Drweb - Signature detection

Discussion in 'other anti-virus software' started by C.S.J, Nov 21, 2007.

Thread Status:
Not open for further replies.
  1. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    im starting to question drweb's signature-adding. (well, query it.... :D )

    i do want some answers though,

    drweb showed they could add massive amounts of sigs at the end of the last test, i think i remember IBK mentioning 6 months sigs in just 1 month.

    however, since we mentioned this here on the forum, the signature adding 'nearly stopped'

    the word 'lazy' springs to my mind, maybe IBK has some insight that i dont

    care to share? :blink:
     
  2. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    It depends if Igor Zdobnov is at office. Usually around 100-200 sigs per day, but if Zdobnov is there.. around 300-3000 :D

    I'm not sure if it was Severyanin who said that they could quickly analyze all samples sent to them from different tests but they don't want to or it's against their policy if there is any junk, harmless, etc files.
     
    Last edited: Nov 21, 2007
  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Not lazy, just the problem of being a small vendor with not enough analysts.
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    it just doesnt wash with me that they dont have the resources.

    a simple excuse, they need a kick up the backside with this.

    boris has already said they DO have the resources to compete and improve with signature detection.
     
  5. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    I find them pretty good, sometime get a reply back that a sigs have been updated to a virus I have sent in within hours, and I also have had a few files where its been days.

    Normally if that is the case a quick support ticket asking about the submission normally gets a swift response.

    They seem a freindly bunch and when ever I have opened a support ticket they have dealt with it quickly.

    Cheers

    Jlo
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    i dont mean when 'WE' send them files to be added.

    i mean the files they should be adding on their own, as an AV company.

    i get 'the feeling' that they are just being lazy on this, or maybe its not high priority to them?

    im still looking for 'that improvement' in these sigs. :doubt:

    or maybe im just being too harsh?
     
  7. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Perhaps it is just the fact that they have smaller number of customers than other bigger vendors, and therefore smaller number of potential personnel willing to send new samples or help them out. Ofcourse there are honeypots etc, but if a basic user has a suspicious file he/she will probably send it to symantec, kaspersky, or some other better known vendor. I believe Dr.Web just doesn't come first to mind.
     
  8. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Ahh I understand you now. Yes I agree with you on that. I wonder how active they are on picking up samples sent in via Jotti scann or Virus Total?

    Best wishes

    Jlo
     
  9. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Applusable theory... I only send potentially malicious files to my own AV and upload it to VirusTotal (i'm assuming they distribute some files, not 100% certain about this and how long it takes for VT to distribute the files though... only presumed it because it has an option... "do not distribute the sample").

    Dont have time to send it to each AV which hasnt detected it
     
Loading...
Thread Status:
Not open for further replies.