Author Topic: AV-Comparative August 2007 results are up!  (Read 19246 times)

0 Members and 1 Guest are viewing this topic.

the Tester

  • Guest
Re: AV-Comparative August 2007 results are up!
« Reply #15 on: September 01, 2007, 11:24:06 PM »
Looking forward to beta testing next year.
Why don't you enjoy the forum until there?
There are a lot of experience and knowledge to share, not just on avast, but in all security and applications fields.

I will.
I have an interest in Avast as a user and it's my recommendation to family and friends that need a quality free antivirus.
Glad to help where I can.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: AV-Comparative August 2007 results are up!
« Reply #16 on: September 01, 2007, 11:35:00 PM »
tuareg: 62,5%
insane: 100%  :)
the rest of the ones from clementi's set is currently unchanged.
A little bit less technical and more people could start to imagine what are you talking about ::)
The best things in life are free.

IBK

  • Guest
Re: AV-Comparative August 2007 results are up!
« Reply #17 on: September 01, 2007, 11:39:37 PM »
i was talking about the improved poly detection; the detection of the 2 mentioned viruses is now respectivly higher than 4 weeks ago.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: AV-Comparative August 2007 results are up!
« Reply #18 on: September 01, 2007, 11:56:05 PM »
Still not good enough. I expect no less than at least 50% coverage (100% detection that is) of mentioned samples (this means at least 6 samples being 100% detected). Still good to see some progress... 100% would be even better.
Visit my webpage Angry Sheep Blog

JerryM

  • Guest
Re: AV-Comparative August 2007 results are up!
« Reply #19 on: September 02, 2007, 12:23:54 AM »
Looking forward to beta testing next year.
Why don't you enjoy the forum until there?
There are a lot of experience and knowledge to share, not just on avast, but in all security and applications fields.

Agreed. 8) 8)
I have found the folks here always ready to help.
I have not been concerned by the poor showing on the polymorphic tests. Maybe ignorance is bliss.
Jerry

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: AV-Comparative August 2007 results are up!
« Reply #20 on: September 02, 2007, 11:11:53 AM »
ook.. Insane/Devir looks good... and about Tuareg/Driller - good to know the score, we must prepare more samples of this family and improve the detection.. thx to Andreas for a quick re-test of his poly set ;)..

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: AV-Comparative August 2007 results are up!
« Reply #21 on: September 02, 2007, 11:35:45 AM »
Still not good enough. I expect no less than at least 50% coverage (100% detection that is) of mentioned samples (this means at least 6 samples being 100% detected). Still good to see some progress... 100% would be even better.

new poly module is included in VPS since august 13. and 25 detections were added till now.. a little progress is visible in "hardcore" polymorph table, but Andreas has many polymorphs in his set (Twinny, Legacy, Zaprom, Orez, KME.........) and we must detect them too, no matter if they are "visible" to ppl... so, the results of re-scan aren't bad, when you assign them to the ~2 weeks block starting from august 13...

IBK

  • Guest
Re: AV-Comparative August 2007 results are up!
« Reply #22 on: September 02, 2007, 01:03:54 PM »
true. avast already shows a big improvement after 4 weeks when scanning the set of missed samples.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: AV-Comparative August 2007 results are up!
« Reply #23 on: September 02, 2007, 04:11:44 PM »
true. avast already shows a big improvement after 4 weeks when scanning the set of missed samples.
Thanks IBK for the explanations.
Glad to see that avast policy is in the right direction.
The best things in life are free.

avatar2005

  • Guest
Re: AV-Comparative August 2007 results are up!
« Reply #24 on: September 02, 2007, 09:01:52 PM »
Glad to see that avast policy is in the right direction.
Fully agree with that ;). Way to go AVAST! 8)

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: AV-Comparative August 2007 results are up!
« Reply #25 on: September 04, 2007, 04:11:07 PM »
IBK is any chance for tests to include support of unpackers like various install packers etc. ?
but i guess that's way too complicated and time eating
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: AV-Comparative August 2007 results are up!
« Reply #26 on: September 04, 2007, 05:06:27 PM »
I don't think it's a good idea... It doesn't really matter whether an antivirus unpacks the packed archive (and detects the malware inside), or if it detects the malware from "ouside", using a signature taken from the packed installer itself.

So yes, it is nice to be able to unpack various archives, but "more unpacking" doesn't necessarily mean "more detection" (as many readers would probably assume, so the test might be rather misleading).

Offline Dwarden

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1793
  • Ideas, that's ocean without borders!
    • Bohemia Interactive
Re: AV-Comparative August 2007 results are up!
« Reply #27 on: September 04, 2007, 09:25:41 PM »
yep it should be more like part of some bonus ondemand scan and features test :)
https://twitter.com/FoltynD , Tech. Community, Online Services & Distribution manager of Bohemia Interactive

Offline Tonanet

  • Sr. Member
  • ****
  • Posts: 353
  • I'm a llama!
Re: AV-Comparative August 2007 results are up!
« Reply #28 on: September 05, 2007, 12:29:20 AM »
I was wondering... Hmmm... Maybe I am Wrong...

But more unpackers means less signatures to detect a malware?

Lets say that malware x, has been packed with ten diferent packers creating ten different files (versions of malware)...If Avast has the 10 unpackers, it will only need 1 signature to detect them all. The unpackers will extract the malware from the pack, and the signature will detect it inside.

In the other way, if avast doesnt have some of the unpackers for some of the files that were packed, it will have to create another signature to detect each sample that doesnt have the related unpacker in avast, even the malware being the same, just packed with a different packer.

What I see is that with more packers, the pro active protection increase, as it will not be necessary to receive another update with a new signature of a know malware that was only packed with some other packer...

Am I right? This make sense?

Thanks for your time,

Elminster

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: AV-Comparative August 2007 results are up!
« Reply #29 on: September 05, 2007, 12:35:51 AM »
The question is - how many (existing) variants of malware are just repacks of other, already detected, malware. If most malicious files are "new" - it probably won't be detected, no matter if it's unpacked or packed with any number of packers.
I can't say what's the reality - probably somewhere in between.