Re: Anti virus Confused

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


[snip]

Quoted text here. Click to load it

Sorry David, but I'll remain the "doctor" ; )

The original poster was concerned that Avast missed many "viruses". My reply
asked for a list of missed "viruses". Not adware/spyware, of which Avast and
most other a/v's are still in their infancy in detecting.
Regarding your "tests", the following can be clearly seen:
For Adware/Spyware Virtumonde.DA.56 , only 4 of 15 programs tested were able
to find this.
For Trojan/Obfuscated.A.1 only 7 of 15 tested were able to detect this.
For Trojan/Small.JM.10 only 6 of 15 tested came up with this one.

This limited test of 1 particular adware/rootkit certainly does not validate
any claim that Avast a/v is particularly worse than other a/v's. Quite the
contrary, as only 7 of the 15 a/v's that were tested were able to make a
detection in any 1 of the 3 tests.
Surprisingly, F-Prot, and Sophos (and also Norman?), are all paid-for a/v
programs, and I see that none of them were able to make a detection in any
of the 3 tests.

pc doc



Re: Anti virus Confused



| Sorry David, but I'll remain the "doctor" ; )
|
| The original poster was concerned that Avast missed many "viruses". My reply
| asked for a list of missed "viruses". Not adware/spyware, of which Avast and
| most other a/v's are still in their infancy in detecting.
| Regarding your "tests", the following can be clearly seen:
| For Adware/Spyware Virtumonde.DA.56 , only 4 of 15 programs tested were able
| to find this.
| For Trojan/Obfuscated.A.1 only 7 of 15 tested were able to detect this.
| For Trojan/Small.JM.10 only 6 of 15 tested came up with this one.
|
| This limited test of 1 particular adware/rootkit certainly does not validate
| any claim that Avast a/v is particularly worse than other a/v's. Quite the
| contrary, as only 7 of the 15 a/v's that were tested were able to make a
| detection in any 1 of the 3 tests.
| Surprisingly, F-Prot, and Sophos (and also Norman?), are all paid-for a/v
| programs, and I see that none of them were able to make a detection in any
| of the 3 tests.
|
| pc doc
|

Sorry is correct.  As I indicated "All tested files are new." and "...part of a
very NASTY
Adware-RootKit combo".

/* All the files were PREVIOUSLY submitted to all the companies listed in the
test. */

The fact remains.  Avast missed them -- period.

You stated "Surprisingly, F-Prot, and Sophos (and also Norman?), are all
paid-for a/v" yep,
and they were submitted to them !  However, it should be noted that sophos will
NOT detect
Virtumonde Adware.  They are making a NEW anti malware utility that will but the
versions on
the online scanners do NOT have engines and signatures for adware and other
non-viral
malware.


Should I do some more ?

It's pretty easy :-)
{ just time consuming }

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Anti virus Confused



| Sorry David, but I'll remain the "doctor" ; )
|
| The original poster was concerned that Avast missed many "viruses". My reply
| asked for a list of missed "viruses". Not adware/spyware, of which Avast and
| most other a/v's are still in their infancy in detecting.
| Regarding your "tests", the following can be clearly seen:
| For Adware/Spyware Virtumonde.DA.56 , only 4 of 15 programs tested were able
| to find this.
| For Trojan/Obfuscated.A.1 only 7 of 15 tested were able to detect this.
| For Trojan/Small.JM.10 only 6 of 15 tested came up with this one.
|
| This limited test of 1 particular adware/rootkit certainly does not validate
| any claim that Avast a/v is particularly worse than other a/v's. Quite the
| contrary, as only 7 of the 15 a/v's that were tested were able to make a
| detection in any 1 of the 3 tests.
| Surprisingly, F-Prot, and Sophos (and also Norman?), are all paid-for a/v
| programs, and I see that none of them were able to make a detection in any
| of the 3 tests.
|
| pc doc
|

So you know I am being fair.  Here is a Virus Total report on a SDBot "virus".

Avast missed this  :-)

I am fair becausde AntiVir missed this one too.
Oh look, Microsoft missed this one too  :-)

Antivirus   Version   Update   Result
AntiVir   6.35.1.11   08.31.2006   no virus found
Authentium   4.93.8   08.31.2006   no virus found
Avast   4.7.844.0   08.31.2006   no virus found
AVG   386   08.31.2006   no virus found
BitDefender   7.2   08.31.2006   no virus found
CAT-QuickHeal   8.00   08.31.2006   no virus found
ClamAV   devel-20060426   08.31.2006   no virus found
DrWeb   4.33   08.31.2006   no virus found
eTrust-InoculateIT   23.72.111   08.31.2006   no virus found
eTrust-Vet   30.3.3052   08.31.2006   no virus found
Ewido   4.0   08.31.2006   Backdoor.SdBot.avf
Fortinet   2.77.0.0   08.31.2006   W32/SDBot.BP!worm
F-Prot   3.16f   08.31.2006   no virus found
F-Prot4   4.2.1.29   08.31.2006   no virus found
Ikarus   0.2.65.0   08.31.2006   no virus found
Kaspersky   4.0.2.24   08.31.2006   Backdoor.Win32.SdBot.avf
McAfee   4842   08.31.2006   W32/Sdbot.worm.gen.bp
Microsoft   1.1560   08.31.2006   no virus found
NOD32v2   1.1734   08.31.2006   no virus found
Norman   5.90.23   08.31.2006   SDBot.AJBM
Panda   9.0.0.4   08.31.2006   W32/Sdbot.IAM.worm
Sophos   4.09.0   08.31.2006   no virus found
Symantec   8.0   08.31.2006   no virus found
TheHacker   5.9.8.202   08.31.2006   no virus found
UNA   1.83   08.31.2006   no virus found
VBA32   3.11.1   08.30.2006   Backdoor.Win32.SdBot.avf



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Anti virus Confused



[snip]

Quoted text here. Click to load it

David, I don't question at all whether you are being fair in your testing.
And I never claimed that Avast would not miss some viruses. My original
point was that Avast is not particularly worse in detecting viruses than the
majority of other a/v products. Your test results of the adware/rootkit and
this Sdbot virus clearly back up my opinion.
By-the-way, Avast *does* detect certain versions of the Sdbot virus, but
apparently not the version that you used for your test : )

pc doc



Re: Anti virus Confused

i wana keep avast because i like it, so what i tried to do was have
avast on for real time protection and have antivir only on for
on-demand scanning....

but it doesn't work. when i install antivir without the active guard
and then restarted my pc my avast said that it disabled a number of
components in real time protection because of antivir

how to i have avast on real time and antivir on on demand without
comprising avast's real time components


Re: Anti virus Confused



|
| David, I don't question at all whether you are being fair in your testing.
| And I never claimed that Avast would not miss some viruses. My original
| point was that Avast is not particularly worse in detecting viruses than the
| majority of other a/v products. Your test results of the adware/rootkit and
| this Sdbot virus clearly back up my opinion.
| By-the-way, Avast *does* detect certain versions of the Sdbot virus, but
| apparently not the version that you used for your test : )
|
| pc doc
|

That's may be becuase they are old.

All my samples are NEW.  That's important here.  you want protection against the
new as well
as the well recognized.

In the case of the SDBot variant, it was captured on a Unix server that emulates
Win32
vulnerabilities and captures the malware that tries to exploit the
vulnerabilities.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline