A2 Doubles Sig Base

Discussion in 'other anti-trojan software' started by TopperID, Dec 16, 2004.

Thread Status:
Not open for further replies.
  1. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Not being satisfied with doubling it's Signature base to 43,000, A2 has now doubled again to bring it up to 84,000! That's even more than Ewido, though judging from the FP's occuring after the last increase it may be wise to double check before deleting things; at least until the dust settles.

    It will be very interesting to see what impact these changes will have on A2's detection rate in day to day use. Has anyone done any practical tests on A2?
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    And lots of unpacking libs too. Serious business...
     
  3. nt3.51

    nt3.51 Guest

    Re: A2 Doubles Sig Base NOT!

    lol, a2 hasnt doubled its sig base he just added one sig and said that it detects 25000 variants of one dialer. Theyre just doing what Ewido sadly did (Ewido author said that himself here that one sig detects 25000 dialers but that he counts that as 25000 sigs for the official count) and i worry that other antitrojan vendors will go down that road because Ewido/a2 are basically forcing them to? All other antitrojans and antivirus programs just call this ONE sig. Ewido and a2 are just using it to make people think they detect more. Dont believe me? Just look at the list of names that they claim to detect, that's the more real indication of how many are detected. Ewido wont even show you its list of names because it only has about 10000 actual unique names which hardly backs up its claim of detecting many tens of thousands. Disassemble them both and see for yourself, they're just trying to make us think they detect more then they really do because they know that newbies can't disassemble and see these things for themselves so they just have to take the word of the vendor. Anyone can write a scanner and say it detects a hundred thousand viruses or trojans and then straight away theyll get a lot of customers just because of what theyre being told rather than what is actually happening. The moral of the story? Dont be a sucker, if you hear claims of overnight "doubling databases" then find some proof before you believe the claims!
     
  4. nt3.51

    nt3.51 Guest

    Re: A2 Doubles Sig Base NOT!

    http://www.emsisoft.com/a2/malware/a2.txt
    About 20000 names. So much for doubling ;)
    To be fair though all the names are good, a2 doesnt detect anything it shouldnt, but i personally think it should be more honest to people about how many it really detects rather than tricking people with inflated signature counts. People want to know that it detects 20000 trojans, not that there are 80000 signatures. Anyway that is just my point of view! I will shut up now ;) Hope i havent pushed any buttons the wrong way but i just wanted to share how I feel. Thankz for listening.
     
  5. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    lol...

    so and where exactly is your problem with ewido? ;)

    and btw. we're counting signatures, not detections... therefore a signatures which detects several thousand variants only counts as 1 (!) signature! and EVERY signature of ewido detects AT LEAST 1 unique piece of malware...

    100% bullshit... and even if we really only had 10.000 unique names... where should be the problem? calling all dialers simply "dialer" isn't a crime, therefore 25.000 detected dialers only have ONE name... we could easily call them dialer.0000001, dialer.0000002 etc. but what for? for people like you? that is btw. the MAIN reason we don't and won't release a full list of names because most people don't understand that behind a single name there can be thousands of different detections. look at the list from a²... there is only one entry called "Dialer"... do you really want to make us believe it only detects ONE dialer? that is so ridiculous...
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The extract below from A2's detection list bears out what was said above about one name covering many possible examples. It is also true that a mere list of names can be very confusing to most users. What really matters is performance in practical situations; and for that information we must rely on the expertise of those able to judge these things.
     

    Attached Files:

  7. Andreas Haak

    Andreas Haak Guest

    Re: A2 Doubles Sig Base NOT!

    If you reverse engineered a² you should know that we don't inflate signature counts. The count of the program itself and on the page is generated by counting the signatures within the database file (same applies to the list of names by the way). There are just many DIFFRENT signatures for one and the same name. For example more than 27800 using the name "Dialer" or signatures for several repacked/patched versions of one and the same Backdoor/Trojan :).

    But even if we talk about names only:
    We increased the names by about 70% (about 11000 to about 19000). Thats not a real doubling of signature names but at least quite a big increase :).
     
  8. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Re: A2 Doubles Sig Base NOT!

    Sorry if I seem a bit naive..but all this tech talk...I'm a bit confused now...

    I deleted Ewido a few days ago, when the trial was finished, and tried to download A2. I had problems installing it. Maybe there's some glitch in my pc now, because I've been installing quite a FEW programs over the passed few weeks.
    I wanted to try again, but now reading all these posts with different views and all, my question is how stable is A2 in Your opinion.

    Shall I really try to download again ? Or is there another option for an anti-trojan ?
    P.S. The reason why I uninstalled Ewido is, because after the trial both the guard (I know this is normal) , And the dl option I think it was, was disabled.

    If this sounds all wishy washy, my apologies. But I am only on my first cup of coffee this morning.:doubt:
     
  9. Mikeo

    Mikeo Guest

    Only the plus version of the ewido suite has the automatic updates and the background guard. But the free version has also daily updates and free tech support. On the other hand the free version of a² has also no guard, no auto update, but also no daily updates.
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    When Ewido turns from trial into 'free' version you lose the following:-
    a) The ability to scan within archives (eg to scan within a Zip file),
    b) The memory scanner,
    c) The resident Guard,
    d) The auto-update facility (updates are usually daily, but do not have to be).

    With the free version of A2 you lose:-
    a) The Guard,
    b) The auto-updater,
    c) The analysis tools (to locate file paths of running processes etc).
    Updates with A2 have been far more frequent of late and are practically daily. As to the stability of A2, I would say that after some glitches during its recent upgrade it is now very stable and much improved. Both Ewido and A2 are developing projects which are providing a real alternative to the (often expensive) established ATs.

    It is obvious that the paid for version of each appliance is better than the free version - who wants to have the stress of attempting to clear malware from your system when a resident Guard would keep it out in the first place?
     
    Last edited: Dec 20, 2004
  11. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    That's exactly what I needed to know ! Now I know what to do...:)

    Thank's TopperID for your very comprehensive post - and to Mikeo also !
     
  12. Andreas Haak

    Andreas Haak Guest

    You are partly wrong :). In fact a² free HAS an auto update function. It only has not an own task scheduler that would trigger it.

    Just create a new Task in your Task Planer running "a2upd.exe /silent" and it updates automatically :).
     
  13. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Hallo, Herr Andreas Haak, :)

    I was just wondering... why on your website when one wants to register,
    You ask not to use webmail like Yahoo! or Hotmail ?

    As far as I notice, I get All my YAHOO!-mail in a Timely Manner.

    I rarely register 'Anywhere' with my main e-mail address....is there a way around this?... :)
     
    Last edited: Dec 21, 2004
  14. Andreas Haak

    Andreas Haak Guest

    You can use Yahoo! or Hotmail. But don't blame us if the mail is deleted or sorted out as spam :). We had many support requests cause Hotmail's and Yahoo!'s spam filters so we advice everyone not to use a Yahoo! or Hotmail mail account for registration. If you use one be sure spam isn't deleted and look into your spam inbox for your password.
     
  15. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Thank's Andreas, will do. And it's good to know I can use my YAHOO! email. :)
     
Thread Status:
Not open for further replies.