Avast WEBforum
Other => Viruses and worms => Topic started by: Lisandro on July 27, 2005, 03:31:17 AM
-
What's going on with lack of detection?
Spyware.BingoFun, Spyware.NavExcel, Heuristic.Win32.Hijacker1, TrojanDownloader.Small.Go, Backdoor.Padodor.az, BackDoor.Generic.GAX, BackDoor.Generic.GGC, TrojanDownloader.Agent.ho, TrojanDownloader.Small.bcu, TrojanDownloader.Small.bcv,
MISSED :o (http://forum.avast.com/index.php?topic=15091.msg127347#msg127347)
wmram.exe
MISSED :o (http://forum.avast.com/index.php?topic=15277.msg128630#msg128630)
Win32 Tenga
MISSED :o (http://forum.avast.com/index.php?topic=15300.msg128814#msg128814)
I'm being unfare, folks?
One of my computers get infected last week, a lot of time lost... No answers, I'm becoming disapointed! :(
-
Did alwil changed their email or something? Anti-Vir detected a Trojan and I send alwil a possible Trojan about almost two months ago and no response. I then send the infected file to anti-vir and they told me it was a false positive the next day. I understand it's hard to keep and maintain the software and trying to find new problems, but they should at least consider the emails they get about new possible threats. They don't have to respond to us (as long as it's not false positive) as long as they put the new virus in the database. I'm not giving up on avast! since this program is longest software I ever kept since McAfee. ;D
-
I share the same opinion with you Tech. I'm a pro and AV is just a second line of defense when my brain fails to detect something,but i do regulary submit malware.
Alwil guys will have to change something about this. They do add samples,but thats way way too slow. If i understrand correctly,only Karel keeps his hands over VPS updates so this is probably the main reason. Macro viruses are covered by some other guru,but they aren't as common as Win32 stuff.
I was on McAfee for some time and i just loved their way of handling submitted malware. Uploaded it through their submission mechanism WebImmune and i usually got response in 6 hours or next day for sure. If it was indeed malware,they added it next day or even right away if i submited it before their DAT release.
Now Chest is kinda ok when you get used to it,but it doesn't really serve it's purpose since avast! doesn't have any heuristics. Trojan-gen false positives are common,but usually not the reason to use Chest.
Second thing is that you have to use your own SMTP engine for submission.
Many people just gave up before they even learn that they have to enter that info.
Explaining to every user how to pack into ZIP and password protect it and blabla is also annoying. But even if you guys impliment some kind of web uploading form that submits directly without need to pack and password protect stuff you'll still have to regulary check all files and add them asap.
You don't have any proactive protection(ok,except mail),so you have to use Kaspersky way of handling malware (raw signature detection strengt).
avast! functionality is way over any other product,but main purpos (detection) is the thing that makes me worried about avast!. It's ok,but nothing that would launch it to the top. It just gets lost between others :(
-
So it looks like they are undermaned or what?
-
Hello ye all,
Well stay on top of it. Avast is a too good product to loose out on this.
Personally close the vulnerability gap. Download stinger.exe. And screen your oses for the latest vulnerabilities. I hope AVAST will keep sharp, play on the ball.
greets,
polonus
-
Submitted a sample a few months ago.
It took a month before it was in the vps.
But with next vps it was removed because it caused a false positive.
It was never added again after that.
I could be wrong, but I believe that Alwil needs to put more people on the vps.
-
About proactive protection, personally, I've used Kerio Personal Firewall with its Behavior blocking (similar to Prevx but less intrusive on system performance). This feature gives a good level of proactive protection by control over any starting/modify applications (including malware) on you system.
I think the Blocker in Standard Shield has high potential to be a powerful proactive protection of avast!, so I hope that Alwil team will put more improvement into Blocker in the future.
Sometimes I doubt why Alwil seems to ignore heuristics, while other AVs such as NOD32, BitDefender, Norman, AntiVir, ArcaVir are improving their beloved heuristics like crazy and use it as superb marketing point to convince people that their AVs are better than others (such as avast! that has no heuristics).
