Online virus checks

Discussion in 'other anti-virus software' started by risl, Dec 10, 2007.

Thread Status:
Not open for further replies.
  1. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    Hello,

    I have been watching jotti's scanner for awhile and I've noticed that some vendors use the exact same names as some bigger vendors for malware, even if they don't use their engines. I've seen Ikarus detect lots of malware with typical names that Dr.Web and BitDefender uses, for example. Could it be that these smaller vendors are just trying to get in these scanners to receive samples allready analyzed by bigger vendors and then not doing anything themselves and getting good detection rates with copying others work? If Kaspersky, Dr.Web and Nod32 detects a file, then why bother analyzing it when you can just "quick-fix" it?

    Here's an example: http://risl.codename.fi/example_jotti.JPG

    .. Since when has A-squared, Ikarus, Rising used Kaspersky engine? .. Or when has VBA32 started using Dr.Web's ?
     
  2. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    I was thinking the same risl, although i have no evidence... Ikarus often has the same malware name as Kaspersky when I scan files on VT...
    sheer coincidence?... I dont care to be honest, at the end of the day, as long as the AV detects and removes the malware, its doing its job.
    I'm not fussed by the methodology of how it manages to add it to detection and verify whether a file is malicious or not.

    Although, of course, I rather my AV to be "original" and do it properly, I'm not too fussed. The way they probably think is "why waste resources on doing something when the job's already done by someone else?" ... good question!
     
  3. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    yes.. but will the smaller vendor be able to "do it's job" if all major players would leave these online scanners etc.? ;)
     
  4. Mitya

    Mitya Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    15
    No, VBA32 has its own engine. Earlier we gave to viruses specific names, but there were some complaints that it had caused some misunderstandings in comparing results from various AV vendors. Now. provided we find a virus that isn't added by other vendors yet, we give him our specific name. If it has been added by some other vendor as a rule we don't change the name.
     
Loading...
Thread Status:
Not open for further replies.