There was another independant test recently with the same kind of methodology. It was performed by nsslabs and discussed in these threads:...
I just looked for "_AVIRA_21099" string on the norman website. If it is actually the same malware, the first instance of the malware that is...
Well, I think it would make sense to have different versions for servers and gateway (Linux) and for the end-users (Windows), then. I might be...
Interesting presentation. It looks similar to some other virtual environments that have been described in other AV systems (e.g. Norman Sandbox),...
Argh. The perfect example of trash journalism. This "relationship" was actually suggested by Danielle Kaminsky, the aunt of Eyal Dotan, that...
...and similarly I did'nt know about bootroot. Methinks professional organizations (Eicar, etc.) should maintain a "Hall of shame" to remind their...
I know: it was just to answer the question of IC: "Do AV Vendors write own malware?". And it's from 2003-2004. But it did not trigger any...
I have a much better example. Eyal Dotan and Eric Detoisien have been presenting their new malware at the Blackhat Conference Europe in 2004,...
There is at least one obvious error in the testing protocol: they are measuring the scanning speed on infected samples, whereas it should be...
My guess: generic behavioral signatures. In other words: generic signatures based the API logs created by their sandbox (emulator), see example...
You cannot patent an idea, you can only patent an implementation of that idea. Microsoft knows it very well: they did not try to patent "proactive...
Interesting. Although the proposed explanation does not complies with this scan log or - more important - that one, of course.
Not contradictory ? You must be kidding... Virus total uses the "on demand" component of various antiviruses After scanning its "embedded Eicar"...
This is nothing new, I remember reading this technique (embedded OLE objects) in an "underground" forum a couple of years ago. The following is...
Looks like the OP didn't even read the instructions written on the page he mentionned. Besides remarks by FRug, that are absolutely correct, it...
That's the same philosophy ;) In order to protect their business, "good guys" are starting to use techniques initially developped by "bad...
That seems to be the perfect companion to behavioral detection (in an AV lab, at least): whereas "norman's like sandboxes" monitor the execution...
I've seen similar detection from Antivir when browsing the website of the main french ISP. One of them is labelled "Contains detection pattern of...
Anyway, I don't see why AV testers should absolutely adopt an exhaustive approach as described by IC. What is lacking, along with tester skills,...
Off topic: Most developers do not actually need to know anything about the PE file structure. A rough understanding of function import/export is...
It could. But it also depends on the signatures size. Moreover, there's no risk of heuristic FPs ;)
Their engine is weak but: - There are some voluntary people that keep the signature base up to date. - My guess is that the relative efficiency...
Beside all practical issues related to backups, malicious actions could include sending all your passwords to a remote computer, exploiting...
Actually, there is no reason for an antovirus to detect a packed malware when it is run if it did not detect it before. More precisely: the ratio...
Plenty of differences: - There are heuristics that will not try to directly analyze the behavior of the malware in details. This is static...
Separate names with a comma.