Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Dwarden on December 22, 2005, 08:38:24 AM
-
In last month i got 5 or 6 "events" where customer which was usually positive about Avast! antivirus
ordered different Antivirus solutions (McAfee, NOD32, Kaspersky, AVG) with explaining
"we were in last months infected multiple times by viruses / trojans passing via up2date Avast!"
in numbers it mean for Alwil loss of dozens Avast! Pro versions, some SBS licenses and some other server licenses ...
and i must admit this is not first time in this year i hear such story from firms paying theirs AV defense ...
also to my suprise another bad opinion about Avast! came this week from my good friend ...
where he work they run together multiple AV engines on server to increase detection chances on files passing IN/OUT network and experimentally using multiple AVs at some clients ... outgoing results are that Avast! fails to detect huge block of new viruses and trojans "in time"...
now if i add my own experience with huge delays on some trojans and viruses before they added to Avast! VPS ...
as result I'm very worried if i can continue to suggest Avast! as good solution for home users & firms in same way like i was in last 2 years ...
as workaround for Home users I'm experimenting with 'Avast!Home + AVG 7.1 free edition + ClamAV' package ... so far it works (wXP) ... suprising including both Avast and AVG residents at once and where ClamAVsurprising is used as on-demand backup ....
i hope with new Year there will be some major change in virus/trojan submission system for Avast! and improved times on adding trojans/viruses into VPS ...!
-
Interesting story.
However, it is just that - sorry to be critical but it is totally lacking in verifiable information. I rather suspect I might find a similar story in the AVG forum. For now your post is just FUD (fear uncertainty and doubt).
Please let us know when you have more detailed and verifiable analysis of your customers' experiences.
-
Here on the forum I often see people with a problem with malware which hasn't detected, and too often when I do a search for that malware, a link comes up for a writeup from Sophos or Symantec or McAfee.
I find the same thing cleaning computers for the occasional customer. Too many times I find a Trojan using Hijack This! which avast! hasn't noticed, and a write up for that Trojan in another AV site.
Admittedly I run Trend Micro Sysclean before avast!, so Trend has missed them too!
It's true that any AV can miss viruses: I've seen computers infected by a virus Symantec has missed.
But dismissing stories like this out of hand is like putting your head in the sand: if avast! wants to be taken seriously as an AV, it needs to improve the speed with which malware is added. I've seen too many stories of how people submitted malware which was not added for weeks, checked too many files on Jotti and seen Kaspersky and others identify malware but avast! not.
avast! needs a kick up the pants, and Dwarden is doing just that. Don't shoot the messenger!
-
I did not shoot the messenger.
If the messenger came with information I can check and not just generalities then I would pay a lot more attention.
I am far - indeed very far - from being uncritical of avast! myself - but I will not indulge in "avast is failing" posts unless I can back it up with facts.
If indeed it is true that:
results are that Avast! fails to detect huge block of new viruses and trojans "in time"
then surely some evidence of these "huge blocks" can be provided and some further indication of how far avast! is failing to be "in time".
I did not suggest that no problem exists but anyone can walk in and say there is some undefined problem.
-
Seen Kaspersky and others identify malware but avast! not.
Undoubtly, Kaspersky has a very very good detection, submition and analysis procedures.
But, like Alan, in this issues we need to know: file name, path, virus name, date of submition, etc.
Otherwise, just throwing words in the wind. I have my complains about avast detection for sure.
Using two residents (even AVG at Windows XP), well, I won't trust in the user coments after this.
There are a lot of situations, discussed a lot here, that this won't work, on contrary, will mess everything.
I won't trust in non-technical complains about this kind of user.
Merry Christmas ;D
-
uhm so you trying disrespect / nullify what i said ? ...
please don't use arguments about malware detection here this post was about viruses and trojans not rest of malware (like spyware) ...
sorry but i said and i repeat this is about Avast! repeatly failing to prevent infection 'in time'... on correctly (High) set configurations on up2date VPS and program versions ... and that story came from multiple customers NOT just some rare ones ...
re:Tech = nowhere in my post is said that fail was when running multiple residents, Avast! was the single used. What you mean with 'I won't trust in non-technical complains about this kind of user' ? who You got in mind me or my customers? i doubt You know anything about me or them anyway so You not in position to even try to judge ...
