Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: mantra on October 10, 2003, 10:05:41 AM
-
an answer to http://www.avast.com/forum/index.php?board=2;action=display;threadid=1379
-
kaspersky
-
vet
-
the files are ascii but too big to post
so i compressed in zip but there is only *.txt inside!!
maybe some karma to me....
look a great great test !
-
an answer to http://www.avast.com/forum/index.php?board=2;action=display;threadid=1379
I didn't get it mantra :-[
what exactly is your point ? ???
-
download the attachement
rename f.zip.txt in f.zip
open the file zip and open the *.txt inside the zip files
and look a big big test with a lot of virii
-
Nice testing Mantra ! :)
btw : man, how did you got so many virusses for testing purposes ?
I'm looking (searching the web) for months now, to find a large virrii database like this....:(
Waldo
-
look a great great test !
May something intresting to do for you. Run Kaspersky with "delete all Viruses" and than run Avast to see what Virus Kaspersky misses. Do it with vet the same way.
-
i have 3 cd 700 mb of virii in compressed
and avast did great great test
some karma for me
ps waldo i can send what do u need or give some links..
-
I have 3 cd 700 mb of virii in compressed and avast did great great test
some karma for me
ps waldo i can send what do u need or give some links..
Could you send me an IM or email with these links?
Thanks, mantra ;)
-
i have 3 cd 700 mb of virii in compressed
and avast did great great test
Excuse me, but you only posted the results of Vet AV and KAV..
where are the results of Avast4 ? ??? ??? ???
-
some karma for me
waldo i can give some links..
sweet, if you could provide me with a couple of link, please. > you got my mail (hotmail) and you can pm also.
Karma is on the way Mantra ! :)
-
to tec & wald yes sure i will send the link
but be carefull!!!!!ok ?
to mina the avast results are in the first post ( the open post)
bye ....
thanks for karma... ;D ;D
-
Wow! I'm impressed. I'm too scared to load viruses on my machine then run AV to see what it catches. I trust the labs for that.
-
Wow! I'm impressed. I'm too scared to load viruses on my machine then run AV to see what it catches. I trust the labs for that.
well, i never excecute them ! ;)
There mostly zipped, and this way being harmless untill unpacked (wich i never do).
I just put them on a cd to do some scanning/testing with different programs. It's like a hobby to me.
some people collect post stamps, some collect virrii, lol.
Waldo
-
well, i never excecute them ! ;)
There mostly zipped, and this way being harmless untill unpacked (wich i never do).
Well, the only problem with such "collections" is that they usually contain big number of crap - corrupted files, jokes, even false alarms and other similar stuff. And while nobody really executes them (like you :) ) - they are counted as viruses by many people...
Pavel
-
Well, the only problem with such "collections" is that they usually contain big number of crap - corrupted files, jokes, even false alarms and other similar stuff. And while nobody really executes them (like you :) ) - they are counted as viruses by many people...
Pavel
Thanks for advicing, Pavel ;D
-
to tec & wald yes sure i will send the link but be carefull!!!!!ok ?
I didn´t receive your link :'(
-
Using google will do the job, too! But remember always what Pavel said these "collection" of Internet-viruses are really contain much rubbish and are often really old. They not really good for reliable tests.
F-prot is really good in identify such garbage. Often it reports (by using /collect) such files as corrupted ,garbage or "not a virus"!:)
-
"Well, the only problem with such "collections" is that they usually contain big number of crap - corrupted files, jokes, even false alarms and other similar stuff. And while"
i can post some of these files
maybe somebody can turn off the av and try to run it ;D ;D ;D
-
The Problem with the old Dosvirus are, that they can not infect PE files or exe files at all and they are not able to get controll to int13h or int21h, because Windows wouldn´t let them.
BTW DosVirusesdid you see that AVAST did not catch this one?
29a-1.zip/FILES/ZHEN7313.EXE Infected Zhengxi.7313.a
Search more Variants of these Virus and test it too! BTW2: This Virus is so bugy that it is very difficult to let it infect files, even under DOS!:)
-
BTW DosVirusesdid you see that AVAST did not catch this one?
