Strange scanning results with AVG Free 7.0.296!

Discussion in 'other anti-virus software' started by Firefighter, Dec 11, 2004.

Thread Status:
Not open for further replies.
  1. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Hi again! I have just finished my last scan against my 3518 infected samples. AVG Free 7.0.296 was within too. The strange was the very poor Exploits and BAT detecting.

    Best regards,
    Firefighter!
     

    Attached Files:

    Last edited: Dec 15, 2004
  2. lrtrees

    lrtrees Registered Member

    Joined:
    Oct 23, 2004
    Posts:
    31
    Firefighter, I could most likely find the answer, but hope you do not mind if I ask.
    What is e-scan and how is it purchased?

    Thanks,
    Lon
     
  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
  4. Ianb

    Ianb Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    232
    Location:
    UK
    It really shows what a useless peace of junk AVG really is.
     
  5. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    This scan does not surprize me. As a paying customer of AVG 7 (I have since switched...I know you're sick of hearing that if you've read my other posts ;) ) The reason I switched was a lack of detection. It was mostly Exploits that were getting by AVG Pro. It was really strange. Things that it caught before SP2, it could not after. It did help me out when I was trying out Norton 2004 and I was hit with padobot, and sdbot. I think Norton got infected itself because one day my internet connection icons and links just disappeared :eek: and Norton found nothing. However, I still had AVG on my PC with the resident scanner turned off and I ran on demand scan and AVG found the nasties and cleaned them. After I fixed my WMI, things ran great again. I would go back to AVG in a heartbeat if they were to detect better beacuse the interface and operation of the prog fit me well.
     
  6. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    Hi,

    No offence indeed.

    But how can you conclude and say those words by such a test that without exact name of malware, without methodology to prove that all malware are really functional (whether it does real threats such as Exploits and BAT) and without methodology to prove how circulating of these malware really are ? :)

    I don't believe that AVG will offer better protection than other AV but that test is still in question. Maybe quantitive not qualitative and less is more in antivirus protection :D

    Judgment the real quality of AV is not easy task as let the scanners scan files in question. But the accuracy of identification & catching & cleaning the (real) threat and how quick to response when the (real) threat begins circulating are count.IMHO

    Some AVs can detect spyware, adware but some AVs not (what if people call or understand spyware as a virus and some AVs don't detect spyware by its design), some AVs don't detect exploit code itself but detect malware that are downloaded by exploit code instead. I think each AVs companies have their own policy for what malware that they should or should not detect.

    So it is not easy to judge the real quality of AV by the amount of malware they detect.
     
    Last edited: Dec 12, 2004
  7. SDS

    SDS Registered Member

    Joined:
    Dec 11, 2004
    Posts:
    5
    Tap is correct, because more often than not, i've found that many things that AVs like Kaspersky flag as malicious, aren't. Whereas i've found DRWeb, NOD32, and MKS a bit more discriminating in what they toss into their databases.

    For example, look at the following information:

    [autorun]
    open=C:\WINDOWS\OOBHCDGC.VBS

    Place this information in a text file, and scan it with Kaspersky. It will show up as a virus. Clearly, it is NOT a virus, but might reference a file that was once a virus. But the point is, the file itself isn't malicious, and as such, it should not be labeled malicious in my opinion.

    As I said, AV's like DRWeb, NOD32, and MKS pass most sniff tests like this. So to me, its pretty easy to see why some tests can be a bit misleading - no offense to firefighter.

    Thats my 2 cents.
     
  8. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    I save this information in a text file and scan it by Jotti's malware scan 2.42, the result as this. :eek: :eek: :eek: :eek: :eek: :eek: :eek:
     

    Attached Files:

  9. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well if i correct this,NOD32 DOES detect it as LoveLetter.AR worm
    Your string was saved into .BAT file. .TXT files itself cannot execute any such command inside so thats the reason why its not detected by majority of AVs.
    Some are extra sensitive,explaining the detection of TXT file.

