Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: SirL on March 12, 2004, 12:45:20 AM

Title: Reactiontimes Mydoom
Post by: SirL on March 12, 2004, 12:45:20 AM
On http://www.idg.se/ArticlePages/200403/11/20040311135925_MD/20040311135925_MD.dbp.asp you can read the reactiontime for the first Mydoom virus. Does anyone have Avast reactiontime?

Trend Micro, 9:32:00
Virusbuster, 10:02:00
AVG, 10:12:00
Inoculate IT-CA, 11:17:00
Sophos, 11:37:00
Inoculate IT-VET, 12:27:00
Esafe, 12:47:00
RAV, 14:07:00
Dr. Web , 14:07:00
Kaspersky, 14:32:00
Symantec, 14:32:00
McAfee, 14:57:00
Bitdefender, 14:57:00
Quickheal, 15:47:00
Panda, 15:57:00
Norman, 19:02:00
Antivir, 22:32:00
F-Secure, 23:02:00
F-Prot, 29:12:00.

BTW Avast rules

/SirL
Title: Re:Reactiontimes Mydoom
Post by: Summoner Yuna on March 12, 2004, 02:38:38 AM
f-secure taking 23h:02m:00s??? not likely! NO WAY SYMANTEC BEAT THEM  >:(
Title: Re:Reactiontimes Mydoom
Post by: Pavel on March 12, 2004, 08:37:14 AM
On http://www.idg.se/ArticlePages/200403/11/20040311135925_MD/20040311135925_MD.dbp.asp you can read the reactiontime for the first Mydoom virus. Does anyone have Avast reactiontime?

Trend Micro, 9:32:00
Virusbuster, 10:02:00
AVG, 10:12:00
Inoculate IT-CA, 11:17:00
Sophos, 11:37:00
Inoculate IT-VET, 12:27:00
Esafe, 12:47:00
RAV, 14:07:00
Dr. Web , 14:07:00
Kaspersky, 14:32:00
Symantec, 14:32:00
McAfee, 14:57:00
Bitdefender, 14:57:00
Quickheal, 15:47:00
Panda, 15:57:00
Norman, 19:02:00
Antivir, 22:32:00
F-Secure, 23:02:00
F-Prot, 29:12:00.

BTW Avast rules

/SirL

I do not know if this article really speaks about the first Mydoom incident (some numbers look really strange and the results are totally different from what I know) but this is a main source (http://www.pcwelt.de/news/viren_bugs/37278/4.html) of the original response test which contains avast! as well.

BTW: I have found this article (http://itmanagement.earthweb.com/columns/executive_tech/article.php/3316511) which discusses the average response time for four virus outbreaks. While you might argue about the number and selection of those viruses (some started very quickly while others not) it is still interesting reading - and avast! beats Sophos, Dr.Web, Trend Micro, Panda, MsAfee and Symantec in this comparison  ;) !

And another BTW: avast! times should be even better, because the testers use the VPSUPD.EXE file to update their scanner. This file is however uploaded on our web site maybe 20 minutes after the incremental iAVS update is released (it does not have such high priority and it takes some time to manage and update all our servers).

Pavel
Title: Re:Reactiontimes Mydoom
Post by: Steele on March 13, 2004, 01:14:12 AM
   H:M     Anti-Virus Program
  06:51   Kaspersky
  08:21   Bitdefender
  08:45   Virusbuster
  09:08   F-Secure
  09:16   F-Prot
  09:16   RAV
  09:24   AntiVir
  10:31   Quickheal
  10:52   InoculateIT-CA
  11:30   Ikarus
  12:00   AVG
  12:17   Avast
  12:22   Sophos
  12:31   Dr. Web
  13:06   Trend Micro
  13:10   Norman <-------- *What?
  13:59   Command
  14:04   Panda
  17:16   Esafe
  24:12   A2
  26:11   McAfee
  27:10   Symantec
  29:45   InoculateIT-VET

I'm not aware of a Norman! lol  ;D
Title: Re:Reactiontimes Mydoom
Post by: igor on March 13, 2004, 01:18:18 AM
I'm not aware of a Norman! lol  ;D

Then, you should check their webpage - www.norman.com - and you will be  ;D
Title: Re:Reactiontimes Mydoom
Post by: Lisandro on March 13, 2004, 03:05:45 AM
Reaction times a little bit higher but, please, less false positives and more tests before VPS releases  :'(
Title: Re:Reactiontimes Mydoom
Post by: Steele on March 13, 2004, 03:28:56 AM
Ahhh... I see.  ;D
Still... I've never heard of them.

