The quality of the service of the analysts needs to be improved

[Henrique - RJ]

Hello

I've been drawing some conclusions why some very similar trojans are not detected by avast even if the signature of one of them has been included in the database.

I believe the quality of the service team of analysts is not the best. I have noticed that the detection of trojans bankers by Avira AntiVir is much better than avast. I wonder if it would be the choice by analysts of the line of code that does not accurately characterize the malware.

The names of malware identified by analysts avast are not accurate (example the name "Win32: Malware.gen" given the trojans bankers).

Am I correct ?

There is some expectation of improvement ?

Thanks very much.

[Lisandro]

I have noticed that the detection of trojans bankers by Avira AntiVir is much better than avast.

Common voice in our country.

There is some expectation of improvement ?

There is always hope

[RejZoR]

As far as naming is concerned, there is absolutelys no standard or rule how to name them. Companies could name them "Malware/Virus" or even just "Threat" and that's it. To 99% of ppl, names of the malware families don't mean a thing. If it's Banker or Virut, only one thing is in comon. They want it off their computer.
As for everything else you complained about, i cannot really comment that. Only ALWIL programmers/analysts can answer you to that...

[DavidR]

I feel the same way, the name isn't an issue, what is, is that it is detected as I mentioned in the other topic.

The win32:Malware-gen is a generic detection designed to catch multiple occurrences of a type of malware, so long as it makes the detection, the name given is totally unimportant as there is no standardisation/convention in malware naming.

You will see this when you do a virustotal check and you will see the many different aliases given in detections across the 42 different scanners.

[Henrique - RJ]

As far as naming is concerned, there is absolutelys no standard or rule how to name them. Companies could name them "Malware/Virus" or even just "Threat" and that's it. To 99% of ppl, names of the malware families don't mean a thing. If it's Banker or Virut, only one thing is in comon.

But the nomenclature is important to tell what type of malware is and what does.

There are cases where the name indicates a type of malware when in fact it is another kind.

[Henrique - RJ]

No response of the one malware analyst ?

I have two similar trojans to prove what I say.

This question seems very important.

[Asyn]

I have two similar trojans to prove what I say.

So, did you send them to avast yet..??
Meanwhile all AV companies (kind of) depend on users feedback..!!!
asyn

[Henrique - RJ]

So, did you send them to avast yet..??
Meanwhile all AV companies (kind of) depend on users feedback..!!!
asyn

Already sent have a few days.

One is already detected by avast not the other.

[Asyn]

Already sent have a few days.
One is already detected by avast not the other.

Great, thanks for submitting...!!
Let's hope the other one will also be detected soon...
asyn

[Henrique - RJ]

Great, thanks for submitting...!!
Let's hope the other one will also be detected soon...
asyn

Because the Trojans are similar since they must all be detected and not just a.

Therefore to say that the service quality of analysts needs to be improved.

This also occurs with AVG (Grisoft).

If there was quality in the analysis the cracker could create several trojans that all would be detected by the same signature.

[Asyn]

Because the Trojans are similar since they must all be detected and not just a.
Therefore to say that the service quality of analysts needs to be improved.
This also occurs with AVG (Grisoft).
If there was quality in the analysis the attacker could create several trojans that all would be detected by the same signature.

You should never rely on one security solution. Never ever..!!
A layered protection is the ultimate secret..!!!
asyn

[Henrique - RJ]

You should never rely on one security solution. Never ever..!!
A layered protection is the ultimate secret..!!!
asyn

I just want that avast is as good as Avira AntiVir in detection.

[Asyn]

I just want that avast is as good as Avira AntiVir in detection.

I don't care about Avira...!
If you want maximum detection rate use Emsisoft AM.
But I guess we (users of avast) all like it to be the best and imo it is the best AV, otherwise I (and many others) wouldn't use it..!! Nevertheless, as already said, don't fully rely on it, protect your browser at first level and get a second opinion with an antimalware like Mbam or A²...
asyn

[kubecj]

1) Please check the photo, which comes from F-Secure's blog from CARO 2010 conference:


From our internal testing it seems that in day 0, the best AV gives you maximally 60-70% protection by the signatures. This is not an excuse, this is an explanation why you may see what you see. I could as well show you many samples missed by antivirus X, in the very same way.

2) Nomenclature does not exist, and while you're getting 50 000 new samples a day, it's nonsense to spend time and resource with naming something which will be extinct tomorrow. Also, from our tests it sometimes seems like these names are assigned by random generator. 

[Lisandro]

From our internal testing it seems that in day 0, the best AV gives you maximally 60-70% protection by the signatures. This is not an excuse, this is an explanation why you may see what you see. I could as well show you many samples missed by antivirus X, in the very same way.

So, how to be protected by day 0 attacks? Which is your suggestion side by side with avast?

naming something which will be extinct tomorrow

Solution for the 50.000 new malwares per day?