Dr.Web adding more virus signatures

Discussion in 'other anti-virus software' started by Miyagi, Apr 7, 2006.

Thread Status:
Not open for further replies.
  1. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    I have noticed that Dr.Web Anti-virus is adding more virus signatures (per day) in their database since the start of April 2006. :)
    http://www.dozleng.com/updates/index.php?act=calendar

    For instance, on 4/4 (~750), 4/5 (~500), and 4/6 (~200). Not bad since they were adding close to 100 a day. Keep up the great work Dr.Web! :thumb:
     
    Last edited: Apr 7, 2006
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Let's hope that they get round to adding some of the missed samples from av-comparatives. They have a lot to add :eek:

    Otherwise, they will continue to be classified at a "Standard" level with AVG.
     
  3. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Yes. But you and me both know that DrWeb is a mile ahead of AVG(No matter what av-comparatives says). ;)



    tD
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    The proof is in the pudding. I mean testing. ;)
     
  5. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    The only thing they need to do is to work extra hard for 20-30 days and add all those missed sample and score advanced+. Samples that you and me probably will never see.AV tests do matter, but they are not the whole picture…


    tD
     
  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    :thumb:
    Dr Web are very fast in adding ITW malware.
     
  7. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    and they catch many current threats heuristically without signature updates
     
  8. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    I really don't understand why Dr.Web is so "unknown" and a little used.

    I really like Dr.Web. Lately looks like that Dr.Web's team is doing an excellent job.

    A very good detection rate, excellent heuristic with generic signatures. I believe it has everything to become one of the best antivirus softwares.
     
  9. Durad

    Durad Registered Member

    Joined:
    Aug 13, 2005
    Posts:
    591
    Location:
    Canada
    When I visit Jotti's site most of the time sample is detected by:

    NOD32
    DrWeb
    Kaspersky
    VBA32

    Lately and by AntiVir.
     
  10. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Good, Good. :)

    Good, Good. :D

    Interface? o_O

    Hmm.....

    Very Good! :D

    <But remember, Jotti's online scanner is not to be counted as an AV-Test>
     
  11. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    ROFL! :D
    You really like me - do you?! :eek:
     
  12. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Of course I like you, Daddy....err, I mean Inspector. :D
     
  13. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
  14. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Some of these must be those missed zoo samples :D :cool:
     
  15. mrhero

    mrhero Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    297
    Location:
    Ankara , Turkey
    I want to ask some questions, out of topic:

    1. For making good detections (like %97-99) in av-comparatives or other tests, Is only adding definitions enough?
    2. If it is enough. Why companies don't hire more analyst for adding more definition. I have two answer but dunno which is true:
    a) There aren't enough analysts for all companies
    b) Analysts salaries are too high:D
     
  16. kalpik

    kalpik Registered Member

    Joined:
    May 26, 2005
    Posts:
    369
    Location:
    Delhi, India
    I like you too! :-* ;) :p :D
     
  17. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    for a good scanner IMO yes. but it is not necessary to add a trojan which is not infecting anyone..

    that is true ultimately. good, or great virus analysts like our "Inspector" here dont grow up in trees :D
    what more there is a great demand for competent analysts

    i dont know, i hope they're paying the analysts....
    something more that just pizza, coffee or cola ....
     
  18. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I admit that when I look at the results of AV Comparatives I wonder why the following of Dr Webb. It did not reach the level of Avast for instance. If one is going to pay for an AV, why not go to one with a higher detection rate?

    Just a question, and not an argument.

    Jerry
     
  19. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Jerry, take a look at Technodrome's second post above. Most of the samples are ones that the average computer user are never going to see. They need more analysts to add the missed samples and obviously when compared to other AV vendors, they do not give av-comparative tests high priority at the present time.
    ITW detection is the main one and here Dr Web is as good as the "big" AV's. Some reasons why users have chosen Dr Web include;

    1. Official support process has now changed for the better with a Ticket number/Action/Status.

    2. Its RTM, SpiDerGuard, has a low memory footprint and is very light, so IME, virtually no effect on system performance.

