ESET's VB100 run at an end...

Well, according to this http://www.bitdefender.com/NW301-en--BitDefender-10-Becomes-the-Only-Security-Software-to-Accurately-Detect-100-of-Malware-in-Performance-Tests.html a detection which was thought to be a clean file which denied BitDefender a VB100 was actually malware... so only BitDefender gets the VB100 now?

Well not really. It looks like the determining factor was a detection for a 'hacktool' or 'potentially unwanted program/application'. So ESET's run of 100% detection in VB100 tests continues

 

And its a good thing too, because I knew about this for a while now, but the way you had initially posted it is certain to have caused quite a lot of sweaty heads in the world.

 

Hmm ... when I click on that link I only end up on the German main page of bitdefender and see a link to watch the video of their Bitdefender song, which is quite strange:
http://www.bitdefender.de/files/Main/file/videoclip.html

 

that video is great IMO.

 

Wasn't this posted before?
Not the video the news?

https://www.wilderssecurity.com/showthread.php?t=149405

post #13

 

Yes it was, but that time it was VB100's point of view and now its BitDefender's point of view.

 

I wonder what makes them think that this is worth a press release. The same applies to Avira AntiVir, which found a non-false positive in the last VB test, which also no other AV Software found (not even Bitdefender btw...), but that has got nothing to do with the VB100 Award, since the file in question (both in the bitdefender case as well as the avira case) was not in the ITW set. A miss in the other sets or, in this case the false positive set where the malware accidentally ended up, does not cause a failure of the test.
To me it seems somewhat desperate to make a press release over that. Just read the title which says "BitDefender 10 Becomes the Only Security Software to Accurately Detect 100% of Malware in Performance Tests". You'll get my point. Should Avira now make a press release about all the other competitors missing a zipped file infector virus in the 'Clean' set?

 

Of course, that's the job for an av. Thumbs up to AVIRA and the others may fall into the "hall of shame"!

Best regards,
Firefighter!

 

Well, good for BD But I'm sure ESET added it too in the mean time.

 

There is no need to add a "hack tool" urgently to virus detections. It's as much dangerous as fly **** on your monitor!

 

IMO Hacktools shouldn't be included. They as the Inspector said are harmless.
They should be in the PUP category.

Personally I get irritated when AV's detect hack tools.

 

Especially when they detect mostly harmless tools as Riskware. Would you believe it if Dr.Web detects gkweb's WGA Notification Removal Tools as "Tool.WGARemove"?

But some riskware are detected for good reasons. IMO the riskware detection should indeed be there but it should be left disabled by default in any AV with an option to enable it if the user wishes to.

 

Well yeah... but then again lots of vendors detect the Magic Jelly Bean Keyfinder. It's retarded that a vendor adds detection for something so harmless.

 

Well, then it's another great news filling BD website... for nothing...
HackTools are indeed not important.

 

Also, the definiton of a Riskware/HackTool will vary slightly from vendor to vendor. What BitDefender may call a hacktool may not necessarily be riskware for some other vendor.

Who knows, maybe BitDefender added detection for that file as a hacktool in a desperate attempt to gain a VB100 award?

 

Harmless?

So by this comment are you also stating that it would be ok if someone installed a CD-key viewer on your PC, even without your knowledge, to borrow some CD-keys from your programs? And you wouldn't be annoyed that your AV had the detection of this and could have stopped it, but you wanted the detection removed from their defs so they did?

In theory, it shouldn't be too hard to run this keyfinder hidden (just use another riskware known as "HideWindows" for example).

Sorry, but I want my AV to alert me of use of such applications (whether you think it's retarded or not).

 

I thought the hacktool sample was in the "clean" sample set, so when you scan the set, you can have a real right result, as infected by one sample, or wrong, but in this case maybe acceptable result, all clean. It's up to you.

Best regards,
Firefighter!