Antivirus protection worse than a year ago

Discussion in 'other anti-virus software' started by Malcontent, Dec 21, 2007.

Thread Status:
Not open for further replies.
  1. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    http://www.heise-security.co.uk/news/100900
     
    Last edited by a moderator: Dec 21, 2007
  2. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    What is worrying, however, is the fact that recognition rates of virus variants [were] created experimentally by c't also fell significantly.
     
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Isn't that exactly what happens in real life?

    Variants of malware, which are tweaked to bypass scanners, get created.
     
  4. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    Yes, BUT this has been the topic of scrutiny before;
    "Good guys" don't create viruses. Think the Consumer Reports article form last year or so and the newer one from ct'.
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    That's a moral argument, not a technical one. I don't see why this fact should discredit the testing measures as inaccurate.
     
  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Vesselin Bontchev from Frisk was not very happy with this test .
     
  7. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    For the same reason IBK is worried, apparently.

    Does anyone have any idea why this is supposed to invalidate the test?
     
  8. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Yes, it's being discussed here.

    I think Mr. Bontchev should take a chill pill ;)
     
  9. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
  10. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
  11. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    I see him more when an av testing is done in an unethical way. Never seen a post attacking other AV companies.
     
  12. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    He isn't happy because c't have created their own variants for the test, but even so, it appears F-Secure dealt with them well with their DeepGuard technology. Surely that's a good thing?
     
  13. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    What surprised me most was his own reaction. Makes me wonder if there's something else between the lines :cautious:


    For me, yes.
     
  14. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I read that article and its related links. Its a real shocker because in effect it says that signature based scanning is of very limited usefulness. They did like the heuristic performance of Nod32 and Bitdefender at 68% and 48% respectively.

    They try to justify creating new viruses as a testing tool. I believe that is a bad practice and agree with those that put forth retrospective testing as a scientific alternative.

    One thing that bothers me is if malware writers are tweaking their stuff until it is undetectable, they likely are testing it against the most widely used AV's, Symantec McAfee, Trend and the free AVG. Its a scary thought as those four are on such a large proportion of all Windows computers.
     
  15. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Simply test different packers, packer combinations etc in few minutes against all scanners by uploading your newly created malware to jottis for example. Then release a variant that is undetectable by all. :mad:
     
  16. Matern

    Matern Registered Member

    Joined:
    Nov 20, 2007
    Posts:
    102
    But will the Virus-Scanner not scan the Files a second time after they are unpacked?
    That could be not the reason.
     
  17. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    Me too. Until I came across this blog from Kaspersky.
    http://www.viruslist.com/en/weblog

    Title: The darker side of online virus scanners
    By: Aleks
     
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Yes it does. I may not be a expert, but I would like a AV that could handle these zero day threats. Itsnt that what they should do. And it looks like DeepGuard did it. The one AV that has a proven HIPS included. I think these kinds of tests are very valid and "tell" alot.
     
    Last edited: Dec 21, 2007
  19. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    Good point. We as an end-user would want the protection from zero day threats. :)
     
  20. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Now this is cheeky! (from your link)

    AVCheck.ru - is a service checks your antivirus files. The main difference from the analogue is that we are not forwarding your files for analysis antivirus companies. We respect your right to property and privacy. AVCheck conceived as a convenient service to check files, including autonomous. The advantage which would be automated testing with detailed records in the mail or IM client. Let us check and sleep peacefully!
     
  21. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    2008 and beyond would involve more sophistication. Poor AV staffs. Make sure to support these guys.
     
  22. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    My approach to multi engine scanning is to use virtual machines. Its relatively easy to run 30 day trials of anything since at the end of the month the VM is deleted and a new clone is made and XYZ AV may be installed.
     
  23. Ngwana

    Ngwana Registered Member

    Joined:
    Jul 5, 2006
    Posts:
    156
    Location:
    Glasgow, United Kingdom
    No doubt 'exploits and proof of concept' stories are flying thick and fast and one may despair.

    Attend any security conference and the ‘respected experts’ from The IT/Computing/Security industry will spell every ‘doom and gloom’ story beyond imagination. The problem is not that the experts are wrong but rather that no one is honest to admit failure of a different kind – that many users are hell bent on visiting dodgy websites, porn sites, warez sites, crackz sites, illegal file sharing sites, games websites, downloading key generating software....add to that desire to click links, open attachments, use very weak passwords, and laziness to keep software updated, poorly configured firewalls or even a blatant refusal to install security software.

    Now with all that going on malware writers do not need to be ‘that smart’. A lot of security forums are already infiltrated by users who argue perpetually about their favourite applications, constantly trash other products and so much misformation and sometimes outright lying is unchallenged. INHO i do not think AV are worse, they have never been better. :D
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,634
    Location:
    U.S.A. (South)
    Potential misses due to new releases, altered old ones, or what have you is what drives security conscious users to apply layered approaches in addition to their choice of AV's. And is why HIPS is become the next best alternative to compliment AV's IMHO.
     
  25. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Seems that I have been accused of trashing some AV's. Actually, I use one of the majors that I feel may be more of a target for virus writers to test modifications.

    Believe me, if I want to trash something, there would be no doubt that is what I am doing.

    By the way {redacted} is a totally worthless AV.

    Even if virus writers are using multi engine scanners to test their modifications, they will be most interested in beating the labs with the largest market share. If they happen to beat a few boutique products as well, they will just be all the merrier.

    The concept of choosing the large target is well known. Its one reason why there are few Mac viruses. Just not enough market share to keep the crooks interested. The same goes for using alternatives to Internet Explorer.
     
Loading...
Thread Status:
Not open for further replies.