Dr.web's Detection Rate
#1
Отправлено 06 Февраль 2009 - 03:45
It is to 17.6% worse result for Dr.Web!?
Did I make mistake somewhere in this small test?
(I am willing to send the archive to the Dr.Web's analysts if they are interested)
Thanks for your comments.
#2
Отправлено 06 Февраль 2009 - 04:11
You know it's really hard to come to conclusion that Dr.Web lacks in detection because of only 415 files (and it's 17.6% worse result).It seems to me that Dr.Web has no such good detection rate as we could expect. I used Dr.Web's CureIt and one of the free antivirus (not Avira) to scan archive which contains 415 malware files. CureIt found and removed only 313 files. The other antivirus found and removed 386 files.
It is to 17.6% worse result for Dr.Web!?
Did I make mistake somewhere in this small test?
(I am willing to send the archive to the Dr.Web's analysts if they are interested)
Thanks for your comments.
Many factors should be taken into consideration: from the curing abilities and false alarms to the ergonomic characteristics and updating availability.
If you are sure that you are using the latest CureIt and you want to make it better - send undetected files to the analysts here - http://vms.drweb.com/sendvirus/. Please attach only one file per submission fulfilling your e-mail and choosing the submission category - Suspicious file.
After recieving tickets you can publish them here to help the analysts analyze them quickly and append new signatures into their's base.
PC3000 UDMA & Data Extractor (производитель НПП АСЕ), Raid Explorer (производитель СОФТ-ЦЕНТР), Flash Extractor & Image Explorer (производитель СОФТ-ЦЕНТР), Victoria Full version (автор Сергей Казанский), R-Studio Data Recovery (производитель R-Tools Technology Inc.), GetDataBack for FAT (производитель Runtime Software), GetDataBack for NTFS (производитель Runtime Software), собственные разработки.
#3
Отправлено 06 Февраль 2009 - 04:28
Please attach only one file per submission fulfilling your e-mail and choosing the submission category - Suspicious file.
There are 102 files, so it means that I must attach file and fulfill my e-mail 102 times!? I hope there is an easy way to send these files to Dr.Web. May be they can give me ftp access to some folder to upload archive?
#4
Отправлено 06 Февраль 2009 - 04:36
MaybePlease attach only one file per submission fulfilling your e-mail and choosing the submission category - Suspicious file.
There are 102 files, so it means that I must attach file and fulfill my e-mail 102 times!? I hope there is an easy way to send these files to Dr.Web. May be they can give me ftp access to some folder to upload archive?
PC3000 UDMA & Data Extractor (производитель НПП АСЕ), Raid Explorer (производитель СОФТ-ЦЕНТР), Flash Extractor & Image Explorer (производитель СОФТ-ЦЕНТР), Victoria Full version (автор Сергей Казанский), R-Studio Data Recovery (производитель R-Tools Technology Inc.), GetDataBack for FAT (производитель Runtime Software), GetDataBack for NTFS (производитель Runtime Software), собственные разработки.
#5
Отправлено 06 Февраль 2009 - 05:40
Maybe they can provide me ftp access for uploading a bunch of malware that Dr.Web cannot detect and after that Dr.Web may be achieve better detection rate?
Is this better?
#6
Отправлено 06 Февраль 2009 - 10:38
Apologize for bad English.
Maybe they can provide me ftp access for uploading a bunch of malware that Dr.Web cannot detect and after that Dr.Web may be achieve better detection rate?
Is this better?
just send them in one archive, not a problem. it'll take a little bit more time for the answer. I guess all of that files are a garbage or trash. regarding detection rate, please read this statistics
#7
Отправлено 06 Февраль 2009 - 19:13
...I guess all of that files are a garbage or trash. regarding detection rate...
I reported it as bug http://bugs.drweb.com/bug_view_advanced_pa...?bug_id=0025248, but scanning in garbage or trash is normal drweb behavior.