But, like Alan, in this issues we need to know: file name, path, virus name, date of submition, etc.
filename useless, path useless, only what matter is hash of infected binary, date of submission and name ... but why i should repeat myself ... search some of my months old posts in virus section , i named some of them there ... (but to say at least one here from new ones 8.12.2005, Trojan-Clicker.Win32.Small.is )
what you want as proofs ? magic ? or You think network admins care about product which is failing writing up each missed piece ? no, they simple move to products which not fail them ... yes it's hard but true ...
it's problematic get samples of viruses / trojans which avast! not found for events which happened days or weeks ago ... most of them don't keep these ... and if samples are kept , they were always sent to Alwil ...
detection speed examples? ... trojans multiple times submitted in last year were added with 4+ months delays ... some were never added by Avast! (but for example Kasperky added them within days) ... from trojans submitted 2 weeks ago only one was added yesterday ... etc.
or You suggest to publish on some website what viruses, trojans, spyware, malware whatever is undetected by Avast! ? (some sort community driven site?) that's not bad idea ... why such site don't exist yet ? :)
--
related to multiple residents ...
until You prove me that resident solution Avast!+AVG is failing i will take your `comments` as just throwing 'genius' words into wind ...
tried it yet? we got 3 test machines running 24/7 with this config testing false alarms, various types of infections etc. against machine with just single of of them ... if we find moment where it fails ... then you right ... so far nothing such happened ...
also if you experiment often with multiple AV you find various combinations working w/o problem (if you don't fear to loose some performance) ... it's all about skills of these who config it ...
plus don't mismatch server side multi AV solution with clientside multi AV solution ... two totally different things ...
-
Dwarden,
1. about the detection rates and speed of updates: I sort of agree that avast! is currently not in its best form but we're working hard to change this. We have just hired 3 more virus analysts, are actively working on a way to greatly improve the process of sample submissions etc... However, all those things take some time. I'm hoping 2006 will be a pivotal year in this sense - you guys will see a dramatic improvement in the detection rates as well as reaction speeds - and avast! will return to where it was in the late 90's - on the very top.
2. About running two resident AV's at the same time. In most cases, if the two AV's don't lock the machine (-- Avast and AVG is an example of such a setup) the problems usually crop elsewhere than in the Standard Shield (I mean the on-access file system scanner) - and they're more subtle and harder to debug. Take e.g. the mail scanner. It's usually like this: avast pops the infected mail from the server and extracts the viral attachment to a temp folder. AVG's on-access scanner detects the virus in it, and denies read access to the file. I.e. avast's mail scanner can't scan the file, and passes the infected mail to your inbox. Then the same things goes vice versa - AVG's mail scanner is blocked by avast's file system scanner. The same applies to other "providers" - the WebShield, the ScriptBlocker etc etc...
Thanks
Vlk
-
I for one needed to hear that. Good luck to you. avast! is an excellent AV, and this gives me the confidence to continue using it.
Seasons greetings.
FwF
Dwarden, sorry to butt in on your post, but I seem to have had the same concerns.
-
you guys will see a dramatic improvement in the detection rates as well as reaction speeds - and avast! will return to where it was in the late 90's - on the very top.
I'm very very glad to hear that, this seems like the valuable gift of New Year for me (and I believe this for all avast! users) indeed.
I must admit, sometimes I've always wondered, as far as I know, while other scanners (NOD32, Kaspersky, BitDefender, VBA32 or even AntiVir, AVG) keep on improving their detection technology & means like crazy but it seems to me that avast! still stays the same as it was in 2 years ago.
And don't forget to write up more malware infromation (even in brief) on avast! website this will make avast! Antivirus looks more promising.
-
Dwarden,
1. about the detection rates and speed of updates: I sort of agree that avast! is currently not in its best form but we're working hard to change this. We have just hired 3 more virus analysts, are actively working on a way to greatly improve the process of sample submissions etc... However, all those things take some time. I'm hoping 2006 will be a pivotal year in this sense - you guys will see a dramatic improvement in the detection rates as well as reaction speeds - and avast! will return to where it was in the late 90's - on the very top.
2. About running two resident AV's at the same time. In most cases, if the two AV's don't lock the machine (-- Avast and AVG is an example of such a setup) the problems usually crop elsewhere than in the Standard Shield (I mean the on-access file system scanner) - and they're more subtle and harder to debug. Take e.g. the mail scanner. It's usually like this: avast pops the infected mail from the server and extracts the viral attachment to a temp folder. AVG's on-access scanner detects the virus in it, and denies read access to the file. I.e. avast's mail scanner can't scan the file, and passes the infected mail to your inbox. Then the same things goes vice versa - AVG's mail scanner is blocked by avast's file system scanner. The same applies to other "providers" - the WebShield, the ScriptBlocker etc etc...
Thanks
Vlk
well I'm very glad to hear this news (You sure know that I'm pushing for some speedups / changes for nearly year) ...
main reason of this post was that there are some issues and i would like to see them resolved ...
i like Avast! and i think it's really well done antivirus (in feature set etc.) and this was one of the "black" dots on shield ...
that's why i wrote in first post i hope with new Year there ...
-
Vlk,
I am impressed by the honesty and openness in the post you made to in response to Dwarden's comments. Many thanks.