-
The avast! is a good product, but I never field safe with it, and some reasons are already reported here...
Some of them I already tried to discuss here without success, since some of you are avast! fanatic users, but now it seems that something changed...
Hope the best for avast! team.
-
Hi TAP,
That is why I have installed SSM from narod.ru to have a good system protection and monitor application. It is still free for home users and this version expires December 2005. I am quite happy with it. You can also use a heuristic scanner, but there you have the big disadvantage of a lot of false positives (F-prot DOS version etc). Use the standalone tools like stinger.exe etc. and you are fairly well protected. Today a security solution is a multi-layer thing: AV, Firewall, Anti-Malware, Anti-Trojan, Intrusion Detection and a brain. Still a lot of normal Pops and Moms still click yes, and if that does do the trick, there is always the possibility to click no, and you can do that with two sides of the browser.
greets,
polonus
-
Being a fanatic user is just plain stupid. Why defending a product when it's certanly not as good as it could be? And at this point i'm disapointed with avast! detection or shall we say their interest of adding submitted malware...
-
Yeah,
Sorry, but I have to agree. I cant fell safe with Avast!. For a number of reasons:
1- It take too long time to a malware be added to the VPS. I keep sending samples to AVG and Avast. Avg usually adds in the next update (no more than 24 hours, sometimes a lot less, like 4 hours). Avast gets at last a week in most cases.
2- In my experience, even without the heuristics, Avast seems to cause more false positives than any other AV that me or any of my clients had used. Avast caused me 4 false positives, while AVG and Norton caused me only one... Mcafee,Panda,Nod32 never did... At last to me.
3- I had installed Avast in almost all my clients, unfortunatly I had to uninstall it and then install AVG, just to find out all the infections that Avast missed. And worse, just to find out that if I had installed AVG in first place, the infection wouldnt happen, because AVG could detect it.
I had to choose AVG for two reasons, first the fast way that they deal with new samples, updating the definitions of new malwares really fast. Second, AVG takes a lot less system resource than avast... wich in some cases is very decisive.
Also, AVG has a real bad fame in detection rate, but I can be sure that is just fame... It have impressed me in lot of ocasions, detecting malwares that I never thought it could be detect by AVG... (Sometimes I use mcafee online just to be sure, and just one time it found something that avg missed)
Its a shame, because I think Alwill is a company that really know how to deal with their costumers, getting their attention. Its antivirus had one of the most complete set of features (including the free version), but the main thing, the VPS gap just doesnt let it make a trustable AV.
I really hope that the VPS problem be solved. So I will be able to trust and tell to friends/clients, how good is to be protected by Avast!.
Elminster
-
elminster, I agree with you there is a lot of false positives in avast for an AV with no herustic abilites.
Command antivirus has a great deal of herustic ability and adds it to their Deffiles within 24hours of submission, and I have never had a false positive from it.
I run Avast on my PC and command on my Mac under VirtualPC and on my laptop.
-
Hello worried fellow-members,
Go here and read, and there you see the general situation scanner maintanance is facing. And the future looks bleak.
Read what Wilders Security has to say, and why they pulled the plug out. The days of the signature scanner as sole-defense-line are numbered, stronger solutions are to step in. It is too time consuming, too costly too, all resources are tied up, and the anti-trojan scanners are closing down one by one. Read:
http://www.wilderssecurity.com/showthread.php?t=90017
Now you know what is going on,
Have a nice day,
polonus
-
Alwil knows exactly whats keeping avast! from being the top AV, Detection!
Alwil seems to be against adding Heuristics to avast!, if thats the case then one would think they'd add definitions quickly after samples are turned in.
No AV offers all that avast! does, some are better in detection.....
I'm becoming worried, shocked with avast!
Hmm just think how "shocked" and "worried" the other AV companies would be if avast! had BitDefender/NOD32 type Heuristics, or KAV fast definitions;)
-
Please, this was not a thread about Heuristic x Non-heuristic antivirus.
This is what I don't want to discuss here.
This is what will make Alwil team does not answer to this thread.
They already said their opinion about Heuristics a lot of time.
I want another things: better detection (signatures), faster sample analysis, faster VPS updates...
