Why those big three are so lazy in updates?

Discussion in 'other anti-virus software' started by Firefighter, Nov 19, 2005.

Thread Status:
Not open for further replies.
  1. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    You cannot expect 100% perfection. But good response times on analyzing and spreading that signature can prevent any further infections worldwide.
    Technically speaking all users are connected into huge immunization system.
    One gets nailed, sends the sample to test lab, they make a cure, all others get innoculated. Should we start blaming medicine because they're incapable of providing us 100% health without ever getting the smallest minor flue? Human body works in a behaviour blocking way. You might catch some disease once. But when you get better immune system is most probably already immune to that. But most of the time its reactive (thats when you get high body temperature).
    But behavior blocking won't work if you don't define rules regarding whats bad and what is not. And that happens over time. With each submission each user would make it would guarantee itself for not getting that very same file ever again. Bad side of this is most people don't. And thats where we come in. Those who work with these things daily, hourly, minutely worldwide.
    Now, ESET is taking quiet huge step into this philosophy of detecting malware in both ways and i really admire that (proactive based on reactive), while Kaspersky Lab for example takes the reactive path to the maximum by providing excellent reaction times and time that takes from getting the sample to making the cure and spreading it among people,filling the gap same way doctors do with cures for that nasty flue. BitDefender did not so long ago, Kaspersky will very soon fill the proactive gap...
    I just wonder when the "big" ones will do something similar...
     
  2. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    When they have to.....not before, innovation usually comes from small companies, the big companies then purchase them and use their technology, thats often how things work out.

    With regards the the OP's question, there is still no real excuse for why the big three don't release update with regular intervals 24/7 as viruses are analysed, they can easily do it and despite how BigC feels regarding this, i'm quite sure their costumers would appreciate a more constant flow in signature releases, nobody's saying they should release hourly updates, but 6-8 updates spread evenly over 24 hours would not exactly be a bad thing.:)
     
  3. nod32.9

    nod32.9 Guest

    Most PC users are not very sophisticated about AV protection. They don't switch from "brand name" AV solutions unless something bad incapacitates their PCs.

    The big boys stay on top because
    -advertising
    -their products are functional
    -they get a constant stream of new customers in the form of pre-bundled software on new PCs


    To appeal to the majority of the users, their products must be simple to use. Install it and forget it works best. Innovation and cutting-edge performance are low on the priority list. The users, of course, must pay a premium for the product to offset the cost of advertising.
     
  4. wildman

    wildman Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    2,181
    Location:
    Home on the range.
    :rolleyes: There would be some truth in this folks, but when the so called big boy of the virus protection programs is the one responsible for screwing up your system you go looking for an alternative. This is exactly what happened to me almost seven years ago. I haven't looked back since, and have gained a bunch of knowledge in the mean time. I still have many more questions however. This is how I came to find out about Wilders also.

    Thanks
    Wildman
    :eek: :D :p :cool:
     
    Last edited: Nov 24, 2005
  5. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I think that all these philosophies above and their combo's works somehow even today.

    I've just achieved the 5 x 100 pole in my new journey in Jotti's.

    FF av-test 5 x 100 from Jotti's 17.-22. Nov. 2005:

    All samples in these snapshots are NOT with "ZIP", "RAR", "CAB" format (most of all are with "EXE" format) or those "COM" format, that are actually old DOS snapshots.


    Checked as viruses/worms!

    Total ------- Set 5 ----- Set 6 ---- Set 7 ----- Set 8 ----- Set 9

    _6.6 % ----- _6 % ----- _5 % ----- _4 % ----- _8 % ----- 10 %

    ==============================================================================

    Jotti's detection rate!

    Total ------ Set 5 ----- Set 6 ----- Set 7 ----- Set 8 ----- Set 9

    69.0 % ----- 68 % ----- 70 % ----- 62 % ----- 75 % ----- 70 % -- Kaspersky
    67.0 % ----- 69 % ----- 69 % ----- 62 % ----- 69 % ----- 66 % -- DrWeb 4.33
    66.4 % ----- 62 % ----- 66 % ----- 77 % ----- 65 % ----- 62 % -- Vba32
    55.4 % ----- 51 % ----- 54 % ----- 54 % ----- 58 % ----- 60 % -- NOD32
    48.6 % ----- 43 % ----- 46 % ----- 47 % ----- 54 % ----- 53 % -- BitDefender
    40.8 % ----- 43 % ----- 32 % ----- 39 % ----- 48 % ----- 42 % -- AntiVir
    40.8 % ----- 46 % ----- 37 % ----- 26 % ----- 52 % ----- 43 % -- Fortinet
    35.2 % ----- 32 % ----- 35 % ----- 24 % ----- 37 % ----- 48 % -- ArcaVir
    31.0 % ----- 32 % ----- 33 % ----- 25 % ----- 40 % ----- 25 % -- AVG
    28.4 % ----- 31 % ----- 32 % ----- 18 % ----- 30 % ----- 31 % -- Norman VC
    28.2 % ----- 30 % ----- 24 % ----- 27 % ----- 31 % ----- 29 % -- ClamAV
    22.4 % ----- 27 % ----- 23 % ----- 18 % ----- 23 % ----- 21 % -- F-Prot
    19.0 % ----- 21 % ----- 22 % ----- 17 % ----- 15 % ----- 20 % -- Avast
    _8.8 % ----- _9 % ----- _8 % ----- _9 % ----- 10 % ----- _8 % -- UNA