While I must remain an avast! Home edition user since I support a number of other such avast! users (gratis) your comments persuade me that I should contribute to the improvement efforts of the avast! team (albeit in a very humble way) by purchasing a license for the product.
Wishing you and the whole avast! team a very Merry Christmas and a most successful 2006!
Alan
as the saying goes "money put where mouth is" now a paid licensee of avast!
-
uhm so you trying disrespect / nullify what i said ? ...
No, I never do this.
First because I'm not the owner of the truth.
Second because I respect other users here.
Third because you don't deserve disrespect 8)
please don't use arguments about malware detection here this post was about viruses and trojans not rest of malware (like spyware) ...
I did not argument. Just post my opinion.
re:Tech = nowhere in my post is said that fail was when running multiple residents, Avast! was the single used. What you mean with 'I won't trust in non-technical complains about this kind of user' ? who You got in mind me or my customers? i doubt You know anything about me or them anyway so You not in position to even try to judge ...
I'm just saying that your customers, if blaming or complaning, would be useful if they post more info about the virus, the infected file, etc.
Again, I don't know anything about them and this is exactly what I'm saying: they can't blame or complain without leting us (and Alwil team) know what is happening. It's useless in my opinion.
But, like Alan, in this issues we need to know: file name, path, virus name, date of submition, etc.
filename useless, path useless, only what matter is hash of infected binary, date of submission and name ... but why i should repeat myself ... search some of my months old posts in virus section , i named some of them there ... (but to say at least one here from new ones 8.12.2005, Trojan-Clicker.Win32.Small.is )
I don't judge the more info is useless, neither for us user nor for Alwil team.
For me, to help, I need more info. It's not useless.
what you want as proofs ? magic ? or You think network admins care about product which is failing writing up each missed piece ? no, they simple move to products which not fail them ... yes it's hard but true ...
Ok. I expect Administrators that wants to learn but, maybe, I'm too romantic 8)
it's problematic get samples of viruses / trojans which avast! not found for events which happened days or weeks ago ... most of them don't keep these ... and if samples are kept , they were always sent to Alwil ... detection speed examples? ... trojans multiple times submitted in last year were added with 4+ months delays ... some were never added by Avast! (but for example Kasperky added them within days) ... from trojans submitted 2 weeks ago only one was added yesterday ... etc.
Blaming to get a better avast. This I respect and follow. Please, blame as much as you can :)
We (the users) are claming for a better product, better detection, all the time. I don't think they're angry with us about this. Are you Vlk?
or You suggest to publish on some website what viruses, trojans, spyware, malware whatever is undetected by Avast! ? (some sort community driven site?) that's not bad idea ... why such site don't exist yet ? :)
I did not understand... I'm not a native English, can you rephrase?
-
About running two resident AV's at the same time. In most cases, if the two AV's don't lock the machine (-- Avast and AVG is an example of such a setup) the problems usually crop elsewhere than in the Standard Shield (I mean the on-access file system scanner) - and they're more subtle and harder to debug. Take e.g. the mail scanner. It's usually like this: avast pops the infected mail from the server and extracts the viral attachment to a temp folder. AVG's on-access scanner detects the virus in it, and denies read access to the file. I.e. avast's mail scanner can't scan the file, and passes the infected mail to your inbox. Then the same things goes vice versa - AVG's mail scanner is blocked by avast's file system scanner. The same applies to other "providers" - the WebShield, the ScriptBlocker etc etc...
I've tested this and experiment is in two XP SP2 computers. What Vlk said is just what happens indeed.
-
once more to Vlk :
now noticed the speed improvement You speak about ... trojans sent 20th were added some hours ago
must bow for that good job just one day before Xmas ...
re:tech = well we were able overcome some technical issues so it's usable :) but definitely nothing for absolute n00b users ...
Merry Christmas to everyone...
-
1. about the detection rates and speed of updates: I sort of agree that avast! is currently not in its best form but we're working hard to change this. We have just hired 3 more virus analysts, are actively working on a way to greatly improve the process of sample submissions etc... However, all those things take some time. I'm hoping 2006 will be a pivotal year in this sense - you guys will see a dramatic improvement in the detection rates as well as reaction speeds - and avast! will return to where it was in the late 90's - on the very top.
Very glad to hear that ;D
Keep the good work ;)
-
Vlk,
Its your humility in admitting that will keep me glued to Avast till you guys pry me off with a crowbar:)
Keep up the good work and my next year, Avast will kick butt.
-
Vlk, you don't know how I am glad of reading it, like we say in Spain "it was time to catch the bull for the horns" in this aspect. I hope that this hard work starts noticing soon.
