Drweb - Signature detection

im starting to question drweb's signature-adding. (well, query it.... )

i do want some answers though,

drweb showed they could add massive amounts of sigs at the end of the last test, i think i remember IBK mentioning 6 months sigs in just 1 month.

however, since we mentioned this here on the forum, the signature adding 'nearly stopped'

the word 'lazy' springs to my mind, maybe IBK has some insight that i dont

care to share?

 

It depends if Igor Zdobnov is at office. Usually around 100-200 sigs per day, but if Zdobnov is there.. around 300-3000

I'm not sure if it was Severyanin who said that they could quickly analyze all samples sent to them from different tests but they don't want to or it's against their policy if there is any junk, harmless, etc files.

 

Not lazy, just the problem of being a small vendor with not enough analysts.

 

it just doesnt wash with me that they dont have the resources.

a simple excuse, they need a kick up the backside with this.

boris has already said they DO have the resources to compete and improve with signature detection.

 

I find them pretty good, sometime get a reply back that a sigs have been updated to a virus I have sent in within hours, and I also have had a few files where its been days.

Normally if that is the case a quick support ticket asking about the submission normally gets a swift response.

They seem a freindly bunch and when ever I have opened a support ticket they have dealt with it quickly.

Cheers

Jlo

 

i dont mean when 'WE' send them files to be added.

i mean the files they should be adding on their own, as an AV company.

i get 'the feeling' that they are just being lazy on this, or maybe its not high priority to them?

im still looking for 'that improvement' in these sigs.

or maybe im just being too harsh?

 

Perhaps it is just the fact that they have smaller number of customers than other bigger vendors, and therefore smaller number of potential personnel willing to send new samples or help them out. Ofcourse there are honeypots etc, but if a basic user has a suspicious file he/she will probably send it to symantec, kaspersky, or some other better known vendor. I believe Dr.Web just doesn't come first to mind.

 

Ahh I understand you now. Yes I agree with you on that. I wonder how active they are on picking up samples sent in via Jotti scann or Virus Total?

Best wishes

Jlo

 

Applusable theory... I only send potentially malicious files to my own AV and upload it to VirusTotal (i'm assuming they distribute some files, not 100% certain about this and how long it takes for VT to distribute the files though... only presumed it because it has an option... "do not distribute the sample").

Dont have time to send it to each AV which hasnt detected it