Author Topic: VPS: 0624-0  (Read 21324 times)

0 Members and 1 Guest are viewing this topic.

DaveD

  • Guest
Re: VPS: 0624-0
« Reply #45 on: June 16, 2006, 01:32:26 AM »
Avast has in the last months added a lot of the missed samples (over 16500 samples so far) and will continue to do that.

avast! certainly has been improving greatly over the last year or so with detections. I have noticed that myself after studying IBK's tests recently. From IBK's On-demand comparative from February 2006, I have posted an image which shows just how much avast! has improved with detections. And that was way back at the start of 2006. And with all those signatures added just recently, avast! will certainly be one of the top AV's in no time.

Credit of this image goes to IBK. IBK, if you would prefer me to remove this image, let me know and I will do that.

 

mauserme

  • Guest
Re: VPS: 0624-0
« Reply #46 on: June 16, 2006, 03:23:22 AM »
And a change from Standard to Advanced in the last test.  This speaks to the "more than just detection rate" we argue so often.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: VPS: 0624-0
« Reply #47 on: June 16, 2006, 08:53:42 AM »
Quote
no av company adds within some few days all samples that are submitted to them, esp. not if they are not coming from users

Antivir, AVG and Ewido are doing this. I know because I have sent them samples and they have been added with 24 hours, in the case of Antivir and AVG, with a personal email in reply, not an automated message.

These were samples of new Feebs and Zlob variants.

These are obviously dangerous viruses- the avast! website lists Feebs as one of the latest threats, and a real threat- obtained from my email inbox or from web browsing.

These were not some exotic zoo viruses, so leaving them undetected would have left users of those products vulnerable to attack.

I still say not adding a sample within 24 hours is failing: it denies protection from that virus to users of the AV. If Kaspersky and others can do it in hours, then obviously that's the gold standard. 24 hours is in fact perhaps over generous- AV companies should do it quicker. Certainly making excuses for taking longer is not going to impress anybody who takes the time to submit a sample.

I've heard the excuse that avast! receives a huge number of emails, but I wonder: do Antivir and AVG receive fewer? Does avast! receive a disproportionate number of virus samples?

In fact the number of samples sent each day is a golden opportunity to improve detection. What more could an AV company ask than to be supplied with virus samples?

As to my submissions to avast!, sadly the response was a little less swift: my Feebs sample (a 'latest threat') is still undetected after 10 weeks.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

TAP

  • Guest
Re: VPS: 0624-0
« Reply #48 on: June 16, 2006, 09:18:25 AM »
Quote
no av company adds within some few days all samples that are submitted to them, esp. not if they are not coming from users

Antivir, AVG and Ewido are doing this. I know because I have sent them samples and they have been added with 24 hours, in the case of Antivir and AVG, with a personal email in reply, not an automated message.

These were samples of new Feebs and Zlob variants.

Yes, I can confirm this, AVG is really fast at adding new malware to its database, I now have some Zlob trojans (at least 3 samples) that AVG detects while avast! still not. I have sent both AVG and avast! a samples and AVG always added them in its next updates.

I think adding a lot of Trojan-gen.xxx signatures from time to time is not that good.  :P

=====> http://forum.avast.com/index.php?topic=7160.msg58870#msg58870

IBK

  • Guest
Re: VPS: 0624-0
« Reply #49 on: June 16, 2006, 09:46:30 AM »
I said ", esp. not if they are not coming from users", because otherwise the samples I sent e.g. to AVG and AVIRA would not be still undetected after several months or in some cases years.

mauserme

  • Guest
Re: VPS: 0624-0
« Reply #50 on: June 16, 2006, 01:46:54 PM »
@IBK

Is this because your samples pose a greater threat than those typically submitted by users, or is it more a desire on the part of the AV companies to do well in the tests?


@alwil team

How are the additions prioritized?  Damage potential? Ease of infection? Something else?

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: VPS: 0624-0
« Reply #51 on: June 16, 2006, 03:31:01 PM »
well i'm still waiting for automated web based submission system where i can see easily status of submission

 plus it can prevent duplicate mess (if 2 or more users upload file with same hash it will inform later upload this file is already uploaded and awaiting investigation OR being investigated OR clean OR damaged something OR infected yet not added to VPS OR INFECTED and already detected)

this could also solve issue of emailing question why file XY is not yet added or forum questions and complains about why this wasn' added when etc...

i know patience but ... this is year(s) old scheme and still nothing
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: VPS: 0624-0
« Reply #52 on: June 16, 2006, 05:42:41 PM »
well i'm still waiting for automated web based submission system where i can see easily status of submission
Very good suggestion indeed...  8)
The best things in life are free.