Author Topic: Samples missed by avast (VirusTotal links only!)  (Read 414158 times)

0 Members and 1 Guest are viewing this topic.

m00nbl00d

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #105 on: October 15, 2010, 05:20:30 PM »
Why are you all not taking any notice of what a member of the avast virus labs is saying, this topic is pointless.

Hello,
I think that the best way is to send the files to virus@avast.com with subject "Undetected malware".
This VT links on forum doesn't help us at all, you can include them to email body.

Milos

So please do as is suggestive, send the samples to avast. So I guess the next step is in your hands send the samples and stop posting or I guess this topic will be closed too.

I sort of disagree. When sending samples to www.virustotal.com, it gives a general idea of the speed the different security vendors apply to bring out new detections to their products, free and paid. I've come across one sample from September, which avast! still did not detect. Most of them did. I didn't post it here, but for sure that avast! got it, because the sample I checked wasn't uploaded first. It was a recheck.

So, threads like this one here serve to show that user base isn't blind, and is actively seeing whether or not the security tools they chose to use is able to detect threats or not, and how fast they do it.

I believe the normal thing to do is send to www.virustotal.com, because that way we'll be helping every other person making use of other security solutions.
If there are samples that are weeks old, and avast! still doesn't detect them, then for sure, I believe it's in everyone's best interest to know that it doesn't, yet.

I guess is a matter of perspective. For avast! team may make no sense and have no use, but maybe it is of use for the user base, so they know whether or not their chosen AV is able to detect or not, and for how long it will remain unable to detect, and obviously, protect them. ;)


Regards

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #106 on: October 15, 2010, 06:10:35 PM »
There is nothing wrong in sending samples to virustotal, no one has suggested you shouldn't do that. In fact it is contrary to what Milos suggested to a) send the samples to avast and b) if you did submit to virustotal put the results link in the email body of the submission.

Regardless of what you think of the topic showing the user base isn't blind, it doesn't help the virus labs at all (as Milos said), they need samples.

If you check the first post of this topic, as to the purpose it was intended:
http://forum.avast.com/index.php?topic=64122.msg541929#msg541929
Quote from: Tech
I'm starting a new one trying to help avast improving detection if possible.

So as Milos and Maxx mentioned simply posting links to virustotal results in this topic doesn't meet Tech's hope to help detections on its own "This VT links on forum doesn't help us at all, you can include them to email body."
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Henrique - RJ

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #107 on: October 15, 2010, 06:45:17 PM »
So as Milos and Maxx mentioned simply posting links to virustotal results in this topic doesn't meet Tech's hope to help detections on its own "This VT links on forum doesn't help us at all, you can include them to email body."

avat is it ...

If you are not satisfied that replace antivirus.

End !

 :'(


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Samples missed by avast (VirusTotal links only!)
« Reply #108 on: October 15, 2010, 07:21:54 PM »
I sort of disagree. When sending samples to www.virustotal.com, it gives a general idea of the speed the different security vendors apply to bring out new detections to their products, free and paid. I've come across one sample from September, which avast! still did not detect. Most of them did. I didn't post it here, but for sure that avast! got it, because the sample I checked wasn't uploaded first. It was a recheck.
+1
Although we need to consider the sheeper behavior of virus total and the rush not to detect but to not get out bad in the picture...

So, threads like this one here serve to show that user base isn't blind, and is actively seeing whether or not the security tools they chose to use is able to detect threats or not, and how fast they do it.
I think the same.

I believe the normal thing to do is send to www.virustotal.com, because that way we'll be helping every other person making use of other security solutions.
I disagree. The good thing to do is the what can allow we to get a better detection (and protection) asap. So I think we need to follow a way that help, not a way that we think it helps...

If there are samples that are weeks old, and avast! still doesn't detect them, then for sure, I believe it's in everyone's best interest to know that it doesn't, yet.
It's difficult to say, as the samples could be infinite, the garbage could be very huge.
So, trying to verify 50.000+ samples a day will move us toward this "lockout" of technology.
That's the reason of asking other alternatives to "signatures-only" method of detection.

I guess is a matter of perspective. For avast! team may make no sense and have no use, but maybe it is of use for the user base, so they know whether or not their chosen AV is able to detect or not, and for how long it will remain unable to detect, and obviously, protect them. ;)
That's one of my intentions opening this thread.
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #109 on: October 15, 2010, 07:39:04 PM »
<snip>
I guess is a matter of perspective. For avast! team may make no sense and have no use, but maybe it is of use for the user base, so they know whether or not their chosen AV is able to detect or not, and for how long it will remain unable to detect, and obviously, protect them. ;)
That's one of my intentions opening this thread.

As far as perspective goes, if no one who posts VT results in this topic goes back and checks if they are now detected by avast (no longer missed) and edits their post to say they are now detected. Then there is no perspective at all only a list of missed detections and nothing to indicate when they are detected, so I don't see how that helps the user base.

