New Virus Test by GEGA IT-Solutions (av-test.org)

Discussion in 'other anti-virus software' started by Technodrome, Apr 5, 2003.

Thread Status:
Not open for further replies.
  1. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    But both features are more 'nice to have' instead of being really important for virus protection.

    wizard
     
  2. ghj290

    ghj290 Guest

    They are "nice to have", and for the more advanced PC user, as you say, not really that important. But although I am, or like to think of myself as, an advanced PC user (Been doing network installations and system design since 1987) two other people that use this PC are of the "I just want to use the PC, not learn about it" variety.
    As an example, my wife e-mails a long time friend several times a week, one day (while I was running NOD) she received an e-mail from said friend with an attachment, NOD Flagged the attachment as containing a virus and my wife selected to let NOD "clean" it. She then went ahead and opened the, supposedly, cleaned attachment (I can't remember what virus it was sorry) blissfully unaware that infact NOD hadn't "cleaned" it.
    When I returned home luckily she told me what had happened and I ran Fprot and cleaned the system, and informed her friend, and everyone in my and her address books to do the same. Had she failed to mention the NOD warning I would possibly have be looking a re-install whereas had NOD's e-mail cleaning been as effective as many of it's competitors the attachment really would have been cleaned.
    Don't get me wrong, if I was the only user of this PC I would still be running NOD quite happily, I just don't think it's "fire and forget" enough for the less PC literate out there.

    Trev
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Now i'm sure everybody wants to know which infection was in your attachment and NOD32 was unable to clean.
    Can you tell us please?
     
  4. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Many viruses are complex, unfortunately cleaning is impossible sometimes.

    Have another antivirus product cleaned or deleted this virus?




    Technodrome
     
  5. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    I'm sorry, if I was too hostile yesterday. Maybe I'm human too and yesterday wasn't my day?

    About the floppy, you were right. Because english isn't my first language, I tried to mean a disket. It is a disket where I restore all our infections found in the internet, mostly infected by my kids and KaZaa!

    They turn even the firewall off when they surf!!!

    Unfortunately I have now only one PC, so the risk is in this PC too.

    But now to the infection, I mean F-secure's Trojan.JS.Deme. It was found in my second PC, when I had that also. RAV resident scanner found it and named it JS.Noclose.gen*, but when I tryed to scan that with McAfee online scanner, I couldn't load the scanner at all.

    By the way, RAV is now capable to find F-secure's Worm.P2P.SdDrop.c too, when it couldn't find that some weeks ago, although all my infection files in my restore disket were in exe extension. The name of the KaZaa worm is in the RAV database, Win32/HLLW.SdDrop.C.

    In my mind it is too late, when a potential infection is free in the net some weeks. There is not such a phenomenon as "real in the Wild". All infections from internernet are more or less in the Wild! Can anyone imagine how often people really are giving feedback of their infections. I think it is less than 20% of all cases.

    And finally about TDS3. If TDS is too complicated for me, so it is, and that's it. No hard feelings! Maybe the custromer is right? :eek:

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Can you be so kind to send your samples to submit@diamondcs.com.au anyway? why not zip the whole diskette content and attach all that so they can find out for themselves what TDS would have missed?
    Thanks in advance!

    Strange for me, if it's one or two button clicks with program A or program B to have a drive or partition scanned, i don't see the difference in complication only in possible scan results.
    If i need an bread i don't go to the liquidstore and not to the carpenter for a knife to slice it, i mean i just look for the best places to find the tools to do the job to be done.
    If i have a possible virus i probably start an av/at scanner or a special AV scanner, but how do i know what it is without a scanner at all?
    Or an not daily updated scanner is about half as bad, as it's at least false sense of security.


    If TDS is too complicated for the two buttonclicks the customer could read the thread to get educated what to do for the two buttonclicks and what more is possible, step by step.
    But a customer needs to be teachable to get informed.
     
  7. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Using KaZaa! is currently the best change to get infected.

    With such initial position: Disabled firewalls and downloading software out of sources that are not trustfull your chance to stay infection free tends towards 0. No available av products (even if it is the best one) would protect you if you (and your kids) continue with such careless behaviour.

