CAVS detection rate & repair ability

ganda · October 11, 2007, 12:51pm

hi (:WAV)
this question just pop up in my head today (too much cafein, i guess ;D ).
on my CAVS virus list there are 262119 virus sigs. i wanna know if CAVS only can detects them (and quarantine them) or repair the infected file as well?

Ganda

panic · October 11, 2007, 1:07pm

It really depends on the infection itself. Not all infections can be safely repaired without risking damage to the container file. I’m yet to see an AV that can categorically, 100%, guaranteed repair every infection. that’s why they all have multiple possible actions on a detection.

Ewen

ganda · October 11, 2007, 3:55pm

so can someone give perhaps a percentage value of chance that the infected file can be repaired by CAVS? i’ve used symantec before, the detection rate’s pretty good (i was infected by redlof, rontokbro & w32.silly) but it can’t repair the files infected by these viruses/worms. and i had to use Norman virus control to fixed them.

Ganda

ganda · October 11, 2007, 4:12pm

you mean whether the infection can be repaired or not depends on the infection condition? i thought, the repairment is based on the virus itself ==> CAVS can repair the files infected by “virus A” but only can detects & quarantine “virus B”.

ganda

Subliminal · October 11, 2007, 10:47pm

I like questions like this and answers like panic’s because they give me a reason to give a suggestion.

What I have always wanted to see from an anti-virus product is the ability to be able to repair 99% of unrepairable files.
Over the years, I have come across many files that cannot be repaired even the biggest paid for antivirus products and as said by panic, “Not all infections can be safely repaired without risking damage to the container file”

Obviously anti-virus companies have servers, we download our products from them, so for example, if a important system file, container file or any other important file that was beyond repair and would cause instability to the OS was infected, could the anti-virus connect to the developers server and download a legitimate, clean copy of that file and replace the infected one?
With that said, I know that many people use many different software products and that would require the developers to have ever single file from every piece of software on the server which in reality is not possible, but what im suggesting is that only files that are essential OS files that are required for your system to function correctly to be stored on the server.

Im no developer thats for sure, so im not sure how possible it would be.

So anyone have any idea if it would be possible? I’m just curious

Sub

panic · October 11, 2007, 11:10pm

Subliminal post:5:

I like questions like this and answers like panic’s because they give me a reason to give a suggestion.

What I have always wanted to see from an anti-virus product is the ability to be able to repair 99% of unrepairable files.
Over the years, I have come across many files that cannot be repaired even the biggest paid for antivirus products and as said by panic, “Not all infections can be safely repaired without risking damage to the container file”

Obviously anti-virus companies have servers, we download our products from them, so for example, if a important system file, container file or any other important file that was beyond repair and would cause instability to the OS was infected, could the anti-virus connect to the developers server and download a legitimate, clean copy of that file and replace the infected one?
With that said, I know that many people use many different software products and that would require the developers to have ever single file from every piece of software on the server which in reality is not possible, but what im suggesting is that only files that are essential OS files that are required for your system to function correctly to be stored on the server.

Im no developer thats for sure, so im not sure how possible it would be.

So anyone have any idea if it would be possible? I’m just curious

Sub

Interesting idea but the concept of re-distributing proprietary, copyrighted files would undoubtedly be raised. How would the AV companies know whether you are legally entitled to a particular file?

Ewen

ganda · October 12, 2007, 4:34am

welcome Subliminal (:HUG)

and don’t forget my questions ;D

Ganda

panic · October 12, 2007, 6:48am

We’re both right. Whether an AV can repair a particular infection depends, in part, on how the virus/trojan/whatever inserts its code into an existing file. Some infections are easy to remove and just about all AVs remove it safely. Other infections are harder to remove and only some AVs can remove it, and then some infections are almost impossible to remove without damaging the container file.

Ewen

ganda · October 12, 2007, 12:19pm

so, in this case how’s CAVS compared to other AV then?

and for this case, from 262.119 known malwares how many malwares that can be fixed by CAVS?
everybody’s bragging about detection rate,but it only needs 1 malware to mess things up, so i think repairability rate is far more important.

this is the case study (inspired by true story) ;D :
i have 3 computers : 1) victim computer
2) symantec installed computer
3) Norman Virus control computer

the victim computer has an invoicing application software and it was infected by rontokbro, so i copy the infected files to a flashdisk and try to scan the flashdisk on two other computers.

results :
1)symantec detects rontokbro, and the only option available is quarantine, (my whole 3 years data
files can’t be repaired)
2)norman detects it, and there were options to quarantine & repair, i repair the app, and i can use it
again.

conclusion :
i throw away them both since they’re all not free ;D

ganda