Where do you get the virus fixes?

[vaughnh]

Just curious, where do you guys get your fixes to viruses?  What % do you code fixes yourselves, what % do you get from IBM or 3rd party sources?  Also how quick are you able to release the fixes from the time a virus is detected in the world?

Thanks
Vaughn

[igor]

What do you mean?  
I must admit I really don't understand the question...

[vaughnh]

ah, maybe I've got a misconception of virus detection and elimination.  When a virus is detected I thought someone, somewhere wrote code to 'fix' it.  But I guess all you need is a fingerprint of the virus, be able to recognize it and then eliminate it, is that the way it works?  if so, then let me modify the question
"you guys can't be cognizant of all virus in the world, how do you find out about all the viruses in the world and what's hot"?

Am I making sense?
thanks,
vaughn

[techie101]

vaughnh,

You are basically correct.  When a virus is identified, its' signature (or fingerprint) as you put it, is added into the vps database.  Most viruses must be "coded" in a certain manner for them to infect, therefore, once the basic code is identified, all that is needed is to "delete/move or repair the virus file".

Each vendor releases new updates on their own schedule depending upon how many new viruses are found in a certain time frame, and the "risk level" of each.

Sometimes, more than one update can be released in a day!

Avast team stays very productive as far as new virus database updates, and the PRO version has the Push feature which allows the Avast team to "send" you a new update and install it on a moments notice!  Now that is the way to go!  In general, one update a week is normal, but I have gotten as many 2-3 in a 10 day period!

As far as how Avast discovers a new virus.....well, I think Igor would be best able to answer that one.

Hope the info helped you.

Techie101

[pk]

All we need is a signature of virus - but I can't tell you more details, every AV company use little different method. We have lot of viruses in our archive but our priority is ItW (latest threats) viruses; those ones, you won't be infected with in 99.99% cases - are added slowly. Although virus signatures are very important for av, it seems to me, like we'd still have few ppl for adding them.

[techie101]

pk,

What I really think he wants to know is actually HOW we find out that a virus exists?

Does someone call Avast on the "virus phone"!  

Is the a central repository for this information that av vendors can access?

techie

[pk]

I'm not the right person who you should ask , it's *cough* Pavel *cough*.

I heard from my italian friend, who works in security company, he receives some important security warnings on his cell phone (paid service?), so do Pavel - I hope I don't confuse you because i'm so little informed how it works in practice .

[MikeBCda]

Do I remember correctly that one of the functions of CERT is coordinating and distributing new-virus info?  Admittedly I think they're more involved with viruses that are still mostly in the "lab" stage than the in-the-wild ones, and of course i.t.w. is our biggest concern as users.

[vaughnh]

For fear of belaboring the point, you're right the basic question is how do you know when a virus exists so you can write a new VPS file.  How fast you recognize the virus and send it out is critical to users.  
McAfee and Symantec are down the street from me (Literally Symantec is 3 miles) with thousands of employees sitting around finding viruses.  These guys have war rooms that looks like a NASA launch site.
The question comes up in the back of my head Can 10 guys in CZ find/hear about a virus as quickly as the big guys can and get the signature into the market?
Don't get me wrong here, In 3-4 short days of me trying the product and trying Customer Support, I am truly impressed with you guys.  AAA+ rating.  In fact you should do your IPO now and build the capital base to make a run on consolidating the market, McAfee is truly vulnerable now.
Anyway that's off the subject.  Tech101 and all of you thanks for the info--it is the recognition and timeliness of the solution that I was asking about, i.e. how is it that you guys can do it better than the biggies....
Keep up the good work, Vaughn

[Lisandro]

The question comes up in the back of my head Can 10 guys in CZ find/hear about a virus as quickly as the big guys can and get the signature into the market?

If you know these guys well...  

How is it that you guys can do it better than the biggies...

I usually fell that I'm with the biggest one, not only just a big one.
Another related thread: http://forum.avast.com/index.php?board=2;action=display;threadid=3230;start=msg23486#top
Here you will find the 'reaction' time of avast!  

[Pavel Baudis]

McAfee and Symantec are down the street from me (Literally Symantec is 3 miles) with thousands of employees sitting around finding viruses.  These guys have war rooms that looks like a NASA launch site.
The question comes up in the back of my head Can 10 guys in CZ find/hear about a virus as quickly as the big guys can and get the signature into the market?

Well, AV companies do cooperate on the technical side for years. It is a real MUST nowadays - and it is the only way how to catch today's epidemies. And often even smaller companies are able to discover some virus sooner than the 'big' ones. But trust me - even Symantec does not have thousands of employees in the virus lab (they all sit in the marketing department  ) - their virus lab is bigger than ours but the small difference could surprise you.

Yes, the key question is cooperation. When there is a new outbreak, the first send the info to others and this starts the standard procedure which results in new update ready for users.

Pavel

[tony4563]

  Whatever the case... a big thank you from me, and i'm sure many others, for the great work done by the Avast team.