    I suggest to start learning about user right management if you have a NT-based Windows OS to ensure that your kids are not voilating you security policies.

    wizard
     
  8. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Hugs Firefighter,
    Do not be concerned about Deme...I was waiting for everyone else to post and see what they knew about that bad rascal.. :D :D ..I do have a copy of what they do call it by that name...but it is neither a trojan..or a virus..it is just silly malware...that when you do clean your temp files and your cache it all goes away.

    You see that is one of the problems now days with all of the vendors and developers...they all refuse to get together in a consortium and use a single naming convention for exploits.

    Because of this, users are confused if the run multiple security products or the hang around security forums wondering how many different names a single exploit can have in this world or when it is modified and gets in the wild again..just what name it really will be in the new edition.

    Be Well my friend...I do enjoy your posts and wish you and the family well,

    Regards,
    John

    PS. If I were a developer I would not bother to put Deme on my hit list.
     
  9. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Jooske from Firefigter!

    I'm not so good to convert infected exe files. I turned my F-secure resident scanner off and tried to make an archive of that JS.Deme infection, but my F-secure still immediately comes to the game to play with me. It even removed my only exe file of that infection. The same happened to all my infected exe files, when I used an unprotected disket. :(

    I have only one russian PDG Archivarius (actually estonian, but the programers are russians) compressed file of it. That program is free to every PC DoorGuard 3 user, but I still haven't got a registration key of them. I have emailed about that, but no answer. I can't speak russian, but the net site was in english as the program too. Very strange and I can't even uninstall that f...ng program, which is now only a 30 days shareware! o_O

    "The truth is out there, but it hurts"

    Best Regards,
    Firefighter!
     
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Wizard from Firefighter!

    I have 3 kids, age between 14 -17 years. When I am going to say something about surfing, there are at least 6 middle fingers up and everyone says I need a quick update! Go to hug mammy instead of that you are going to say something about using the net. :D

    That is a thing I named the salt of life. We have downloaded the whole Windows XP three times this year to our PC again. o_O

    When I am using passwords in my Outpost, after one week they have found that somehow! Because the PC is only an entertainment machine, I'll give up! :p

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  11. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Pick any you like...Its free! ;)

    http://www.webattack.com/freeware/downloader/fwzip.shtml



    Technodrome
     
  12. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Technodrome from Firefighter!

    Thanks very much! It was the best site I've seen recently! I couldn't even imagine how many zip tools there are free nowadays. :D

    There is only one problem left, how to get rid off that Archivarius program, because it is not so easy to remove. After uninstalling that program, all packed objects are still in Archivarius format! :mad:

    Archivarius is by the way quite good zipper, when it understands 23 different formats of zipping and uninzipping, but I don't want to pay those 10 $, because they said that it is free to all them who have purchased PC DoorGuard 3! :eek:

    Best Regards,
    Firefighter!
     
  13. illukka

    illukka Guest

    get jv16power tools www.vtoy.fi/jv16/shtml/jv16powertools.shtml and use the uninstall feature there.. it will rid your pc of all its registry marks
     
  14. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To illukka from Firefighter!

    Thanks for you! ;)

    I succeeded to remove that program yet and those Archivarius format files stayed in my PC, because my Ultimate Zip program couldn't manage that kind of formats. Now I have a better Zipper, thank's to Technodrome's excellent link! :D

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  15. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > To Rodzilla from Firefighter!

    > Before you are dying to your laugh,

    I laugh at you because you try so hard to prove that you're not a lamer that you convince people that you are one!

    > I have to say that my kids have got an infection again. I have one infection in my floppy disk, that NOD32 couldn't find, but my F-Secure is too strong to be a fool. It was a trojan JS.Deme.

    So what ???

    NOD32 is not an anti-Trojan program!

    How many times do you have to be told this before you cease bringing your totally unrelated Trojan codswallop into antivirus threads ?

    =====

    Yesterday I had the disruptive troll "Vampirefo" banned from the Eset forums (his own big mouth got him banned from Wilders altogether only a few minutes later) and someone asked me if you will be next to be banned.