Did you remember what we have months ago? Almost 20 updates a week? And now?
Worse, some are thinking I'm blaming avast... :-\
I just want it better and I did not receive an answer... What is happening with the lack of detection?
-
I totally understand you Tech. And i know that too because i submit loads of malware almost every day. They get detected eventually,but thats not enough.
Kav sux in heuristics (pretty much),but look what they managed to do just with signatures? But then you have too add signatures faster and release more updates.
I'm not saying Alwil should release VPS every hour,but daily updates would most probbaly make a difference. Hiring more analysts would also do the trick for sure (i'm not sure hows with that in Czech and education/knowledge level required for such position).
I'm on free Home edition,but i take my time and submit undetected malware.
And for good of Professional Edition users that payed for it i expect my samples to be added asap not 2 weeks later.
-
Hello,
I agree with heuristics has nothing to do with it. I think I am on the right track to think that the question is much more of a fundamental thing. We are in a period where the scanner as a first line of defense is slowly loosing ground to a situation where a multi-layered protection of machines becomes inevitable. We are already in a situation that you cannot survive on the Internet without protection longer than say 10-12 minutes to be infected.
Simple surfing with only AV and FW is not enough. Of course a good signature scanner will always be needed, and it better be a good one. But as the malcreants change, the AV product is to change, no way around that. Develop protection on the one hand, and develop the awareness of the user on the other hand. The best line of defense is the human brain.
"The last virus will never be discovered in this world"
polonus
-
multi-layered protection of machines becomes inevitable
Sure but... I want avast! better right now! :(
-
Why won`t someone from the avast team address our concerns in this thread?
I sent some samples about 4 weeks ago, they still have not been added.
Is there any point in me send anymore, if they won`t be added.
Avast used to reply to my e-mails about 1 year ago, now you get no reply!
Don`t avast understand by people sending in samples, that will help avast`s detection rate.
Lat time i checked the detection rates for avast, AVG and antivir were as follows:
avast 79.65%
antivir 84.50%
AVG version 7.0- 54.07%
I have considered switching to antivir but the updating for antivir takes too long, no automatic updates!
http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69
-
Lat time i checked the detection rates for avast, AVG and antivir were as follows:
avast 79.65%
antivir 84.50%
AVG version 7.0- 54.07%
I agree with you but, again, this is not Heuristic or Virus comparison thread.
I hope they don't come here just to say: Oh, we already discussed a lot this...
I'm trying to force them to look into users' prayers for a better signature detection and faster samples analysis...
Maybe I'll stop posting as it's becoming useless after 15 days waiting...
-
Why won`t someone from the avast team address our concerns in this thread?
Anyone from alwil please?We are worried guys!
thanks
Mikey
-
Maybe a lot of Alwil's staff is on summer holidays?
I hope that they'll be able to reply to this thread, and to your concerns.
I appreciate that it must be challenging and demanding for Alwil to implement all of the virus recognition patterns etc (it must be daunting at times). I truly hope that they'll be able to keep on top of things. Otherwise users may jump ship.
Personally I'm very thankful for Alwil. The free avast! home product is a gift. And as the english expression says, "don't look a gift horse in the mouth"... ;D but I guess sometimes it is hard not to do?! :-\
-
Well it's hard not to do that when those using payable Professional Edition are facing the very same problem...
-
Well it's hard not to do that when those using payable Professional Edition are facing the very same problem...
I'm one of those and i am feeling so sad right now :(
Mikey
-
Well it's hard not to do that when those using payable Professional Edition are facing the very same problem...
D'oh! I forgot about about the pay version. Yes, I appreciate this... :'(
I'd be especially concerned too if I had money invested in the product...
