Author Topic: CAV3 detection rate test [2008.10.05] - 10.26% [CLOSED]  (Read 35576 times)

Offline solcroft

  • Comodo Loves me
  • ****
  • Posts: 146
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #210 on: October 06, 2008, 04:50:26 AM »
To reiterate, my point was that if prevention is so hot, why is D+ using detection?

What happened to the "Prevention is 1st line of defense" catchphrase?

Just in case you guys miss my point again, I have nothing against D+'s malware heuristic feature. In fact, I think it should be expanded more. What I'm trying to point out is that prevention is nothing but an empty slogan that sounds good on paper, but in reality just pushes responsibility and shifts blame to the users. I find it dangerous that Comodo's salesmanship of this slogan is actually working: users praise Comodo if they know how to use D+, and blame themselves if they make a mistake. The antivirus and D+ malware heuristic badly need improving upon, and let's not use more "prevention" slogans to try to cover up that fact.
« Last Edit: October 06, 2008, 04:53:06 AM by solcroft »

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #211 on: October 06, 2008, 04:52:54 AM »
That's another discussion for another thread. as the whitelist expands.. It won't be left on the user :P
Windows 7 x64
AMD FX 8120, 8gb ram, ATI 6870 1gb

3xist

  • Guest
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #212 on: October 06, 2008, 04:55:27 AM »
To reiterate, my point was that if prevention is so hot, why is D+ using detection?

What happened to the "Prevention is 1st line of defense" catchphrase?

Just in case you guys miss my point again, I have nothing against D+'s malware heuristic feature. In fact, I think it should be expanded more. What I'm trying to point out is that prevention is nothing but an empty slogan that sounds good on paper, but in reality just pushes responsibility and shifts blame to the users. I find it dangerous that Comodo's salesmanship of this slogan is actually working: users praise Comodo if they know how to use D+, and blame themselves if they make a mistake. The antivirus and D+ malware heuristic badly need improving upon, and let's not use more "prevention" slogans to try to cover up that fact.

We would appreciate any ideas you have on improving D+. But pls create a new thread. Back on topic...

Josh
« Last Edit: October 06, 2008, 04:57:30 AM by 3xist »

Offline Toxteth O'Grady

  • Comodo's Hero
  • *****
  • Posts: 592
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #213 on: October 06, 2008, 05:00:06 AM »
Hey Toxteth O'Grady

Nice image of D+! As you can see... Prevention should be your first line of Defense! Do you mind sending me this malware?

Thanks
Josh


I think I send you a PM... Did you get it? If not, I'll email the files to you.

3xist

  • Guest
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #214 on: October 06, 2008, 05:01:10 AM »
I got the links but they are advertisements and I think I need to log in.

If you don't mind emailing me the samples. :)

Josh

Offline Toxteth O'Grady

  • Comodo's Hero
  • *****
  • Posts: 592
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #215 on: October 06, 2008, 05:18:07 AM »
I got the links but they are advertisements and I think I need to log in.

If you don't mind emailing me the samples. :)

Josh


No, these links are not just ads. It's a free hosting site, that's how they make money.   :D

You'll have to wait a few seconds before the download link appears. There is a counter (countdown) at the bottom of the page.

Never mind, I'll send an email.  ;)



Edit:

email containing 4 samples sent.
« Last Edit: October 06, 2008, 05:28:21 AM by Toxteth O'Grady »

3xist

  • Guest
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #216 on: October 06, 2008, 05:52:26 AM »

No, these links are not just ads. It's a free hosting site, that's how they make money.   :D

You'll have to wait a few seconds before the download link appears. There is a counter (countdown) at the bottom of the page.

Never mind, I'll send an email.  ;)



Edit:

email containing 4 samples sent.

Thx m8...

Got em.

Josh

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: CAV3 detection rate test [2008.10.04] - 0.00%
« Reply #217 on: October 06, 2008, 07:56:32 AM »
Well, that's a pretty amazing accusation, since if you actually read the links I provided you'll find out it's the AV industry who's pointing out that the WildList is obsolete. You make it sound like as though the industry is singing praises about the WildList, but I know better than them.
Live system, samples are not executed. Your first question makes no difference to the results, and the second is kind of a no-brainer.


My 'accusation' as you put it was that if you seek to elevate yourself to the definitive AV testing position,then a detailed appraisal of your methodology would be expected as a guide to your credibility.Certainly no insult was intended in that statement but you've made some strong statements that do need scrutiny.

