VB 100% for April 2005 - Red Hat Linux 9

Discussion in 'other anti-virus software' started by Technodrome, Apr 1, 2005.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Alwil (Avast!)
    Status: PASS
    Product name: Alwil Avast! 1.0.8.2

    Avira
    Status: PASS
    Product name: Avira 1.1.3-17

    CAT QuickHeal
    Status: PASS
    Product name: CAT Quick Heal X Gen 7.03

    Doctor Web (formerly DialogueScience)
    Status: PASS
    Product name: Doctor Web Dr.Web for Linux 4.32.2

    Eset (NOD32)
    Status: PASS
    Product name: Eset NOD32 2.03

    F-Secure
    Status: PASS
    Product name: F-Secure Anti-Virus 4.62

    Frisk (F-Prot)
    Status: PASS
    Product name: F-Prot Antivirus 3.16.6

    Grisoft (AVG)
    Status: PASS
    Product name: Grisoft AVG 7 Anti-Virus 7.0.15

    H+BEDV (AntiVir)
    Status: PASS
    Product name: H+BEDV Antivir 2.1.3-17

    Kaspersky
    Status: PASS
    Product name: Kaspersky Anti-Virus 5.0.3.0 build 15

    McAfee Inc. (formerly Network Associates)
    Status: PASS
    Product name: McAfee LinuxShield 1.1.0.665.i686

    MicroWorld (eScan)
    Status: FAIL
    Product name: eScan Antivirus 1.0A

    Norman
    Status: PASS
    Product name: Norman Virus Control 5.70.01

    Softwin (BitDefender)
    Status: PASS
    Product name: SOFTWIN BitDefender 1.6.2-0

    Sophos
    Status: FAIL
    Product name: Sophos SWEEP 3.91.0

    Trend Micro (PC-cillin)
    Status: PASS
    Product name: Trend ServerProtect 2.452.00 7.510

    VirusBuster
    Status: FAIL
    Product name: VirusBuster VirusBuster 2005 1.1.1

    source: http://www.virusbtn.com



    tECHNODROME
     
  2. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    I do not understand how the test could be performed, if the last official wildlist released was from January2005 (http://www.wildlist.org/WildList/). If someone has more infos, please let me know (as I am not subscribed to VirusBTN, I am not able to read it in more details). Thanks in advance!
     
  3. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    If we are looking at those stats that are already published, VB 11-2004, we can see those tested ItW samples from here.

    http://www.virusbtn.com/old/comparatives/Win2K/2004/test_sets.html

    Copying those sample names to WORD and using the "search" function in there and key word "/", I got 371 ItW samples and 4 ItW Boot virus samples.

    From the official ItW list 11-2004 in here,

    http://www.wildlist.org/WildList/200411.htm

    we can see that there was 390 ItW viruses.


    From the official ItW list 10-2004 in here,

    http://www.wildlist.org/WildList/200410.htm

    we can see that there was 393 ItW viruses.


    From the official ItW list 9-2004 in here,

    http://www.wildlist.org/WildList/200409.htm

    we can see that there was 361 ItW viruses.


    From the official ItW list 8-2004 in here,

    http://www.wildlist.org/WildList/200408.htm

    we can see that there was 364 ItW viruses.

    After all these, I claim that they are not using the same ItW virus samples that are in the last 4 ItW lists (8...11-2004), when the test was done. It have to be a modified list from some of these which is free to everyone where those tested sample names have to be found.

    Best regards,
    Firefighter!
     
    Last edited: Apr 2, 2005
  4. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Those guys should be ashamed of theirselfs, how can't you pass with a KAV engine... :eek: o_O :p
     
  5. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    False positives :doubt:
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    When I checked the test table

    http://www.virusbtn.com/old/comparatives/Win2K/2004/test_sets.html

    again, I noticed that the last W32/Bagle.A* sample that was in the VB 11-2004 test was W32/Bagle.AQ. When you look at my last original ItW list, you can see that W32/Bagle.AQ was the first time in the official ItW list just 8-2004. Are those samples really that old?

    In my mind a test where you can see before the test those tested samples is a joke.

    PS. Is there any official ItW av-tester, that are testing against at least last month ItW viruses? I was even more surprised, when UNA missed 64 On-Demand and 69 On-Access ItW samples in VB 11-2004, when the samples were at least 3 months old! Huh.

    Best regards,
    Firefighter!
     
    Last edited: Apr 2, 2005
  7. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
  8. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Don't know about Checkvir but maybe this has a bit better ItW test, at least the samples are less old than VB has.

    Best regards,
    Firefighter!
     

