another independent AV review

Discussion in 'other anti-virus software' started by ChrisMorris, Jul 20, 2005.

Thread Status:
Not open for further replies.
  1. ChrisMorris

    ChrisMorris Guest

  2. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    Seems rather limited, only 30 test viruses? LOL!

    Also there seems to be very little data about the actual tests. Clearly I think we can speculate that some of the threats were dubious at best, otherwise KAV would have included them after submission. My guess is they were corrupt or something.

    I wouldn't put too much stock in this smallscale and rather simplistic test.
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I haven't read the above document,but from the mentioned number of malware i suspect it was the ItW test of the very latest threats.
     
  4. Tru Davis

    Tru Davis Guest

    Besides, the test results rank them in the order most people here would expect anyway. Esset/NOD32, KAV, Bitdefender etc..
     
  5. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Nowadays I'm collecting cracks to pick up those "hottiest" nasties hiding us. This kind of nasty was picked up from several different crack sites and combined to several different very popular proggies lately. That's absolutely one of the newest "baddies". Now I scanned that nasty in Jotti's just a few minutes ago.

    My former snapshot you can find it here in post 4.

    https://www.wilderssecurity.com/showthread.php?p=504140#post504140

    Best regards,
    Firefighter!
     

    Attached Files:

    Last edited: Jul 21, 2005
  6. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    Strange, because Eset issued a signature for Win32/TrojanDownloader.IstBar.JA on 29th June, and from that screenshot it seems that this is what the threat is
     
  7. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Maybe UNA is really that GOOD what some people were claiming in here lately. Look at what UNA found in my linked post 4. before and what it found today, it's amasing. UNA is better than AntiVir, ArcaVir, Avast, BitDefender, ClamAV, Dr.Web, F-Prot, Fortinet and Kaspersky to correcting mistakes. Maybe I have to switch to UNA from DrWeb straight now!

    Best regards,
    Firefighter!
     
  8. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    The "tests" conducted at Colby-Sawyer College seem a little too radical in the results to put a lot of stock in them. As SDS909 said, there is very little data provided about them. Besides, these results fly in the face of some previous tests that were conducted by different sources just a month or so earlier.
     
  9. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Are you sure you didn't mix two different samples Firefighter, because Istbar.ja has been detected be Kaspersky since 8-5-2005?
     
  10. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    dont think i understand what you mean - UNA found the Istbar trojan in your first post but not when you submitted it today? am i just not getting your sarcasm?! and rather than relying on Jotti, have you personally tested each of the AVs, because Jotti isnt the best place for AV omparisons due to max settings not always being available

    lee
     
  11. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    FYI Firefighter, I submitted Istabar.JA variant you tried around 3-4 weeks ago. At the time, almost no AV picked it up except BitDefender. I found this threat in the wild, active, and causing infections.

    I sent it off to ALL the AV companies, including VBA32 - and it STILL doesn't detect it to this day. My email records show I submitted it to VBA32 @ the address newvirus@anti-virus.by on 7/5/2005. My opinion of VBA32 has dropped considerably based on their reactions - or lack of - to my submittals.

    PS: To my knowledge, I discovered this threat within 1 hour of its release - unless my dates are wrong. Which would explain why many AV companies added detections for this after I submitted it to them all on 7/5.
     
  12. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Kind of OT, but I too have seen a decrease in responses to new malware submitted to them. I know there are a few issues in Belarus now but I hope that has nothing to do with this. This AV has much promise and I hope they are just sorting out the "quirks".

    On Topic this test was good for resource usage and support info and that is about it. .02
     
  13. iwod

    iwod Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    708
    Does NOD32 provide NOD32 to whole college? So would their college computer be updating via collage server? ( Like other virus product )
     
  14. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    If you check out the MD5 checksum from my former scan link in post 4, you will see that the checksums are the same in both scans. I corrected my picture in this thread today with an uncompressed file of that IstBar sample.

    https://www.wilderssecurity.com/showthread.php?p=504140#post504140

    Best regards,
    Firefighter!
     
  15. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    No, I've checked that sample only by McAfee VSE 8.0i with 5000 scanning engine and AntiSpy module within, DrWeb 4.32b w/o Beta Adware/Spyware bases, NOD32 2.51.3 Beta w AH and Ewido 3.5 Plus. From these programs mentioned only DrWeb detected that sample with and without Beta Adware/Spyware bases. Here is the NOD result scanned today.

    Best regards,
    Firefighter!
     

    Attached Files:

  16. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Ok, i only meant that since it has been detected since 8-5-2005, it wasn't that new. ;) :)
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    OK, are you trying to say that the situation with some scanners isn't that bad but even worse? I mean that because Symantec, McAfee, ETrust, AVG etc. couldn't detect that nasty one, over 70 % of the PC:s in the world are vulnerable to this IstBar.

    Best regards,
    Firefighter!
     

    Attached Files:

    Last edited: Jul 21, 2005
  18. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    No No, Firefighter. You misunderstand me completely, i meant that it wasn't that new since it was detected over 1 month ago, not that it wasn't important to convey the message that a large number of users are unprotected. No disrespect was intended towards you or your findings. :)
     
  19. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    OK, sometimes I just can't be without thinking that close tho whose interest is this when av:s are not detecting these cracks? Anyhow, these cracks are capable to activate all kind of payable programs? Why not detect them when so you can get important data about those cracked proggie users?

    Best regards,
    Firefighter!
     
  20. boredatwork

    boredatwork Guest

    Firefighter,

    I used nod32 and looking through this thread it seems that nod32 has a signature for this threat, if it is Win32/TrojanDownloader.IstBar.JA.

    Do you know why nod32 doesnt detect it? is it maybe a broken/non-functional file so actually isnt a real threat in this form?

    Maybe of course that nod32 refers to a different threat with its Istbar.JA signature, and this threat really isnt added to their database. Would just like to know what you think
     
  21. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I don't know about the broken/non-functional thing about this, but after executing my sample, I got this.

    Best regards,
    Firefighter!
     

    Attached Files:

    Last edited: Jul 21, 2005
  22. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    As you see here in VGrep, there are several variants of this IstBar. If you look at the sample name above with Panda in VirusTotal, you can see that it isn't either of these mentioned in VGrep.

    Best regards,
    Firefighter!
     

    Attached Files:

  23. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
  24. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Maybe this is the sample what NOD does detect, but it is much older according to DrWeb sample name.

    Best regards,
    Firefighter!
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.