Doctor Web, Ltd. launches beta-testing of a new generation anti-virus

Discussion in 'other anti-virus software' started by Honyak, Dec 30, 2006.

Thread Status:
Not open for further replies.
  1. ElPhenix

    ElPhenix Registered Member

    Joined:
    Nov 30, 2006
    Posts:
    11
    Location:
    France
    I've installed Dr.Web on my laptop since last year (I've just changed my avatar cuz of the new beta :D). Today I used the new beta to scan my friends comp who was infected by *Lots of* viruses, and it completly cleaned his computer : no more viruses, and a fast comp. It just found 2 FPs (2 exe of one software, trusted one), among 600.000 files scanned, which took about 4 hours (all securitys enabled).

    Dr.Web is perfect for me (never say perfect lol, they would stop developping their fantastic product), and I don't really judge it by its results on AV-Comparatives or even other Independant Test. I forged my own opinion about it (very very reliable, never had problems with it, unlike Avira and many others ...), as I am using it for so long :thumb:
     
    Last edited: Jan 12, 2007
  2. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Is there a specific email addy to submit the beta .origin false positives to? I've submitted to the usual vms{AT}drweb.com but have not got any reply, and they usually reply quickly at that address ?

    Londonbeat
     
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    no, same addresses as before.

    submit a sample link in my signature works fine for origin files, as i used it with reply on 2 fps regarding dell drivers.
     
  4. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    I've tried Norton, Panda, F-secure, AVG, Norman, nod32, bitdefender, F-prot, Kaspersky, Avast, Trend Micro and Antivir.. but there is nothing like Dr.Web :blink:

    It uses very little resources, works 100% without conflicting with anything and runs silently in background doing it's job. I am not new to computers so I don't need that 99.983% detection of everything, so Dr Web is perfect for me.
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yep ive tried all and i just love dr.web

    welcome risl, it looks like the spider is mutating and spreading around :D
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    remember its personal opintion my fav two av's are kav and nod32.
    must stop going off topic:D
    lodore
     
  7. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Thank you :D

    Perhaps an army of Web-a-maniacs is gathering.

    .. back to the topic: Only minus I can find that should be improved is the scanning speed. Otherwise, don't fix it until it gets broken! :thumb:
     
  8. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yeah, you must.

    now bog off and join the kaspersky threads :D *lol*
     
  9. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    my point about personal opintions is correct thou.
    you like dr web because its right for you and runs well on your pc.
    lodore
     
  10. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    I will second that. The key for the future isnt detection but reducing FPs. If they improve in this area, more will come. ;)
     
  11. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I have not found any FP:s named by this "*.origin" albeit I've scanned almost 180k of files from my laptop. Is it normal?

    Still a bit confused about this brandit.exe,

    C:\SWSetup\BrandIt\Disk1\brandit.exe probably infected with STPAGE.Trojan

    which even was found by Drweb in VirusTotal too.

    I've submitted brandit.exe to drweb lab in here over 2 weeks ago and still only drweb is finding this file as possible infected in VirusTotal. I'm pretty sure that it's a FP, because with Kaspersky it takes never over two weeks to add a signature for a nasty scanned in VirusTotal. I think that this brandit.exe is a legit HP file preinstalled to this Compaq laptop.

    Best regards,
    Firefighter!
     
  12. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi trjam

    Do you have an antivir suite licence to sell ?:rolleyes:

    Just joking :D

    MaB
     
  13. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    @ Firefighter

    I'm pretty sure STPAGE.trojan is a heuristic detection (same as DLOADER.trojan), you could check this by disabling the heuristic and rescanning the file, it probably won't be detected then.

    Regards,
    Londonbeat
     
  14. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I know that already, but usually DrWeb is correcting these FP:s within a couple of hours after they have got these files but now it's over two weeks from that. o_O

    Best regards,
    Firefighter!
     
  15. Mare

    Mare Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    2
    Location:
    Finland
    i'm using DrWeb now and i will move to antivir, but stpage.trojan is a generic detection and dloader.trojan is a heur detection.
     
  16. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    Yeah I've got a couple I submitted last week still not fixed and no reply, I guess they are snowed-under working through the beta FP's, or maybe they aren't correcting any of the beta fp's until the beta trial is finished. o_O

    Londonbeat
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    It's not a beta FP because it's not named as "*.origin" and DrWeb finds it even in VirusTotal. :(

    Best regards,
    Firefighter!
     
    Last edited: Jan 14, 2007
  18. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    You wont be any better protected and keep in mind folks, detecting is one thing, removing it completely is another. And for that Dr Web would be worth keeping.
     
