Majorly disappointed by AV apps

Discussion in 'other anti-virus software' started by Veazer, Nov 16, 2008.

Thread Status:
Not open for further replies.
  1. ambient_88

    ambient_88 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    854
    Well, that link is new to me. I'd have to check that out. :)

    For a component as crucial as the kernel, I still think it's better to have one entity (MS) control the code. At the very least, they know exactly what kind of code is in there, so if a problem arises they can (hopefully) provide a reliable solution.
     
  2. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    The hard truth: Patchguard is patchwork and security through obscurity a stopgap solution for a poor kernel concept.
     
  3. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
  4. mnosteele

    mnosteele Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    194
    Location:
    Chesapeake, VA USA
    The "average" computer doesn't understand they should not click on this or that, but Antivirus XP 2008 & 2009 are usually installed by drive by downloads, not the user looking to download another program.

    :)
     
  5. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    What exactly did you send them?

    Viruslab will not add corrupted or bengin files to the bases.

    If you wouldn't mind sending me a copy that would be great (or a link via pm or similar).
     
  6. mnosteele

    mnosteele Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    194
    Location:
    Chesapeake, VA USA
    This was over a year ago when Antivirus XP 2008 was first showing up, it was running resident and not a peep from Kaspersky. I submitted the files associated with AV XP 2008 to them and they said they were not malicious. About a week after that another client was infected, same thing, I submitted the files from that computer they still refused to add them to the database. That and some other conflicts that Kaspersky refused to fix were enough for me and I started looking for another program for my clients, I use and sell Avira now and have yet to have a single issue with their software. Just a week ago a client that is still using KIS 2009 was infected with Antivirus XP 2009, not a peep from KIS. I refuse to waste my time with them anymore, this malware is running rampant right now and they are not interested in trying to stop it.

    :doubt:
     
  7. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London

    Now I don't think that is entirely fair.... av-2009 is included in the extended databases and any samples that I have submitted to them were promptly added. The main difference between the extended bases and normal bases is that you have to enable "other programs/riskware" in settings->threats and exclusions for them to be detected.

    If you have a look here you will see what I mean about them adding av2009

    http://www.kaspersky.com/viruswatchlite?search_virus=antivirus&hour_offset=-3&x=23&y=4


    There may be cases where the dropped program is considered borderline and that is when analyst discretion comes into it, but the droppers will most certainly be detected if they are not corrupted (usually detected as fraudload)
    http://www.kaspersky.com/viruswatchlite?search_virus=fraudload&hour_offset=-3&x=0&y=0
     
  8. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    461
    Submitted again to Virustotal:

    ~Link removed per Policy. - Ron~

    Six now detect it. Still don't know why the latest Antivir Free does not detect it but Virustotal's Antivir 7.9.0.35 does detect it, unless it is considered spyware and the free version doesn't detect spyware?
     
    Last edited by a moderator: Nov 21, 2008
  9. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
    Thanks for the write-up. :thumb: And didn't know you had a blog, it's a good read.

    You should make the blog link stand-out more on your home page as it shows potential users how prevx is dealing with current threats. :)
     
  10. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    I have to agree with Baz_kasp that AV 2009 and it's variants should be detected by KL products if the riskware category is enabled as they're part of the extended database.

    Likewise, in AVIRA five extended threat categories are unticked by default so some things will be undetected until those categories are checked.
     
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    The free version of AVIRA does not include adware/spyware detection.
     
  12. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,166
    Location:
    PA
    Why would they tell him that they were not malicious, though? Kaspersky should have told him they were covered in the riskware category.
     
  13. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Perhaps because of the fact the detections have the tag "not-a-virus" and, therefore, they don't class them as "malicious".
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.