As to my question on dormant or running malware it actually makes a huge difference in the real world if your tests are to be the new benchmark.Whether a particular AV detects a dormant sample may well be of passing interest,but in practical terms it's entirely irrelevant and that is the justifiable criticism of some other testing methodologies.What is  relevant to the performance of a security solution is it's ability to block/detect active,running malware in the real world.PC world have run a number of these type of tests which,although limited in number,have provided some useful results.

Offline Toxteth O'Grady

  • Comodo's Hero
  • *****
  • Posts: 592
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #218 on: October 06, 2008, 08:27:00 AM »
Here is another example of an embedded malware that is not detected by many AV scanners, including CIS.
http://www.virustotal.com/analisis/82ab4566701d9f1f792cdddcdd48b019


However, D+ was effective once again.
http://img232.imageshack.us/my.php?image=setupul9.gif



After permission was denied, the file deleted itself, which was also detected here:
http://camas.comodo.com/cgi-bin/submit?file=d51720fe367d6966ce9a2b4ef71eb67ee49e4bd6022be32553e5fcea09220135
« Last Edit: October 06, 2008, 08:29:08 AM by Toxteth O'Grady »

Offline solcroft

  • Comodo Loves me
  • ****
  • Posts: 146
Re: CAV3 detection rate test [2008.10.04] - 0.00%
« Reply #219 on: October 06, 2008, 08:45:52 AM »
My 'accusation' as you put it was that if you seek to elevate yourself to the definitive AV testing position,then a detailed appraisal of your methodology would be expected as a guide to your credibility.Certainly no insult was intended in that statement but you've made some strong statements that do need scrutiny.
"Definitive AV testing position"?

I merely stated a fact. If you think my statements need scrutiny, I've provided the relevant evidence to back them up. Perhaps your time would be better spent performing that scrutiny, instead of just talking about it but being too lazy to actually do it, being more interested in spouting uninformed opinions instead.

As to my question on dormant or running malware it actually makes a huge difference in the real world if your tests are to be the new benchmark.Whether a particular AV detects a dormant sample may well be of passing interest,but in practical terms it's entirely irrelevant and that is the justifiable criticism of some other testing methodologies.
Regurgitation of popular media buzzwords with an obvious lack of understanding what they mean.

A piece of malware is a piece of malware. Its code does not change regardless of whether it's active or dormant. Unless the on-access and on-demand scanners use different signatures and/or engines (which I'm pretty sure CAV doesn't), whether a piece of malware is active or dormant is irrelevant to detection.

Harping on the distinction between active and dormant malware is nothing but a technicality in this case, with no practical significance whatsoever.

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: CAV3 detection rate test [2008.10.04] - 0.00%
« Reply #220 on: October 06, 2008, 09:10:10 AM »
"Definitive AV testing position"?

I merely stated a fact. If you think my statements need scrutiny, I've provided the relevant evidence to back them up. Perhaps your time would be better spent performing that scrutiny, instead of just talking about it but being too lazy to actually do it, being more interested in spouting uninformed opinions instead.
Regurgitation of popular media buzzwords with an obvious lack of understanding what they mean.

A piece of malware is a piece of malware. Its code does not change regardless of whether it's active or dormant. Unless the on-access and on-demand scanners use different signatures and/or engines (which I'm pretty sure CAV doesn't), whether a piece of malware is active or dormant is irrelevant to detection.

Harping on the distinction between active and dormant malware is nothing but a technicality in this case, with no practical significance whatsoever.

What you state as 'fact' is merely hot air unless backed up by some form of framework.As to me being too lazy to run these tests some of us have a business to run and can't spend endless amounts of time on such trivia.

As to harping on about the distinction between active and dormant malware (didn't realise one mention is harping),if you can't tell the practical implications of the difference between them then you're a fine example of the old saying that "an ounce of common sense is worth a pound of knowledge"

A sandbox can prevent virtually all malware infections without being able to detect a single piece of malicious code,yet you ridicule Melih for his stating that prevention is better than cure.I'm beginning to think that your motivation is something other than a neutral observer.