29a-1.zip/FILES/ZHEN7313.EXE Infected Zhengxi.7313.a
I'm not responsible for adding new signatures to avast!, but isn't zhengxi one of the most comples viruses written in DOS ? :) short description (http://29a.host.sk/29a-1/29a-1.4_2 (http://29a.host.sk/29a-1/29a-1.4_2) - or somewhere in vbulletin page). And in Win ? Read this interesting article (http://www.peterszor.com/metamorp.pdf (http://www.peterszor.com/metamorp.pdf)).
-
but isn't zhengxi one of the most comples viruses written in DOS ? :)
Yes, Mcafee/Drsolomon made it easy, they made only a signature for all Zhengxi Viruses they coul find on the internet or which were send to them!:) You can see it, because they name it zhengxi.number.dr(opper)
-
raman
do u use Mcafee?"?"
i have never tried!
is it great?
and the update module is like avast?
-
Yes, i like Mcafee! But i only use the Commandlineversion of it. Or you can use the Gui, if you choose costume installation and only install Scanner, updater and the Monitor.
-
but the updarte module is like avast so fast and incremental?
-
If you use the updater, yes it is. You can see how big the Updates are if you look at the *.upd files here: ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x/
One "problem" is, if there is a new scanningengine you have to download the Superdat-file. It will not be updated automaticaly, but that happens afaik only two times a year.
-
If you use the updater, yes it is. You can see how big the Updates are if you look at the *.upd files here: ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x/
One "problem" is, if there is a new scanningengine you have to download the Superdat-file. It will not be updated automaticaly, but that happens afaik only two times a year.
Thanks raman...
But mantra always complain that av use too much RAM... McAfee eats more RAM than avast! at similar configuration... ;D
-
But mantra always complain that av use too much RAM
Thats one reason i only use the commandlineversion of Mcafee!:)
-
Could you send me an IM or email with these links?
Thanks, mantra ;)
Mantra, because of other foruns oppinions (raman and kubejc), forget sending this links to me...
Anyway, very thanks... ;)
-
If you want really serious tests with viruses you have to let them infect files (real or only goatfiles) than you know if it is a "good" sample or a corrupted one. Most of the samples in "internet-viruscollections" are generic one samples. That means that they were compiled from the source but never infected a file. Thats the reason Viruses in these collections are as big as they reported by the Av-scanner^. So an Austr-Para-784 is only 784 or 785 bytes "big".
BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).
-
If you want really serious tests with viruses you have to let them infect files (real or only goatfiles) than you know if it is a "good" sample or a corrupted one. Most of the samples in "internet-viruscollections" are generic one samples. That means that they were compiled from the source but never infected a file. Thats the reason Viruses in these collections are as big as they reported by the Av-scanner^. So an Austr-Para-784 is only 784 or 785 bytes "big".
BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).
Vlk, could you say something about what raman wrotes? 8)
-
Vlk, could you say something about what raman wrotes? 8)
It's rather the question for Pavel. I don't exactly know, but I guess the virus has to infect about 100+ exact (goat) files with the different size (there can be other variable values/append size/... in the virus body) and then the unique signature can be chosen - not with using a tool.
-
Vlk, could you say something about what raman wrotes? 8)
Thanks, pk. Does Pavel has something to tell us? ;D
-
BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).
No, I don't agree with this. As I already mentioned some months ago, we frequently run several AV programs against our virus collection. Although I will never publish these results, the best detection rate goes to KAV, McAfee and avast!, followed by F-Prot and Sophos. We have tried AVG and NOD32 in the past but their detection rates for FULL database was so low we decide not to include them into our regular tests. And yes - it was big surprise for us too ;)
BTW: these tests do not IN ANY WAY cover the real world virus detection!
Hope this helps
Pavel
-
BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).
No, I don't agree with this.
I think AVG will be able to make a test where Avg gets the first place.Just like the moosoft test mentioned somewhere here in the forum
-
BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).
No, I don't agree with this.
I think AVG will be able to make a test where Avg gets the first place.Just like the moosoft test mentioned somewhere here in the forum
Yes, you are right. This is one of the reasons why we will never publish our results from these tests ;) All I wanted to say is that we were really surprised by the AVG and NOD results in those tests!
Pavel
-
Yes, you are right. This is one of the reasons why we will never publish our results from these tests ;) All I wanted to say is that we were really surprised by the AVG and NOD results in those tests!
Pavel
Can't avast! be better than AVG and NOD ;D
-
raman
F-prot is really good in identify such garbage. Often it reports (by using /collect) such files as corrupted ,garbage or "not a virus"!:)
In my small informal comparative test I included f-prot for DOS, see http://www.avast.com/forum/index.php?board=2;action=display;threadid=1379;start=15 (http://www.avast.com/forum/index.php?board=2;action=display;threadid=1379;start=15)
Here is attached f-prot report file, rptcoll.txt What do you make out of it? Does it make my test files in any way good or bad for testing , I really don't know, and I don't care much. I was just curious. And now, let's get back to real life.
As an admin in our company within our corporate network I did some real life testing by accident. Not so while ago, my system started to shut down whenever I connected to the Net. U already know what I'm talking about. One day later, Amon (NOD's resident monitor) reported Lovesan worm. Because I had many other AV products on my system for testing purposes, I decided to double and triple check the suspicious file. At the time on my test machine, apart from NOD, there were:
NAV 2003, Panda 7.04 Platinum, KAV 4.05 lite, F-prot 3.1x, DrWeb 4.2x. I turned off the Amon and scanned the suspicious file with all of them and not a single one deteced it!
I was puzzled. I decided to discard the NOD's detection as a false alarm and blamed it on the Microsoft. I manually updated all of the above products and scanned my system and still there were no results!
Day after, annoyed with the behavior of my system I decided to take look at the worms' description at NOD's site and that was it! I removed the worm and watched when other vendors will update their definitions and for some it took days before they finally did it. Two days later, our corporate admin called and said: We have a virus on our LAN! I replied that I know, and I just waited to see how long it’d take McAfee installed in our central office to catch it! ( Lovesan/Blaster was more an annoyance than a big threat in its first incarnation).
So what are we talking about here? Is it really important if product A or B catches some obscure virus and product C doesn’t? I don't think so. Eventually, every major AV product will catch any global virus/worm threat. The question is, how soon, which is especially important in those days of so called blended threats. And what's the use of incremental updates if update process effectively disables AV product you are using, as it does with some of the products in the market.
So, the focus should be on the response time, accuracy and robustness of the update process. ::)
PS
I'm in no way an advocate for NOD and if you look at the above-mentioned thread I never mentioned it there, or here, or anywhere else in this forum until somebody else mentioned it. Also, at the time, I didn't know about AVAST! ;)
-
So, the focus should be on the response time, accuracy and robustness of the update process.
…and the ability to repair the damage! :)
-
Oh, asafdem, thanks for this post. I think you're absolutely right. It's not about the total number of virii detected, it's mainly about the
(1) overall reliability/stability
(2) speed of reaction to the new threats (the duration between a virus is released and your installation of the AV program is able to detect it)
These are the two most important aspects.
Thanks again for your rel-life story
Vlk
-
No problem, but my Karma is still down to 0! :'(
-
Is it? ;)
(end of story, moderator says)
-
@pavel
"Although I will never publish these results, the best detection rate goes to KAV, McAfee and avast!, followed by F- Prot and Sophos. "
did u test with bitdefender?!? and
and how many viruses have u in your database? the same of avast?
-
a question to vlk
what can do ?
REGEDIT 4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\]
@="command /c for %q in (%windir%\*.reg %path%\*.reg C:\*.reg %windir%\system\*.reg) do regedit /e %q HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"
-
Is it really important if product A or B catches some obscure virus and product C doesn’t? I don't think so. Eventually, every major AV product will catch any global virus/worm threat. The question is, how soon, which is especially important in those days of so called blended threats. And what's the use of incremental updates if update process effectively disables AV product you are using, as it does with some of the products in the market. So, the focus should be on the response time, accuracy and robustness of the update process. ::)
…and the ability to repair the damage!
Very good point of view ;)