  19. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350

    I thought version 4.33 onward heuristic detections included all the following: DLOADER , MULDROP ,
    STPAGE , BACKDOOR , PWS, WORM and MAIL.WORM.

    The below link is 4.33 for unix but it's the same heuristic names for windows 4.33 I think:
    http://forum.drweb.com/viewtopic.php?t=1783

    Londonbeat
     
  20. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,064
    you have changed your mind again jeff?
    acording to your sig it is.
     
  21. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i dont think it matters, i dont think dr.web give you any ideas whether its been picked up heuristically or through the signatures, i think the name of the virus remains the same.

    although i personally would like to see dr.web give a different name to the virus if picked up heuristically, would be nice to see :)

    i think 'possibly infected with......' are the only heuristic detections that you can know of 100% unless you scan a set file with heuristics on... then same again with them off.
     
  22. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    That's true, at least in my case.

    Best regards,
    Firefighter!
     
  23. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Dr.web Beta Comparison

    hello,

    following on from my first comparison between the beta release and the released version, see here and here

    here is test 2:

    4.33 released version

    http://www.freeimagehosting.net/uploads/991814cc41.jpg

    -----------------------------------------------

    Beta Version

    http://www.freeimagehosting.net/uploads/6240165ebd.jpg

    -----------------------------------------------

    Summary:

    the beta only detected 160 more on such a big test-set, i still am not seeing the big improvement on this technology as of yet, but dont be too down hearted just yet as it did still detect more, just not by much. *lol*

    released: 80.56%
    beta: 80.59%


    will continue to monitor the beta's progress and will hope for greater improvment next time around. :)
     
    Last edited: Jan 15, 2007
  24. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Re: Dr.web Beta Comparison

    Just a curious, but how many "*.origin" labelled detections you have got in your test?

    Best regards,
    Firefighter!
     
  25. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    Re: Dr.web Beta Comparison

    hey firefighter,

    19 files,

    1. Backdoor.Win32.Latinus.10.b infected with BackDoor.Fade.origin
    2. Sniffer.Win32.Ngsniff.11/ngSniff.exe infected with Exploit.IISSynx.origin
    3. Trojan-Downloader.Win32.Delf.dt infected with Trojan.DownLoader.origin
    4. Trojan-Downloader.Win32.Harnig.a infected with Trojan.DownLoader.origin
    5. Trojan-Downloader.Win32.Livup.a infected with Trojan.DownLoader.origin
    6. Trojan-Downloader.Win32.Puram.09 infected with Trojan.DownLoader.origin
    7. Trojan-Downloader.Win32.Small.ab infected with Trojan.DownLoader.origin
    8. Trojan-Dropper.Win32.Delf.ci\data002 infected with BackDoor.Fade.origin
    9. Trojan-PSW.Win32.Lmir.lp infected with Trojan.PWS.Legmir.origin
    10. Trojan-PSW.Win32.Lmir.ml infected with Trojan.Click.origin
    11. Trojan-PSW.Win32.Lomaster infected with Trojan.DownLoader.origin
    12. Trojan-PSW.Win32.Pasorot.d infected with Trojan.PWS.Legmir.origin
    13. Trojan-Spy.Win32.Delf.o infected with BackDoor.Gersang.origin
    14. Trojan-Spy.Win32.PCspy.b is riskware program Program.XPCSpy.origin
    15. Trojan.Win32.Dialer.ah infected with Dialer.Sexfiles.origin
    16. Trojan.Win32.Dialer.k is dialer program Dialer.AsianRaw.origin
    17. Trojan.Win32.KillFiles.ac infected with Trojan.Crash.origin
    18. Trojan.Win32.StartPage.nk infected with Trojan.DownLoader.origin
    19. Virus.Win32.Evyl.a infected with Win32.Evul.origin

    not sure if this was the answer you wanted, but there you go....

    hope its an interesting read and i will check the beta again in a few weeks maybe to see if its updating etc.

    --------------------
    antivir classic testing on the same test-set

    scan time: 2hrs + compared to 16 minutes through dr.web, avira has big problems scanning single-file malware and its unbelievable slow, but please note if its put into a .rar there is no problems and scanning is fast again.

    detection:

    Avira: 84.4%
    Dr.web 4.33: 80.56%
    Dr.web Beta: 80.59%

    i aint sure if nod detects all of the above type-threats in the test-set, but thought id test it to it anyway.

    Nod32: 59.2%
     
    Last edited: Jan 16, 2007
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.