Symantec detection

Discussion in 'other anti-virus software' started by tsilo, May 24, 2007.

Thread Status:
Not open for further replies.
  1. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    Hi all
    I have a question about Symantec detection, all we know that this is very good company and have big experience, in all tests Symantec have very good results, but for me it s strange.. I will explain why: Yes, we know Symantec have very good research and it's important, but

    1. At this time Symantec AV products have only 73389 virus signatures ( http://www.symantec.com/enterprise/security_response/definitions.jsp)

    2. Their AV products updates once at day and more important is that these updates usually contains only 2-3 signatures ( http://www.symantec.com/avcenter/defs.added.html )

    3. Their Bloudhound Heuristic and new SONAR aren t such effective to detect unknown threats as other AV 's heuristic

    4. They hever listen to customers and when I used NIS 2007 (moths ago) I each day send them unknown, undetected viruses via quarantine, but these viruses are still undetected by Symantec, while other AV s already detects them o_O

    I know that number of signatures isn t very important, I know that other AV may add to signatures big number off not important viruses, but anyway, there are many AV's who have much more signatures in database and have more effective heuristic but Symantec (according tests) always have better result in detection. So what do you think, why it happens?

    Sorry for my bad english, I hope you will understand what I mean :)
     
    Last edited: May 24, 2007
  2. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    I think they either use generic signatures or name a lot of malware under the same category - Many different samples of various types of trojan/downloader/dropper that I have are all detected as "Downloader" by Symantec.
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    even though it doesn't look as if there are very many defs compaired to other av companys you have to remember that symantec will list a given definition as 1 def but it will cover the vairants of that piece of malware as well which will make them actually have many more defs than it appears. They don't seem to need to show impressive numbers to boost their ego.
     
  4. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    Yes i understand that, but their respons on unknown theats is bad, I often send them Trojan/zlobs but these threats still undetected by Symantec, I often submit different viruses to virustotal and Symantec rarely detecs them.. Nobody noticed it?
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    pyyko stated that nortons virus submission was currently the best actually, automatic, i dont know if this is true or not but he usually knows what he is talking about :) ... usually.

    norton also gave outstanding performance in polymorphic viruses and its detection rate is again outstanding.

    cant fault it too much, maybe there updates dont arrive as quick as most, but the detection is there, so i wouldnt be too worried and there is always sonar as a backup, great software i must say & even more so especially with the software being now a 'low resource usage; one.
     
  6. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    Symantec virus submisiion maybe is the best, because AV automatically sends viruses via quarantine to Symantec but response.. is far from the best.
     
  7. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Thanks tsilo for posting that link that lists the definitions that are uploaded each day. :)
     
  8. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    No problem, you are Symantec user right? what can you say about symantec detection, do you ever send viruses to Symantec and how fast is their response?
     
  9. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I have only been using it for about a couple of months and so far all I have gotten is two Downloader trojans that were blocked from downloading. So I haven't anything to submit so far. I guess I have been lucky, lol.
     
    Last edited: May 24, 2007
  10. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have used Norton off and on for a long time, and have never been infected with anything to submit. My first Norton antivirus came on three floppy disc's, that ought to give you an idea how long I have used Norton.:)
     
  11. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Or it could be a testament to Vista's security.

    However I do know someone on a Vista forum that got hit with what appears to be the Win32/Jowspry trojan that is downloaded via the Background Intelligent Transfer Service (BITS). He stated that the Update icon appeared in the systray indicating updates to the installed so he installed them. Right afterwards none of his .exe files would run and he had to reinstall.

    I don't know what AV he was using, if UAC was enabled, or if he was running as Admin or User. But if I understand how this trojan works correctly, I don't think it would matter anyway.

    The story about this new threat is here.
     
Loading...
Thread Status:
Not open for further replies.