Author Topic: The quality of the service of the analysts needs to be improved  (Read 11844 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 83014
  • No support PMs thanks
Re: The quality of the service of the analysts needs to be improved
« Reply #15 on: June 04, 2010, 03:34:34 PM »
Well the point being made is 'detection by signature' with a signature for every detection. So with the generic detection, win32:Malware-gen in this case it can detect hundreds/thousands of variants of malware.

Now that Nomenclature doesn't specifically identify 'banker' or other specific malware family name (as in the OPs concern) it just detects it as malware. The important thing is that it detects it and not the Nomenclature  given to the detection.

So the use of generic and heuristics to detect zero day/new variants is playing a greater part in detection as it is almost impossible to keep up with the volume of 50,000 new malware per day if you are going to try and give them all a specific Nomenclature or malware family name rather than win32:malware-gen, etc.

WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.2.2401 (build 20.2.5130.570) UI-1.0.505/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: The quality of the service of the analysts needs to be improved
« Reply #16 on: June 04, 2010, 03:46:45 PM »
Well the point being made is 'detection by signature' with a signature for every detection. So with the generic detection, win32:Malware-gen in this case it can detect hundreds/thousands of variants of malware.
But we know that still not enough...

So the use of generic and heuristics to detect zero day/new variants is playing a greater part in detection
Yeah... But I would like to hear from Kubecj what is his solution...
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11745
    • AVAST Software
Re: The quality of the service of the analysts needs to be improved
« Reply #17 on: June 04, 2010, 03:49:54 PM »
I believe Kubec just wanted to say that it's necessary to react quickly - and detect the stuff.
Thorough analysis and attempts to use a great name for the detection... isn't doable.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: The quality of the service of the analysts needs to be improved
« Reply #18 on: June 04, 2010, 03:51:13 PM »
I believe Kubec just wanted to say that it's necessary to react quickly - and detect the stuff.
Thorough analysis and attempts to use a great name for the detection... isn't doable.
Ok. What is the pathway to happiness in his opinion?
What do you use to protect your computer when you will play with fire? ;D
The best things in life are free.

Offline kubecj

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1123
    • ALWIL Software
Re: The quality of the service of the analysts needs to be improved
« Reply #19 on: June 04, 2010, 04:01:51 PM »
If you want to go to suspicious sites, just prepare to be infected anyway and make the precautions as backups and not storing anything even moderately sensitive on your machine. And I specifically said by "signatures". But there are also generic protections and layered protections.

See the typical chained scenario of today:
Porn site -> malicious js -> malicious pdf -> malicious downloader -> malicious binaries.

Don't go to such porn site.
Don't use vulnerable apps.
Have antivirus with layered protection.

And then - who cares if avast! does not detect one of the downloaded malicious binaries, when the porn site is blocked and we detect the js and pdf?

It's very hard to evaluate the real-world performance of an AV solution when we don't (and I suspect we can't) test the whole chain and prove if the user is protected. The tests on VT and such don't prove anything, but the ability of the engine to detect it by the signature.
Jindrich Kubec

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: The quality of the service of the analysts needs to be improved
« Reply #20 on: June 04, 2010, 04:37:36 PM »
Layered protections.
Have antivirus with layered protection.
For instance?
What would you use side by side with avast?

And then - who cares if avast! does not detect one of the downloaded malicious binaries, when the porn site is blocked and we detect the js and pdf?
You're fully right.

The tests on VT and such don't prove anything, but the ability of the engine to detect it by the signature.
+1
The best things in life are free.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 64664
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: The quality of the service of the analysts needs to be improved
« Reply #21 on: June 04, 2010, 04:44:35 PM »
Layered protections.
Have antivirus with layered protection.
For instance?
What would you use side by side with avast?

