Discussion in 'other anti-virus software' started by Meriadoc, May 6, 2008.
Their forum, their call.
Ok, see what people write below:
Is it clear now? You may conclude yourself who are those respective labs.
A user asked a question, and someone gave an answer. It is a support forum, so it's right to close the thread.
so what if kaspersky misses the threat, so do many others.
People are forcussing on detection too much, as expected I suppose.
The impressive part for me, is that it already cures it successfully.
Nope. likuidkewl's position about his sample is clear (still posting an MD5 wouldn't hurt in my opinion). Yours is not.
No...it is closed because people were starting to argue with each other about trivial things instead of focussing on the topic, and in any case I doubt anyone had anything else constructive to add to that topic. Watch your own back yard and we will watch ours.
can you tell us at least if Avira and BitDefender were among those 9 ?
would that answer your question. At least for the first mentioned.
All AV vendors with an association at a certain website, which will not be named for undo attention reasons, receive these files on a daily/weekly/monthly basis. Yes, Dr. Spin is included. No worries on that front.
I am not going to fuel the fire here anymore
With that said, I will also not be stating who detected the dropper and who didn't. There is no point, each vendor has many avenues to obtain this information and as such should be able to add detection as deemed necessary.
As a side note: Please understand that my statements are of the DROPPER and not the actual ROOTKIT itself. I have no desire to install windows just to get a rootkit and come here to say A,B,C detect it but D blew my system away trying to. The only reason I chimed in on this was because of the approach taken.
If Dr.web attempts to sell more licenses releasing announcement about Rustock - then JOB WELL DONE
and somebody dare to say that they are poor at marketing.
However still waiting how fast competitors can find way to cure.
Can u tell us which areas/ regions of the world are maximally infected?
It seems some people are still stuck in the 90's where detecting 1 additional virus variant/family was a serious advantage over the competitor.
It also seems that those people haven't noticed that there are several thousand new and undetected samples every day. Maybe they should have a look at the recent Zbots, Pandex, Tibs, Zlobs, Vundos and such.
What about the java script exploits embedded in PDF? They are still undetected by many, especially the most recent variation.
While it is very exciting to analyse a polymorphic infecting rootkit it seems to be too difficult to unpack a zlib stream from PDF documents and write a simple generic for a java script exploit. Not enough glory involved or what?
The funny (or not so funny) thing is: those malicious PDF files are used for targeted attacks, espionage and so on - and are very much an ITW problem right now! Seems like someone screwed up priorities by focusing on malware that is over 6 months old. I agree, it is not a trivial task to write a cure for the Rustock.C's, congrats! - but how many other detections could you have finished in the time needed for handling ONE variant of Rustock? 1 vs 1000?
avira does not have infected users?
......... now what?
i dont think its a bad thing for drweb to work and Succeed at curing many different files, why all the negative comments?
Well, the way I see it, there's different kinds of "glory". One of those kinds are as you mention: conquering the challenge of cleaning a complex rootkit, or successfully developing new, advanced emulators, and so on and so forth. Another kind is the glory of resorting to any means necessary just to earn a shiny 99.9% detection rate award in antivirus tests, despite the fact that the crude technologies behind that detection rate were tuned blindly for detection first whatever the cost and adjusted to remove FPs later, that improvements to the engine consist mostly of fixing the numerous FPs, and that it comes with a whitelist that is probably more extensive than the signature databases of some vendors. Different kinds of glory.
But I also think that the diversity of the antivirus industry is its greatest strength. If every vendor employed the one identical, "most effective" approach, they will all get wiped out in one fell swoop when that approach fails, as it invariably always will. Overspecialize, and you only breed weakness. The fact remains that the industry needs vendors who dedicate resources to developing sophisticated emulators, generic detection algorithms and complex cleaning routines for stubborn malware, just as much as it needs vendors who spend a few seconds to update their packer detections for a new threat, and then move on and forget all about it.
So why not let's not get too uppity about it all?
yes solcroft, its a real
Well said Solcroft!
Very Well said Solfcroft.
Nobody cared about but I said long while ago that PDF is a huge security problem,
now we have the prove! Well explained! I watched the pdf disaster for a while, Adobe the big risk as well as java script.
Rustock C was a challenge and DR.Web people took the chellenge. That,s the glory.
This is why I am really starting to dislike AV vendors. You read this and for a dang idiot like me you ask yourself, who is right and who is wrong. I re-read this whole thread and still dont know the answer. It is ridiculous.
Tidy here I come. As I said I need some simplification in my life.
Hm, probably you don´t like to look under the ground. They have good connection to rus.malware developpers, imo.
If it was the case, why it took such a long time?
Difficult question probably it has something to do with schizophrenic states of individuals and disputes? People tends to be moody that could be one way to explain it, but surely there are lots of other things...
..but you can be 100% sure good and bad are not so far away from each other.. especially in it security
May be yes, may be not!! Who knows!!
Yet more trash from yet another that was once respected.
After a full examination and conclusion,when are you folks gonna rant and rave over something that I actually CAN NOT find with no tools whatsoever.
Instead of all this trash,show me something I cant find and I will STFU forever.
Sissy pranks and Childish actions will only leave us all further behind the game while the game itself continues and grows stronger.
For those directly involved...I must say..mission complete..you have succeeded yet again in complete seperation of a unity which was never built.
You folks know where im at,come get me,I wait patiently to be impressed.