AVs having a real impressive day

Discussion in 'other anti-virus software' started by trjam, Jan 30, 2008.

Thread Status:
Not open for further replies.
  1. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,131
    well it let vundo through so it better keep adding, sorry to be negative but this 'was' my favorite av not anymore, somehow grief with malware when it fails does that...
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    they use their signatures but that is where it ends. F-Secure has other engines it uses and Deep Guard is not like PDM as some think. F-Secure has proven to excel at catching malware from out of the wild. To me at least, there is no comparision between the two. F-Secure is a hog to load but once added it is smooth and quick as a piece of greased pork.;)
     
  3. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,131

    I agree I have it currently loaded but I'm using the suite...
     
  4. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    818
    Wouldn't F-Secure's other engines have different detection names to Kaspersky's detections?... in shadowserver they have the same names.
    I always thought DeepGuard worked only during execution and on F-Secure's website, it says that DeepGuard
    "prevents system compromise by blocking the dangerous behavior, typically without any need for user intervention"
    "DeepGuard™ is a unique HIPS technology"
    "use techniques such as system monitoring, sandboxing, blocking of code injections, advanced heuristics and run-time behavioral blocking"
    "providing zero-day protection against previously unknown malware"
    "DeepGuard technology proves that such a behavior-based analysis of malware during run-time can be quite effective in stopping zero-day threats"
    "Recently AV-comparatives http://www.av-comparatives.org/weblog/ tested F-Secure's behavior-based detection technology F-Secure DeepGuard for its ability to stop malware that is not found with traditional signature based virus scanning"
    "F-Secure DeepGuard™ application to provide zero-day protection against previously unknown malware"

    I haven't used DeepGuard, but looks to me its for 0-day malware and if it was for 0-day, it wont give a detection to the extent of which malware and variant (especially wont give a detection of a 0-day threat which has the same name as Kaspersky's detections... unless its a BIG coincidence).
    If the detection names were different, only then I would have expected F-Secure's heuristic/proactive technologies to come into play, but seeing as its got the same names as Kaspersky, seems as if either:
    1) F-Secure is better at unpacking
    2) The settings are different

    Also, if F-secure was stopping 0-day threats, it will not have a signature detection for it... seeing as it has a detection, its not 0-day so DeepGuard does not come into play.

    ... just what I'm thinking by reading F-Secure's website about DeepGuard... If I'm wrong, then F-Secure is missing some vital information about DeepGuard on its website :blink:
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    F-Secure uses the Kaspersky engine, plus another two engines, Libra and Orion. Libra is F-Secures own signature based engine, as if the KAV engine isn't enough , but the more protection, the better. Orion is F-Secures heuristic based engine, meaning it scans files for malicious code, very useful since it detects viruses without the need for virus signatures, this is a great backup for the sig-based engines, but you should never rely on heuristics alone since it really is one of those last line of defense kind of things.
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The AVP engine seems to be F-Secure's main line of defense - most of the malware it seems to catch is by virtue of Kaspersky. I've seen the other engines trigger sometime, but not often, when Kaspersky misses something.
     
  7. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Gemini is the enjine for the Hips or Deep Guard. THere is also a antispyware module that can detect malware and Blacklight for rootkits. So depending on what these zero day threats were, I would say F-Secure has a larger arsenal then Kaspersky.
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    isnt one of the engines f-prot? or at some f-prot technology?
    isnt the antispyware engine an improved version of ad aware?
    i still wonder if companies like f-secure will get the brand new bulti from the ground up kaspersky engine used in the upcoming kaspersky 8.
     
    Last edited: Feb 14, 2008
  9. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    A bigger arsenal doesn't always mean you fight better.
     
