| reply to FF again
Re: Heuristics av-test 10-2003 by checkvir.com! A&A
Abbas.5660
Accept.3773
Account_Avenger.873
Aforia.656
Aiwed.852
Alabama
Alexe.1287
Alfons.1344
Algerian
Amazon.500
Ambulance
Amoeba
Anarchy.6503
Andreew.932
Angels.1571
Annihilator.673
Another_World
Anston.1960
Anthrax
Anticad.4096.A
....
and so on...
point me please to a "new virus but not itw" in the year 2003.
I repeat it: We are speaking about a heuristics test in the year 2003 and not in the year 1996.
For your notes, the Ambulance virus (alias RedX) was detected back in 1990. Same with almost all other stuff in this "high quality" testbed. And of course, this test was ok. Sure it was. If you use DOS Scanners like TAV or MC Afee for DOS. Most of the actual AV's do not even have a DOS Heuristics because it's not really important anymore.
---> Fazit: Bullshit of it's best.
--
Live Video Stream from home!
Here you can watch me at home in realtime.  |
|
| NOD32 is the leader in heuristic's scanning, that test, far beyond scientific as it is, doesn't even use the latest version of NOD32, or even use its heurisitic capabilities to its full capacity. |
|
|
|
 VampirefoPremium,MVM
join:2000-12-11
Huntington, WV
kudos:1 | said by dos9:
NOD32 is the leader in heuristic's scanning, that test, far beyond scientific as it is, doesn't even use the latest version of NOD32, or even use its heuristic capabilities to its full capacity.
Leader ? No I am sorry they are not even close to the leaders, Nod's heuristic's is at the bottom almost non existent, they could just remove it from the scanner no one would miss it.
Can you name a virus or post a link to a virus in an IM to me that Nod can detect via heuristic that other AV's don't detect.
What was the last virus you detected using only Nod's heuristic's scanner?
--
Spam Officially Legal |
|
1 edit | said by Vampirefo:
What was the last virus you detected using only Nod's heuristic's scanner?
I have a friend whom I share samples with, who has detected some new trojan downloaders and servers heuristically, that NAV didn't detect until I submitted to SARC. I agree with FF again  {FutureFriend} that NOD would do much better if AH had been included in the quoted results. I have changed my thinking on this issue, that's why I figured some might be surprised to hear it. 
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13) |
|
| reply to dos9
said by dos9:
NOD32 is the leader in heuristic's scanning, that test, far beyond scientific as it is, doesn't even use the latest version of NOD32, or even use its heurisitic capabilities to its full capacity.
can the leader NOD32 detect this?
--
hit any user to continue |
|
VampirefoPremium,MVM
join:2000-12-11
Huntington, WV
kudos:1 | reply to Randy Bell
Yes, with AH I have even said would bring Nod's results up among the Leaders, but AH is not tested nor should it ever be included in any test Until Nod adds it for selection.
AH is a hidden option and until Nod decides to unhide it no tester should waste time on it, Nod has it hidden for a reason.
--
Spam Officially Legal |
|
| said by Vampirefo:
Yes, with AH I have even said would bring Nod's results up among the Leaders, but AH is not tested nor should it ever be included in any test Until Nod adds it for selection.
AH is *very* promising and I agree, I don't understand why ESET doesn't more fully integrate it into the AV.
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13) |
|
VampirefoPremium,MVM
join:2000-12-11
Huntington, WV
kudos:1 | I think they put to much Marketing into the VB test and fear failing it due to a false detection.
--
Spam Officially Legal |
|
mvduPremium
join:2003-07-28
Collegeville, PA
kudos:1 | reply to purelander
I don't know about NOD32, but KAV does. |
|
 StraitShootWho Loves Ya Baby? - Theo KojakPremium
join:2003-02-08
Clinton, MA
kudos:1 | said by mvdu:
I don't know about NOD32, but KAV does.
Well, maybe NOD32 would not detect it because it looks like to me a harmless text file...
--
I'm Mad With Power! |
|
IGGYNo Guru Just Here To HelpPremium,MVM
join:2001-03-30
Chatham, IL | reply to purelander
Not sure that attachment is within forum rules. But KAV 5.0 does detect it. |
|
| reply to Vampirefo
I have seen nod32 on a lot of computers and with out doubt it is way over rated. It does scan very fast, that is because it basicaly doesn't have an unpacking engine and it's huristics are no better than kav's mcafees or any other premium antivirus.It does well in vb tests but I question their testing ethics.They will disallow a 100% vb award because of one false positive even though the av detected 100% of the malware. |
|
| reply to Vampirefo
said by Vampirefo:
said by dos9:
NOD32 is the leader in heuristic's scanning, that test, far beyond scientific as it is, doesn't even use the latest version of NOD32, or even use its heuristic capabilities to its full capacity.
Leader ? No I am sorry they are not even close to the leaders, Nod's heuristic's is at the bottom almost non existent, they could just remove it from the scanner no one would miss it.
Can you name a virus or post a link to a virus in an IM to me that Nod can detect via heuristic that other AV's don't detect.
What was the last virus you detected using only Nod's heuristic's scanner?
Oh it is the leader in heurisitc detection, no need to be sorry. The extent of the uneducated opinion of your post is proven by the fact you think the standard heurisitc's would make no difference if removed.
As for examples of what AH detects and others do not, unless the virus has just been released, no doubt the others will have signatures for it. Although they could have problems with variants if NOD detected it via heurisitics and the others signatures, all depends. But sure, I will provide examples of viruses NOD32 did detect via AH, while the others may not have.
W32/Gibe.E
Win32/Aliz.A
Win32/Aplore.A
Win32/Apost.A
Win32/Auric.A
Win32/Badtrans.13321
Win32/Badtrans.29020.A
Win32/Bagle.A
Win32/Bibrog.E
Win32/Braid.A
Win32/Bugbear.A
Win32/Bugbear.B
Win32/Cervivec.A
Win32/Choke.A
Win32/ExploreZip.J
Win32/FBound.C
Win32/Frantes.A
Win32/Frethem.F
Win32/Frethem.K
Win32/Frethem.K
Win32/Frethem.L
Win32/Ganda.A
Win32/Gant.B
Win32/Gibe.A
Win32/Gokar.A
Win32/Goner.A
Win32/HLLW.GOP.196_3
Win32/Hai.A
Win32/Hawawi.A
Win32/Holar.H
Win32/Kazaa.Benjamin
Win32/Kitro.C
Win32/Kitro.D
Win32/Klez.A
Win32/Klez.B
Win32/Klez.C
Win32/Klez.D
Win32/Klez.E
Win32/Klez.H
Win32/Klez.J
Win32/Lioten.A
Win32/Lirva.A
Win32/Lirva.C
Win32/Lovgate.A
Win32/Lovgate.C
Win32/Lovgate.G
Win32/Lovgate.H
Win32/Lovgate.I
Win32/Lovgate.J
Win32/Lovgate.K
Win32/MSInit.B
Win32/Maldal.C
Win32/Maldal.G
Win32/Melare.A
Win32/Mylife.A
Win32/Mylife.B
Win32/Mylife.F
Win32/Mylife.G
Win32/Mylife.J
Win32/Myparty.A
Win32/Navidad
Win32/Nebiwo.B
Win32/Nebiwo.C
Win32/Newbiero.54
Win32/Nicehello.A
Win32/Nimda.A
Win32/Opaserv.A
Win32/Opaserv.B
Win32/Opaserv.C
Win32/Opaserv.D
Win32/Opaserv.E
Win32/Opaserv.F
Win32/Opaserv.G
Win32/Opaserv.J
Win32/Opaserv.M
Win32/Opaserv.N
Win32/Opaserv.O
Win32/Opaserv.R
Win32/Opaserv.U
Win32/Opaserv.Y
Win32/PrettyPark
Win32/Prolin.A
Win32/Roron.41
Win32/Roron.50
Win32/Sircam.A
Win32/Sobig.B
Win32/Sobig.C
Win32/Sobig.D
Win32/Sobig.E
Win32/Stator.62464
Win32/Surnova.A
Win32/Surnova.D
Win32/Swen.A
Win32/Yaha.A
Win32/Yaha.B
Win32/Yaha.D
Win32/Yaha.E
Win32/Yaha.F
Win32/Yaha.M
Win32/Yaha.N
Win32/Yaha.O
Win32/Yaha.V
Win32/Yaha.W
Win32/Yaha.X
Win32/Zoek.D
Win32/Zoher.A
Worm.automat.ahb
Last viruses I detected via NOD32's AH was a few weeks ago at most. |
|
| Hello,
You seem to have a small collection of widespread
worms. I would be interested in knowing how perform
Antivir's AVLEXA heuristics (beta version)against these
samples. I've been testing it against a subset of my
small trojan horses collection (most are or have been
quite widespread) and found it very impressive. Here is
the result :
------------------
VDF version: 6.18.0.99 - FUP(0), created 01/21/2004
AntiVir license: XXXXXX for AVLEXA Betatestlizenz
checking the master boot record of drive 80h
checking the boot record of drive D:
checking drive/path (list): D:\TMP\SECU\TROJANS\INFECTIOUS
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Arcanum_Server.exe
HEURISTIC/Backdoor.Generic (VB6)
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Armageddon2_server.exe
HEURISTIC/Backdoor.Unknown.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Armageddon_server.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Assassin_serv1.exe
