Marx tested Antiviruses: WMF Exploit

Discussion in 'other anti-virus software' started by Wolfe, Dec 30, 2005.

Thread Status:
Not open for further replies.
  1. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    ..today. In German - but try Bablefish....

    73 different examples tested - 100% decection only:

    Avast!, BitDefender, ClamAV, F-Secure, Fortinet, McAfee, Nod32, Panda, Sophos, Symantec, Trend Micro und VirusBuster.

    80% detection rate:

    eTrust (VET), QuickHeal, AntiVir, Dr. Web, Kaspersky und AVG.
     
  2. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Re: Marx tested Amtviruses: WMF Exploit

    Was this test done with the special Kaspersky Lab WMF patch implentated?
     
  3. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    Re: Marx tested Amtviruses: WMF Exploit

    Marx is the only one who can answer that one. Fact remains several other antiviruses (see above) obviously didn't need a patch. Average Joe's aren't even aware of patches...
     
  4. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Re: Marx tested Amtviruses: WMF Exploit

    That's a valid argument!:eek:
     
  5. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Thanks for the info.

    I am suprissed that VBA came so low!

    I asked Norman AV about this and they will not be able to detect this exploit until they release a new scan engine (Although they are working at this at the moment and it is going through QE so hopefully will be released in the near future)

    The Real person that needs to fix this mess up is Microsoft!!! Where is this patch!!

    Kind Regards

    Jlo
     
  6. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    No offense intended - but that's not the issue here. antiviruses and their abiliity to cope with serious threats is. Some do very well, some do less as expected...
     
  7. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Re: Marx tested Amtviruses: WMF Exploit

    1. no.
    2. Heuristic detection of the exploits have also been added, detected as Exploit.Win32.IMG-WMF.:)
     
  8. Wolfe

    Wolfe Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    160
    Re: Marx tested Amtviruses: WMF Exploit

    I'll take it, you Marx confirmed your statement?

    That's good to hear Don :) . Then again: as for Marx's test, it's actually beside the point, isn't it? His test has been performed the way it has been for good reasons: in times of real need, which antiviruses do perform best. In this particular case, KAV didn't perform that well - let's not beat around the bush. That said: overall, KAV for sure is a splendid antivirus ;)
     
  9. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK


    I accept that statement as well. Thanks Panther.

    Kind Regards

    Jlo
     
  10. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Re: Marx tested Amtviruses: WMF Exploit

    Thanks for the answer!
     
  11. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Re: Marx tested Amtviruses: WMF Exploit

    No, there was no need to, all i had to do was to look at dates/time and the info from the other side (Kaspersky), as you can see in the updated test from today.;)
    I'm not beating around the bush, if you look at it that way, im sure you're choice of AV will perform less good in another test, thats the way it goes, you "win" some battles, you "loose" some. Generally Kaspersky users are on the "winning" side.:)
     
  12. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Yeah after a patch or two o_O
     
  13. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    Probably still going through quality assurance. We don't want to accuse Microsoft of releasing buggy patches ;)
     
  14. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    IMHO "bashing" is not the subject, neither the purpose of this thread:cool:
     
  15. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    I agree 100%

    Doesn't seem right to pick on the big boy when he slips, and not praise the little guy for great strides.
     
  16. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    That will never stop, Brian, so i think we can expect more "pearls" later tonight, like the ones last weekend.....:p ;) :D
     
  17. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    hehe, good one :D - But sadly, I will not be around to give you any pearls tonight.
    Maybe next weekend? ;)
     
  18. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Very funny exchanges Don between you and Brian, always entertaining. :D
     
  19. groundling

    groundling Registered Member

    Joined:
    Oct 26, 2003
    Posts:
    20
    Results have been updated

    AntiVir, Avast!, BitDefender, ClamAV, COMMAND, Dr Web, eSafe, eTrust INO, eTrust VET, Ewido, f-Secure, Fortinet, Kaspersky, McAfee, Nod32, Norman, Panda, Sophos, Symantec, trend Micro and VirusBuster recognized now all 73 Samples.
    Only the scanners of QuickHeal (11 not recognized), AVG (13), f-Prot (54), Ikarus (67) and VBA32 (67) let still infectious WMF files happen unopposed,

    that's a Babelfish translation.
     
  20. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Sure i will most likely be around.;) :)
     
  21. kkkkkkkkkk

    kkkkkkkkkk Guest

    VBA32 also protect against this threat.
     
  22. Here4aday

    Here4aday Guest

    F-Prot now detects as of the January 1st update.
     
  23. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    New results i think? from av-test

    These detected all the wmf samples
    * BitDefender
    * Computer Associates eTrust-VET
    * F-Secure
    * Kaspersky Lab
    * McAfee
    * Eset Nod32
    * Microso OneCare
    * Sophos
    * Symantec
    * Pctools antivirus


    These missed just one file:

    * Alwil Avast
    * Clam AntiVirus
    * Aladdin eSafe

    These tools missed a number of samples (total in parentheses):

    * Fortinet (1:cool:
    * AntiVir (24)
    * eTrust-INO (25)
    * Panda (25)
    * Ikarus (26)
    * Norman (26)
    * Ewido (47)
    * AVG (59)
    * VirusBuster (61)
    * QuickHeal (63)
    * Trend Micro (63)
    * Dr Web (93)
    * VBA32 (110)
    * Authentium Command (119)
    * F-Prot (119)

    i wouldent rely too much on these reulsts since antivirus companies are updating thier antivirus to protect against wmf expliot.
     
    Last edited: Jan 5, 2006
Loading...
Thread Status:
Not open for further replies.