastropod (KAV engine)"
    Object: "Backdoor.Spyboter.cb.zip" in path "D:\Check\Infected_1378_eXtendia KAV_1272\Trojan like Malware_375\Backdoors & Trojans_277". Status: "Virus detected". Virus: "Backdoor:Win32/Spyboter (RAV engine)"
    Object: "VBS.Generic2.ZIP" in path "D:\Check\Infected_1378_eXtendia KAV_1272\Viruses_812\Other virii_30". Status: "Virus detected". Virus: "VBS/Generic2* (RAV engine)"
    Object: "Win32.Hybris.plugin.RAR" in path "D:\Check\Infected_1378_eXtendia KAV_1272\Viruses_812\Win32_292". Status: "Virus detected". Virus: "Win32.Mauz.a (7x) (KAV engine)"
    Object: "Win32.SQLSlammer.worm.ZIP" in path "D:\Check\Infected_1378_eXtendia KAV_1272\Viruses_812\Worms_354". Status: "Virus detected". Virus: "Win32/SQLSlammer.worm (RAV engine)"
    Analysis complete: 24.06.2004 23:59

    Best regards,
    Firefighter!
     
  7. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Firefighter, its important to see the same file that's being detected. i'll give you my email address when i get back to my system. i have to look at this file. i agree two heads are better than one but two heads can also cause trouble. you still haven't answered my question about AVP version. updates for KAV from AVK is one thing and updates for KAV from Kaspersky is another thing. so please don't confuse them.

    i think F-Secure and Symantec stopped detecting the PRO version as a trojan. they have solid reason.
     
  8. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    TO AMRX from Firefighter!

    It's impossible to say what does that 14 etc. in AVK (KAV) version be compared to those original Kaspersky versions. You have to ask from GDATA itself. GDATA has the keys to those KAV versions in eXtendia.

    Unfortunately I'm going to a weekend holiday, I'll be back on Sunday aftenoon local Finnish time.

    Best regards,
    Firefighter!
     
  9. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Firefighter, actually its possible and very easy. just locate the engine file and hovar your cursor on it to see the version. BTW wish you a great vacation. have fun and bring some shells for us.
     
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To AMRX from Firefighter!

    Not so easy I think. Because eXtendia is a GDATA product using KAV and RAV engines only licensed to them by Kaspersky and RAV, they are using their own codes, AVK.exe is so now 11.0.5.0 and their monitor service, AVKWCtl.exe is 2.0.0.0 etc.

    Best regards,
    Firefighter!
     
  11. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    Correct.
     
  12. Sandish

    Sandish Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    51
    Somehow it seems Extendia is a software recycler - they offer a "old" version of the AVK AV and add their label to it - i doubt they have the source for it. This would explain the partly poor support - they can solve problems that are already known and solved by GData, but if something new comes up they have to rely on GData - and i think GData is focused on the support of their most recent product. Does anyone know if Extendia has a own lab? I took a look on their site and the most recent virus alerts are from May 16, 2004. (i guess the signatures are more recent)
     
  13. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    There is some kind of relationship between eXtendia/boomerang and GDATA, more than licensing. There is nothing wrong with licensing software and making a private labeled version. Common practice in the software industry.

    Actually it's a good thing for GDATA (assuming all aspects of the customer experience are up to snuff so as not to detract from the brand. LOL GDATA support sucks anyway, so eXtendia support is keeping up with tradition). It pushes the brand and keeps revenue coming in for a product that was going to be phased out anyway.

    If you read through the thread, signature downloads are from Kaspersky and GeCAD.

    Boomerang seems to be focuses on B2B apps which is why consumer support is lacking. I don't think they want to create a super product, just bring in some extra revenue. They do have devs, but I don't think their primary task is AVK.
     
  14. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Sandish from Firefighter!

    > Somehow it seems Extendia is a software recycler

    There is nothing wrong with eXtendia's ability to detect viruses. Although the GUI is from older versions of original AVK Pro, it has the same scanning engine concerning KAV as the latest AVK Pro, AVK 14.0.1282, so it's the same as with McAfee. Using McAfee 7.03.6000 with the latest scanning engine, u are as safe as by using the last v.8.0.

    Best regards,
    Firefighter!
     
  15. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Firefighter, so you're saying that the Kaspersky engine is integrated in the AVK.EXE file? you don't see any KAV files? please don't confuse McAfee with Kaspersky. the McAfee engine is upgradable even if the product version stays the same. but for Kaspersky engine upgrade you have to overhaul the product. for example eScan uses the latest database structure but with the old engine. how can you say the latest AVK uses KAV 5 scanning engine?
     
  16. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To AMRX from Fitefighter!

    > how can you say the latest AVK uses KAV 5 scanning engine?

    I said before; "Although the GUI is from older versions of original AVK Pro, it has the same scanning engine concerning KAV as THE LATEST AVK PRO, AVK 14.0.1282."

    That's not the same as the latest KAV engine but latest AVK engine. I have said before that I don't actually know what is that KAV engine in AVK Pro.

    The most important thing is nevertheless that, against my infected archived files collection, eXtendia AVK Pro beated KAV 5.0.121 with extended bases a bit, not much but still beated.

    Best regards,
    Firefighter!
     
  17. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    Have you done a test where you turned off RAV to compare the KAV engines?
     
  18. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To VikingStorm from Firefighter!

    Against my infected samples both eXtendia KAV and Kaspersky 5.0.121 with extended bases scored 1272/1378. But there were single differencies in certain categories. Kaspersky won riskware 86/133 against eXtendia KAV 85/133 but eXtendia KAV won viruses 812/851 when Kaspersky 5.0 scored 811/851. Nothing else worth of mention in here.

    Best regards,
    Firefighter!
     
  19. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    FF you figure out any way to download extended db for AVK? I can't find a server list in the app anywhere.
     
  20. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To tazdevl from Firefighter!

    I think that eXtendia KAV already has a kind of extended database, it scored about the same as Kaspersky 5.0.121 with extended database against those riskware files, where was 33 VirTools. Those VirTools were mainly undetected by Panda or DrWeb for instance although they scored quite well against other nasties.

    Best regards,
    Firefighter!
     
  21. I'm unsure, because AVK detected the virus as soon as I clicked on the file, I even have no time to choose a download location, it detected the virus before I have the choose folder window...
     
  22. I have to disagree, because without the warning when you download the zip file, you can send this file to someone else without knowing it is infected, and perhaps the one you send the file too has no antivirus at all, or a bad one.

    Better knowing at first if there are viruses in the zip file so you do not send it again...
     
  23. Sandish

    Sandish Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    51
    Yes - but it was detected on your harddrive. In the moment you click on the download link, IE starts to load the file. If it´s small enough, the download is finished before you have chosen the final location. If AVK is able to show you the location of the infected file, you will see it´s located in your temporary IE folder.
    ;)
     
  24. Sandish

    Sandish Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    51
    That´s why my AV scans outgoing mail - and unpacks it , if needed. AVK does not only scan downloaded files, it also scans files you copy from one disk to the other (afaik). And - its not a real protection. The scan of archives is limited to a filesize of 300 kb by default. So if you load a zipped M$-Word file for example with a few nice pictures in it and maybe some not so nice macro, AVK wont alert you. If you raise the 300 kb, your PC will slow down even more.
     
  25. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Firefighter, so AVK doesn't have the latest AVP engine. KAV detected vir-tools even before using the extended database. so don't be surprised if AVK picks up some riskware files. eScan 2003 also uses the AVP engine although its an old version it uses the extended database as default.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.