HEURISTIC/Backdoor.Unknown.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\AVKillah.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Beast_201server.exe
HEURISTIC/Trojan.Downloader.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Bionet_Server.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Bionet_Unpacked_Server.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Devious_server.exe
HEURISTIC/Backdoor.Unknown.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Fade_Server.exe GENERIC
TROJAN (Keylogger)
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\fwkill.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Gost_server.exe
HEURISTIC/Backdoor.Generic (VB6)
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Institution_Server.exe
HEURISTIC/Trojan.Downloader.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Insurrection_Server.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Katux2_server.exe GENERIC
TROJAN (Password Stealer)
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\Katux_server.exe GENERIC
TROJAN (Password Stealer)
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\killer_ees.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\lan_hacker_Server.exe
GENERIC BACKDOOR
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\NetDevil15_Server.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\NetDevil_Server.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\OptixKiller3.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\OptixLite04_server.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\OptixLite_Server.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\OptixPro_SERVER.exe
HEURISTIC/Trojan.AVKiller.Generic
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\qrat_Server.exe GENERIC
TROJAN (Password Stealer)
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\s7packed.exe GENERIC
TROJAN (Password Stealer)
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\serv_packed1.exe GENERIC
BACKDOOR
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\SilentSpy_server.exe
GENERIC TROJAN (Keylogger)
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\sub7_server1.exe GENERIC
TROJAN (Password Stealer)
!Supicious File! D:\TMP\SECU\TROJANS\INFECTIOUS\theef_server.exe GENERIC
TROJAN (Password Stealer)
----- scan results -----
directories: 1
files: 64
infected: 0
suspicious: 30
warnings: 0
scan time: 00:00:03
--------------------------
Thank you for using AntiVir
AVLEXA v2.2.1 loaded successful.
-------------------------
For this small test set, it reaches almost 50% of detection.
Taking into account the fact that most of the samples are
programmed in HLL (Delphi or VB), and that they are trojan
horses (making it more difficult to characterize whether
their behaviour is "malicious" or not than for worms or
viruses), these results seem very good (as a comparison,
results of a test on various AV heuristics published in
09/2002 by Andreas Marx mentionned a maximum detection
rate - over all tested AV - of 26% for this kind of
malware).
Another contributor of the fr.comp.securite.virus
newsgroup reported that various dialers and worms were
also detected (klez, opaserv, dumaru, happy99, etc.) and
that even the famous zmist have been spotted by AVLEXA !
I had two false positives that have been sent to the
developpers (i.e. to Gladiator_AV). One is a genuine
dialer (provided by a regular french ISP), the other
in Panda Antivirus signature database (this is a well
known problem : Panda does not crypt well its signature databases).
I also had problem scanning some zip files (it did only
detect the first infected file in the archive, maybe I
should also send it to Gladiator_AV).
I would therefore be interested in a more thourough test
of this product against worms/file viruses.
--
Tweakie |
|
 bcoolPremium
join:2000-08-25
The Ozarks
1 edit | reply to purelander
said by purelander:
said by dos9:
NOD32 is the leader in heuristic's scanning, that test, far beyond scientific as it is, doesn't even use the latest version of NOD32, or even use its heurisitic capabilities to its full capacity.
can the leader NOD32 detect this?
there's nothing here right but a .txt file in the archive.
nothing to detect in any event NAV03 was silent...
EDIT: Ah, I get it. KAV detected the following:
e.zip Archive: ZIP
e.zip/e.txt Suspicion: Exploit.CodeBaseExec |
|