    The short answer is "You won't" ... at least, not by me ... and not (as far as I know) by any other moderator. You're a horse of a different color from Vampirefo. He was an incurable lamer, whereas you have the potential to learn from your mistakes ... if you'll listen.

    Your main "lameness" is down to the fact that you take far too much notice of know-nothing wannabes who tell you that Virus Bulletin tests are weak/inefficient/paid for/whatever, which leads you into placing great faith in the accuracy of the charts and graphs you create from "other" AV tests ... but the bottom line is that Virus Bulletin is the #1 antivirus product tester in the world, and no-one with half a clue about the AV/VX scene will disagree. (I'm on record as saying this for more than a dozen years, btw ... since long before I became involved with NOD32.)

    Ask yourself "why", if Virus Bulletin tests are such "crap", the VB100% is the award every antivirus vendor strives to win!

    I guess it would be an ego boost to have your "findings" widely accepted by the AV industry ... but they never will be unless you start off with good raw material. Your mathematical charts and graphs are (for the most part) meaningless drivel, because they're based on corrupted raw material. Most Wilders regulars know this ... and someone will always take you to task over them.

    Take, for example, your latest series of little masterpieces in this thread. You wasted your time producing them because you were working with flawed raw material right from the start. The day is fast approaching when you will have to admit your mistakes publicly, and human nature being what it is, people will laugh at your embarrassment. I won't. I'll feel a little sorry for you, because you're not a "real" lamer ... you just seem to be trying your best to make yourself look like one.

    (Just a few rambling words of advice ... no personal insults intended.)
     
  16. Metallica

    Metallica Guest

    Makes you wonder what miracle-machine keeps running with 47 viruses and Poopscan and NOD installed. :D
    Most of them slow down noticeably after installing two spywareprograms.
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Rodzilla from Firefighter!

    I thought that the time, "Ein Reich, Ein Volk, Ein Stimme aber mein Geld", is over now, but it seems to be rising again! If you really are the one who can say what to write here, why not write that by yourself and lay on the beach reading them?!!! Some might say that empty barrels are the noisiest ones.

    Yes, I was really joking again, but it hurts a lot again!

    When I was at school, we learned the definition of systematic failure. It is not so bad when in the test bed there are things that really are not all kind of malwares at all, because the rules are the same to everyone. It does not matter when the winner gets 99,95 % or only 90.00 %, the only thing that counts is the placing in that game.

    The specialists are those who are capable to know everything about nothing. Does someone know where is an AV that is capable to detect only 100 % of viruses which all has the first letter Z (as Zero)? A joke again. No hard feelings!

    When I wrote about my PC infection (for me, as an average PC user and maybe very careless one), there is no difference what kind of malwares (= the term that RAV is calling about all kind of bad things) there really are, all that kind of stuff are forbidden. I have said earlier that my F-secure named those malwares "Worm.P2P.SdDrop.c." and "Trojan.JS.Deme". Is there something wrong when my F-secure was capable to detect them and not NOD32?

    I am still learning something here. I am using Trojan Remover 1.1.1. and PC DoorGuard 3.0.0.6. as my AT:s at the same time, because they are enough simple even for me. I have also to admit, that even with Kaspersky engine there might be some failure situations, so those two AT scanners don't make any harm to me, and two is better than one. Trojan Remover hasn't even monitor scanner, so they don't make any problems to me.

    When you said that all AV-producers are willing to have VB 100 % Award, That's true! Because that Award is so heavily advertised. After you statement you may agree, that Norton is the best AV ever, because in almost every Magazine test, it is the only winner. I still believe more about Universities than other testers, whose financial background is unknown to me.

    When we are looking at my professional issues as a Quality man, you may be the one who thinks that ISO 9001 certificate is the only that tells how good supplier you have. The truth in this case is more or less reverse. Once a supplier has got it's ISO 9 001 certificate, it is the best evidence of that, there are big problems ahead waiting for you.

