Author Topic: Reactiontimes Mydoom  (Read 8084 times)

0 Members and 1 Guest are viewing this topic.

SirL

  • Guest
Reactiontimes Mydoom
« on: March 12, 2004, 12:45:20 AM »
On http://www.idg.se/ArticlePages/200403/11/20040311135925_MD/20040311135925_MD.dbp.asp you can read the reactiontime for the first Mydoom virus. Does anyone have Avast reactiontime?

Trend Micro, 9:32:00
Virusbuster, 10:02:00
AVG, 10:12:00
Inoculate IT-CA, 11:17:00
Sophos, 11:37:00
Inoculate IT-VET, 12:27:00
Esafe, 12:47:00
RAV, 14:07:00
Dr. Web , 14:07:00
Kaspersky, 14:32:00
Symantec, 14:32:00
McAfee, 14:57:00
Bitdefender, 14:57:00
Quickheal, 15:47:00
Panda, 15:57:00
Norman, 19:02:00
Antivir, 22:32:00
F-Secure, 23:02:00
F-Prot, 29:12:00.

BTW Avast rules

/SirL

Summoner Yuna

  • Guest
Re:Reactiontimes Mydoom
« Reply #1 on: March 12, 2004, 02:38:38 AM »
f-secure taking 23h:02m:00s??? not likely! NO WAY SYMANTEC BEAT THEM  >:(

Pavel Baudis

  • Guest
Re:Reactiontimes Mydoom
« Reply #2 on: March 12, 2004, 08:37:14 AM »
On http://www.idg.se/ArticlePages/200403/11/20040311135925_MD/20040311135925_MD.dbp.asp you can read the reactiontime for the first Mydoom virus. Does anyone have Avast reactiontime?

Trend Micro, 9:32:00
Virusbuster, 10:02:00
AVG, 10:12:00
Inoculate IT-CA, 11:17:00
Sophos, 11:37:00
Inoculate IT-VET, 12:27:00
Esafe, 12:47:00
RAV, 14:07:00
Dr. Web , 14:07:00
Kaspersky, 14:32:00
Symantec, 14:32:00
McAfee, 14:57:00
Bitdefender, 14:57:00
Quickheal, 15:47:00
Panda, 15:57:00
Norman, 19:02:00
Antivir, 22:32:00
F-Secure, 23:02:00
F-Prot, 29:12:00.

BTW Avast rules

/SirL

I do not know if this article really speaks about the first Mydoom incident (some numbers look really strange and the results are totally different from what I know) but this is a main source of the original response test which contains avast! as well.

BTW: I have found this article which discusses the average response time for four virus outbreaks. While you might argue about the number and selection of those viruses (some started very quickly while others not) it is still interesting reading - and avast! beats Sophos, Dr.Web, Trend Micro, Panda, MsAfee and Symantec in this comparison  ;) !

And another BTW: avast! times should be even better, because the testers use the VPSUPD.EXE file to update their scanner. This file is however uploaded on our web site maybe 20 minutes after the incremental iAVS update is released (it does not have such high priority and it takes some time to manage and update all our servers).

Pavel

Steele

  • Guest
Re:Reactiontimes Mydoom
« Reply #3 on: March 13, 2004, 01:14:12 AM »
   H:M     Anti-Virus Program
  06:51   Kaspersky
  08:21   Bitdefender
  08:45   Virusbuster
  09:08   F-Secure
  09:16   F-Prot
  09:16   RAV
  09:24   AntiVir
  10:31   Quickheal
  10:52   InoculateIT-CA
  11:30   Ikarus
  12:00   AVG
  12:17   Avast
  12:22   Sophos
  12:31   Dr. Web
  13:06   Trend Micro
  13:10   Norman <-------- *What?
  13:59   Command
  14:04   Panda
  17:16   Esafe
  24:12   A2
  26:11   McAfee
  27:10   Symantec
  29:45   InoculateIT-VET

I'm not aware of a Norman! lol  ;D

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Reactiontimes Mydoom
« Reply #4 on: March 13, 2004, 01:18:18 AM »
I'm not aware of a Norman! lol  ;D

Then, you should check their webpage - www.norman.com - and you will be  ;D

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re:Reactiontimes Mydoom
« Reply #5 on: March 13, 2004, 03:05:45 AM »
Reaction times a little bit higher but, please, less false positives and more tests before VPS releases  :'(
The best things in life are free.

