Kaspersky created a test which demonstrated problem with AV detections

Blog refers to a trap created by kaspersky, to show that many antivirus companies do not make a dynamic analysis of the samples that come to their laboratories, but rather copied the detections that appear on VirusTotal.
Kaspersky created 20 false positives and other companies copied the detection of samples that sends them VirusTotal.com.

source:
http://blogs.pcmag.com/securitywatch/2010/02/sw_tests_show_problems_with_av.php

http://www.eset.com/threat-center/blog/2010/02/02/kaspersky-virus-total-and-unacceptable-shortcuts#comment-81793

Research, News, and Perspectives

ForoSpyware” (spanish)

Hi Rolo,

Well, … without reading all of it despite I read some of the links you pointed to I am quite surprised that it’s called a “phenomenon” ???

1st, as it was pointed many many times – you cannot possibly rely on VirustTotal or any other online scanning submissions.
The reasons were already expressed I may not repeat that.

Then, currently on the market there are 3 major engines used by any existing AV solutions.
Most of them are Kaspersky and Avira engines.
There are several already, that are using double engine from a-squared (the recent example is Ashampoo)

The latter market is growing due to the best detection rate by a-squared that has a stable ranging in this area for a long long time.
Plus, as recent removal test and awards are showing a-squared is considered very strong in cleaning and the new version will bring more to that in addition to other innovations.

*** A side note:
sure and there should not be any doubts that the AV or Ant-Malware that can clean “all” and correctly will ever be created *** End of a side note

Finally re: engines

Probably Comodo has its own engine – I am not aware of that.
I tested the AV in the past & I’m not going to use it.

============

But then, and most important comment I would like to add (probably that is not very appropriate in the security related forum… but anyway

Did you ever tested keygens & cracks that are flagged by many security? :wink:
Do you know the percentage of those “detections" that are just fake?
How that is different to the main alleged “discovery” by Kaspersky?

So, what many vendors are doing is: going “there – you know where” :smiley: ; gathering “stuff” and creating signatures
Yes, yes… some of them are FPs because of packers … but do you think the flagging will be fixed as soon as the packer cracked?

That is a fake & damaging way for whole industry to fight piracy – you have hundreds of thousands signatures that should not be there in the 1st place with all bad implications.

The “phenomenon” ??? 88)…

Kaspersky should look into their own problems first, rather than creating “tabloid style sensational news”

I’m not impressed at all - and ignoring that.

*** edited ***
Sorry , I have to stress - I am ignoring Kaspersky , but not your message ;D

Cheers!

I see from VirusTotal that Comodo also detected many of the safe files as malware. I was expecting UnclassifiedMalware, but it was detected under specific names.

Here’s the links for VirusTotal from the articles that Comodo detected:
http://www.virustotal.com/analisis/5aee7efe6a1ad748c8f866218e42343bdbedee091a15e5931d5ccfd8b3b3b78d-1264831301

http://www.virustotal.com/analisis/0de6dfa1cc4a89c591a7d9fcbf241e4a25aadce63b187c37a18cf047c9f89772-1264867956

http://www.virustotal.com/analisis/7e79b4efded4c457be503891d6240c0676cb72d7c563e93836f3d4d57862b903-1264867923

http://www.virustotal.com/analisis/7e79b4efded4c457be503891d6240c0676cb72d7c563e93836f3d4d57862b903-1264867923

I would love a word from Comodo staff about how they test whether a file is malicious or not. I understand that it’s impossible to be sure and time is always an issue, but a word or two would be appreciated.

Hi Chiron494 ,

messages posted - 11:23 & 11:25 - we were in sync typing! …

How about creating a team and eventually beating Russian girls in the sync swimming competition ;D

Cheers!

Though the samples are described as “harmless” there would be no reason to have such “informal” test outlined on blogs and e-magazines without disclosing all the details (including the source-code) whereas also the likes of A-squared, Avira, F-Secure, Ikarus, McAfee, VBA32 detect such samples with specific names and Symantec flag them as suspicious.

I agree with the fact that KAV 2010 is very good with false positive, probably the best,
i used o think that i would better have false positives than no alerts and get infected bu i changed my mind when i scanned my drives with some of the best scanner for lot of people and i had like 600 or 700 malwares found at the end ! lol
so stupid results, as some digitally signed installer downloaded from the real website and very well known cant be a trojan.win32.blablablabla, and the list was full of same detections…so at one moment you have to be logic, and make a choice between a scanner with some crazy heuristic level that it classifies any .exe as a malware OR a scanner like kaspersky wich i use for some years and that doesnt scream for anything cause some little piece of some code looks like some malware. security application coders have to clarify all that, if i had 600 malwares on the system, imagine the speed of the machine…
that was a good idea to send false positives cause it doesnt help user to use a highly heuristic scanner and detects too many “nothing”, hey stop it, this file is not a malware, i just bought the software 5 min ago !
I’m fed up with false positives, hopefully Defense+ can help with that.