Author Topic: Malware submissions again!  (Read 12947 times)

0 Members and 1 Guest are viewing this topic.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9412
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Malware submissions again!
« on: June 22, 2005, 09:14:41 AM »
Ok,now i'm really angry. Sending samples to Alwil and nothing added. False positive for ages. Submitted two times,nothing. Some samples haven't been added and they are almost 3 months old. Nothing.
If this is going to keep up i'll be forced to toss avast! and search for alternative.
I was on McAfee for like two weeks back from now (i have a VSE8.0i license) but i experienced startup lockups and so i went back to avast! for now.
I check the samples in archived avast! Chest and nothing changed except one SdBot more detected. Very dissapointed.
But here is the catch.
Whenever and whatever i sent to McAfee they analysed and replyed within at least 6 hours. Sample was ofcourse added next day if it was found to be any kind of malware.
They also have nice WebImmune submission web form.

Is this the way how you treat users that submit you samples? I don't think so.
Visit my webpage Angry Sheep Blog

Omar

  • Guest
Re: Malware submissions again!
« Reply #1 on: June 22, 2005, 10:46:59 AM »
I sent a false positive last thursday, it has been corrected :)

Offline xistenz

  • Poster
  • *
  • Posts: 632
Re: Malware submissions again!
« Reply #2 on: June 22, 2005, 11:51:06 AM »
If this is going to keep up i'll be forced to toss avast! and search for alternative.

AVG is starting to look good now.  ;D

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9412
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Malware submissions again!
« Reply #3 on: June 22, 2005, 11:57:15 AM »
AVG is something that i'll never use for sure. I guess i'll try to find out whats the reason for McAfee ocassinal lockups on startup...
Visit my webpage Angry Sheep Blog

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Re: Malware submissions again!
« Reply #4 on: June 22, 2005, 01:51:38 PM »
Hi Rejzor,

Not so pessimistic, everything will be fine I think, download stinger.exe to close your vulnerability window and on-line scan for the latest. The production of new malware is gigantic, new variants all the time. We just had a discussion what an AV product should scan. What is spyware and what is virus and trojan? The overlapping lines are thin. AVAST is a good product, and I think the makers do everything to uphold quality and close your vulnerability window. Your problem with the big two is that they are more and more developping another product in the line of a total anti-malware/anti-scumware/anti-virus solution. This is also why you are not satisfied, because they lean heavily on your system resources, slowing your system  and it becomes more and more unstable. In this sense Norton has a worse track record than McAfee. But both have this nevertheless. The days that for a total security solution one could rely on an updated AV product and a good  firewall are long gone, and probably will never return. This is a transition period to another way of computing, where your OS is not at home any longer and you only log in to a secured environment to do your thing. When this will arrive is not clear yet, but I can predict you it will be there for us in the future, sure as I am polonus.

All the best,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9412
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Malware submissions again!
« Reply #5 on: June 22, 2005, 02:54:14 PM »
If i'm willing to take time to submit sample to them (most of people don't even bother) i also expect they'll add it in acceptable timeframe.

Now mail submission is pain in the ass as GMail blocks exe and similar files and i have to pack them etc...
Chest submission is ok,but still far from good and SMTP passwords and usernames are not encypted at all in avast!-s settings database.

I already suggested a web form based submission like one used by McAfee (WebImmune),but on other hand you also expect they'll add submitted samples,otherwise such (new) submission method is useless.
Visit my webpage Angry Sheep Blog

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89665
  • No support PMs thanks
Re: Malware submissions again!
« Reply #6 on: June 22, 2005, 03:06:56 PM »
I agree the easier it is for people to submit either an undetected virus or false positive the better, the more submissions avast will receive, improving the detection rate of the product.

Many people have problems submitting viruses to avast, they are either not familiar with the technology, or don't have a zip program much less how to password protect it to ensure some ISP's virus filter doesn't delete it on route. To this end an autoresponder email would at least confirm receipt by avast and is much better than no response at all.

