Beauregard T. Shagnasty said:Are you comfortable using a seven-year-old scanning engine?
Symantec virus definition packages frequently include corresponding
updates to the scan engine.
I wouldn't be. But I'm not.
Symantec virus definition packages frequently include corresponding
updates to the scan engine.
I verified this several years ago in a discussion with kurt wismer,
using process explorer.
Ron said:OK, I have a Norton 2005 disc, would this be a better to use than the
current free versions of AVG 8 or Avira AntiVir?
It's my impression that NOD32 is (or was) the best AV product out there
because it was "hooked" into a system in such a way as to intercept all
data going to your browser. Other AV products detected malware by
scanning the web-content that got cached by your browser.
I don't know if that has changed (and they all do what NOD32 does) at
this point.
I don't put much stock in AV products anyways (but maybe I would if XP
were my main OS, instead of Win-98).
But yes, your NAV 2005 disk should be fine - assuming it will install
and activate itself. I have no idea if, for example, it tries to
contact symantec and get the go-ahead to activate itself.
But if it installs ok, then you should have no problems performing an
update with it. If that doesn't work, google for "intelligent updater"
and download the current update package.
But be aware that NAV 2003 and newer became known for code-bloat. Many
people did not have good things to say about the performance hit caused
by those versions.
It's my impression that NOD32 is (or was) the best AV product out there
because it was "hooked" into a system in such a way as to intercept all
data going to your browser. Other AV products detected malware by
scanning the web-content that got cached by your browser.
I don't know if that has changed (and they all do what NOD32 does) at
this point.
I don't put much stock in AV products anyways (but maybe I would if XP
were my main OS, instead of Win-98).
But yes, your NAV 2005 disk should be fine - assuming it will install
and activate itself. I have no idea if, for example, it tries to
contact symantec and get the go-ahead to activate itself.
But if it installs ok, then you should have no problems performing an
update with it. If that doesn't work, google for "intelligent updater"
and download the current update package.
OK, I have a Norton 2005 disc, would this be a better to use than the
current free versions of AVG 8 or Avira AntiVir?
IMHO, no. Norton is not Symantec and Symantec is not Norton. Yes -
Norton products /are/ sold by Symantec.
Some here say that AVG 8 is a resource hog. Some have given up AVG for
AntiVir and some will say that you can't do much better than AntiVir.
These statements usually bring about some lively debates. You also need
to assess the remainder of your antimalware measures.
VanguardLH said:kurt wismer wrote: [snip]no, complain about sri.com not being able to design an anti-malware test
that comes anywhere near being reasonable...
virustotal is for testing malware, not anti-malware... even the people
who provide the service say anti-malware tests designed this way are
bogus...
They are upfront with the first statement declaring that their results
are from virustotal.com. They show ranking based on THOSE results. Use
their list for what you want. It's not like their hiding how they came
up with those results.
kurt said:VanguardLH said:kurt wismer wrote: [snip]no, complain about sri.com not being able to design an anti-malware test
that comes anywhere near being reasonable...
virustotal is for testing malware, not anti-malware... even the people
who provide the service say anti-malware tests designed this way are
bogus...
They are upfront with the first statement declaring that their results
are from virustotal.com. They show ranking based on THOSE results. Use
their list for what you want. It's not like their hiding how they came
up with those results.
it's not about hiding things it's about not understanding things... most
people don't understand that the way virustotal uses scanners is such
that their results are not representative of what a user of the full
anti-virus product would see...
telling people your results come from virustotal and admitting that
those virustotal results are inaccurate (thus making your results highly
questionable) are two entirely different things...
VanguardLH said:kurt said:it's not about hiding things it's about not understanding things... mostVanguardLH said:kurt wismer wrote: [snip]
no, complain about sri.com not being able to design an anti-malware test
that comes anywhere near being reasonable...
virustotal is for testing malware, not anti-malware... even the people
who provide the service say anti-malware tests designed this way are
bogus...