Eugeny Vasiliev: This is normal. The scanner ignores the CRC in order to extract the maximum amount of data; Enough to extract the section of the code, which may detection.
#8
Отправлено 07 Февраль 2009 - 00:29
I tried to sent these files to Dr.Web using website form but the conection both times was closed before the archive was uploaded. Can you provide me email address so I can send the archive to Dr.Web if they are interesting at all in files I am talking about?
#9
Отправлено 07 Февраль 2009 - 01:02
I'm not sure about what garbage you are talking about? It is archive prepared for testing diferent antiviruses programs. It contains 415 selected files (viruses, worms, USB worms, trojans, spyware). On manual scanning Dr.Web removed 313 files and left 102 files. Other antivirus I used found many malware among these files. I launched these files to see if Dr.Web would detect it on launching. Dr.Web catched up a few more malware but, finally, left about 90 files. Then, I launched evry file to see what will happen ( ) and after that I scanned PC with MBAM which found 64 malware files and registry entries, mostly backdoor trojans and vundo variants. So, I doubt that all of these files are garbage.
I tried to sent these files to Dr.Web using website form but the conection both times was closed before the archive was uploaded. Can you provide me email address so I can send the archive to Dr.Web if they are interesting at all in files I am talking about?
virus monitoring service
#10
Отправлено 07 Февраль 2009 - 02:53
One more interesting thing.
I scanned the archive in two ways: running a scan using icon on the desktop and running a scan using shortcut from the context menu. There are differences in results between these two ways of scanning. In the first case Dr.Web removed 304 files, and in the second case 313 files. So when running a scan using shortcut in the context menu Dr.Web removed 9 files more! This is interesting to me because it seems that Dr.Web scanner uses only one profile.
#11
Отправлено 07 Февраль 2009 - 04:31
The settings are different I think.Thanks for the email Eugeny, I will send the archive tonight. Hope to get some response.
One more interesting thing.
I scanned the archive in two ways: running a scan using icon on the desktop and running a scan using shortcut from the context menu. There are differences in results between these two ways of scanning. In the first case Dr.Web removed 313 files, and in the second case 304 files. So when running a scan using icon on the desktop Dr.Web removed 9 files more! This is interesting to me because it seems that Dr.Web scanner uses only one profile.
Check to see.
#12
Отправлено 07 Февраль 2009 - 04:58
MBAM it it's not antivirus. it's stupid filename based detector...fake. IMOand after that I scanned PC with MBAM which found 64 malware files and registry entries, mostly backdoor trojans and vundo variants. So, I doubt that all of these files are garbage.
Doctor Web, Ltd.
#13
Отправлено 07 Февраль 2009 - 11:22
#14
Отправлено 07 Февраль 2009 - 20:24
Some vendors like to add detections through automated methods from every vx-collection there is and honeypots. It's probably also popular to make automatic detection for files received from jotti/virustotal if some other vendor detects the file too. They can quickly add huge number of "malware" to their databases without even analyzing a one single sample.
.. these vendors will gain good numbers on av-tests but the quality of detections are poor and this kind of software is unreliable.
#15
Отправлено 08 Февраль 2009 - 02:48
I sent the suspicious malware files to Dr.Web (the only way that files could be sent was to upload them and to send link) last night. I hope to get some response.
#16
Отправлено 15 Февраль 2009 - 16:53
MBAM it it's not antivirus. it's stupid filename based detector...fake. IMOand after that I scanned PC with MBAM which found 64 malware files and registry entries, mostly backdoor trojans and vundo variants. So, I doubt that all of these files are garbage.
I never knew this Konstantin,
i know it offers good removal rates, but ive also noticed many False Alarms whenever i have tried it.
i certainly would never have recommended someone to use MBAM instead of an antivirus, but i still believe its a good free tool to add to one.
Читают тему: 1
0 пользователей, 1 гостей, 0 скрытых