Discussion in 'other anti-virus software' started by 633434, Nov 28, 2005.
Who are the best antivirus experts in the world?
Also what was the best writen malware till now?
This depends pretty much. Basically everyone has it's special area.
Vesselin Bontchev for instance is almost unbeatable in office macro viruses
Some other ppl (For instance Peter Ferrie, me too) prefering highly complex (methamorphic, polymorphic with EPO) and/or highly encrypted malware.
As i said already it pretty much depends. There is no "universal" guy. Everyone has it's own strentghts and key skills.
And there is no best written Malware. Maybe you can speak about "advanced" malware. Zmist, Driller, SK would count into this. Maybe also the ETAP.
Eugene Kaspersky, Vesselin Bontchev, Peter Ferrie, Happy Bytes (Mike) and Alan Solomon. These are for me the most experienced in this area. No offense to anyone if i forgot someone specific
We should add Peter Szor as well
I would put my votes to Eugene Kaspersky and Michael Neitzel (Happy Bytes).
Mike (HappyBytes), Bontchev, Eugene, Muttik, Szor, Ferrie, Snorre and more (i do not list more otherwise i could feel i forget someone...).
One of the famous virus researchers absolutely is "Happy Bytes".
A virus researcher except being skilful in virus programming, must be able acting in a lot of things which makes him a TRUE analyst... from psychology till networking... And I believe "Happy Bytes" is No.1 in the world...
All AV companies are looking for "Happy Bytes"; he is one who can make the best & cleanest vir-db for AV companies, all over the world.
Eugene Kaspersky, Peter Szor and Peter Ferrie are also technical & skilful experts.
I’d like to add Igor Daniloff to this bunch.
i would say Mike (Happy Bytes) - i like his usefull tips and tools ,)
...yeah, when he`s not joking around and wants to give a serious answer.
Yes but thats another good point for Happy Bytes, he has humor and hangs out with regulars here, he's not stuck up on his fame
I like his pitbull way of educating people, say something stupid and he bites your head off with the correct answer
But seriously, i do not have the time to start my explainings with the year when the electricity was invented. So usually my replies are short and maybe do look like "pitbull"
I would add Mikko H. Hyppönen as my candidate as well!
I thought Daddy Mac only played wastebasketball and drank beer...
Wow, I am blown away. I knew we had some smart people here at Wilders, but man this is something else.
I don't know if this is the proper thread, but Mike, could you please tell us in layman's terms what the average home computer user should look for and install in the way of security protection? Also could you please tell us, again in layman's terms, what we should be looking for in the way of test results? I think the answer to these two questions would spread a wealth of information to the less educated of us in regards to these subjects.
Do names mean anything to 99% of people.Where are they from.
You're well served with McAfee, NOD32 and Kaspersky. Every product has its own advantage and "disadvantage". If you're looking for a free Solution go either with AVAST or Antivir. I cannot say that i don't recommend AVG, but i'm somehow "reserved" regarding detection rate there. There are existing a few other "free" solutions, but most time without any proper realtime protection. Bitdefender is for instance an option for a On-Demand so called "backup scanner".
Considering the right AV solution is not an easy task. It depends "how serious" you look into it. McAfee for instance, has one of the most flexiblest script driven ScanEngines. Kaspersky scores with strong unpacking (from a static unpacking view) and with lots of updates. NOD32 has a very good (if not the best) variant detection + Heuristic. All 3 products providing a very good protection. I must admit that i name these 3 products because i'm personally sure they have most "actual" AV Technologies integrated. Doesn't mean that other products which i didn't list here are not good - that's only IMHO.
Another "promising" "newcomer" (actually they are a long time in the av business) is VBA32. Time will tell. But what i've seen so far is a very good "basic" to build up a good product. PS: Greetings to Dr. XMAS, Dimka & Serge
And because there's always "NAV bashing" just to add a few positive comments to it: It has a VERY GOOD detection of Viruses (i speak here especially about fileinfector viruses) that's the Result of the 2 Peters there (Ferrie, Szor). It also protects well from most of the circulating malware.
Well... basically you could write a book about virus scanner reviews....
Speaking about Antivirus Tests...
There are only a very limited number of people who can do trustworthy tests.
Personally i do not look first for the place where "my" product is listed. Even if it's on place #1 and i know the test is flawed i will complain about it. Because that's then in the most cases unfair for the other tested products.
There's one rule you should stick to: Never trust any AV test if the tester itself sales or advertises Antivirus Products. Biased.
Take personal "hobby av tests" as what they are. As private OPINIONS. Nothing more nothing less. In the most cases the tester cannot verify his own files, because he's unable to reverse engineer the malware back to the roots where he can state that it's a so called "living sample". That other scanners do detect a certain sample MEANS NOTHING. I've seen enough false positives (flagged by 12 (!) Antivirus Scanners) - completely clean files. Or some scanner do detect damaged samples - such samples cannot be detected by scanners which are using so called "Entrypoint Scan Pages" if there is no valid entrypoint. There's also absolutely NO NEED to add such samples into detection, because they will anyway not run if there is a invalid Entrypoint. Only exception is here mass-spammed corrupted executables. Such things you can add into detection as "Damaged" or ".dam" etc.
There are only a few av tests which i "believe" in.
AV-Comparatives (Andreas Clementi) is one of them. I do not believe in this test because i think it's perfect - i believe in it because Andreas always asks for opinions from experts and is concerned that he's doing right. Only with such behavior you can improve your own testing abilities. He stays with us "AV Nerds" almost in daily contact. It's not a secret that i have lots of other AV people on my messenger list, so know exactly what's going on
Big thanks goes here also to Siggi from Frisk - for helping Andreas answering questions when i was too busy Basically there's ALMOST NO COMPETITION between the employees from different AV companies. Some users who fight 'till blood comes for their AV solution against another one would be highly suprised if they would know that developers/viruslab of both products might be just sitting in a pub with a nice guiness beer
If you have questions feel free to ask
You mention McAfee, NOD32 and Kaspersky. How's your opinion against BitDefender, I was surprised you didn't mention it, since it's (as far my knowlegde goes) a top-tier product on both signature and pro-active detection.
Good information, Mike!
It's always great to hear an expert, talking and expressing its opinions...
I fully concur. "Read, endorsed and approved by "Wildman".
Yes I'm also interested in this ?
My non-expert assumption, BD is the AV nipping at NOD32's heals
Anyway nice info you've provided, thanks
Its nice to always hear someone provide an unbiased view on competitor's products especially NAV.
Happy Bytes did mention Bit Defender but in the context of a free backup scanner. I too believe Bit Defender to be among the very top AV and am curious why Mike didn't list it with McAfee, KAV and NOD32. I've been using BD Free as my ONLY AV on my host machine (I test KIS 2006 on a virtual machine) for over a year and am very happy with it.
greetz to belarus from me too
another thing 'bout NAV: i find it encouraging that instead of getting more eye candy and useless features added to the product symantec has been working to make the core of their product( the scan engine ) better, which has resulted in much better detection level( opinion based on my findings, although av-comparatives tests show it in a way too )
IBK has not yet tested the lates nav engine yet, IMO the bashers will have a surprise waiting
thats his opinion about top scanners, if you read his post you'll see an explanation for his choices: