Huge samples collection

[Guest]

[Rednose]

Hey ganda

send me malware and you'll be cursed to the bone til your seventh reincarnation!

So if I send you malware you will give me 7 more lives after this one Give me your email adres m8

Greetz, Red.

[ganda]

Hey ganda

So if I send you malware you will give me 7 more lives after this one Give me your email adres m8

Greetz, Red.

,
oh btw you can find my email address if you click my name above the avatar. it's gmail, so i think you can't send app file   

[Free4Ever]

  Hello. Well I just tested Norton Internet Security 2008 with latest definitios and stuff and I found out that it's very good ( a little bit worst than Kaspersky, but only a little, so I think I won't change it now) Maybe when Comodo realeases CAVS 3   

[Burillo]

removed the links. here are some thoughts. Proper testing of NOD32 v3.0 is impossible, will now download (and use!) version 2.7. I had nothing to do and wrote a detailed report which you can read in my Windows Live blog.

[Burillo]

i do not agree. HIPS is the best thing to prevent unknown viruses, but there are too many users that just can't determine right from wrong, and that's where signature detection comes in. Yes, with HIPS we have 100% safety, but only when you know what you're doing, whereas virus signatures can 99% (counting false positives) assure you that you HAVE malware.

[Burillo]

retested NOD32 v2.7 (ditched v3.0) and finally got absolutely clear results. These were most current definitions available.

threats:     Signatures Extended Heuristics     detected/total (rate)

Not-a-virus  41         0        1              42/116         (36%)         
virus        8599       2        2754           11355/23573    (48%)
worm         1927       0        240            2167/2350      (92%)
trojan       8548       1        208            8757/9346      (93%)
malware      1489       190      17             1696/2035      (83%)
---------------------------------------------------------------------
overall                                         24017/37420    (64%)

note: NOD32 detected additional 27 infections when having ALL detection features enabled (seems like heuristics act better in conjunction with ordinary signatures)

[Burillo]

few days ago i did offline testing with outdated definitions (read previous posts), now i updated and rerun test. CAVS 2.0 detected:

1 more "other malware"
1 more worm
16 more trojans

no more "not-a-viruses" and viruses were detected.

BTW "undetected" archive for NOD32 is 82Mb, for CAVS is 755Mb...

[Burillo]

Dr. Web results:
threats:     Signatures Heuristics     detected/total (rate)

Not-a-virus  38         0              38/116         (32%)         
virus        21294      0              21294/23573    (90%)
worm         2318       0              2318/2350      (98%)
trojan       8069       3              8072/9346      (86%)
malware      1549       0              1549/2035      (76%)
---------------------------------------------------------------------
overall                                33271/37420    (89%)

[Ragwing]

Here's Avira AntiVir 7 Free Edition with high heuristic:

Not-a-viruses

Detected using signatures: 93/116, around 80%
Detected using heuristic: 0/116

Other malwares

Detected using signatures: 2172/2674, around 81%
Detected using heuristic: 3/2674

Viruses

Detected using signatures: 23009/24884, around 92%
Detected using heuristic: 165/24884

Worms

Now this is the interesting part. Avira seems to shutdown when scanning a certain file, haven't found out which one tho.

Trojans

Detected using signatures: 9483/10173, around 92%
Detected using heuristic: 13/10173

Total (NOTE: NOT INCLUDING WORMS)

Detection rate (signatures): 34757/37847, giving a detection rate of around 92%
Detection rate (heuristic): 181/37847, giving a detection rate of around 0,5%
Total detection rate: 92,5%

Summary
The results is actually pretty good for a free antivirus, it even beats NOD32 that you have to pay for. It would be interesting to know why Avira shutdown itself when it scans one of the worms, and get it fixed, so that I can fullfill the test.

Cheers,
Ragwing

[Burillo]

interesting... very interesting... Avira is quickly gaining my respect :-))) might even give it a try :-)))) apart from that worms problem - very, very good! but hey, isn't this COMODO forum?))))

[Ragwing]

interesting... very interesting... Avira is quickly gaining my respect :-))) might even give it a try :-)))) apart from that worms problem - very, very good! but hey, isn't this COMODO forum?))))

Yes it is, but you're allowed to speak good of all products not made by Symantec
And I think I might try to find out which one that causes the problem, not by scanning them one by one tho. Instead I'll record the whole process, then see which file it's scanning when it closes.
Then send it to Avira and see if they respond what caused the problem if they find any.

[Burillo]

yeah, could be just a bug... try to send it to jotti/virustotal first :-))))))))) and see what avira engine says :-))))))))

[ganda]

Yes it is, but you're allowed to speak good of all products not made by Symantec

new policy   

[panic]

Of course you can mention Symantec products. Every spectrum has to have two ends. 

[Burillo]

Symantec rulez! 

[Tags:]