Just browse through this topic and see just how many people follow up their post when the sample is detected and you will see how unbalanced it is, so it is very one sided. Given that I don't feel it can provide any useful information for the user base to make an informed decision on missed samples and when they are included in the database if no one if modifying the original posts when it is detected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Burkoff

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #110 on: October 15, 2010, 08:48:53 PM »
MD5   : 5e397750d32baa7d37f27d144fe4e2c4
SHA1  : 7281aa700b1703f4d1528aac7cc314e52817e848
SHA256: 9202e99fdc324ea8f53549d0c01a5a1dc225350fa923add6fbcdbe529dda4107
ssdeep: 3072:qqavcStFlrE8j6ptIxYhEK4QRzEYX2CPWkLUh4QPSCHnfkW:aHtFlg1pFx4QEq2CjloSCH

http://www.virustotal.com/file-scan/report.html?id=9202e99fdc324ea8f53549d0c01a5a1dc225350fa923add6fbcdbe529dda4107-1287166710


2.  http://www.virustotal.com/file-scan/report.html?id=05182bc7bde7bfd9dfbb6ece0f5bb368eb999e70637b4e4cdf7e75a6599b59e7-1287168704




« Last Edit: October 15, 2010, 09:07:08 PM by Burkoff »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Samples missed by avast (VirusTotal links only!)
« Reply #111 on: October 15, 2010, 09:49:12 PM »
As far as perspective goes, if no one who posts VT results in this topic goes back and checks if they are now detected by avast (no longer missed) and edits their post to say they are now detected. Then there is no perspective at all only a list of missed detections and nothing to indicate when they are detected, so I don't see how that helps the user base.
You're fully right. I've tried to do this at the beginning but, believe me, it's boring boring boring. It takes molasses to avast to add some detections... And will we keep checking checking and checking?
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #112 on: October 15, 2010, 10:08:54 PM »
I know it is boring and a real chore, which is why it will always be one sided.

Since some of the virus labs team have said that the VT Results on their own are of no help, I really can't see the purpose of this topic at all if people aren't going to update their previous posts when they are detected. That in the last 8 pages of this topic is woefully lacking.

If people submit the samples from the chest (with VT Results link and brief info), they can at least scan it from within the chest to see if it is included, if not it is very simple to submit it again and again and again if necessary.

The files that I submit from the chest, I test weekly and perhaps I've been lucky most are added, but some take a second or third submission. I submitted one yesterday a UPS email scam one and it is detected today, see image.
« Last Edit: October 15, 2010, 10:11:44 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Samples missed by avast (VirusTotal links only!)
« Reply #113 on: October 15, 2010, 10:17:56 PM »
I really can't see the purpose of this topic at all
Read again the other purposes of this thread... Maybe the virus labs aren't the only ones who are looking for benefits... Maybe we don't have to shut up just because of that. Why do they worry about this thread then? Just let it be like it is... Or there is something more than that and they are not comfortable with this thread?

submit it again and again and again if necessary.
We're not stupid... We won't keep submitting files just to bring up attention.
There is a more serious way to work.
There is something more fun to do.

The files that I submit from the chest, I test weekly and perhaps I've been lucky most are added, but some take a second or third submission. I submitted one yesterday a UPS email scam one and it is detected today, see image.
Henrique is submitting a lot of trojans active here in Brazil.
avast never has the fastest detection... ever...
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Samples missed by avast (VirusTotal links only!)
« Reply #114 on: October 15, 2010, 10:34:08 PM »
I simply can't see any other benefits/purposes of this topic which I think you stated quite clearly in the first post, to help improve detections and that clearly isn't happening as they have no samples to work from and you can't attach them or post links to file sharing sites (why the last topic on this was closed).

No one is saying you are stupid - If you aren't prepared to a) modify old posts in this topic when they are detected and/or b) resubmit from the chest if after a reasonable time they aren't detected, then don't bother. No one is standing over anyone with a stick, but me having gone to the trouble to submit a file I generally see it through to the end.

Yes Henrique is and if you remember rightly Maxx was trying to do something different so he could submit directly using ftp or other means.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

m00nbl00d

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #115 on: October 15, 2010, 10:45:39 PM »
I thought that security vendors would get the samples from Virus Total? They do, don't they? So, after all, there seems to be a point in sending them to Virus Total, because avast! will get them.

Anyway, I just wanted to help. I personally make no use of avast!, but I do have friends and family members who do, and for sure it would help a lot is avast! team was faster providing new detections for not so new malware. I'm pretty sure some other friends make use of other solutions like AVG, or whatever it may be; hence the reason I upload the samples to Virus Total and not just one vendor. It would seem rather odd.

Also, there's no point in modifying posts after 1 day or even 3 days. If, say two weeks have passed and still no detection for XYZ sample from avast!, then yes, give an update. The same if a detection is already out.

Anyway, if avast! team considers this thread to be trivial, then I'm done.


Cheers

kubecj

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #116 on: October 15, 2010, 11:25:32 PM »
I said it many times: We get *T*E*N*S* of *T*H*O*U*S*A*N*D*S* files a day. We're adding thousands of detections a day, most of them automatically generated and the rest is semi-manually processed by finite numbers of humans. There are certain prioritizations in the process, which I admit may not be the best, but still position us in front of other products detectionwise.

Yes, I know we don't detect everything - and it's not possible to detect everything in these times.

If you submit something on VT, we'll eventually get it from them and add it to the database as soon as possible.

Henrique - RJ

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #117 on: October 16, 2010, 01:44:07 AM »
why the team avast does not adopt the other criterion.

If the sample from VirusTotal is not detected or not analyzed in a timely fashion she gets the name given by another antivirus.

This would make avast unbeatable.

kubecj

  • Guest
Re: Samples missed by avast (VirusTotal links only!)
« Reply #118 on: October 16, 2010, 01:54:32 AM »
Because other AVs are unreliable as the source of the detection. Firstly, because they're FP infested and the second problem is that some vendors like to play games by creating innocent samples with their detections and then measuring how many other AVs are caught by the trap.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Samples missed by avast (VirusTotal links only!)
« Reply #119 on: October 16, 2010, 04:23:09 AM »
some vendors like to play games by creating innocent samples with their detections and then measuring how many other AVs are caught by the trap.
Kubecj, is it possible to name them? If not, I understand.
But this seems a ridiculous attitude, not respectful. It would be good to know who is playing the "bad" guy role in the game. Of course, you can prove what you say. Of course, I believe you.
The best things in life are free.