Virus Bulletin 100% Award for November...

@ilukka

i completely agree with you

By the way, rodzilla should be less agressive with anyone who says "NOD32 is not the best"

 

To Rodzilla from Firefighter!

People don't hate the one so much who hurts somebody or not the evil itself than the one who mentioned that by name!

In my mind NOD is going to the right way just now despite of that you denied all the other tests than VB, which we have seen in the web. It has quite good unpacker engine nowadays, the updates are very wide just now and it has hired one famous developer against trojans recently. So why you took that NOD issue to this discussion when I said something about CA Vet and Inoculate engines?


Best regards,
Firefighter!

 

I would think if my av had to meet corporate standards in terms of false positives, for me as a home user, that would be great.. What's wrong with that?

THat may be so, but again, only Symantec and ESET scored 100% in all catagories.. Now with Andreas on board, maybe NOD32 will get better with trojan detection, and other malware, maybe not... ...who knows...?

 

ITW viruses are the REAL thread to Home User and Corporate users. I've been computing for very long time, received many ITW and never ZOO. If you download cracks or keygens or Warez no av will be perfect for you. So, Yes ITWs viruses are more realistic then non-ITWs.

Yes, and imagine home user (newbie) deleting Critical windows file because of FA.

ITW viruses are the problem. They present danger to anyone. If you see statistical info you will see where the real deal is.

VB shows how specific AV is able to deal with polymoric viruses and all bugs that specific AV had during test (ie. able to detect virus on demand but not on- access and so forth).


Again, if you don't download Warez or use cracks or Keygen, there is a small chance for you to get infected.


tECHNODROME

 

To Technodrome from Firefighter!

If I understood right, here is the top 20 according to Kaspersky.

http://www.viruslist.com/eng/index.html?tnews=1001&id=158302

So what kind of infections are the most common ones on that list?


Best regards,
Firefighter!

 

Aren't they listed there?


tECHNODROME

 

My all time favorites in terms of performance and detection:

KAV and Clones
NOD32
F-Prot & CSAV (Command)
DrWEB


tECHNODROME

 

@technodrome
i'm not doubting your computing experience..but i doubt what you're saying..you seem to completely ignore trojans etc..and kazaa

since kazaa and it's clones nowadays account for 70% of ALL network traffic( i just read this in a pc mag) it seems that there's more to worry than itw virii.. if you want to do a little checking, check kaspersky's list or even symantec's list

 

I could not agree more. Your AV HAS to catch a VERY HIGH percentage of ITW--and CONSISTENTLY. That's the MINIMUM any AV should do, IMO. Detection of other threats should be a high priority, but ITW detection is the most important job an AV has--again IMO.

Amen.

The VB tests measure important qualities for the corporate user, but they are no less important for the home user.

 

To Technodrome from Firefighter!

I am a bit of curious how AVK 12 Pro missed VB 100% Award with false positives when KAV, eScan an F-secure passed.

When I told some months ago that M$ will stop testing RAV in VB, was that because of RAV engine false positive that AVK missed because in my mind the samples are quite old (over a week or so) in VB tests so there couldn't be any update delay in this case?

An other thing is that to everyone. I didn't mean ICSA is the best tester available, only that CA thinks that VB isn't the nr. 1 but ICSA is that in their mind! For me the posive thing about ICSA tests is that the av:s have to detect 90% of those 6 000 infections, which is almost four times bigger that is in the VB "Zoo" tests (some 1 600 different virus names).

By the way, checkvir.com 8-2003 has over 3 800 different infections (50 polymorphics when VB has 43 in June 2003) , so it isn't so bad either!

Best regards,
Firefighter

 

The most common ones in that list are ITW.
Is that your point?

 

To JimIT from Firefighter!

My point was that were they ALL in that "in Wild list" and were they Viruses, Worms, Trojans, Backdoors, Exploits or something else, because I belong to the common people and can't recognize that.


Best regards,
Firefighter!

 

I believe its important to have other testings done . No one or one organisatiion is beyond fault hence the reason for "layered defence" as so many experts recommend. So i welcome the other tests that are becoming more available and more respected. Those anti virus companies that dont allow such tests when other "respectable" conpanies do so , will maybe have to pay the price over time , of seeming to be selective to the extent that it may look as if they are afraid of such independant testing .

 

You are not "common", FF--you are extraordinary!!

The answer to your question is: all of the types of malware you mention above are represented in the WildList, or supplements to the WildList.

And, in fact, (and someone correct me if I'm wrong) it appeared that all of the Kaspersky 20 are in the WildList or a WildList supplement.

 

To JimIT from Firefighter!

I'll take that extraordinary as a compliment for me!

Best wishes!


Best regards,
Firefighter!

 

How much more information does subscribing for VB100% give you?

 

I don't ignore anything.

Its just that (as I mentioned) cracks, keygens and various warez from Kazaa and clones is very dangerous and illegal (of course). You’ll get infected no matter what av program you use. By using common sense engine you’ll be able to avoid this ugly situation. What can you expect from file named MS Office.exe in length 44 Kb? A retail version of MS Office ( which is more then 400 MBs)?

Its true that KAV will detect more malware then any other AV. If people use Kazaa to get warez, cracks and keygens, KAV would be their best bet. But not everyone is Kazaaing or downloading questionable codes.

I think discovering a new ITW virus without adding signatures is more important then detecting 100,000 ZOO viruses. This could save a load of $$$ to corporations or time and pain to home user.


tECHNODROME

 

we agree on the zoo viruses, yes!
detecting them is rubbish, as generally is detecting trojan editservers etc.. programs like pest patrol even detect help files of trojans as malware...
when i mention kazaa i'm not even talking about warez.. i'm talking about music, pr0n and stuff which every teenager wants to get out of kazaa...btw i read somewhere that kazaa has 250 million users..not all of them are after warez..
i'm talking about instant messengers, and the files that get transferred there, irc etc.. there's a whole lot of nasties not found on the ITW list...

here is symantec's latest threats page.. some of these you can actually find in the ITW list but most of them not.. http://www.sarc.com/avcenter/vinfodb.html

 

70% of them don't use AV at all.

Sure. But many AV will detect more then whats on the ITW list.

tECHNODROME

 

great! now we agreed on the fact that there's more threats than on the ITW list... what more there is to argue....

 

VB tests every av with default settings. By default AVKs heuristic is on so this could be cause of FA.

I don't know about that but ICSA is quite different from VB. If av fails ICSA test, av vendor is informed about what’s missed and why is missed. After av vendor fix the problem, product is resubmitted to ICSA for retesting .


tECHNODROME

 

What's often forgotten amid arguing about ITW and the 100% awards is that VB also tests for zoo viruses. (Although perhaps not 13 yr old DOS viruses that may not even work on today's modern systems. )

For a normal user the VB zoo results bear looking at as well since not all 100% ITW award winners are created equally, as often pointed out, when one looks at the zoo results. Although the VB tests don't (as far as I'm aware) cover Trojans. So there is that to also consider.

It seems to me though that some of the other AV tests (and certainly some of the VX collectors' recent "tests" we've recently seen) frequently are more of a database comparison rather than a test of protection against things most likely to be encountered in normal use by ordinary users. And therefore these tests may be of somewhat dubious value in suggesting what is the best for day to day AV protection against probable threats. What any test reveals of significance can only be judged (IMO) with an understanding of what and how the test is performed, what they are really testing for and what are the kinds of threats you are most likely to actually encounter given your behavior and use. A collector or a clever fellow can always whip out something that one's AV or even AT may not detect. But is such a feat a display to confound people or a significant revelation of a real weakness in protection against probable threats?

As for trojans and Kazaa, IRC, etc and for those engaged in known risky behaviors, one might suggest that even the great KAV with its capacious database may not be 100% all the time. Thus many people including KAV and McAfee users also use an AT. For coverage against trojans, an AT specific app would be recommend and not just an AV. Although many (if not most) of those engaged in such risky behavior don't have a clue and may not use any AV or at most may use whatever freeware is available.

Deciding what AV to use is not simply a matter of looking at tests and thinking all tests are testing for the same thing and are relevant to one's use. Same for AV's. Does one need protection primarily from the latest likekiest threats or against the whole kitchen sink which includes things one may never encounter? Which is best for you given your use? What's best for you and best for me may not be the same. Still, it makes sense to use an AV that does well on VB ITW tests (although of course I wouldn't rule out AV's that miss one in the VB ITW due to technical reasons) and preferrably one that also does well on the VB Zoo tests.

But I also don't freak when people are trying to scare others with MS DOS clunkers or VX collections available via the internet. Any more than I go to the doctor with flu symptoms and insist he/she test for Lassa fever.

For VS: subscribing to the VB gives one the detailed test info and results, and the mag articles in a timely fashion. Otherwise, one waits for the archived magazines to be available on the website. By then new tests/editions of the mag are out. Due to the cost of subscription the mag is directed toward IT/AV professionals who have it as a business expense, usually paid for by the employer. It's not really something for the average home user unless he/she is interested and have a lot of money and the inclination to spend it on such things.

 

MALARKEY!

If that's the case, then why don't AV companies leave the ICSA and 100% logos--IF they can even achieve it-- OFF their home products They don't!

You are ABSOLUTELY correct on that point!

Well, I don't subscribe, but I am a network admin, and you are correct: There is room for a statistical approach. And my statistics tell me that EVERY piece of malware caught by the AV I use at work (NAV) in the last TWO YEARS--on two networks composed of over 200 computers--was an ITW piece of malware.

No, the wildlist is made up of the malware having BY FAR the GREATEST LIKELIHOOD of infecting a home user. There's a big difference there.

No offense, but no they don't.

They do not "represent more the true situation a general home user faces". They do not even represent the "true situation" 95% of ALL computer users face, IMO.

Again, the ITW stuff is BY FAR the most important crud your AV should detect.

 

Driving a car could be threat. Driving while intoxicated, a life threatening event.


tECHNODROME