-
Dwarden,
1. about the detection rates and speed of updates: I sort of agree that avast! is currently not in its best form but we're working hard to change this. We have just hired 3 more virus analysts, are actively working on a way to greatly improve the process of sample submissions etc... However, all those things take some time. I'm hoping 2006 will be a pivotal year in this sense - you guys will see a dramatic improvement in the detection rates as well as reaction speeds - and avast! will return to where it was in the late 90's - on the very top.
First of all, I appreciate the honesty in admitting that Avast still has some work to do. I don't think companies like Symantec would ever admit that (and they are far, far from perfect)
I too am hoping for better detection rates. I feel that Avast is a high quality product, but I can't yet find myself wanting to buy the Pro version since I am not yet convinced that its detection rate and virus database is as good as other companies.
I know that Symantec can detect about 70,000 viruses, PandaSoftware over 90,000 viruses, and Kaspersky nearly 157,000 viruses!!!
How many viruses can Avast detect so far?
-
I know that Symantec can detect about 70,000 viruses, PandaSoftware over 90,000 viruses, and Kaspersky nearly 157,000 viruses!!!
How many viruses can Avast detect so far?
See this thread
http://forum.avast.com/index.php?topic=17856.msg151968#msg151968
Do you know how many viruses NOD32 or AVG can detect? I think the number of viruses in antivirus database tells nothing about the overall efficiency of antivirus in the real world.
-
jujubee
If that is to be the basis of your judgement then I would assume that you also must believe the Symantec users get infected more than twice as much as Kaspersky users and I rather doubt that is true.
Surely the major issues are earliest recognition and deployment to ensure protection of users from current threats - not whose database contains the most antique viruses. I have to concur with TAP; how much do you (or I) know what those numbers really mean?
I wish there was a reliably independent league table of infection rates of users of the competing antivirus products.
-
The important things we need that are speed of releasing signature, accuracy of detecting *all* dangerous malware that are still circulating in the wild and the overall reliability/stability from avast! rather than the biggest database. Of course, effective-proactive detection is also great to have. :)
-
well my main post was oriented not to get some totals number to "shock" and catch users ...
i was mainly interested in Alwil's new method for submitting virus/trojan/exploit/spyware/malware examples
to Alwil team and it's fastest addition to Avast!'s VPS if positive one found!
also it was about getting some feedback or info about file(s) submitted (like clean, damaged/nonfunctional malware code, false alarm, not clean(soon to be added to VPS) and so on) ...
i don't care if it's automated email answer or human written one or some website based enhanced scanner with upload ability ... but it must return needed answers ...
it's all about this situation "i sent You week ago piece of malware identified as Trojan.Java.ClassLoader.f [/i] by 18 antiviruses ..." and my question is "Is it really dangerous? (seems so), Is this positive match? (seems so) When it appear in VPS (so far unknown)? If not then why :) etc...
so far Avast! reacts very well to main threat now it's about smaller evil ...
and as it was said Alwil work on solution ...
-
jujubee
If that is to be the basis of your judgement then I would assume that you also must believe the Symantec users get infected more than twice as much as Kaspersky users and I rather doubt that is true.
Surely the major issues are earliest recognition and deployment to ensure protection of users from current threats - not whose database contains the most antique viruses. I have to concur with TAP; how much do you (or I) know what those numbers really mean?
I wish there was a reliably independent league table of infection rates of users of the competing antivirus products.
Hmm, it seems like the numbers of viruses that the other companies are reporting maybe due to over-counting. That's news to me. I always thought those numbers represented unique individual viruses.
When I used Symantec Antivirus, I sometimes would check the number of viruses that were in its virus list. I would very quickly scrolldown the list of viruses that it showed, and it seemed to me that every virus presented was its own unique virus. But then again, I obviously did not run through the entire list to see if 70,000 viruses were actually listed on it.
I too agree that the more important quality in a virus scanner is the ability to detect ITW viruses. Before I downloaded AVG and Avast, I checked to see that they were ICSA certified and when their most recent Virus Bulletin award was (AVG - Dec 2005, Avast Oct 2005). I don't really know much about Virus Bulletin, but I'm assuming its a trusted authority on the detection ability of virus scanners. Anyways, I saw that both programs did well recently and that gave me some assurance that they have good detection that is atleast up to par (and maybe even better?) than the rest
-
Hmm, it seems like the numbers of viruses that the other companies are reporting maybe due to over-counting. That's news to me. I always thought those numbers represented unique individual viruses.
I don't know but I don't think it is over-counting, I think it's a difference of counting method.
For instance, according to the latest av-comparatives.org test August 2005, AntiVir says it has 202,710 viruses in its database, Dr.Web says 82,894 and I think avast! has approximate 46,000 virus units in its database at that time but AntiVir, Dr.Web and avast! almost have the same overall detection rate level (zoo malware) and also, avast! almost have the same overall detection rate as Trend Micro.