-
Hi Darth.Mikey, Starfighter and others,
It is just a simple thought of me, and those people inherit the earth. Could not it be that AVAST fears the effects of false positives. I know in the past that specially in the East everybody launched Dr.Web on their machines, later to find that it caught viruses only Dr.Web had heard about and no other AV product. If this simple thought is not true, maybe it is like with some on line scanners that use Kaspersky definitions, but are not allowed to use the latest. Speculation, but in that case you need some other means to close the vulnerability gap. But your on line protection? Yes I can see some people are worried about the newest threats. Maybe we hear what is at the core of the problem!!
greets,
polonus
-
False positives have nothing to do with this thread we just want to know what is going on with vps updates and sample analysys ;)
Mikey
-
False positives have nothing to do with this thread we just want to know what is going on with vps updates and sample analysys ;)
P.S:Looks like we won't get any answers soon :(
Mikey
-
Hi darth.mikey,
I have seen this topic re-appear over the last period in a series of threads.
Did anybody come up with some substantial news about this?
A double posting means you must feel like the one calling out in the desert.
I saw these postings, still I not much wiser here.
What is the point then of these messages? Is the forum an appendix or an on itself living entity?
if there is no feed-back from the people who have a main interest in this or from those responsible for this or the ones which are hired in to do this, what is the point then. Vacation time or Ur-Pilsener?
greets,
polonus
-
Polonus i wanted to edit my post if you must know and accidentally clicked quote and when i realised what i've done it was too late ??? I hope this is what you wanted to tell cause i don't quite understand what you are trying to say! :-\
thanks
Mikey
-
Hi darth.mikey,
What I mean to say is obvious. When the man or the team who is responsible for the signature updates DOES NOT reply to your questions, what is the sense of musing about this. It is not bringing you or the others any further. You are kept in the dark. Am I right or ain't I,
greets,
polonus
-
Hi darth.mikey,
What I mean to say is obvious. When the man or the team who is responsible for the signature updates DOES NOT reply to your questions, what is the sense of musing about this. It is not bringing you or the others any further. You are kept in the dark. Am I right or ain't I,
greets,
polonus
I didn't understand you the first time that's all ???
-
Bump! :(
I won't just give up to have a better avast! I'm not complaning but I'm not joking too :'(
-
I agree Tech. I like avast! but if the updates aren't complete, then I'll move on to another av solution. Which would be a shame, because there are so many things that I do like about avast!
Maybe we could start a new discussion category in this forum (make it a sticky).... call it "virus submissions" and then we can track which new viruses have or have not been updated in the avast! patterns. Just a thought...
-
I agree Tech. I like avast! but if the updates aren't complete, then I'll move on to another av solution. Which would be a shame, because there are so many things that I do like about avast!
Maybe we could start a new discussion category in this forum (make it a sticky).... call it "virus submissions" and then we can track which new viruses have or have not been updated in the avast! patterns. Just a thought...
I like it.
Just to post my reasons for this:
1. I'm not posting in Off Topic forum were I was invited to be a Moderator and could 'manage' the thread. I'm an user like the others.
2. Everybody knows my fanatism to avast! (which is evident), but in the case of samples and updates avast! is very slow these days (maybe the summer).
3. The team is not on the forums as they used to be... Where is Pavel? Where is Vlk? Karel? pk posted yesterday... Igor from time to time. C'mon, forum seems to be lose the importance for you and, for us the users, we're becoming clowns posting and posting here :'(
-
We haven't see or heard from any of the Alwil Team in this topic, where are they? We should still be patient till one of them arrive, hopefully. :-\
-
Hi Fixer,
I am much more optimistic, I thinks the Avast Team has something up their sleeves in the way of a nice surprise or a good development. They are brooding on something. That is why they do not react. That is what the silence mis about. We are in for some surprise folks. Think of good things and they will surely happen. Avast is a good product.
pozdrawiam,
polonus
-
I like your optimistic view polonus i certainly hope you're right!
Mikey
-
Well, what can we say. :-\
All I can say is that the way samples are added hasn't changed. It's the way it has been for the last ~3 years. I'm glad for threads like this because they might catalyze certain changes that part of our staff are trying to push (me including).
On the other hand, Technical, let's discuss the individual "malware" pieces in detail ( http://forum.avast.com/index.php?topic=15091.msg127347#msg127347 ):
the first two are ridiculous (these are just registry entries, nothing more!!! - unless backed up by a file, they are completely benign).
