Author Topic: Who is using this online scanner?  (Read 7048 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Who is using this online scanner?
« Reply #15 on: April 02, 2009, 09:00:54 PM »
I don't know the differences between Dr. Web normal (on-access) and Dr. Web CureIt.
But I tend to agree with David. I can't imagine a different engine being used by Virus Total.
The best things in life are free.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33580
  • malware fighter
Re: Who is using this online scanner?
« Reply #16 on: April 02, 2009, 09:10:48 PM »
Hi Tech, DavidR and scythe944,

I'd hammer down my point here about the lack of complete heuristic scanning at virustotal.com as you can read from this quote:
Quote
For instance, a famous website has been attacked and malicious code has been injected inside the main page some days ago. Whilst lots of users tested the dropped malware on VirusTotal and drawing wrong conclusions, Prevx Edge has been able to heuristically block it since the beginning.

This is because many new heuristic techniques that we use can't be included inside the on-demand scanner, which will simply check if the plain file signature is present inside the community database.

I've exposed the situation as it is for Prevx, but this is common to other security software too. They often include new techniques - behavior blockers, heuristic behavior analyzers, dynamic heuristic engines and so on - used to mitigate (or override, most of times) the gap between malware creation and signature release.
from this source: http://www.prevx.com/blog/106/Why-using-VirusTotal-for-AV-testing-is-a-bad-idea.html

So no heuristic scanning, not quite, but hampered and incomplete, so the variation for the real McCain and the bundled McCain is obvious,

polonus



« Last Edit: April 02, 2009, 09:12:27 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Who is using this online scanner?
« Reply #17 on: April 02, 2009, 10:03:35 PM »
Well, I think I'm talking about a different thing.
I was talking about engines, not virus database or extra scannings done on-access. I understand perfectly what Polonus is trying to say.
So, Virus Total uses the same engines but, extra options that come on-access won't be present in the on-demand scanning of these check-webpages. There is heuristics somehow, but not completely.

But, Polonus, does fortiguardcenter scanning add this extra level of scanning for their particular scanner I think, nothing for the others. Am I wrong?
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87082
  • No support PMs thanks
Re: Who is using this online scanner?
« Reply #18 on: April 02, 2009, 10:08:05 PM »
Well what this article is about isn't the purpose we are putting VT too, we primarily send people to VT for confirmation a detection or suspicion one way or another on a single file.

Quote
Where I totally disagree, is the use of VirusTotal online scanner as the primary tool to check effectiveness of antivirus solutions. VirusTotal is a great and useful service and it can give users some statistics about detection rates, it can't be used as the tool that allow testers to write comparatives and judge antivirus's effectiveness.

Sadly, a number of so-called "independent" comparatives are relying upon VirusTotal results. This can't give a complete overview of security software's efficiency.

As for 'sadly a number' well not all comparatives solely use VT but gather their own data.

The problem is the use and labelling of Heuristics as one clear definition when if you asked each AV that uses it what they define it as, you would get many different definitions of what it means. So given that some would call avasts generic and algorithmic signatures as a form of heuristics and the same must be true of other AVs.

Quote
This is because many new heuristic techniques that we use can't be included inside the on-demand scanner, which will simply check if the plain file signature is present inside the community database.

So it isn't quite so clear cut when we see physical detections suspicious/heuristic, something other than conventional signature detection is going on and that isn't stated that there are no heuristics used on VT (as you first claimed) just that some may not be able to be used, a clear distinction; so heuristics are used as the article doesn't say all heuristic methods aren't used.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33580
  • malware fighter
Re: Who is using this online scanner?
« Reply #19 on: April 02, 2009, 10:09:28 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33580
  • malware fighter
Re: Who is using this online scanner?
« Reply #20 on: April 02, 2009, 10:30:14 PM »
Hi malware fighters,

I have put up another separate posting on the Virus Total issue. What it is lacking cannot be easily quantified, and the total result balancing out against what other scanning will find, is also not easily quantifiable. What is positive is that all the results together are also to be taken into consideration and there I see a very positive aspect where Virustotal scanning is concerned, I hope everyone with a suspicious file scan at Virustotal will repeat the same scan in case of a False Positive after a certain period of time, this will considerably enhance the overall quality of the bundled results, re:
http://it.toolbox.com/blogs/adventuresinsecurity/best-security-tools-virus-total-file-analyzer-24923

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Who is using this online scanner?
« Reply #21 on: April 02, 2009, 10:34:23 PM »
Tech,

For some answers on your questions, re:
http://hype-free.blogspot.com/2009/01/can-you-test-av-using-virustotal.html

pol
What I can read is that Virus Total is limited to the command-line version of the same engines. Nothing "added" from the local on-access and on-demand scanning that is not performed by the command-line will be added.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87082
  • No support PMs thanks
Re: Who is using this online scanner?
« Reply #22 on: April 02, 2009, 10:38:10 PM »
Why, when it's been thrashed to death here ???

And there was me saying I wasn't going to wast any more time on it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33580
  • malware fighter
Re: Who is using this online scanner?
« Reply #23 on: April 02, 2009, 10:56:15 PM »
Hi DavidR,

Tech was trying to get at the bottom of it and have a good understanding of the difference between a resident or on demand scanner where you actually can run a file through, and an online scanner that cannot do what these scanners can perform. He now has gained that understanding by investigating the info provided by experts through various sources we presented to him, so I will neither flog this horse as I don't like for it to be ridden over the proverbial cliff.
I must admit the whole discussion has brought some new insights for me and hopefully for others as well, that might be the benefit of "not taking every horse for granted just by its teeth  ;D ".

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Who is using this online scanner?
« Reply #24 on: April 03, 2009, 02:45:51 PM »
Living and learning, always an opportunity to learn about on-line scanners, differences with installed antivirus, etc.
The best things in life are free.