Agreed Technical.
Title: Re:Reactiontimes Mydoom
Post by: Pavel on March 13, 2004, 09:42:31 AM
Hi Technical,

Reaction times a little bit higher but, please, less false positives and more tests before VPS releases  :'(

Do you think we do not provide enough false positives tests? Well, I do not think so. We have a huge collection of different systems/shareware/freeware/commercial software which today contains abou 120 GB of executables and is still growing. We do not let go out the VPS which does detect abything in this set. But we simply can't test all SW around the globe - it is impossible task.

As I said in another thread, it is a piry that you did not send us the files before - actually they were detected twice (once as AutoIt and secondly as Trojan-gens) but without the files we were not able to discover the second FP.

I still can't imagine more thorough tests than we are doing now. Any suggestions?

Pavel
Title: Re:Reactiontimes Mydoom
Post by: Lisandro on March 13, 2004, 08:36:31 PM
Sorry Pavel... Of course I'm not saying that you do not work hard. You know... just an unhappy user from time to time... I have my computer blocked...

Didn't you receive my files yesterday? I sent at least 5 scripts compiled with AutoIt 2.64?  :-\

If you want I'll send them again...
Title: Re:Reactiontimes Mydoom
Post by: JEfromCanada on March 13, 2004, 11:22:23 PM
As I said in another thread, it is a piry that you did not send us the files before - actually they were detected twice (once as AutoIt and secondly as Trojan-gens) but without the files we were not able to discover the second FP.
Pavel,

I can't imagine anyone working as hard as your staff does.  A post in this thread referenced an online report that averaged the results of company responses to four different infections.  Three of the "averages" posted only included responses to three attacks, since the heuristics built into the virus scanners caught some viruses without having to develop a new solution.

While that speaks well of the heuristics, it clouds the issue of how fast a company responds to NEW threats.  If those companies had been given an average based on THREE tests (not four), they would have fallen in the rankings.

Also, the article points out that companies that have far more staff obviously find antidotes faster.  Frankly, if I compare the avast staff size (was that picture I saw posted in another thread accurate) to Kaspersky, I think I feel comfortable that you guys are doing a remarkable job.

I also assume there is some cooperation in the industry as a whole, but I might be wrong there.

There was another factor that was not considered completely in the article, though it was touched on.  It doesn't matter how quickly a correction is found if you aren't informed about it.  I previously used AVG.  The auto-update on AVG will not automatically download an update until AT LEAST 24 HOURS after the last update.  Normally, that's fine.  But lately, with all the new viruses, you can wait nearly 48 hours before AVG triggers an update, depending on when the update was last done in relation to when a virus is discovered.  With avast, as soon as the fix is available, it's downloaded!  How good is that!

All in all, I'm very happy with avast.

P.S.

The latest update no longer reported the false alarm on that Trojan.gen file I forwarded to you.  Thank you very much!   :)
Title: Re:Reactiontimes Mydoom
Post by: CoJo on March 13, 2004, 11:29:41 PM
Well said, JE!

and welcome to the forums..

cojo
Title: Re:Reactiontimes Mydoom
Post by: CharleyO on April 06, 2004, 06:49:01 AM
I think the avast! crew does the best job of the 4 AV programs I have used. In the past, I have used Norton, AVG, & McAfee. I was really disappointed with the last 2 versions of McAfee.    :(  

I am now using avast! with much pleasure.     :)

Way to go ALWIL team!     :)