ramanF-prot is really good in identify such garbage. Often it reports (by using /collect) such files as corrupted ,garbage or "not a virus"!:)
In my small informal comparative test I included f-prot for DOS, see
http://www.avast.com/forum/index.php?board=2;action=display;threadid=1379;start=15Here is attached f-prot report file, rptcoll.txt What do you make out of it? Does it make my test files in any way good or bad for testing , I really don't know, and I don't care much. I was just curious. And now, let's get back to real life.
As an admin in our company within our corporate network I did some real life testing by accident. Not so while ago, my system started to shut down whenever I connected to the Net. U already know what I'm talking about. One day later, Amon (NOD's resident monitor) reported Lovesan worm. Because I had many other AV products on my system for testing purposes, I decided to double and triple check the suspicious file. At the time on my test machine, apart from NOD, there were:
NAV 2003, Panda 7.04 Platinum, KAV 4.05 lite, F-prot 3.1x, DrWeb 4.2x. I turned off the Amon and scanned the suspicious file with all of them and not a single one deteced it!
I was puzzled. I decided to discard the NOD's detection as a false alarm and blamed it on the Microsoft. I manually updated all of the above products and scanned my system and still there were no results!
Day after, annoyed with the behavior of my system I decided to take look at the worms' description at NOD's site and that was it! I removed the worm and watched when other vendors will update their definitions and for some it took days before they finally did it. Two days later, our corporate admin called and said: We have a virus on our LAN! I replied that I know, and I just waited to see how long it’d take McAfee installed in our central office to catch it! ( Lovesan/Blaster was more an annoyance than a big threat in its first incarnation).
So what are we talking about here? Is it really important if product A or B catches some obscure virus and product C doesn’t? I don't think so. Eventually, every major AV product will catch any global virus/worm threat. The question is, how soon, which is especially important in those days of so called blended threats. And what's the use of incremental updates if update process effectively disables AV product you are using, as it does with some of the products in the market.
So, the focus should be on the response time, accuracy and robustness of the update process.
PS
I'm in no way an advocate for NOD and if you look at the above-mentioned thread I never mentioned it there, or here, or anywhere else in this forum until somebody else mentioned it. Also, at the time, I didn't know about AVAST!