    Attached Files:

  9. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    Hm.... on this site (http://info.drweb.com/show/2619) I read that VB apparently used the ITW-List of February, but again I do not understand where they got it from, as the last official WildCore collection (which contains the ITW samples) that was released to the AV companies is from January2005 (and on the WLO site there is still no February Wildlist published) o_O
     
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Unfortunately I can't check the latest VB testbed, but here is the link to the last WinNT, VB 02-2005.

    http://www.virusbtn.com/old/comparatives/WinNT/2005/test_sets.html

    Just changing the third last part of the URL and the year if in case, you can check those testbeds you are looking for. This testbed contained 402 coded sample names (checked by Excel), but I coudn't find any official ItW list with just 402 samples. The same I saw with the last WinXP test in VB 06-2004.

    If you want to see how good certain av:s REALLY are against ItW nasties, just pick up some common virus names from the last official ItW list,

    http://www.wildlist.org/WildList/200501.htm

    and then collect the second letter variants (newer variants of these common nasties) of those viruses, and we'll surprised.

    In my mind we have to check those newest variants of the latest ItW list to have a clue how good performer each av:s are.

    Best regards,
    Firefighter!
     
    Last edited: Apr 2, 2005
  11. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Just an observation: it concerns linux based scanners that scan for windows virusses.
     
  12. Sandish

    Sandish Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    51

    They seem to have technical problems with the on-demand scanner, that´s all. The on-access seems to work fine.
     
  13. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    When I was using eScan for Windows, I saw that the On-Demand Scanner skips many filetypes (eg. CAB, JAR, etc.) from scanning in order to increase the speed.

    The ODS does have technical problems.
     
  14. gast40

    gast40 Guest

    have a look at the av-comparatives.org by andreas clementi.

    his tests are meticulous, and so much better than those of av-test.org and virus.gr, that you love so much. :)
     
  15. fourdots

    fourdots Guest

    AV-Comparatives.org testing is not perfect and (IMHO) not in the same class as Virus Bulletin and ICSA testing, but I agree, it is way out in front of the unbelievable rubbish from Virus.gr and AV-Test.org.
     
  16. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    IMO the testing done by ICSA and VB is much easier to perform; just take the sample set you get from the WLO and test against it. Also the procedure for the other test (e.g the large sets they have) are a bit easier to do IMO. Everytime I want to do an ITW test I have to ask around for various lists and then re-build up the sample set of the WLO by myself (which is not always easy, as I have to search for the files in my test-sets), just because some of the WLO board members does not want that I get the official WLO sample set directly (fear of the real results? :p); dunno why.
    CheckVir is planning to do real-time ITW testing; that could maybe be of interest.
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    You said it, not me! :D

    Best regards,
    Firefighter!
     
  18. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    If VirusBulletin should even test against some official WLO ItW list, but so far I have not seen any of those OFFICIAL ItW lists to be tested in VB.

    Best regards,
    Firefighter!
     
  19. fourdots

    fourdots Guest

    It is not quite as simple as all that. :)

    EVERY virus sample used by VB has been individually tested and is guaranteed to be infectious.

    "Corrupted", "Dropper", "ba$", etc., have no place in anti-virus testing.

    Ever since Bontchev's and Solomon's "goat" files appeared in NuKE and other VX collections in the 1990s, EICAR, the WLO, CARO, and professional AVers have been wary of giving live virus samples to "outsiders".

    Petrakis and Marx are technically unskilled virus swappers who are a long way outside the anti-virus mainstream. Why would any self-respecting professional AVer give such a person a new live virus?

    Even though you have difficulty obtaining some new samples, you don't swap viruses. This has been noticed and talked about in places like VB2004. You have good anti-virus ethics, and I am sure the day will come soon when your tests will be accepted as valid.
     
  20. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    The problem is for me not to get samples (I get most of the monthly collections shared by the AV companies), because I already have all the samples that are in the WildCore collection. I just have to find out exactly which of those samples are on the Wildlist; something that I solved so far by asking for CRC lists and otehr lists and then search by myself for those samples in my sets in order to build up by myself the official WildCore collection to which I have no access because some individuals do not like that I get it directly in order to make regularly ITW tests.
    for itw-samples quite easy to do.
    also icsa which uses larger databases has sometimes garbage samples afaih (so i guess they also did not checked every single sample by hand); they give then all the samples to the av companies and later do re-test the products afaik. but for giving just a certification logo with no exact results on the web that is enough. and they get paid quite good ;)
    but it is just my opinion, i could be wrong :p

    btw, Marx does very interesting testing that no other does; like outbreak response times, updates frequencies and size etc. and many other things. I find his tests very interesting and good (much better than some others). Unfortunatly not all of his work can be found on the web.
     
    Last edited: May 20, 2005
  21. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Just a curious about official ItW list. If these samples shown in Jotti's below have really a correlation to the commonness of all infections in the web, how many do you think of these samples are just now in the official ItW list?


    Best regards,
    Firefighter!
     

    Attached Files:

    Last edited: May 21, 2005
Loading...
Thread Status:
Not open for further replies.