They are upfront with the first statement declaring that their results
are from virustotal.com. They show ranking based on THOSE results. Use
their list for what you want. It's not like their hiding how they came
up with those results.
people don't understand that the way virustotal uses scanners is such
that their results are not representative of what a user of the full
anti-virus product would see...
telling people your results come from virustotal and admitting that
those virustotal results are inaccurate (thus making your results highly
questionable) are two entirely different things...
Which means the results are for on-demand scanning, which is only a
portion of what anti-malware products provide (i.e., they also have
their real-time protections).
Name a test that doesn't do the same.
kurt said:- they aren't using the desktop engine but a command-line engine which
can and in some cases does differ significantly from the desktop equivalent
- they're using settings they can't reveal due to NDAs
- the versions of the products aren't necessarily all up to date or even
all equally out-dated
- they may halt engines that take to long for the service virustotal is
providing (and their performance requirements are different than those a
customer would have)
- they're using apples along-side oranges (different products meant for
different purposes) which you should never compare (for i hope obvious
reasons)
not too long ago av-test.org produced a test that included run-time
detection capabilities... here's a link describing the test and how the
proactive portion of it included actually running the samples:
http://www.virusbtn.com/news/2008/09_02
i gather from the most recent av-comparatives retrospective test that
they plan on implementing similar tests of dynamic detection sometime
this year...
VanguardLH said:But this subthread started due to Rick's comment that VirusTotal is
using an old version of NOD32 so there must be some indication to the
user as to which version was using during the summary period for that
test result report. However, I don't see SRI listing the version in
their summary report. I took a very quick peek at VirusTotal's site
and didn't see versions mentioned there, either. The only time that I
see the product version listed is when I submit a file to them and
then look at the scan report.
I've never trusted av-test.org. They get commissioned (paid) by AV
vendors to "test" that vendor's product but are guidelined as to the
test scenarios and sometimes as to even which sample of pests that
they are to test against. I'm not convinced they qualify as an
*independent* testing agency. I haven't seen one AV vendor who
commissioned av-test.org to test their product where that product
didn't come out shining like a white knight of security products.
Alas, I remember reading a blog or article from them where they
mention that costs are getting prohibitive to do this testing for
free. So they may go the way of VirusBulletin and others that charge
for testing an AV vendor's product. That means:
- Some vendors won't submit their product for testing, or they will be
selective as to who tests their product that results in presenting
them with the best image.
- Vendors can pay to have their product tested but they can also
request the results not be published. So if they did really poorly,
you don't get to see it.
- A bias can creep into the tester's methodology regarding products
for which they get paid to test, especially if repeatedly paid in
subsequent tests, and those that don't pay to get tested only
occasional pay to test their product.
Rick said:IMHO av-comparatives is a much better source for such
rankings, but even it has its limitations.
VanguardLH said:I don't recall using an AV product in which the UI app was the engine.
The engine is separate from the UI. In fact, the UI may be unloaded or
even crash but it doesn't take out the engine (the kernel-mode file
system filter).
Alas, there isn't much info at VirusTotal regarding their setup for each
AV product. For other tests, usually they announce that settings were
at "highest" (which doesn't often match the install-time defaults in
typical user installs).
But this subthread started due to Rick's comment that VirusTotal is
using an old version of NOD32 so there must be some indication to the
user as to which version was using during the summary period for that
test result report. However, I don't see SRI listing the version in
their summary report. I took a very quick peek at VirusTotal's site and
didn't see versions mentioned there, either. The only time that I see
the product version listed is when I submit a file to them and then look
at the scan report.
With a summary report that spans a period of time, it is possible the
version of the product has changed. That's why I submitted a request to
SRI that they either show coverage by product over several of their
summary reports (since a single snapshot alone is hard to guage how well
a product has fared over time), or keep an archive of their old summary
reports so users could copy them into a spreadsheet to see the
effectiveness of a particular product over repeated snapshots.