Malware is only malicious when it's running when dormant it's merely code.The ability to prevent the former or detect the latter,which is important?
« Last Edit: October 06, 2008, 09:16:38 AM by andyman35 »

Offline solcroft

  • Comodo Loves me
  • ****
  • Posts: 146
Re: CAV3 detection rate test [2008.10.04] - 0.00%
« Reply #221 on: October 06, 2008, 09:25:24 AM »
What you state as 'fact' is merely hot air unless backed up by some form of framework.As to me being too lazy to run these tests some of us have a business to run and can't spend endless amounts of time on such trivia.
The evidence has been provided. I don't know if you're acting stupid, or are really stupid, or do not know how to click on the provided links, or are illiterate and do not know how to read English after clicking on those links. gibran read the reports, and replied with well-thought responses. Debating this with you, on the other hand, looks like nothing but an absolute waste of time. If you are unwilling or do not have the time to educate yourself on these matters so that you can produce informed opinions and arguments, please don't try to engage in debate.

Malware is only malicious when it's running when dormant it's merely code.The ability to prevent the former or detect the latter,which is important?
More regurgitation of media (or possibly Melih) hype with zero background knowledge and understanding.

Recognizing a program as "malicious" is something only a human being can do. Antivirus scanners have no such capability. They scan the code, and if something in it matches what they're programmed to look for, they identify the file as infected. Whether or not the file is active or dormant makes no difference to the scanner, because the code doesn't change.

I can't believe I'm explaining something this simple TWICE. Scanners identify files based on their code. Scanners do not and cannot care whether a file is malicious, or at what times is it malicious. All they can do is scan the code. Please get this into your head before you try to teach others about common sense - something you obviously lack.

Offline Star Shadow

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 373
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #222 on: October 06, 2008, 09:52:39 AM »
Here is another example of an embedded malware that is not detected by many AV scanners, including CIS.
http://www.virustotal.com/analisis/82ab4566701d9f1f792cdddcdd48b019


However, D+ was effective once again.
http://img232.imageshack.us/my.php?image=setupul9.gif



After permission was denied, the file deleted itself, which was also detected here:
http://camas.comodo.com/cgi-bin/submit?file=d51720fe367d6966ce9a2b4ef71eb67ee49e4bd6022be32553e5fcea09220135

Damn. AntiVir, Kaspersky, and NOD32 didn't detect that one. :O But AVG did. Just shows that you need multiple antivirus programs to stay safe in this world. << Though, D+ is great and it gave you that alert, would a uninformed user click allow or deny?
Married to a loving wife. :)

Offline LeoniAquila

  • Retired moderator
  • Comodo's Hero
  • *****
  • Posts: 6745
Re: CAV3 detection rate test [2008.10.05] - 10.26%
« Reply #223 on: October 06, 2008, 09:53:13 AM »
The evidence has been provided. I don't know if you're acting stupid, or are really stupid, or do not know how to click on the provided links, or are illiterate and do not know how to read English after clicking on those links. gibran read the reports, and replied with well-thought responses. Debating this with you, on the other hand, looks like nothing but an absolute waste of time. If you are unwilling or do not have the time to educate yourself on these matters so that you can produce informed opinions and arguments, please don't try to engage in debate.

More regurgitation of media (or possibly Melih) hype with zero background knowledge and understanding.

Recognizing a program as "malicious" is something only a human being can do. Antivirus scanners have no such capability. They scan the code, and if something in it matches what they're programmed to look for, they identify the file as infected. Whether or not the file is active or dormant makes no difference to the scanner, because the code doesn't change.

I can't believe I'm explaining something this simple TWICE. Scanners identify files based on their code. Scanners do not and cannot care whether a file is malicious, or at what times is it malicious. All they can do is scan the code. Please get this into your head before you try to teach others about common sense - something you obviously lack.

Please keep a friendlier tone or we will have to use the forum policy violation board. (:m*)

LA

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 13584
    • Video Blog
prevention as your first line of defense
« Reply #224 on: October 06, 2008, 10:29:04 AM »

Recognizing a program as "malicious" is something only a human being can do. Antivirus scanners have no such capability. They scan the code, and if something in it matches what they're programmed to look for, they identify the file as infected. Whether or not the file is active or dormant makes no difference to the scanner, because the code doesn't change.

I can't believe I'm explaining something this simple TWICE. Scanners identify files based on their code. Scanners do not and cannot care whether a file is malicious, or at what times is it malicious. All they can do is scan the code. Please get this into your head before you try to teach others about common sense - something you obviously lack.

Guys your valuable efforts will go nowhere! Cos the intention that solcroft has is not about learning but putting Comodo down. Its as simple as that! Lets concentrate on people who need help rather than trolls who come here with ulterior motive to bash Comodo.

Lets declare this topic "DO NOT FEED THE TROLL ZONE" :)

Melih

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek