jottis mailware scan

Discussion in 'other anti-virus software' started by waters, Apr 18, 2005.

Thread Status:
Not open for further replies.
  1. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Hi
    I regulary check out just to see what scanner detects ,and which doesnt.
    How good an indication is this.
    Ive noticed kav doesnt miss much,but am supprised on how much avg detects,and antivir ,and supprised how much nod misses.
    NORMAN ,CLAMAV,FORTINET,miss alot also but this doesnt supprise me.
     
  2. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
  3. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    Jotti's scanner should *NOT* be used to determine whether an AV is good or bad.. There are several reasons for this, namely, the results are skewed in favor of Kaspersky engines, because most Malware sites use KAV to verify files - and we know KAV detects far far too many garbage files as malicious.

    Also, that website has a dispropotionate amount of modified script kiddie malware. A guy takes a trojan, loads it in notepad, pulls out a couple lines of code, then resubmits it to Jotti to see if it gets a "Hit". More often than not, in this process, the file is rendered useless, so you'd not expect anything to flag it anyway - would you?

    Jotti told me he does not track % of AV's anymore, and I suspect there are many reasons for this, the least of which is its probably just not a good indicator of an antivirus softwares performance.

    Take it with a grain of salt.
     
  4. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    To paraphrase my point even more.

    I have a trojan I was playing with this week, the trojan drops an INI file, a text file, and a useless config file in the process of infection. Kaspersky detects ALL of the files as the trojan itself, and makes no distinction between them.

    That is a total misrepresentation of the threat, and does a disservice to anyone that owns the product. Clearly the INI file is NOT a trojan itself - but it is a small piece of the total package. The proper way would be to find and classify the trojan itself, then "Clean up" the other files in the process of removal. Not flagging those files itself as a trojan. Thats rediculous.

    So for example, if I take each of those config, ini and text files and upload it to Jotti, most of the AV's don't detect them, but KAV flags each seperate one as the trojan, and thus, the result is it "Appears" to detect more. But the reality is, it isn't, it shouldn't, and its lieing.
     
  5. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Win32.TrojanDownloader.Agent.b,,,,,just picked 5 secs ago
    ANTIVIR,AVAST,AVG,BITDEFENDER,DR WEB,KASPERSKYVBA32,All detected this.
    Clam,fortinet,nod ,norman didnt.
    All these are not kav engines.
    All my point was is that Antivir, avg etc do better than i thiught .
     
  6. SDS909

    SDS909 Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    333
    and in the last 5 minutes i've seen AVG miss 3 samples..

    My point is, Jotti's is useless for determining the quality, or lack thereof, of an Antivirus product. It's simply a waste of time to keep refreshing it every few minutes, it tells you nothing.
     
  7. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I think it is hard to judge any AV from looking at that site a few times a day.

    Example, I just took a look and noticed:
    Last piece of malware found was probably unknown NewHeur_PE in csmss32.exe, detected by:

    Scanner Malware name
    AntiVir TR/Proxy.Agent.CK.1
    Avast Win32:Trojan-gen.
    AVG Antivirus X
    BitDefender Trojan.Agent.DO
    ClamAV X
    Dr.Web BackDoor.Zorro
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    mks_vir X
    NOD32 probably unknown NewHeur_PE
    Norman Virus Control X
    VBA32 X

    I currently run NOD32 on one game machine, a KAV AV (F-Secure) on two machines and one of the free AV's on a forth machine.

    I think KAV has the best overall detection rate but notice it does miss some that the other AVs detect.

    I also understand that Jotti doesn't use NOD32's "Potentially dangerous applications" settings because it is a Linux server. So those detections will not show.

    I wouldn't base my choice of an AV from just checking that site several times a day.
     
  8. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    I wouldn't base my choice on this, also.i just asked for indication.
    I think Blackcats thread was good clarification ,thanks for that
     
  9. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Is this the royal "we" ? :p
     
  10. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    All of those AV's present at jotti house do a good job at identifying what color shorts a guy wears..but not all of them can spot the polka dots. :D

    I would never associate what he offer there..as a testament on the Quality Comparison of the products..but rahter just a great site where you can check out files for bugs and badboys on the fly.

    Zippity do dah ;) Great day here Oh respected one.. :) Hope the same for you and yours
     
  11. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Polka dots are the *Name of the Game* oh Hunter of the Primrose path wherewith (by connecting the dots) one can eventually wend his or her way to the john. :D :) :D :cool: *puppy*

    On a more serious note, one of the main things I like about Jotti is embodied in the following quote from his website...
    . I hope that all testers are following his example.
     
Loading...
Thread Status:
Not open for further replies.