AntiVir Heuristics on the right track!

http://img216.exs.cx/img216/2889/antivirheuristics2no.png

Check NOD32 and Norman. And this isn't the first case. AntiVir appears to have similar heuristics to NOD32 because i have seen many such scenarios where all AntiVir,NOD32 and Norman have detected same sample with heuristics.
So conclusion is that H+BEDV guys did a good job but they still need to support some more packers and move some more resources and staff into Heuristics developement (also don't forget about incrimental auto-updater ).
What do you think?

 

Read this article http://www.viruslist.com/en/analysis?pubid=153595662 about signature-based virus detection and other technology for detection viruses.


Bye,

Izi

 

Hi RejZor. I use antivir as one of my on demand scanners, along with bitdefender free, and avg free. I have antivirs heuristics set to "medium" It picked up a false positive in my trend micro installer.lol. That same installer has been scanned by a lot of different antivirus products. None showed it to be infected. I scanned a few days later with antivir, and it didn't pick up anything. The trend micro installer was still there.

I like antivir as a on demand scanner, but I would never trust it to be resident. I just don't like false positives, even though there will always be some now and then. Just my opinion.

 

Every antivirus can produce false positives,even without heuristics. It's impossible to remove all possibilities when there is milions of terabytes of data out there. I always set Heuristics in all antiviruses to Highest possible and i never had any problems. It's better to block one good program from time to time than not blocking bad ones... Alwil and H+BEDV teams were always very fast on false positives so they were usually fixed the same day or even within few hours. I just wanted to point out that there is a potential in AntiVir heuristics.

 

If you run across a false positive with AntiVir's heuristic, please send the file to heuristik@antivir.de so the heuristic can be fixed.

AntiVir's current heuristic is quite old and not very defined, a new version is in development with much better detection but it's still a while until release.
Also note that AntiVir's regular detection got a boost recently.

 

Are you from H+BEDV team? Sounds like that I'm looking forward in testing new AntiVir heauristics

 

One thing that has always held me back from AntiVir is the lack of email scanning.

 

I agree that every antivirus can produce false positives. I do like antivir. It's super fast in scanning, even faster than avg. and I've never had any trouble updating it as some people have. The updates are big, but that is a non issue, as I'm on high speed cable.

When I think of false positives. The first thing that comes in my mind is panda titanium 2004. I downloaded it last year. It started scanning my computer, and cleaned and deleted some files that were necessary for my operating system. When I rebooted, I got the blue screen of death The only thing that saved me from a format was winrescue. I managed to boot into safe mode and delete panda. And restore the registry

I'm getting off topic here. I do like antivir, and I think it has great potential.

 

Hi Stefan. If I get anymore false positives with antivir. I will send the file to the email you have listed

 

Hi,

AntiVir is growing in detection rate and this is very good for an AV

It's nice to see that they are developer a new heuristic version and the so wanted incremental updates

It's seems that only the pro version have a quarantine. It will be great if the free version also have it to later send the false positive through AntiVir...

I like AntiVir a lot

Regards

 

How good is Norman's Sandbox? Does detect all major viruses with Sandbox?

 

Also don't forget some false positive that may occur by heuristics too.

 

Unfortunately, judging by what I've seen from Jotti's, Norman is next to useless. It routinely misses what nearly all the other AV's are able to catch, including AVG, avast! and AntiVir.

 

I find Dr. Web and Antivir are very effective at catching viruses/trojans.

 

Well, I heard it can be done and because of this thread i'm doing it. It's amazing that I can run NOD32 and Avast as resident together without any conflict. (just can't run IMON - I guess because Webshield is running)

 

I find Norman's Sandbox quite impressive, but it is too slow. VB stopped scanning with Norman in one of their tests because Norman took too long (over 3 days ;-) ). Detection doesn't look that bad:

http://sandbox.norman.no/live_2.html

Of course, it always depends on what kind of malware you are scanning.

Currently, AntiVir's heuristic is no match at all against either NOD32 or Norman, but I am quite satisfied with the current internal tests of AntiVir's Heur 2.0.

If you are going after freeware, use Bitdefender (free edition has no guard but excellent detection) + AntiVir or BD+Avast. Avast has nice protection modules which AntiVir Personal Edition is missing, but Avast's detection is not so good.

 

Well i have access to Jotti statistics and i can say Norman has the biggest signatures to heuristic ratio. This means that difference between signature and heuristic detections is the biggest among all AVs. Norman and NOD32 are switching places,but main problem is that Norman lacks signatures...

 

RejZoR, are those statistics available to the public?

Both VirusTotal and Jotti could publish very interesting statistics.

 

As i can see you are AntiVir developer so that should be no problem. Just contact Jordi and he will enable you statistics. Just tell him that you work for H+BEDV (AntiVir).

 

Hello guys!!

I've been following up on this thread for some time now...Well it seems AntiVir is fast becoming a very good Antivirus scanner; if there was an email scan with incremental update, then I might even consider the paid version (Vexira I think) in the future. AntiVir's detection is also increasing rapidly. Keep up the good work, H+BEDV!!

I see that the free version currently lacks a quarantine. Does this mean that free versions delete suspicious files. If so, I feel suspicious files must be renamed, NOT deleted (or no action should be taken).

And yes, the heursitics have amazing potential!

All of you, have a good day, don't get too serious and have some fun too!

Regards,
Firecat

 

There are actually 2 paid versions of Antivir if i'm not mistaken.

One is Antivir professionnal and the other one is Avira (www.avira.com ).

Vexira is not using Antivir engine anymore i think.

I do believe that the paid versions have an e-mail scanner.

The only thing that i miss with antivir free edition is the lack of knowledge of
what has been updated in each program version or in each virus DB update.

 

Well, I made a mistake...Thanks for that Unity!! But I'll wait for my eScan and McAfee to expire first...

 

I agree,Quarantine is a must have,especially if product supports heuristic detection. Just moving file to some folder and attaching .vir extension to it isn't enough, because if you use On-Access set to check all files you'll fall into infinite loop of detections (not good).

 

AntiVir Guard and Bit Defender Scheduled Scan thats exactly what I do. I agree its quite a good freebie combination.

 

I agree, but so is email scanning, which this product(free at least) lacks. I use safe surfing habits, so the only way anything virus wise tries to sneek into my system is through email.