Dr.Web Signatures....

Discussion in 'other anti-virus software' started by C.S.J, May 3, 2007.

Thread Status:
Not open for further replies.
  1. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    hi,

    im overly-impressed 'each day' with the amount of virus signatures that drweb is now adding,

    april brought a 30% increase compared to march,

    and daily... i can see x5 what they used to.

    it is interesting, what do you guys think?

    wow... i mean, wow! this is soooo beyond what they used to do. (sooooo beyond)

    its not a one-time thing, its been happening for many many weeks now on a daily basis (sunday doesnt have as many)

    http://img152.imageshack.us/img152/609/untitledeb6.jpg

    Impressive eh?


    ----------
    p.s. i know ive been quiet on here, but the ps3 and new hd sony bravia keep me busy :) ... wowwww weeee o_O
     
  2. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yes, very impressive, but I wish they'd respond to my submissions. I just sent 2 samples yesterday and they were not added. As usual, I'll need to send it to the VC guys to get any hope of adding it. :(

    As far as detection rates go, Dr.Web is improving for sure. This is a very welcome change from the "old" Doctor. :D
     
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    a staff member said they have been having trouble with the submission system, so they are aware of it.

    but if they keep adding this many, im a happy chappy firecat, and definatly a change for the better :)
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    @ Firecat LOL. :p :D
     
  5. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    its nice to see dr web improving.
    lodore
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    One off topic post removed.

    I ask that members respect each other's choices in whatever software they choose and pay close attention to the thread topic.
     
  7. zorro zorrito

    zorro zorrito Registered Member

    Joined:
    Feb 19, 2006
    Posts:
    149
    How many signatures have dr.web just now?
     
  8. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    http://live.drweb.com

    its up to 350 for today, compare this to the 20-100 mark of past, you see the big jump in daily additions to the signatures.

    this can only mean better detection for those people who are pro-percentages at av-comp. ;)
     
  9. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I guess I should laugh as well :)

    Anyway, back to sending stuff to VC guys to get them added to Dr.Web database...I hope Dr.Web gets the VMS sorted out if there really is a problem as C.S.J. has stated. And yes, this is a "change for the green" :D

    But still it will take a lot of effort for Dr.Web to reach Advanced level at AV-C. I hope they keep this up. Also, I'm seeing some strange names in the update viruses list, such as BackDoor.Huai and one ZhengTu...All these sound like Asian names. Work of the VC team? o_O
     
  10. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    well ive noticed more drweb analyists actually adding the malware sigs, more seem to be working at any given time compared to before (obviously not has many as kaspersky, but still a big improvement)
     
  11. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I see where one company plans to dramatically increase the number of generic signatures and remove all signatures covered by the generics. And no it's not Eset that I'm talking about. So do larger data bases equal better detection? For now I guess Dr. Web thinks so.
     
  12. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    drweb have never thought or been like this, they are one of the few companys to keep their database small, with updates still only being 15kb MAX aswell.

    although some people think 700,000 signatures is better than 70,000 .... they can be wrong, extremely wrong.
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    My apologies. I was erroneously under the impression that you were expounding a bigger is better philosophy here.
     
  14. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Actually, Dr.Web has a very strange signature addition policy. You see, back in the early days of the Zlob malware, I used to send a lot of Zlob samples for analysis to the Virus Chaser guys. And for each variant that went undetected, after detection was added the sample was detected by the very same name - "Trojan.Popuper". I have noticed this behaviour with other malware as well (for example, where other vendors choose to sign new malware as Virtumonde.A/B/C/D, Dr.Web would always detect it by the same name of "Trojan.Virtumod").

    Whether this is a generic detection, or whether Dr.Web simply combines entire families of malware into one entity and counts all of those as one signature is unknown to me. From a question I asked in the past, the answer would be that it is not a generic detection but considering that Dr.Web support's English is not always 100% perfect and also because he was not very specific in the answer, I'm not betting on it yet.

    You see, in Dr.Web engine, the detections are as follows:

    "Probably..." - heuristic detection
    "Modification of..." - variant/heuristic detection
    "<Malware name>.based" - generic detection

    Due to the above 3 detections of Dr.Web, I believe Dr.Web is detecting several malware variants under the same name instead of adding A,B,C etc. to identify the variant. For that matter, the Dr.Web engine itself is actually a very interesting and advanced piece of technology. Very good unpack engine and it is highly flexible and modular. You can even configure the Dr.Web engine to use your own databases along with the Dr.Web database if you ever want to license the engine for your product (like the VC guys are doing).
     
    Last edited: May 3, 2007
  15. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
  16. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    no, although i understand there are some people who think that on here hammer :)

    Firecat: i sent some malware to drweb, and this time got an email back almost instantly confirming they had recieved it, i havnt been getting this email in the past weeks.... so i think they are working on fixing it, as it used to work great.
     
  17. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Has anyone been noticing? It seems Dr.Web is going ballistic on adding signatures lately! Something to be noted is that there are some differences between what the VC updater reports and what Dr.Web's update logs report----> Great for the consumer anyway! :D
     
  18. coolbluewater

    coolbluewater Registered Member

    Joined:
    Feb 10, 2007
    Posts:
    268
    Location:
    next door to Redmond
    Maybe they opened a new Starbucks nearby :)
     
  19. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    yep, they are adding a nice daily amount now for 90% of the days.

    also, there ARE more analyists now, but i dont think this is entirely the reason, maybe just a good kick up the backside was all they needed :)

    lol :D
     
Thread Status:
Not open for further replies.