shadowserver?

Discussion in 'other anti-virus software' started by C.S.J, Sep 16, 2008.

Thread Status:
Not open for further replies.
  1. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    anyone looked further into the files that they test against?

    And Also their methodology, I'd like to know.

    What do the staff-experts on wilders know about it?
     
  2. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I am not sure there are that many experts- some members of this forum are likely as expert as it comes. That said, I have not seen any updates on the kind of files being used for analysis, or any other aspect of the empirical testing process.

    I do know that whether Shadowserver tests are valid or not, Dr. Web is at the top of the list at the moment, which strongly conflicts with other AV tests. Therefore, we can conclude that something is wrong somewhere because the results are contradictory.
     
  3. jindroush

    jindroush Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    15
    The samples coming from this source are very different to those coming of other sources (for example VirusTotal). So the results are contradictory.

    But you should also look at the results in longer time span and also on 'retry'. The AV you mentioned is much down the slope...
     
  4. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    When I look at yearly stats, Dr.Web is on 4th place. I don't think this is "down the slope".

    Or are we talking about different things ?
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    I just think some of the experts would have found out more info, as it's their products being tested.
     
  6. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas

    What is the basis of both comments, as I see nothing that confirms your first statement of the second.
     
  7. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Well if they are, they are not using their real names with a few exceptions. That means that my shill argument gets more substantiation. If they want to provide us with more info, they should have the integrity to use their real names and the firms they represent.
     
  8. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    What I mean is, if it was 'my product' being tested, I'd want to know about the test.

    It's a shame this info is not already available.
     
  9. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    The fact that they ran at least one of the AVs in demo-mode, after their license had expired, gives some indication of their expertise. So I do not hold out much hope for a high level test-bed.

    Further, Honeypots are well-known to contain a high proportion of corrupted samples.
     
  10. jindroush

    jindroush Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    15
    First statement:
    I simply have access to various sample sources. And shadowserver is sending very different samples.

    Second statement:
    http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.Virus90-DayStats

    See retry/summary.
     
  11. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    By taking a look at the stats, I'm guessing that they use a thousand+ replicants of the same family of malware.
     
Thread Status:
Not open for further replies.