Don't ask him this kind of question - I guess he likes his job...! ;)
asyn
Win 8.1 [x64] - Avast PremSec 20.4.2408.B#3 [UI.520] - CC 5.65 - EEK - FF ESR 68.8 [NS/AOS/uBO/PB] - TB 68.8.1 - ASB/ACP/ASL.BC
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: The quality of the service of the analysts needs to be improved
« Reply #22 on: June 04, 2010, 05:13:17 PM »
Don't ask him this kind of question - I guess he likes his job...! ;)
You've got the point.
I want to know to where should avast go to... HIPS?

The tests on VT and such don't prove anything, but the ability of the engine to detect it by the signature.
Well... thinking better... what if you download from P2P and avast does not detect the sample...
You get the malware binary into your machine already... There is no chain... It's already there. Then checking with VT will shown avast is not doing the best job...
The best things in life are free.

Offline Henrique - RJ

  • Sr. Member
  • ****
  • Posts: 247
Re: The quality of the service of the analysts needs to be improved
« Reply #23 on: June 04, 2010, 06:34:04 PM »
You are running away from commitment to quality.

Why avast is the only av that abuses of generic names ?

50 000 malwares per day is for all the world and not ave to one.

Why Avira is better in detection of than Avast ?

Why I trust most in a scan done by Avira ?

Why Avira is better placed in the tests of AV-Comparatives ?

I've attached three similar trojans (brazilian bankers) like this post that are called by Avira "TR/Crypt.CFI.Gen".

Avast detects only two (now) as "Win32: Trojan-gen" giving a different signature to each while Avira gives the same signature to all three.

Already see that Avira detects all avast does not (waiting ...).

Sirs ... this gave me work.

http://rapidshare.com/files/395240464/virus.zip.html (PASSWORD: virus)

Offline kubecj

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1123
    • ALWIL Software
Re: The quality of the service of the analysts needs to be improved
« Reply #24 on: June 04, 2010, 06:55:06 PM »
You are running away from commitment to quality.
nope.

Quote
Why avast is the only av that abuses of generic names ?
It's not. All avs have such signatures. I for example like Norton's "Trojan Horse".

Quote
50 000 malwares per day is for all the world and not ave to one.
I don't understand.

Quote
Why Avira is better in detection of than Avast ?
Avira's engine probably detects more binaries. That's true. And?

Quote
Why I trust most in a scan done by Avira ?
I don't know, it's your choice.

Quote
Why Avira is better placed in the tests of AV-Comparatives ?
Because they have more signatures on binaries. That's true. And?

Quote
I've attached three similar trojans (brazilian bankers) like this post that are called by Avira "TR/Crypt.CFI.Gen".
Avast detects only two (now) as "Win32: Trojan-gen" giving a different signature to each while Avira gives the same signature to all three.

Crypt.CFI.gen is quite similar to our Trojan-Gen. Says nothing about similarity of the samples.
I can find you hundreds of samples XXX antivirus does not detect in matter of seconds.
Jindrich Kubec

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: The quality of the service of the analysts needs to be improved
« Reply #25 on: June 04, 2010, 07:24:08 PM »
kubecj, and my answers?
The best things in life are free.

Offline Henrique - RJ

  • Sr. Member
  • ****
  • Posts: 247
Re: The quality of the service of the analysts needs to be improved
« Reply #26 on: June 04, 2010, 07:28:26 PM »
Why Avira's engine probably detects more binaries ?

We need to improve !

Offline kubecj

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1123
    • ALWIL Software
Re: The quality of the service of the analysts needs to be improved
« Reply #27 on: June 04, 2010, 07:34:24 PM »
They detect less JS and PDFs, they need to improve!  ;)
Jindrich Kubec

Offline Henrique - RJ

  • Sr. Member
  • ****
  • Posts: 247
Re: The quality of the service of the analysts needs to be improved
« Reply #28 on: June 04, 2010, 07:44:44 PM »
Many users of avast are having their machines infected (by trojans bankers via e-mail and pen drive) every day here in Brazil because of this deficiency in the detection of binaries.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: The quality of the service of the analysts needs to be improved
« Reply #29 on: June 04, 2010, 08:24:11 PM »
kubecj, and my answers?
???
Send me an IM if you don't want to make your personal "solutions" public ;)
The best things in life are free.