Dr Web curiosities

Discussion in 'other anti-virus software' started by n8chavez, Jun 20, 2006.

Thread Status:
Not open for further replies.
  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Someone started a thread on whether or not NOD32 + KAV 6 was overkill In that thread the quick response of KAV in terms of definition release was given as a pro for them. That got me thinking a little bit about Dr Web in that respect. How good, or bad, is it in terms of threat response (definition release)? How much does Dr Web rely on hueristics and how much does it rely on signatures? These are things I don't know but would like to. I guess this would add confidence to Dr Web users, or make them consider a switch if they are not that good at threat response.
     
  2. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    When the top 'Heuristics' detection rate ( NOD32 ) is 58%, you better hope 'Dr Web' is relying heavily on it's signatures.
     
  3. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    I believe I read here on wilders that DrWeb is one of the faster AV's to respond to new threats, but I could be mistaken on that. While the Doctor has improved the heuristics a lot (still not in NOD32 territory yet), they have been very agressive lately at adding a lot of virus signatures so I do not believe that it rely's heavily on heuristics.
    So far on the comp I use it on, nothing has gotten by it and I just renewed for 2 years so I have confidence in the Doctor.
     
  4. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Actually DrWeb's heuristics were the same as BitDefender's in the latest Av-Comparatives tests, but together with the excellent heuristics and the second shortest update delays ever, DrWeb can compete with NOD very succesfully without those update tricks just before certain av-tests. :D

    No infections and FP:s with DrWeb 4.33.2 so far checked by Kaspersky. :)


    Best regards,
    Firefighter!
     
  5. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    this is a dr web thread so i wont go too off topic - just want to say that 58% is very impressive for heuristic only detection.
     
  6. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Well this is all very helpful. I don't believe this has been discussed, though I could be wrong. I'm glad to hear that the doc responds quickly to virus threats. That give me a great deal of confidence.

    Their hueristic engine is not updated as frequently as NODs, I believe. But it sounds to me like it doesn't need to be.
     
  7. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    for me, heuristics isnt just about flagging possible threats but about NOT flagging files that are harmless. Although Dr Web and Bitdefender did score pretty much the same in the overall results, Dr Web had a lot of false positives compared to Bitdefender, which is why it didn't gain the same Advanced+ 'award' as Bitdefender.

    Eset release updates to it's heuristics quite regularly, they actually released an update just after the AV-Comparative closing date for testing. They have released at least one other Advanced Heuristic update since the AV-Comparative results were published, so they will be even better now. And yes, I have seen big NOD32 updates before the On-Demand tests, but i think these were pretty much all older threats that although don't pose great current real-world threats, are worth having in the database.

    After the last On-demand test Dr Web released some really big updates - there is a thread open for this on Wilders - as far as i am concerned, it's the same thing. Release the big update before the test, or just after the test. One of the methods means you perform better in the test :)
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Dr.Web is very fast at releasing new updates to counter new malware. You don't need to worry. Even though one may feel that it only updates 3-4 times a day by looking at the website, Virus Chaser tells me that VC updates up to 7-8 times a day. If Virus Chaser updates so many times, then so will Dr.Web too, since both use the same engine.

    Dr.Web's heuristics engine is on par with BitDefender at the moment, but Dr.Web also produces more false positives than BitDefender. Plus, BitDefender updates hourly. And BitDefender has a better GUI for the moment (Although the Dr.Web engine based Virus Chaser also has a very good GUI) :p :D
     
  9. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    I have never had a FP from DrWeb in over a year, I know that it was a problem sometime ago but it seems to have vastly improved on this.
     
  10. AndreyKa

    AndreyKa Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    93
    Location:
    Russia
    This is my experience with Dr.Web heuristic:
    Code:
    180SAInstaller[1].exe - DLOADER.Trojan -> Trojan.MulDrop.2972
    msupdate32.dll - DLOADER.Trojan -> BackDoor.Satellite
    sachostx.exe - DLOADER.Trojan -> Win32.HLLM.Sacho
    msits.exe - DLOADER.Trojan -> Trojan.DownLoader.5767
    loadadv400.exe - DLOADER.Trojan -> Trojan.DownLoader.5766
    mm.exe - DLOADER.Trojan -> Trojan.Spambot
    setupdrv.exe - BACKDOOR.Trojan -> false alarm, fixed
    avz00001.dta - DLOADER.PWS.Trojan -> Trojan.PWS.Gamma
    kl.txt - DLOADER.Trojan -> Trojan.PWS.Gamma
    COOL.EXE - BACKDOOR.Trojan - BackDoor.Cat.21
    UPnPFramework.exe - BACKDOOR.Trojan -> false alarm, fixed
    csrss.#xe - BACKDOOR.PWS.Trojan -> Trojan.PWS.LDPinch.766
    win2sys.#ll - MULDROP.Trojan -> Trojan.MulDrop.3325
    avz00002.dta - DLOADER.Trojan -> Adware.NaviPromo
    eeu.exe - BACKDOOR.Trojan -> Adware.AdTraffic
    fidpwq.exe - STPAGE.Trojan -> Trojan.Qoologic
    lpdpnya.dll - BACKDOOR.Trojan -> Trojan.Qoologic
    ipsec.EXE - BACKDOOR.Trojan -> BackDoor.Sunex
    advertool.exe - DLOADER.Trojan -> Trojan.Serenta
    system.exe - DLOADER.PWS.Trojan -> Trojan.PWS.Banker.2764
    UPnPFramework.exe - BACKDOOR.Trojan -> false alarm, fixed
    
     
Loading...
Similar Threads
  1. parham
    Replies:
    5
    Views:
    782
Thread Status:
Not open for further replies.