Steele

  • Guest
Re:Reactiontimes Mydoom
« Reply #6 on: March 13, 2004, 03:28:56 AM »
Ahhh... I see.  ;D
Still... I've never heard of them.

Agreed Technical.

Pavel Baudis

  • Guest
Re:Reactiontimes Mydoom
« Reply #7 on: March 13, 2004, 09:42:31 AM »
Hi Technical,

Reaction times a little bit higher but, please, less false positives and more tests before VPS releases  :'(

Do you think we do not provide enough false positives tests? Well, I do not think so. We have a huge collection of different systems/shareware/freeware/commercial software which today contains abou 120 GB of executables and is still growing. We do not let go out the VPS which does detect abything in this set. But we simply can't test all SW around the globe - it is impossible task.

As I said in another thread, it is a piry that you did not send us the files before - actually they were detected twice (once as AutoIt and secondly as Trojan-gens) but without the files we were not able to discover the second FP.

I still can't imagine more thorough tests than we are doing now. Any suggestions?

Pavel

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re:Reactiontimes Mydoom
« Reply #8 on: March 13, 2004, 08:36:31 PM »
Sorry Pavel... Of course I'm not saying that you do not work hard. You know... just an unhappy user from time to time... I have my computer blocked...

Didn't you receive my files yesterday? I sent at least 5 scripts compiled with AutoIt 2.64?  :-\

If you want I'll send them again...
The best things in life are free.

JEfromCanada

  • Guest
Re:Reactiontimes Mydoom
« Reply #9 on: March 13, 2004, 11:22:23 PM »
As I said in another thread, it is a piry that you did not send us the files before - actually they were detected twice (once as AutoIt and secondly as Trojan-gens) but without the files we were not able to discover the second FP.
Pavel,

I can't imagine anyone working as hard as your staff does.  A post in this thread referenced an online report that averaged the results of company responses to four different infections.  Three of the "averages" posted only included responses to three attacks, since the heuristics built into the virus scanners caught some viruses without having to develop a new solution.

While that speaks well of the heuristics, it clouds the issue of how fast a company responds to NEW threats.  If those companies had been given an average based on THREE tests (not four), they would have fallen in the rankings.

Also, the article points out that companies that have far more staff obviously find antidotes faster.  Frankly, if I compare the avast staff size (was that picture I saw posted in another thread accurate) to Kaspersky, I think I feel comfortable that you guys are doing a remarkable job.

I also assume there is some cooperation in the industry as a whole, but I might be wrong there.

There was another factor that was not considered completely in the article, though it was touched on.  It doesn't matter how quickly a correction is found if you aren't informed about it.  I previously used AVG.  The auto-update on AVG will not automatically download an update until AT LEAST 24 HOURS after the last update.  Normally, that's fine.  But lately, with all the new viruses, you can wait nearly 48 hours before AVG triggers an update, depending on when the update was last done in relation to when a virus is discovered.  With avast, as soon as the fix is available, it's downloaded!  How good is that!

All in all, I'm very happy with avast.

P.S.

The latest update no longer reported the false alarm on that Trojan.gen file I forwarded to you.  Thank you very much!   :)
« Last Edit: March 13, 2004, 11:27:18 PM by JEfromCanada »

CoJo

  • Guest
Re:Reactiontimes Mydoom
« Reply #10 on: March 13, 2004, 11:29:41 PM »
Well said, JE!

and welcome to the forums..

cojo

CharleyO

  • Guest
Re:Reactiontimes Mydoom
« Reply #11 on: April 06, 2004, 06:49:01 AM »
I think the avast! crew does the best job of the 4 AV programs I have used. In the past, I have used Norton, AVG, & McAfee. I was really disappointed with the last 2 versions of McAfee.    :(  

I am now using avast! with much pleasure.     :)

Way to go ALWIL team!     :)