  10. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    818
    Dont know how you figured this out...
    They both have signatures (although f-secure has its own engine which detects very few more malware in relation to the size of Kaspersky's)
    They both have heuristics
    They both have active rootkit detection and removal
    They both have HIPS sort-of-thing... Kaspersky's PDM and F-Secure's DeepGuard


    And once again, back to the topic... all the malware which F-Secure detected on ShaddowServer have Kaspersky's detection names, so that means only Kaspersky's engine detected it all... F-Secure's signature engine, neither AV's heuristics, active rootkit detection and HIPS (PDM or DeepGuard) is caused the variation in detections.
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    History
    This was 2 years ago, I dont know about today. Solcroft, I know a member here that will remain nameless, that tests some of the worst nasties against each software. The only 3 that held up in the last round were F-Secure, Kaspersky and Norton. Now yes, you can take that for what you want, but even my beloved Avira got shut down completly once the malware was set loose.;)

    Dawgg, I cant answer that. Either one is going to give you more then enough protection. I do find it ironic that Kaspersky is looking to add Hips to their new beta.
     
    Last edited by a moderator: Feb 14, 2008
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I sometimes think there is more under the hood with F-Secure then they say. I also think, and this is not meant to demeanor Kaspersky, that F-Secure should work on creating their own engines completely.
     
  13. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Given Avira's self-defense capabilities, I don't find that particularly hard to believe. Since Avira has no behavior blocking either, it's also completely meaningless to test malware execution against it - if it can't detect it, that fact is not going to change after you execute it. Unless Avira can nab the dropped drivers/libraries/etc, but that's another different matter altogether.

    Avira has never been a strong player in this regard - I don't see why it failing should somehow put the ones who didn't in a favorable light.
     
  14. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I honestly wasnt trying to do that. How can I, when I am using a 350mb hog.
     
  15. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    818
    Maybe because all AVs have their Pro's and Con's... be it overall detection, 0-day detection, self-defense, resource usage, support, GUI, price, bugs etc... people want to see the difference between all these abilities for each AV to aid them deciding what AV to choose....
    No single factor is usually the determinant of saying what AV a user will choose and wont... users usually look at all of this information and weigh up for themselves what they consider more or less important for their AV to have.

    ... or some people just see what their friend's have and stick with that :).. think this is what many people do... only us who are on wilders or those with interest in AVs are the ones who see all this information!
     
  16. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    yes, and of course all other engines label things with kaspersky' signature (same name)...
    the other engine give other names to malware as dawgg pointed out too.
    also if i recall deepguard is also an on execution type protection which won't show in such statistics.

    for example today it's ok

    Virus.Win32.VB.az 84209 Virus.Win32.VB.az 84209
    now that's how it should normally look
     
  17. Zombini

    Zombini Registered Member

    Joined:
    Jul 11, 2006
    Posts:
    469
    "All" other engines ?.. oh pleassee. I dont think Norton does.
     
  18. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    so,

    shadowserver uses paranoid heuristics for F-Prot, and.......

    it says they use Drweb version 4.33 (for linux, not sure why?) which does not have the same level of detection as 4.44

    if they need the linux versions, why aint they using drwebs 4.44 server linux edition?

    curious, or maybe they are just unaware of 4.44

    i shall inform them and see what reply i get.

    still, its nice to see 4.33 doing quite well.
     
  19. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    Well indeed. We will get em' to use 4.44 and look for even better scores.
     
  20. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yep, lets see if they do :)

    lol, you have switched to my setup now Bunk?

    PrevEx < typo.
     
  21. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,286
    Location:
    Las Vegas
    Fixed typo- had a little too much at the pub last night with my blokes! Ya, I'am using your setup. Best I have tested and I have tested them all as have you. Anti-spam filter best there is, even though my ISP (Cox) uses an aggressive spam filter. Never had any malware on my machine, and I am extremely high risk. If I do get infected, I'll remove with Dr. Web/Prevx and if that line of defense does not work, I'll restore with Acronis. I make a complete image each night when I shut down. Had to restore twice due to software trashing Windows and a disk crash and it worked flawlessly.
     
  22. plantextract

    plantextract Registered Member

    Joined:
    Feb 13, 2007
    Posts:
    392
    i mean all other of f-secure's engines.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.