Dont understand the premises of AV-tests

Discussion in 'other anti-virus software' started by cfp999, Sep 19, 2003.

Thread Status:
Not open for further replies.
  1. cfp999

    cfp999 Registered Member

    Joined:
    Jul 12, 2002
    Posts:
    36
    I have been reading some of the AV-tests that are posted here from time to time. And it makes me wonder.
    Why is it a priority that an AV can protect me from a lot of sometimes very old viruses? I am only speaking from my own humble experience, but most of my friends/relatives are hit by new viruses, never old ones. I would rather have an AV that was updated very quickly, and was intelligent enough to catch unknown viruses. I also think, that a good AV should be able to protect itself from being shut down by a virus (this happened to me with F-Prot a couple of years ago). I dont really see the point of these 100% tests.
     
  2. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    A couple of observations based on personal experience--the reason you want your av to detect 100% of ITW stuff, is because those bugs are still "out there".

    We recently had a user bring a floppy to work with the w95.melissa.a virus--an oldie, but still a nuisance--and because our av was able to detect 100% of ITW viruses, we weren't affected.

    Another example is the CIH, or Chernobyl virus--one that can be very destructive, and has the capability to overwrite firmware. It's extremely old, but still a threat every year--and it's still ITW after all that time. Personally, I want my av to be able to detect that b*stard whether it's ITW or not! ;)

    Check out www.wildlist.org, and it'll pretty much answer any questions you may have about the necessity of your av being able to detect 100% ITW stuff. :D
     
  3. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To cpf999 from Firefighter!

    My simple minded opinion is that the "in the Wild viruses" is a myth anymore. Some 80 % of all infections nowadays are Trojans, Backdoors, Exploits and all that kind of stuff. Almost all AntiViruses call them viruses in their scanning reports (virus found or something else) but they are not real viruses but they can do REAL HARM.

    Those things are not included in the VirusBulletin tests and you can see it by choosing wrong AntiViruses! I don't know really wide tests against that kind of stuff and if somenthing is away from public eyes, it makes me nervous!

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  4. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    That's dangerous thinking, IMO! ;) Put a computer on the internet without virus protection, and tell me what virus it becomes infected with first. I will bet a dollar to a donut that it will be a worm or something else on the WildList.

    The reason you're seeing "80%" infection rates due to trojans, etc., is because of the increase in file-sharing, IMO. :D, but I think it's a mistake to dismiss ITW viruses out of hand. It ain't a myth! ;)
     
  5. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To JimIT from Firefighter!

    I have collected every infection during last 6 months I've got and saved them to diskets. I have used BitDefender 7, DrWeb, RAV, McAfee 7.0, F-secure, KAV 4.5 and eXtendia AVK Pro as my resident av each at least 3 weeks at a time and I have to say that only some of these are capable to detect all of those nasties and one of them has even never got VB 100% Award in WinXP!

    There are several good AV:s that are VB 100% masters but not so many that are capable to find enough stuff outside the VB database (= some 1 600 different virus names).

    Yes, trojans and backdoors are the most popular in my collection, I have even none virus in my collection but tens of other stuff! Thanks to KaZaa network that I have such a collection, but now I have uninstalled iMesh Lite and said to my kids that if you want something to collect, pick that from your friends -- result no infections anymore!

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi cfp999, As Paul Wilders says "Don't put all your eggs in one basket" - Try to protect your PC with a layered defence, Firewall, AV, AT, Anti-Worm, Anti-spyware, Anti-spam + the latest security patches for your OS.

    I like my security programmes to be regularly updated and able to heuristically asses new threats but I would not wish to drop the protection of old threats in any way.

    There may may be some overlap using this approach & an added resource overhead but it does significantly increase your PC's security.

    HTH Pilli
     
  7. cfp999

    cfp999 Registered Member

    Joined:
    Jul 12, 2002
    Posts:
    36
    Thanks for your interesting input. I didnt mean to imply that protection against a lot of vira is a bad thing :)
     
  8. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    Hi Firefighter !
    Are you talking about McAfee, F-Secure, AVK and KAV ? ;)
    cheers,
    Nick
     
  9. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Nick Jr III from Firefighter!

    McAfee wasn't on that list but I have to say that I scanned all those WinRAR zipped files only with McAfee Free online scan and I don't think that it is capable to scan the same archives and runtime packers as the original McAfee VirusScan 7.0.3.

    That's my simple minded opinion about McAfee!

    Best Regards,
    Firefighter!
     
  10. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I read this forum pretty regular and I beleive that most of you are on the right track about pc pretection. Personally I use extendia avk pro at the present time along with zonezlarm (not actually my favorite but it seems to work pretty well). AVK always seems to have a very good detection rate especially with trojans. Well I just registered with wilders and had to say something. If I can ever be of any help to anyone just let me know. By profession I am a software comatibality consultant. Bye for now talk later :)
     
  11. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I appoligize for the spelling in my earlier post I am having a hard time typing with a cast on my dominant hand :oops:
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    You are welcome BigC... :)
    Always good to have professionals on board - Hope your hand gets better soon.
     
Loading...
Thread Status:
Not open for further replies.