    I have to admit that also, that I was wrong in the beginning, when I said that there were less than 10 000 in the Wild checked objects in VB. But later I counted those objects manually from that link,

    http://www.virusbtn.com/old/comparatives/WinXP/2002/test_sets.html

    from the VB June 2002 acrobat online publication, and my manually counted result was in my histogram graphic bars too. But that have to add in those some 20 652 checked objects, that for me it seems to be so that there were even tens of variants of one certain virus, when there was certain last number of viruses in one sample after the virus name. I counted those all together. So this av-test.org 3-2003 test has much more malwares of any kind that there never had been in VB in one months test. If I quess some number, I'll be very surprised, if the virus names were over 5 000 in the VB test.

    So if you managed to detect all 5000 virus names, it is totally different task to find some 71 000 malwares! So when NOD32 is not so good in av-test.org this year, it is quite understandable, that it has been so rarely seen in those av-test.org tests. Everyone of us can imagine that if some test has 71 627 scanned objects, there is plenty of room to different variants, before there are some 10 000 left.

    About the false positives in av-test.org test, I can say only that, the rules are the same to everyone. F-secure, for instance, has some more false positives when we are looking at Kaspersky's results. But was it Technodrome, that said F-secure has Orion heuristics scanning engine? Maybe that's why it was much better than KAV in the Heureka 2 test about heuristics. BitDefender and especially DrWeb were very good in that Heureka 2 test too. Both those made also many false positives in av-test.org test. It seems to me, that it is quite inevitable, when you have a good heuristics engine, you'll make false positives too. McAfee was the only exception that has very good heuristics in Heureka 2, but didn't make many false positives in the av-test.org tests? That irritates me a bit, is the heuristics engine any good?


    I'm writing this with my toes, because someone smashed my hands with a baseball bat, or how it was some months ago?!!!!!

    Yes a joke again, but it is important to know who is the customer and who sells some product? No hard feelings to everyone!!!

    I thought these are AV-products, about which we are talking about, and not someones personal characteristic's! I think it is better to purchase our own mirrors again! ;)

    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  18. Trevor Marsh

    Trevor Marsh Guest

    I didn't respond because I have been working away for the last few days and therefore not had access to these forums. So don't make assumptions. If you had also taken trouble to actually read my post you would have seen that I don't remember what it was, and also I never said that NOD missed it, just that it said it had cleaned it from the e-mail when it hadn't. There are serveral posts in the NOD forums concerning NOD's ability to clean infected e-mails, so that is nothing new. Please, if you are going to reply to a post then make sure that first you actually read the post you are replying to.
    Lastly, I didn't in anyway "take a pop at NOD", I just said that for me, it didn't do what I wanted, I even stated that if I was the only user of this PC then I would still be runing NOD as, for an experienced PC user, it's one of the best AV's available. So don't be too quick to jump to NOD's defence, it might not be necessary, there might not be anything to defend.... :mad:
     
  19. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > To Rodzilla from Firefighter!

    > I said also that my F-secure named those malwares "Worm.P2P.SdDrop.c." and "Trojan.JS.Deme". Is there something wrong when my F-secure was capable to detect them and not NOD32?

    Read my lips .... "NOD32 IS NOT A TROJAN DETECTOR!"

    What F-Secure (or any other program) does or doesn't do with Trojans will not change that.

    Eat the apple, and try comparing oranges with oranges.

    > When you said that all AV-producers are willing to have VB 100 % Award, That's true! Because that Award is so heavily advertised.

    Wrong! Everyone wants to win the VB100 award because it is the #1 award in the antivirus industry.

    > I still believe more about Universities than other testers, whose financial background is unknown to me.

    You are very close to learning that at least one "University" test is not worth the bandwidth it consumes and the paper on which it's printed.

    > So when NOD32 is not so good in av-test.org this year, it is quite understandable,

    Yep ... I understand exactly why NOD32 was not so good in av-test.org this year. :)

    > About the false positives in av-test.org test, I can say only that, the rules are the same to everyone.

    Many of the so called "legitimate" detections in that test were false positives, because many of the files apparently detected as viruses by "some" antivirus programs were not viruses.

    > "The truth is out there, but it hurts!"

    I hope you find some of it soon! :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.