    ================================================================================

    Here are those ProActive like detections.

    ProActive (heuristics + behaves like + based + BACKDOOR.Trojan + DLOADER.Trojan+ DLOADER.IRC.Trojan + GenPack: + MULDROP.Trojan + STPAGE.Trojan + Win32:Trojan-gen + WIN.IRC.WORM.Virus + gen/generic + modified + probably + variant etc.) detection:

    Total ----- Set 5 ----- Set 6 ----- Set 7 ----- Set 8 ----- Set 9

    33.6 % ----- 30 % ----- 34 % ----- 33 % ----- 33 % ----- 38 % -- NOD32
    14.0 % ----- _7 % ----- 16 % ----- _9 % ----- 18 % ----- 20 % -- DrWeb 4.33
    11.8 % ----- 12 % ----- _9 % ----- _9 % ----- 11 % ----- 18 % -- BitDefender
    _9.8 % ----- 10 % ----- _9 % ----- _9 % ----- 14 % ----- _7 % -- F-Prot
    _8.0 % ----- 10 % ----- _8 % ----- _5 % ----- 11 % ----- _6 % -- AVG
    _7.2 % ----- _8 % ----- _7 % ----- _6 % ----- _7 % ----- _8 % -- Avast
    _6.4 % ----- _7 % ----- _5 % ----- _2 % ----- _8 % ----- 10 % -- Norman VC
    _6.2 % ----- _8 % ----- _7 % ----- _8 % ----- _4 % ----- _4 % -- Vba32
    _5.4 % ----- _5 % ----- _5 % ----- _4 % ----- _5 % ----- _8 % -- AntiVir
    _4.2 % ----- _5 % ----- _3 % ----- _2 % ----- _6 % ----- _5 % -- ArcaVir
    _2.4 % ----- _1 % ----- _1 % ----- _2 % ----- _6 % ----- _2 % -- Kaspersky
    _0.8 % ----- _1 % ----- _1 % ----- _1 % ----- _1 % ----- _0 % -- Fortinet
    _0.4 % ----- _0 % ----- _1 % ----- _0 % ----- _1 % ----- _0 % -- ClamAV
    _0.0 % ----- _0 % ----- _0 % ----- _0 % ----- _0 % ----- _0 % -- UNA

    ================================================================================

    Here are those ProActive like detections from those files MISSED BY SIGNATURE.

    43.0 % -- NOD32
    29.8 % -- DrWeb 4.33
    18.7 % -- BitDefender
    15.6 % -- Vba32
    11.2 % -- F-Prot
    10.4 % -- AVG
    _8.4 % -- AntiVir
    _8.2 % -- Norman VC
    _8.2 % -- Avast
    _7.2 % -- Kaspersky
    _6.1 % -- ArcaVir
    _1.3 % -- Fortinet
    _0.6 % -- ClamAV
    _0.0 % -- UNA

    PS. At least ArcaVir and maybe UNA, were not capable to use their (best) ProActive methods in Jotti's. Those av:s that were in the top 5, were also very frequent updaters or have excellent ProActive methods or both of them.

    It seems to be so that Kaspersky is making a small gap! :'(

    :D

    Best regards,
    Firefighter!
     
    Last edited: Nov 22, 2005
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Cmon, do you have to use Jotti results? I mean they're worthless no matter how often you were taking snapshots...
     
  7. maddawgz

    maddawgz Registered Member

    Joined:
    Aug 13, 2004
    Posts:
    1,316
    Location:
    Earth
    After trying other's i went back to TM 2004 ..strangest thing b4 trend my cpu at night used to go off..like someone was doing something now i put trend back on with firewall..Suprise the CPU @ night when im not on it is quite as a mouse!!! I love TM 2004 always have Might go to the 2006 but 2004 duz what i need..and I double check with KAV online scanner never finds nothing..... U can do a pc security check here... http://www.hackercheck.com/?mode=c Think that's new..anyhooooo Im happy with TM R MD :D
     
  8. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    :D

    Obviously you already know how to evaluate better av:s against the new all kind of malware? ;)

    PS. If the results were other what you wanted, why just pick up your own snapshot collection by collecting only those snapshots your favourite picks up? :) It's 100 % proof! :D

    Best regards,
    Firefighter!
     
    Last edited: Nov 23, 2005
  9. Happy Bytes

    Happy Bytes Guest

    Don't underestimate RejZoR. As far as i can tell he has more expierence (in AV general) than most of the other posters in this thread. :-*
     
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I'm just trying to say that ALMOST every av-test has something add value to bring up, WORTHLESS, brings me thinking more like computer terminology in this case, 1 or 0, black or white, unfortunately, this world isn't that simple my friends. :)

    Best regards,
    Firefighter!
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,421
    It should be taken into consideration that a lot of files submitted are false positives. Advanced heuristics is quite smart to distinguish between functional and non-functional samples, however, this does not work 100% and a very low percentage of corrupted files may still be flagged by AH.
     
  12. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Still I presume, that THE VAST MAJORITY of these snapshots were taken after some people have met problems, so where is the beef? o_O

    Actually, there were not so many snapshots, when some of these TOP 5 av:s detected some sample as ONLY av.

    Found by TOP 5 av:s ONLY:

    Total -------- Set 5 ---- Set 6 ---- Set 7 ----- Set 8 ----- Set 9

    _4.0 % ----- _1 % ----- _3 % ----- 11 % ----- _0 % ----- _5 % -- Vba32

    _1.8 % ----- _1 % ----- _3 % ----- _2 % ----- _2 % ----- _1 % -- DrWeb 4.33

    _1.8 % ----- _2 % ----- _0 % ----- _1 % ----- _5 % ----- _1 % -- NOD32

    _0.6 % ----- _1 % ----- _0 % ----- _0 % ----- _2 % ----- _0 % -- Kaspersky

    _0.0 % ----- _0 % ----- _0 % ----- _0 % ----- _0 % ----- _0 % -- BitDefender


    Best regards,
    Firefighter!
     
    Last edited: Nov 23, 2005
  13. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,535
    A bit later on this conversation, but...

    I think that the major problem of the big companies is that they have a lot of users to mantain their profit, but unhappyly they didn't care much about them...

    Happyly, exist "small" companies, in size not in quality, that are growing very well and put their users in the first place and this should be the way that all the companies, of every product, should work...
     
  14. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I totally agree! :)

    But to be honest, the quality of those small companies is the ONLY way to survive!

    Best regards,
    Firefighter!
     
  15. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,535
    Right, and hope that they continue with this way of working ;)
     
  16. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,734
    Location:
    UK
    I know what you're saying. Earlier I saw an advert on TV for a well-known computer store here in the UK, and one of their offers was for a PC bundled with a Symantec product. The yellow box was unmistakable!
     
  17. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,448
    Location:
    Sky over the Wilders Forest
    I am always late to the conversation :( .

    Jumping into the NAV part of this. This was my experience.

    Postives:
    NAV kept my machine clean when I used it. It never failed to scan on time as instructed. It was easy to load and I never noticed that it was longer to load then anyother AV. :)

    Negatives:
    LiveUpdate problems from time to time :p Large footprint on Hard drive compared to others (minor issue for me). :doubt: Resource hog compared to others took to much RAM. :p Difficult to uninstall. Left stuff everywhere. :p

    All above experiences are with NAV 2004 and earlier. ;)

    It has been my experience dealing with users: They are not like most of us keeping up on all of this. They just want something to keep their system clean and running. If it comes with NAV or what ever they will keep using it rather then switch. Sure BigC is correct users are smart enough to move on if they have a bad experince. They will look else where and word of mouth is very powerful advertising too.

    I don't subscribe to the theory that the big three are lazy.
     
  18. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,734
    Location:
    UK
    For anyone interested, Eugene Kaspersky has an interesting article about the AV industry as a whole, which includes a section showing the annual turnover of different AV companies. [See: here]

    With reference to the top 3 under discussion here, he quotes the IDC giving their annual turnover in $m for 2003 and 2004. They sure do make a lot of money!
     
  19. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,905
    Location:
    SW. Oklahoma


    And who said having a decent product with good advertising doesn't pay off;)
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    6,393
    Location:
    Hawaii
    Reference the article linked by TonyW... Mr. Kaspersky wrote in part...
    Ohhhh YEAH!!!:cool:

    Seriously though, folks -- this was a very illuminating article. Many thanks to TonyW for calling it to attention.

    I am happy for av-comparatives because of the well-deserved recognition they received in the article. VirusBulletin also received *recognition* (of a sort). ;)

    Mr. Kaspersky also wrote...
    It makes me happy that my front-line AV (DrWeb) is a "third-tier company" -- hopefully big enough to survive, but small enough not to raise a major blip on the radar scopes of the hackers.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.