AV-Comparatives Tests of 2006

Discussion in 'other anti-virus software' started by IBK, Jan 8, 2006.

Thread Status:
Not open for further replies.
  1. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Re: Tests of 2006

    Hurry up, IBK, hurry up!!!!:D
     
  2. Shaker

    Shaker Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    153
    Location:
    Norther California
    Re: Tests of 2006

    Yeah, I'm pretty sure about that too . :)
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,924
    Re: Tests of 2006

    Hello,
    Do all guys named Peter work for Symantec?
    Mrk
     
  4. Happy Bytes

    Happy Bytes Guest

    Re: Tests of 2006

    Peter Ferrie and Peter Szor are known for years in the AV industry, so it's not an suprise that i picked out these names from symantec. Both are specialized with parasitic fileinfectors, which doesn't mean that they only doing this, but it's difficult to find these days expierenced people for this purpose. Running such files on an automatic replication system is a task what everyone can do, but analysing it in a proper way with Disassembler and finding tricky parts becomes a bit more difficult ;)

    Homepage of Peter Szor: http://www.peterszor.com
    Homepage of Peter Ferrie: http://pferrie.tripod.com

    I just wanted to explain with this example that it wouldn't suprise me if symantec is the only one company in this tests which scores ALONE 100% in the polymorphic tests.

    If you know people behind the "szene" then you wouldn't be suprised that Frisk is "suprisingly" good with Macro Viruses. Why? The "god of Macro Viruses", Vesselin Bontchev, is working there. Or that Antivir improved a lot with Macro Detection too - "Mr. Macro Virus" Stefan Kurtzhals ;)

    So basically everyone has a special skilled area - and for symantec it's Viruses (i mean parasitic viruses). If you scan DOS Viruses or highly complex Windows Viruses they are hardly to beat - not even from KAV.
     
  5. bontchev

    bontchev AV Expert

    Joined:
    Nov 13, 2005
    Posts:
    38
    Re: Tests of 2006

    Another funny thing about these Peters. Peter Ferrie used to work for us (FRISK Software). Then he went to Symantec. Peter Szor used to work for F-Secure, which used to be affiliated with us (was using our scanning engine). Then he went to Symantec. In other words, Symantec keep stealing our Peters.:cautious:

    We still have one left, though - another Bulgarian named Peter Shomov - but he's a programmer; not an anti-virus researcher. Wouldn't surprise me if Symantec try to steal him, too.:D

    Blush.:cool:

    Regards,
    Vesselin
     
  6. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Re: Tests of 2006

    We got a Peter too. ;-)

    ESET's detection rate went up quite alot since Happy Bytes arrived there.

    Macro viruses, too "bad" they basically are gone now. But then, Microsoft never stops to produce exploitable applications.

    Hey Vesselin, while we got you here, is there any official naming/classification for malware (or this specific "feature") that extract/contains icons of Windows applications and copies itself with similar filenames into the %windows% directory?
     
  7. bontchev

    bontchev AV Expert

    Joined:
    Nov 13, 2005
    Posts:
    38
    Re: Tests of 2006

    Beware of Symantec reqruiters, then. ;)

    Well, to be honest, we owe that to Microsoft - not to the AV companies. Although the original idea was ours. But it was Microsoft who implemented it (admittedly, after goofing up a couple of times first, as usual).

    Yeah. I was just grumbling to Mike about the "remote template" problem - or more exactly, about the problem introduced by SharePoint into this issue...:mad:

    No. We don't include every trick used by malware in its classification. The icon doesn't cause any kind of automatic substitution of the execution path as the normal companion mechanism, does it? It just relies on the user making a mistake and clicking on it instead. Besides, how often users click on files in the Windows directory? There are so many files there, that the users don't like to even look there. A more effective attack is to modify the .lnk files on the desktop.

    BTW, the current status of the CARO naming scheme can be found there.

    Regards,
    Vesselin
     
  8. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Re: Tests of 2006

    The "trick" is actually just to hide the program so the user mistake it as a harmless program in case he checks registry run entries or the directories.
    Startup execution is performed in a normal way (run key).

    I was just wondering because we want to include that kind of behaviour in our virus description data base and haven't found any good name for this so far. "Imposter" or "pretender", hm, naa.
     
  9. Happy Bytes

    Happy Bytes Guest

    Re: Tests of 2006

    Vampire :D Sucks out the icon of other innocent applications :D
     
  10. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Re: Tests of 2006

    I highly doubt anything can fool "my" heuristics:D Not even some icons.
    The Advanced Brain Heuristics 4.23 rox;)

    About the naming scheme...

    What about "Icon cloaking method" ?:D
     
  11. Happy Bytes

    Happy Bytes Guest

    Re: Tests of 2006

    Yup. However, history prooves that all what makes life "comfortable" has to be considered as a serious security risk. :rolleyes:
     
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    Re: Tests of 2006

    Moral --- hang on to your Peter.:blink:

    I keep hearing good rumors about Rising AV. Concerning which...

    ***Does anyone know of any tests of this Rising AV?

    ***@IBK -- will Rising perhaps be included in your tests one of these days?
     
  13. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    Re: Tests of 2006



    very popular in china
     
  14. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,869
    Location:
    Innsbruck (Austria)
    Re: Tests of 2006

    No.

    :ninja:
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    7,307
    Location:
    Hawaii
    Re: Tests of 2006

    (Sigh) :'(
     
  16. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    Re: Tests of 2006

    Can you tell us the names of those 18 products please ?:ninja:
     
  17. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,869
    Location:
    Innsbruck (Austria)
    Re: Tests of 2006

    no, I will do that as soon as I received the written signed permission from ALL the 18 participants (still waiting for 4).
     
  18. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    Re: Tests of 2006

    did ca accept?
     
  19. hemkop

    hemkop Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    61
    Re: Tests of 2006

    hmm IBK if i want i can today get all information about these 18 products that will be finished test soon, av-test, from a friend i have on av-comparative, so it is not you that are testing these but it is = Andreas Clementi, and he is a very near good friend to me.
    But i am not intresting who will win and info about these 18 products, thats why i dont want to share the information, i can email or call him right now and it will be done.
    For me its which av i like most and fit good on my computer, because all AV's some misses some trojans and others some spyware, no antivirus is 100% secured.
    IBK if you are making your own Av-Test then it is something else, which i have hard to belive that you are doing.
    Good Bye
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    109,711
    Location:
    Texas
    Re: Tests of 2006

    IBK is Andreas Clementi. No secret.
     
    Last edited: Feb 19, 2006
  21. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,869
    Location:
    Innsbruck (Austria)
    Re: Tests of 2006

    @hemkop: who are you? no one here from av-comparatives knows who you are o_O let me know!
    :p

    btw, i manage with the av companies the participations, so no one else better than me knows who the 18 are ;)
     
  22. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Re: Tests of 2006

    I just laughed so hard some coffee came out my nose... :oops:
     
  23. hemkop

    hemkop Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    61
    Re: Tests of 2006

    yeah me 2 :) i laught so much that my bear come out thru my mouth :) grgrgrgrgr:eek:
     
  24. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,869
    Location:
    Innsbruck (Austria)
    Re: Tests of 2006

    :p do not drink to much bears next time - the WWF does not like that :p
     
  25. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Re: Tests of 2006

    Interesting that you guys are able to drink BEARs. Unless you know how to liquify them hihi:D Until then, stick with BEER ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.