VB100 October

Discussion in 'other anti-virus software' started by webster, Oct 8, 2009.

Thread Status:
Not open for further replies.
  1. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
  2. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,785
    surprisingly Avira miss and MSE pass
    world of wonders:D :D :D :D
     
  3. osubuck

    osubuck Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    18
    From TFA:

    The two most noticeable failures on this list are Sophos and Avira, though they both only missed one malware sample. "Avira couldn't detect only one of several thousand infected files, therefore the detection rate was not 100, but 99,99997 percent," an Avira spokesperson told Ars. "The rule for a VB100 is to have 100 percent, so Avira didn't get the VB100 award this time. The problem was already fixed by the time the VB magazine was published. All Avira products are able to detect 100 percent of the files since then."
     
  4. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
    Ikarus very disappointing 3759 wildlist misses o_O
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Avira > No FPs it seems :)
     
  6. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    I don't typically opine on test results, but this appears horribly awry.
     
  7. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    I don't believe that Ikarus failed to detect 3759 samples.
     
  8. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    What's the point of focusing on Wildlist detection when the real problem lies elsewhere (eg. rootkits, scareware, etc.)? VB100 is all about marketing IMO.
     
  9. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Really? What's the point in focusing on rootkits, scareware, etc that infect 1 user when it's the WildList causing the main damage? Also, where does it say the WildList is viruses only?
     
  10. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    1 user? When is the last time you've browsed a malware removal forum?
     
  11. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Not sure what you're getting at bud.

    http://www.virusbtn.com/resources/glossary/wildlist.xml

    If there is some bit of malware infecting many users on this malware removal forum you speak of, it's most likely in the WildList.
     
  12. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    I am very well aware of what the Wildlist consist of. You may want to take a moment and read the entire blog post from Alex Eckelberry. While it is a bit dated it still holds merit.

    http://sunbeltblog.blogspot.com/2008/06/wildlist-battles.html

    Snippets

    << I am of the belief that the Wildlist is an outdated method of determining the efficacy of an antivirus product. Oddly, let me make it clear that it’s to my benefit to say just the opposite: to promote the Wildlist as effective, since it’s a fairly small list of malware to worry about. Once one is “certified” for the Wildlist, one could then be considered a “real” antivirus product. Nothing is further from the truth, and therein lies the problem: It’s an implicit (and unintentional) form of fraud. >>

    << Andreas Marx echoes a fair amount of this sentiment, in an email he circulated among some researchers last week:

    …there is nothing wrong with the actual testing performed by Virus Bulletin, the problem is related to the samples from the WildList. Indeed, as Larry Seltzer pointed out, there is something seriously wrong with WildList-based testing and certification. >>

    << Another source of some contention on the Wildlist issue is the venerable Randy Abrams of ESET. In his words, "Agreement was virtually unanimous that the WildList is no longer useful as a metric of the ability of a product to protect users” >>
     
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Thanks, but the point I was trying to make is people shouldn't be so quick to dismiss the "WildList". I don't see it as any different from AV-C's collection of malware.
     
  14. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    And why shouldn't people be so quick to dismiss an outdated, woefully-limited sample set still constrained by rules from more than ten years ago?

    The WildList is a joke, with little to zero relevance.
     
  15. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Well, all of the groups of "anti-malware experts" have always their own "favorite ones" ;)
     
  16. Narxis

    Narxis Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    477
    Not a joke. Too many fanboys here...
     
  17. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Believe it or not for once I can read some real facts about Avira! Although I'm not going to ditch it for one miss. I'm not surprised at all about MSE, I think it has a great future.
     
  18. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,785
    i have not used Avira for almost a year now due to the slowdown it caused to me when i had it. For now i am sticking to Zone Alarm IS and AVG on another comp but the 100% it always showed in test never really impressed me enough to ditch my current protection
     
  19. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Avira failed,what a pity.

    What amazed me was Filseclab Twister(5655 wildlist misses, 1 false positive).What a large number.What did they do?Let me down.
     
  20. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Zone Alarm IS didn't cause the slowdown.I don't think ZAIS engross less resource than Avira.I only used ZA firewall,and it caused the slowdown.many friends have the same situation as mine.Maybe your computer is a super compiter:D .
     
  21. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    Thing is there are some polymorphic viruses on the wildlist at the moment.

    So missing 5k samples can result from missing only few 'variants', depending on the number of samples replicated for each variant of course.

    The Avira fail for example was due to 1 missed polymorphic sample of the Virut fileinfector (not 1 variant, just one replicated file).
     
  22. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Variants,I hate them.Filseclab Twister,I remembered,had a feature as HIPS.It shouldn't make Filseclab Twister have such a large number of missing.

    Avira's missing has been fixed.It is high speed and I am glad to see the vendor's hardworking:) .
     
  23. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    FIlseclab have commented on this in the chinese forum, but even with google translation to english i was unable to understand anything. The only thing that i think i understood, is that overalll Twister scored 95%.

    Anyway, the Wildlist can say everything she likes, for me all tests have primarily an advertising purpose.

    I 've used Twister for almost 2 years and my opinion is that it's decent. As a matter of fact a few days ago it detected on demand a file from p2p, that Avast which i also had installed didn't. And it was not false positive (scanned it at Jotti's). Fact is, any scanner can encounter malware that it's not in its database. And oddly enough, in the VB test, all chinese antiviruses failed. This to me tells me something on the importance of the malware selection according to geographical distribution.

    For the similar reasons, one would have to believe that Ikarus engine is crap. Oddly enough, with other tests (incl. AV-test org) this doesn't seem to be the case.

    Logic says, that when in different tests something gives very different results, the problem is with the reliability of the test itself. You can't be at the same time, prime award winner in one test and missing thousand files in another. One of the 2 or both tests are flawed or promo oriented material.


    Anyway, other possible explanations about Twister:

    - They 're working on v8, so they 've neglected signature collection for v7, because they lack manpower.


    Twister has behaviour blocker and registry protector. I wonder if they used them too or if they disabled them to use just the realtime scanner. I also wonder how do they consider a "pass" , if using the behaviour blocker. For example, if the registry protector alerts for a startup entry, is it a pass? If it flags as "suspicious" something is it a pass?
     
  24. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon



    The elbow pain is very bad



    :D
     
  25. gery

    gery Registered Member

    Joined:
    Mar 8, 2008
    Posts:
    1,785
    Not really i i only have a 1 gig of ram and my laptop works fine. Well you probably tried the older version 8 of ZA the latest is a great difference. As maximum it will consume 30 mgb and a very fast browsing . I really like it
     
Loading...
Thread Status:
Not open for further replies.