    3. Incremental updating is very fast, as updates are very small with files of only 3-4kB.

    4. Cheap to buy particularly if you take advantage of their Migration Policy.

    5. Good heuristics, email scanner and soon to be released HTTP scanner. Will also scan for adware/spyware and it has a very good unpacking engine.
     
  20. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Blackcat,
    Thanks for the reply. While I, without much knowledge in such things, do put a great deal of weight in the AV Comparatives tests, I do wonder about the real world, safe surfer experience. I do not really know how useful the Retrospective tests are as far as the average user is concerned.

    Most of the people I personally know either use the "installed" AV or if free use AVG. Yet, in spite of its low ranking, not one of the people I know has gotten infected.

    I also realize that it is more important how the program performs on the individual system that the detection rates. If it crashes the system or is always causing problems it is not worth it.

    On the other hand, I only look at those which have a high detection rate, at least ADVANCED. I have decided that unless KAV permits two computers on one license, I am going to use Avast free on my laptop as it does not get much surfing use. Maybe that is inconsistent.

    I appreciate the excellent response. I see that there are good reasons to choose Dr Webb.

    Best,
    Jerry
     
  21. Severyanin

    Severyanin AV Expert

    Joined:
    Mar 19, 2006
    Posts:
    57
    Hi guies,

    Yes, we are currently adding a lot more viruses daily than ever.
    The team is doing its job very nicely and we are happy about it.
    Those are actually zoo samples from various tests - that's right.

    BUT! We are not going to be at 100% of detection at every single test. Forget about it. Otherwise we shall no longer be Dr.Web anti-virus. We can never detect anything that can never be executed. A corrupted file detected by Symantec is not a verus for Dr.Web - by design. It does not matter for us that we shall not detect it in a test while others will do. Who would ever check every sample out of 30-40 thousand submitted for a test whether it is a real virus that can be launched or a dead body of a virus.
    Our detection is based on the principle - evaluate the danger first and then look up the definitions base. We cannot change it:) And we shall be always missing something at other av-comparatives except for Virus Bulletin - for they never submit corrupted files for reviews:)

    By the way - to give you a hint - others have been completely unaware of Win32.Polipos for about a month. We have been detecting it since March 20th. And added a curing function to the definitions base for this virus last night. You have to crack something like DES crypting algorithm to cure a file infected by that virus. And this is done by Dr.Web engine - and nobody else!
     
  22. gates

    gates Registered Member

    Joined:
    Sep 2, 2005
    Posts:
    59
    I know that i can trust you guys, great work ;)
     
  23. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    not true, happened also to VirusBulletin in past(1) and then a errata corrige was released.

    (1)"Sophos Anti-Virus was noted in the Windows NT comparative as having missed one sample in the polymorphic test set. Further investigation determined that although this file was triply infected with W32/Zmist.D, the multiple infection had rendered the sample unable to replicate. Consequently this file has been removed from the test set. Although this does not affect percentages for other products, this does mean that Sophos Anti-Virus achieved 100% detection in the polymorphic test set, and indeed across all test sets."
     
    Last edited: Apr 20, 2006
  24. Severyanin

    Severyanin AV Expert

    Joined:
    Mar 19, 2006
    Posts:
    57
    Thanks for corecting me.
    I just meant that we don't ask questions to VB about their collections.
    Yet, we still have some 2 or 3 samples in their standard collection that we shall not detect by our on-access scanner since they are not ready to be launched - and we do not detect such viruses by our SpIDer Guard.

    As for the others - we try to contact the testers in some cases to understand why we are so "missing" - but we rarely have some relevant answers.

    The basic thing is that Dr.Web is ready to detect viruses and other malware - which is a real malware, but not the files that other AV programs detect as malware.
     
  25. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    Yeah, I see Dr.Web is adding each month tousands of samples that in past were missing, as you say Dr.Web is not adding garbage, its a good thing to see Dr.Web adding the samples / improving its detection rates ;).
     
Loading...
Thread Status:
Not open for further replies.