We are regularly having to explain to users how to send virus or false positive submissions. So the easier it is to submit, the better for users and avast!
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9412
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Malware submissions again!
« Reply #7 on: June 22, 2005, 03:31:15 PM »
Exactly,and web based submission would be the easier way.
No need to encrypt samples and explain users how to use ZIP and passwording such archives,no nee to explain them on which mail address to send them etc...
But then Alwil guys should do something on th eir end too if users submit the samples.
I know their team is quiet small,but that shouldn't be an excuse. At least not if you want to make a better product.
Imagine,if all Home Edition users (or even half of them)? By submitting samples,they also help those who paid for Professional Edition. And primary AV thing is detection for sure.
Visit my webpage Angry Sheep Blog

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: Malware submissions again!
« Reply #8 on: June 22, 2005, 07:18:59 PM »
To be fair i already suggested to VLK they should use their's online scanner interface for this ...
i already mentioned this before but got no time explain in details ...
here is my vision of this system:

0) partly utilizing Avast! online file scanner/analyser

1) there will be checkbox allowing "submit" file as sample

2) additional field appear "asking" for archive password if archive is locked

3) there will be MD5 checking of submitted file itself (making sure file was uploaded correctly)

4) there will be MD5 check of file(s) included within archive against "ALREADY" submitted files (sql db)

5) files will be split into information categories like:
- not investigated yet
- under investigation
- already investigated : not virus/trojan/malware/spyware/adware : damaged file
- already investigated : not a virus/trojan/malware/spyware/adware : clean file
- already investigated : not a virus but suspicious : ie.: jokes or low class adware etc.
- already investigated : will be in next VPS : is a virus/trojan/malware/spyware/adware
- already investigated : already in VPS : is a virus/trojan/malware/spyware/adware

What is gain from this system?

- Any submitted sample(s) to Alwil will be stored in SQL database as MD5 hash
- All of files or at least all suspicious one will be stored into big "cache" which I'm sure Alwil already have :)
- Person who submit sample can FAST and EASY check if file(s) were already submitted, what's status of this file etc.
- it's simple, it's fast, it's modern and easy :)
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Spyros

  • Guest
Re: Malware submissions again!
« Reply #9 on: June 29, 2005, 11:23:31 AM »
I like the way you can submit viruses to ClamAV: http://cgi.clamav.net/sendvirus.cgi
I'm sure avast can have a simmilar submission page, right?  ::)

sorebie

  • Guest
Re: Malware submissions again!
« Reply #10 on: June 29, 2005, 11:36:32 PM »
I sent them Nail.exe about 2 weeks ago, most virus scanners started picking it up about a month ago.  I too am considering a new virus scanner/recommending a different product if I don't get repsonses about my submissions.  I sent an email directly to the "virus expert" guy at avast and have yet to get a response but this was last night.  So I'll give it another week before I go crazy and get mad  ;)  Also worries me when I email a company and I never get a response from them :(  I start to wonder if maybe they don't stand behind their product :(

Spyware Removers
« Last Edit: June 29, 2005, 11:39:51 PM by sorebie »

MFB

  • Guest
Re: Malware submissions again!
« Reply #11 on: June 29, 2005, 11:39:57 PM »
I send a sample to alwil a long time ago dealing with a virus in Spybot Teatimer, alwil never responded so I went to Anti Vir and give them the sample, they responded the next day and said it was a false positive and fix it on the next update.
« Last Edit: June 29, 2005, 11:42:50 PM by FIXER »

Kunio

  • Guest
Re: Malware submissions again!
« Reply #12 on: June 30, 2005, 03:54:37 PM »
that was brilliant idea, Dwarden.
this will make virus submit easily even for computer newbies. no need to password archive anymore.
im sure avast will get more sample.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9412
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Malware submissions again!
« Reply #13 on: June 30, 2005, 04:03:50 PM »
I recommended this long time ago, but nothing happend (same as with latest threats list) ::)
Visit my webpage Angry Sheep Blog

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34051
  • malware fighter
Re: Malware submissions again!
« Reply #14 on: June 30, 2005, 04:09:20 PM »
Hi RejZor,

While a lot of attention has been given to this malware, see e.g.:
http://forum.avast.com/index.php?topic=14430.0
. I have seen too many of your postings in this respect lately, is not ot?


greets (pozdrawiam)

polonus


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!