    I also tried this string:
    Code:
    [autorun]
    open=C:\WINDOWS\n00dle.VBS
    But once again NOD32 didn't detect anything. So i guess AVs are sensitive to that specific string.
     
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    And last the results from AntiVir 6.29 added to the table above. Without trojan like malware quite good results with AntiVir.

    PS. That Exploit what interrupted the scan with AntiVir before doesn't interrupt the scan anymore. So it's fixed.

    Best regards,
    Firefighter!
     
  11. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    There isn't av:s that don't make FP:s. False positives are not the reason why Kaspersky seems to detect almost everything, because it is actually that damn good against everything. Besides, in my tests McAfee VSE 8.0i was able to beat Kaspersky in Script like malware and Viruses, so in this case it makes even more FP:s than KAV when that is the main reason to KAV's excellent scores.

    Best regards,
    Firefighter!
     
  12. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    I agree with you.

    In my malware collection KAV detects almost everything that throw in its way. I guess that KAV detects malware ahead of time (by its strong signature, I think) when they find or you send them new malware and no matter that malware go in the wild or take serious threat or not, if it's malware it will be added to KAV's database for sure. Whilst some other AVs will mainly focus on malware that potentailly go wild spread or take serious threat to its users, this may depend on companies' policy.

    So if you compare KAV's detection rate to other AVs, it's definitely sure that KAV is the winner. This can be applied to every AVs, but it has nothing to do with real quality of other AVs that they offer to its users.

    That's my 2 cents.

    In my mind KAV is very damn-superb excellent against malware. :)
     
  13. Diver

    Diver Guest

    The poor results for AVG are consistent with other published tests. One done by a large magazine included AVG, McAfee, Norton, Trend Micro and a Fifth one that I can't remember. AVG had the lowest detection rate and the greatest number of false positives.

    People like it because it is free, easy to use and does not slow down older machines. But, its junk.
     
  14. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    A little harsh, I think. If you are a conservative surfer and practice safe-hex, AVG should give you adequate protection against most of the common ITW threats.

    It is obviously not one of the better AV's, but hardly 'junk'.
     
  15. nod32_9

    nod32_9 Guest

    AVG has been around for a very long time. It wouldn't last this long if it is NO GOOD! Most PC infections happen when there is a new and nasty bug circulating the internet. AVG will intercept these bugs. You can have Norton, but if the LiveUpdate module fails (very common with this CRAP ware), then you are unprotected with such outbreaks.

    You brain is the most powerful AV program. If you don't use your brain and click on everything in view, then you should load up your PC with Kaspersky/McAfee and the various malware detectors...cause GOD isn't going to save you. And guess what? You will eventually get zapped by a bug cause there is no perfect defense. Keep the PC in the box and you will be 100% safe.
     
  16. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    But sometimes, even when you are reading just news, you may get infected.

    http://www.dslreports.com/forum/remark,12095594~mode=flat

    Don't know how it is with Aljazeera, but it's no wonder if we can find things like these from there too.

    http://english.aljazeera.net/HomePage

    Best regards,
    Firefighter!
     
    Last edited: Dec 12, 2004
  17. SDS

    SDS Registered Member

    Joined:
    Dec 11, 2004
    Posts:
    5
    NOD32 doesn't detect it, regardless of how you save it. Not sure why you are saying it does.. The fact is, NO AV should detect that string as a virus. I know dozens of strings like that, which will set off Kaspersky.

    Sure every AV has false positives, but the fact remains, if you slam your database with everything sent, and don't discriminate with what you pack into it, then you eventually open yourself up to these kinds of things.

    AV's should be very deliberate in database additions to ensure this doesn't happen.
     
  18. TAP

    TAP Registered Member

    Joined:
    Aug 17, 2004
    Posts:
    344
    This may or may not true in AVG 6 but we can see its improvement someway at least in professional test such as Virus Bulletin, latest AVG 6 and new AVG 7 have continuously got VB100% since Windows XP Professional test/June 2003. AntiVir has also got improvement in Virus Bulletin test too.