As for the rest, I believe they can do lots of harm (e.g. droppers drop (tons of) files - as you have already found out the hard way) and I hope they will be added to the database asap (if they haven't been already).
BTW I still find some of the statements in this thread inappropriate (exaggerated). I admit that some things need improvements (virus sample submission process is one of them) but there's no need for being so edgy (huffy, grumpy... - call it whatever you want :))
And about this
3. The team is not on the forums as they used to be... Where is Pavel? Where is Vlk? Karel? pk posted yesterday... Igor from time to time. C'mon, forum seems to be lose the importance for you and, for us the users, we're becoming clowns posting and posting here
Simple answer (and I think someone already figured it out) - vacations. About half of the team has holidays, and the rest is trying to work twice as hard - hence neglecting some of the (less priority) duties... :-\ Hope you understand.
BTW Technical when are YOU leaving for your traditional 4 week vacation? ;)
Thanks
Vlk
-
There we finally got an answer ;D
-
Well, what can we say. :-\
Well, thanks for coming 8)
All I can say is that the way samples are added hasn't changed. It's the way it has been for the last ~3 years. I'm glad for threads like this because they might catalyze certain changes that part of our staff are trying to push (me including).
Thanks for listening the users and reading the forums. It's good to know that things have not changed.
On the other hand, Technical, let's discuss the individual "malware" pieces in detail ( http://forum.avast.com/index.php?topic=15091.msg127347#msg127347 ):
the first two are ridiculous (these are just registry entries, nothing more!!! - unless backed up by a file, they are completely benign).
As for the rest, I believe they can do lots of harm (e.g. droppers drop (tons of) files - as you have already found out the hard way) and I hope they will be added to the database asap (if they haven't been already).
Indeed, some files are nothing but a registry key. Anyway, they were detected by AVG and NAV.
The VPS was already updated:
Scanning of selected files
Action was completed successfully!
Virus has been detected!
File Name: sys2246.exe
FileID: 310
Virus Description: Win32:Trojano-1866 [Trj]
Virus has been detected!
File Name: sysinit32z.exe
FileID: 311
Virus Description: Win32:Trojano-1864 [Trj]
Virus has been detected!
File Name: sysinst54.exe
FileID: 312
Virus Description: Win32:Trojano-1866 [Trj]
Virus has been detected!
File Name: taras.exe
FileID: 313
Virus Description: Win32:Trojano-1865 [Trj]
Virus has been detected!
File Name: sys2431.exe
FileID: 314
Virus Description: Win32:Trojano-1867 [Trj]
Virus has been detected!
File Name: sys240.exe
FileID: 315
Virus Description: Win32:Trojano-1867 [Trj]
Virus has been detected!
File Name: sys5620.exe
FileID: 324
Virus Description: Win32:Trojano-1867 [Trj]
Virus has been detected!
File Name: sys5622.exe
FileID: 325
Virus Description: Win32:Trojano-1867 [Trj]
BTW I still find some of the statements in this thread inappropriate (exaggerated). I admit that some things need improvements (virus sample submission process is one of them) but there's no need for being so edgy (huffy, grumpy... - call it whatever you want :))
At least, we're trying to do the same: making avast better. Some of our conversation is friendly, some we cry ;D
Why don't you start to improve the sample submission, analysis and update?
Sorry for the exageration. Maybe we're losing our fanatism ;D
3. The team is not on the forums as they used to be... Where is Pavel? Where is Vlk? Karel? pk posted yesterday... Igor from time to time. C'mon, forum seems to be lose the importance for you and, for us the users, we're becoming clowns posting and posting here
Simple answer (and I think someone already figured it out) - vacations. About half of the team has holidays, and the rest is trying to work twice as hard - hence neglecting some of the (less priority) duties... :-\ Hope you understand. BTW Technical when are YOU leaving for your traditional 4 week vacation? ;)
Sure, I understand... My vacations? Probably, next February.
But we, the users, can't do the job that is not on our hands. This is the 38th reply to this thread. It has been passed quite a lot of time since it was started by my unfortunate infection :'(
Maybe it's a dream that the things can improve and improve all the time :-[