Antitrojan database

Discussion in 'other anti-trojan software' started by chaos16, Apr 8, 2005.

Thread Status:
Not open for further replies.
  1. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    Which antitrojan has the biggest database for removing trojan.

    for example KAV has the biggest antivirus database which antitrojan has the biggest databaseo_O and the best for removing
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    The absolute size of an AT database, as with AV's, cannot really be compared between different programs.

    This is because some ATs for example, have a unique signature for every variant of a trojan. So if there are 50 variants then that will mean 50 individual signatures. However, some other ATs use just the one signature that detects all 50 variants. So in this case there is only 1 signature.

    Therefore, overall some AT programs count only unique trojans while others count variants of the same trojan.

    In addition the size of the database may not solely be a count of trojans. Most ATs now include spyware/adware/riskware in their total count.

    In fact more important than the total size, is the change in the database over time, from year to year.

    So I presume that the Big 5 scanners, A2, BOClean, Ewido, TDS-3 and TrojanHunter, being apparently the best trojan detectors, have shown the biggest increase in their databases over the last year compared to other AT programs.
     
  3. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    Really? I thought Bit Defender claimed to have the most with something like 110,000. It also runs rather slowly. I kind of like the concept of weeding out definitions that do not pose a threat to the modern computer.

    Kaspersky runs fast enough. I've read some of his articles. I would not be surprised if KAV had the most defs. He strikes me as, well, an enthusiast. I bet he calls it his "collection" and has rare specimens framed.


    -HandsOff
     
  4. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    GDATA's AVK or eXtendia's AVK Pro probably have the biggest databases as they are double-engined AV's.

    Although there will obviously be some overlap in definitions, the BitDefender/KAV or RAV/KAV combinations will produce very large databases.

    But as mentioned above, size does not always matter :D ;)
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Here is review albeit from last year but which still has some very useful info' about signature databases.
    http://www.anti-trojan-software-reviews.com/database-currency-test.htm

    The quality of signatures is probably more important than the quantity as is the ability to delete the offending malware.

    I know of no recent independent "head to head" tests in the Anti-Trojan area unfortunately.

    Also I would add that no current AV or AT offers anywhere near a total solution. That is why Wilderssecurity recommends the layered approach to security.


    HTH Pilli :)
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    From the link above: "Finally, the two new comers a2 and Ewido appear to be off to a flying start with their databases. It will be interesting to see if they can keep up the momentum. We'll know the answer when we do our next series of reviews."

    As we now have seen, both a2 and Ewido have the momentum to increase databases close to sky high.

    Best regards,
    Firefighter!
     
  7. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    However, to prove that size is not everything, using the 3 AT's I have as examples;

    At the present time;

    1. BOClean has 5885 unique trojans but a count of 32,584 for trojans, worms, rootkits, adware, spyware, keyloggers, "dialers" and other malware in total, including all variants.

    2. Ewido has 103,029 threats in its database and these include hijackers, spyware, worms, dialers, trojans and keyloggers.

    3. A-Squared has 60992 trojans, 27824 Dialers, 3874 Worms, 1837 Spyware for a total of 94,527 signatures.

    So overall it is very difficult to compare different AT's solely on the total database size of each one.
     
  8. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Yes, i also remember Kevin McAleavey saying that he was almost sorry not to have a higher count (that's the beauty of BOClean, because it's a memory-scanner, they need only one signature for a malware), because people will always think that the one with the highest count is the best.

    He also said that if they would count in the same way as some do, they would likely have around 230000 signatures, i realize that he's of course a little "optimistic", but it does put things into a different perspective. :)
     
  9. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi,

    I have all of the major ATs, which I have purchased over time for one reason or another.

    I would say all of them are comparable in detecting trojans. As it turns out, Kaspersky is darn good in finding them also. If I was to choose one product that I most reply on to ferret out the worst of the nasties, I would say it was TDS-3. It's scanning/detectoin logic is very comprehensive and deep. But I do not rely solely on TDS-3. I usually have Ewido running in real-time (TDS-3 Execution conflicts with too many of my other resident programs), and I use other protection software. TDS-3 is my on-demand backup scan that I trust most, and usually run first, if I suspect something might be amiss.

    Rich
     
Thread Status:
Not open for further replies.