Discussion in 'other anti-virus software' started by Meriadoc, May 6, 2008.
This is why I thought it is a strange story.
i have contact trend suport and they say:
~~ removed content of private IM conversation per Forum TOS (first paragraph regarding posting the contents of private communications) - All you needed to say was the guy from Trend disagreed and says they detect it, not post his name and all his written lines.~~
/ / / / / // / / / / / / // / / / / // / / / / / / / / / // end of chat
so dr.web is not telling all the story
Attracting clients with any methods... another Polipos-like story
everyting is valid to atrack new costumers...is the bussines,unfortonaly.
And Trend Micro says that the detection happened on
Pattern release date: Jun 14, 2006
Wow... I don't know what to believe now.
I just dig into my virus collection and found a lot of costrat (Kaspersky) or Rustock rootkits. All are very well detected. I don't know what to say.
on trendmicro page say:
Trojan-Clicker.Win32.Costrat.ac (Kaspersky), Spam-Mailbot.c!Rootkit (McAfee), Backdoor.Rustock.B (Symantec), TR/Rootkit.Gen (Avira), Troj/Rustok-O (Sophos)
so the rookit is "old"and trendmcro detect and remove all the variants,like another av companys.
maybe what dr.web want say is:
dr.web only discovered that virus on october 2007..lool xD
the c variant was discovered by trendmicro on: jun,13 2006
like can see on:
and variant c was detected:
Aliases: Generic.dn (McAfee), Backdoor.Rustock.A (Symantec), TR/Rootkit.Gen (Avira), Troj/RKRustok-B (Sophos), Backdoor:Win32/Rustock.gen!A (Microsoft)
Without a copy of the sample that DrWeb are talking about, it's impossible to know for sure. Though I personally smell something fishy about their "We're the only ones who detect this!" story as well.
This is not the "real" Rustock.C that trend detects.
We keep checking the samples on Virus Total, no result. If that continues, we'll send them directly.
Strange and confusing. We NEED a sample.
trendmicro chat say. trendmicro detect that virus.and give me that link.but aniway dr-web story is strange.is like the story about the virus delete all the hadr disk.lool.i have contact trendmicro.the costumers of antoher av companys ask to him to.
i don't believe on that story.
i go ask on symantec chat suport
Users can't get a sample, that's illegal.
See this, maybe it can be a kind of an evidence:
~~ removed Virus Total results link per forum policy and because without the file in the hands of other virus labs there is no "proof" of anything ~~
Except two heuristic detections, which are mostly useless in that case with that virus, nothing.
I mean that a sample is needed to be distributed....
I did not try to provide "evidence".
I just tried to create some balance with regard to an unfundamented opinion.
I have never stated or suggested that Dr.Web is the best AV.
Show me such a post and I buy you a license (for Dr.Web ofcourse ).
What about a surgeon who only can diagnose but cannot cure you?
My take is that the best AV does not exist for a group of users. The best AV is the one that protects YOUR computer.
No, I have not: the Doctor keeps my system as clean as a church floor; it deserves my trust.
See my signature.
Ask them if their specialists participated the last eicar conference.
TUESDAY, 6th May 2008
9:00 - 9:30 am Invited talk:
Vyacheslav Roussakov, Dr.Web Anti-Virus Research Lab.
Win32.Ntldrbot or Rustock.C: myth and reality
Nobody who was there said drweb was wrong. They took it seriously.
nobody is sayin what av is the best,only see if is true or not.
the norton chat,say they are able to detect and delete witthout problem.
mcafee don't coment.
yes i now they are not playing.only see if another av companys know waht is.and sinceraly was not the first time a av company do that marketing strategic
marciocruz, believe what you want to believe.
right,i believe on the thinks i want.
Different tools for different jobs
Btw, for a medical diagnose I don't think you go see a surgeon, but rather your regular doctor or a specialist in a particular field. Or maybe you need an x-ray, which is analyzed by yet another specialist - a radiologist.
So, in terms of computer protection, I would rely on different mechanisms. Most of my systems run linux so antivirus is not an issue, and I use very different techniques for protection, but for my WinXP box I prefer to use an AV with good detection for everyday use. I don't need an AV with excellent cleaning abilities 24/7 because (as mentioned in my previous post) I haven't had a live infection in 15-20 years. The only malware I have recieved after that, have either been deleted (either automatically by antivirus or manually by my superior malware-detecting brain ) or I have purposely run the malware in a virtual machine for analysis. So my point is, if I one day need to clean my system I would go look for an excellent cleaner, but until that day...
I'm not saying this to be negativ towards Dr.Web. If they happen to have the best cleaning in industry (i can't judge on that one), then kudos to them! But people seem to have different needs, and personally I much prefer excellent proactive detection than cleaning up the mess afterwards.
"Protection is better than reaction"
Now, I would rather not be so worried about this stuff. In a way or another, sooner or later, all the (important) antivirus (and anti rootkit) companies will get the hands on that Rustock, and it will be forgotten as it's predecessors. That is, until a new type of malware will be found. And only a few antivirus companies will find it. Soon after, all the other will. And so on again and again...
This is how the chain of life works.
i agree with you to,personaly i'm no worrie about that.and is a question of time untill (like you say)all the company's detect that.until ther i will continue with the same protection i have here.
if someone get infected have 1 option:
Lol doesn't seem a good way, I've got around 400 programs installed and formatting would result in a 30 day period passed to search for and download that programs again.
i'm just kiding.lool.xD
BTW - I recommend article about MBR rootkits that was published on the GMER site: http://www2.gmer.net/mbr/ - It's not about that particular rootkits - but it give us a clue how malware autors are trying to improve stealh techniques.
Separate names with a comma.