    About the lowest detection rate, I don't understand why people always think AVs that have low/lowest (unconfirmed) detection rate must offer related bad protection. As far as I know some products such as Antivirus Firewall, FortiClient AV from Fortinet has always kept its database so smallest as possible by mainly focus on ITW malware, real threats, today's most dangerous malware and try to avoid add zoo malware and other non-existance malware into database to improve its speed-performance and conserve its resources to focus on real threats only.

    This can make FortiClient's AV products have low or lowest (unconfirmed) detection rate if it tested with non-existance/unconfirmed malware as we can see such a test like this from time to time. But this has nothing to do with its real-world capability/detection rate.

    Too little harsh, I think. Don't forget that at least AVG 6 has continuously certified by ICSA Labs and AVG has been around for a very long time. It wouldn't last this long if it is NO GOOD! :D
     
  19. mikel108

    mikel108 Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    1,057
    Location:
    SW Ontario, Canada
    Many uninformed people will use a free product simply because they are unwilling to pay. Does this mean that it is good. I can relate this to the auto industry that I work in. People will buy a $20000 Kia and then wonder why they have problems with some of the simpilist things, yet the person who spent $40000 seeems to drive forever without the slightest problem with their product. Simple rule, you usually get what you pay for. In it's defence AVG is a wonderfully stable program, and I never had a day's problem with lock-up, updates or the such. And for average user's who maybe read the daily news or go to major sites it will probably work great. My own experience is that I can ill afford a virus. I do a lot of volunteer work where I send and recieve many files. The people I work with are professionals, and while many are good at what they do, they understand little about computers, operating systems or how to deal with a virus. If I send them something that knocks their computer out and they spend a day and money getting their PC fixed I bet that I hear some rather nasty feedback from them.
     
    Last edited: Dec 12, 2004
  20. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I think that for example with AntiVir and Ewido combo, you actually have very good protection because Ewido has very good worm protection too. Only one thing makes me a bit nervous, is that poor detecting rate against Exploits with AntiVir resolved simply by full patched WinXP and by using Firefox?

    Best regards,
    Firefighter!
     
  21. nod32_9

    nod32_9 Guest

    $20K Camrys and Accords run circles around high-priced $40K German toy wagons. Why? Cause the expensive autos use unproven technologies. Plus they're far behind Toyota and Honda in consistency and attention to details.

    SPC is very important with mass-produced items.
     
  22. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    You could use my PC anytime you want to. I like your approach. I am particular about who I let use anything that I pay a bunch of money for. I don't trust just anyone either. Maybe that is why my machines have been infected only twice to my knowledge. And both were minor.
    ;)
     
  23. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    I understand your point but I think the car comparison is not a good one based on my experience. After all I'm still driving a 1994 Ford Escort with 256,000 miles on it and did not replace the motor with a used one until 185,000. Sorry I just had to say it. But back on topic as I have said before Cheap pay is always going to be better then free. Expensive does not always equal quality. Sometimes just fat salaries and dividend checks for shareholders and junk for the consumer. Longevity speaks volumns for any product.
    ;)
     
  24. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    Firefighter, so I take it you perform these AV tests? Do you have a site where I can see more of these tests? How about an anti-trojan test? Do you have one of those in the works? That would be nice. Or do you know of one I can look at right now?

    Peace
    erikguy
     
  25. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Unfortunately I don't have a site of my own. Those scanlogs of my testbeds are too large to add as an attachment, about 1/2 Megs and more each.

    I don't test AT:s, the only AT that I have tested in signature scanning was Ewido 3.0. Ewido scored quite well just after eScan Free and Mks_Vir 2004 concerning Trojan like malware. To test trojans more accurate, you actually have to launch each file separately, to see if the AT really detects and disinfects these nasties, too heavy job for me.

    Best regards,
    Firefighter!
     
Loading...
Thread Status:
Not open for further replies.