Not sure how timeout scans for a particular test could be included in a
summary report that includes multiple tests. But then users might not
want to use a product, even with high coverage, that takes a really long
time to detect a pest.
Yet each product included in the scan *claims* to also detect viruses.
There are few exactly identical products. If they were identical, we
wouldn't need any of these "results" summaries since every product would
fare the same as another because they were the same. When you shake
flour through sifter, you're looking for an overall granularity of
powder, not that it is a absolutely perfect consistency. They throw the
suspect at their sifters, one for each product, and see what falls
through. Like PGP, the test is pretty good. Not very good, or
extremely good, or perfectly good, but good enough to provide some gauge
of effectiveness.
I've never trusted av-test.org.
They get commissioned (paid) by AV
vendors to "test" that vendor's product but are guidelined as to the
test scenarios and sometimes as to even which sample of pests that they
are to test against. I'm not convinced they qualify as an *independent*
testing agency. I haven't seen one AV vendor who commissioned
av-test.org to test their product where that product didn't come out
shining like a white knight of security products.
The only free and publicly available "comparison" they offer on their
web site is how often the various AV products provide updates. Oh gee,
golly, big deal.
Alas, I remember reading a blog or article from them where they mention
that costs are getting prohibitive to do this testing for free. So they
may go the way of VirusBulletin and others that charge for testing an AV
vendor's product. That means:
- Some vendors won't submit their product for testing, or they will be
selective as to who tests their product that results in presenting them
with the best image.
- Vendors can pay to have their product tested but they can also request
the results not be published. So if they did really poorly, you don't
get to see it.
- A bias can creep into the tester's methodology regarding products for
which they get paid to test, especially if repeatedly paid in subsequent
tests, and those that don't pay to get tested only occasional pay to
test their product.
kurt said:you're being disingenuous... nobody said the engine was in the UI app,
rather, what was said was that the command-line tool that they are
provided with does not necessarily use the same engine as the desktop
tool that customers would normally use...
be that as it may, the timeouts that av companies build into their own
engines for the user's benefits are not the same as the timeouts that
hispasec (the virustotal folks) built into their system... the demands
on their system are considerably different than the demands on the
desktop...
be that as it may, they run tests that include behavioural detection...
which would be why they provide links to other publications that publish
their tests...
i really think your tinfoil hat needs refitting...
VanguardLH said:Programmers reuse code. They don't reinvent the wheel. They reuse the
same signature database. They reuse the same heuristics algorithms (if
any can be applied against static files, that is). The engine or driver
itself has no UI. Any windowed or console interface to it will call
methods available within the same modules used by the engine.
So, in other words, we have no information on which to base judgment as
to what causes the timeouts at virustotal.com for some products or can
even tell if those timeouts are typical of a particular product or are
pseudo-random across all products. That the a product times out as used
by virustotal.com cannot be used in determining whether or not a product
is adequate for use on a particular workstation. So why bring it up?
To bad they don't then go publish them so we users can actually see
them.
Actually I've never see those official reports from av-test.org
published at those companies that commissioned av-test.org to do the
test. All you get is the overview that the commissioner composed on
which they claim the av-test.org report. This comes back to who owns
the publication. It would be the entity that paid for its creation.
That might be why av-test.org can't provide a list of their reports. It
also means we won't ever see them except after their modification or
filtering to be aligned to the commissioner's intent.
Time to take off the rose-colored eyeglasses and see the real world.
Now we start the battle of mots. No thanks.
I read thru the entire thread, can someone please list the reliable sites
links where you can down load these software from?
I am afraid I may get some fake ones if I just click on anyone of them.
thanks you very much.
dcarch
I use the following, all free for the downloading:I am sorry, I am not very good in this kind of things.
do you recommend the following?
If so where are reliable places to get them?
Thanks again
dcarch