The MASM Forum
Projects => MASM32 => AV Software sh*t list => Topic started by: jj2007 on January 27, 2013, 12:20:45 PM
-
Just for fun, I downloaded a zip file from a phishing mail. M$ Security Essentials didn't find anything, but five out of 21 AV at Jotti found five different viruses (http://virusscan.jotti.org/en/scanresult/b2b3ba7f5763bbaba7b0973a31d754368904838e). So seventeen AV scanners didn't find anything suspicious in that executable. Maybe I should run it?
;)
-
"If you hang around a barbershop, eventually you'll get a haircut."
-
Hi Jochen,
In such situations, human is the best antivirus. Identifying the message as phishing , the most simple and effective action is to click the delete button.
-
Hi Erol,
I fully agree. The problem is that too many people are confident that their AV can handle the virus attached to the mail (and 17 of them can't handle it, including MSE), and that the same crappy AV cripple the good products of small software companies and hobby coders by falsely declaring them "dangerous".
-
Hi Jochen,
Your explanation is perfect, thanks. As you mentioned, the keyword is confidency. We, the assembly coders here in the forum are lucky as we know more about the internals of the OS and this will encourage us to make decisions about the measures to take against malwares. What is important is to be always careful as much as possible.
-
Hi Jochen,
Maybe I should run it? ;)
delete it and you're on the safer side.
Gunther
-
A failure to detect a problem in a scan does not equate to an inability to detect it, and kill it, when it becomes active on a protected system. If they could rely on scans to detect a problem, there would be no need for real-time protection.
-
Maybe I should run it?
;)
Maybe it would be safer if you run it on virtualized Windows?
-
I just got nailed with a trojan that went through AVG, but it only takes a couple hours to rebuild my machine. Re installing everything gets rid of alot of crap, and i have an extra 150G of disk space now.The only problem is installing masm, my AV thinks that alot of the examples are viruses, so it takes a little time to set up the exceptions. Still it not a bad thing to clean out your machine once in a while.
-
Maybe it would be safer if you run it on virtualized Windows?
or running a sandbox software.
-
Microsoft relativiert schlechte Ergebnisse von AV-Test (http://www.heise.de/security/meldung/Microsoft-relativiert-schlechte-Ergebnisse-von-AV-Test-1786029.html)
Key lessons learned from the latest test results (http://blogs.technet.com/b/mmpc/archive/2013/01/16/lessons-learned-from-the-latest-test-results.aspx)
Many AV tests are - like benchmarks - unrealistic. It always depends on the setup of the test.
"If you hang around a barbershop, eventually you'll get a haircut."
Full ACK.
Greenhorn
-
I'm using AVIRA and I finally had m y first acknolwedged false postive. :)
I was writing a small program which just encrypts some data and suddenly the AV started to tell me that there is a trojan in that program. :) Maybe I should upload it to some online scanners and see what they have to say about it.
-
Hi sys64738,
I'm using AVIRA and I finally had m y first acknolwedged false postive. :)
AVIRA tends to produce false positives.
Gunther
-
I'm using AVIRA and I finally had m y first acknolwedged false postive. :)
I was writing a small program which just encrypts some data and suddenly the AV started to tell me that there is a trojan in that program. :) Maybe I should upload it to some online scanners and see what they have to say about it.
I have found all scanners to be next to useless.
I have uploaded both live samples and perfectly safe assembly programs.
They have greatly misidentified real anti malware.
They identify perfectly normal small assembly programs as malware.
This includes programs that are so small, that it is impossible to have any payload.
:-)
That's maybe why some Russian nuclear plants got Stuxnet many months after it's very public announcement.
Andy
-
AdAware does a decent job for me
i also use MalwareBytes - but it doesn't catch some viruses
-
People who rely on AV scanners have been fooled by the marketing hype aimed at the technically illiterate. They will catch many things that don't matter, deliver an ever increasing list of generic tests (heuristic scanners) that deliver false positives and regularly miss the newer dangerous stuff.
There is no substitute for knowing your OS/Computer, knowing how to secure it, never ever run anything that you don't know and have a disk image of your boot partition as a backup. While there are exceptions, I have the suspicion that virus writers and AV scanner vendors are respectively the demand and supply sides of selling security software that are part and parcel of the same operation. I generally recommend Kaspersky, Eset and the generic Microsoft AV scanners for those who must use them but only if they maintain the correct discipline of not running trash and properly securing their computer. A VM sandbox is also a handy toy if you must run risky things.
-
False Alarm Tests here (http://www.av-comparatives.org/false-alarm-tests/)
-
False Alarm Tests here (http://www.av-comparatives.org/false-alarm-tests/)
Cute - that merits a ranking (September 2013 (http://www.av-comparatives.org/wp-content/uploads/2013/09/avc_fp_201309.pdf)):
#false positives
0 MSE
1 ESET
2 F-Secure
3 Fortinet
5 Kaspersky
7 Emsisoft
8 BitDefender
8 BullGuard
8 Sophos
10 Avast
13 AhnLab
13 Qihoo
14 Trend Micro
20 Avira
20 Kingsoft
20 McAfee
20 Panda
20 Tencent
22 G Data
28 AVG
28 eScan
37 Symantec
37 Vipre
-
Avira is at the rear third of the AV scanners. What a shame.
Gunther
-
More or less fits my view on AV scanners, the classy ones like Eset and Kaspersky have a far lower false positive count and so far the Microsoft one seems to be OK. Anything on the tail end of the list needs to be converted to free disk space.
-
I don't believe the MSE ranking.
When I used it, it had all kinds of false positives.
Even on 2000 byte files that I made that did next to nothing.
Andy