Joe Wells on AV's

Interesting article from the originator of the Wildlist. It seems he is saying that AV's with higher Zoo detection may not be better in the real world and may be worse. <Link Removed>

Post no links to malware sites--Ron

 

A slightly aged report, and I will be honest and say I didnt read more than the first few lines, it follows a similar tact as most reports.

If you are looking for a decent av then regardless of zoo or in the wild reports, its results that count.
Basically, if an av is decent enough it will score high in zoo detection as well as in the wild, in fact I would be down right suspicious if my av wasn't well rounded and fell down sharply in any one region.

 

malware sites?

 

Ah ok I get it. I sourced the article from a google cache I didnt see the homepage content.

 

I think this is an abridged version of original. http://www.firewallsdirect.com/white_papers/html_White/fortinet_html/15.htm

 

the article in this thread is from 1999 the one you thought it might be abridged from is from 2003

 

Unfortunately this was only an advertisement from Fortinet, which is known to be a smaller database AV.

It's true that we have the highest probability to get infected just with those ItW viruses plus TROJAN LIKE MALWARE outside that official ItW list, which have even higher probability. But when we have seen official ItW tests, those tests were made against 2..3 months old ItW list. During that last 2...3 months there have appeared about 40...60 new ItW threats, mostly newer variants of those already listed ones, which were never be tested then when they should be tested.

Best regards,
Firefighter!

 

Unfortunately there is already an av that has the highest Zoo detection but it is the fastest updater overall too against newest ItW threats. Probably you already know the name of the av?

Best regards,
Firefighter!

 

In my opinion ITW can't represent the real-world scenario as its claim and all tests that based on ITW list are not represent the real quality of those tested AVs and ITW test is not everything you want in order to determine which AVs suits your needs. ITW test just like a minimum requirement for an AVs to detect ITW 100% at a given time (e.g. AVs must have been certified by ICSA Labs or detect ITW sample 100% in Virus Bulletin test).

I think what we want is the new industry standard for gathering information about other malware (virus, worm, trojan-like malware, major spyware/adware, etc.) that are still circulating in the real world (but are not listed in the WildList) and people can be infected by them anyway and of course all AVs must detect them all by no excuse.