Hi Andrew:
>> scanner being the main line of defense is dead . . . it's just that most people don't know it yet<< Well - today there were 80 or so infected emails that would have gone through. While AV scanning may not be the "main line", it certainly is still a crucial element. Just ONE email raises the chance that some uninformed end user and one of our customers could get their entire network taken over and could cost man-days to rebuild systems that were infected by root-kits. Look at last night's statistics - the "bad guys" certainly knew "how to beat" AVG. But my other two scanners are NOT beaten - and that's my daily experience. So there is a pattern here that just can't be ignored! My thinking is - ClamAV and McAfee are being updated many times daily (because I control the updating process) - so any new virus variants are caught quickly. I have no control over how often AVG is being updated? If they are only updated daily, then (in today's times) that rendering AVG worthless. What's even more disconcerting is the fact that some of these missed virus names appear for days at a time - so even AFTER a daily update, AVG is missing those. I'm not impressed by whatever "comparisons" were taken a year or more ago. Version numbers mean very little. The key is the date/timestamp of the signature file. You can get any comparison result you want, if you don't use the most current hourly signature files for each product. I have no hidden agenda - but I can tell you that in all the years that I've been watching this, AVG is easily been outperformed by the other two scanners I use, at least for the mix of viruses that MY many hundreds of end users are targeted with. Virus Scanner Summary Report (Integrated AVG Scanner) Total Messages Processed: 22,303 Virus Infected Messages: 0 Percentage Infected: 0.00% VIRUS # INFECTED PERCENTAGE No Records Matched Your Criteria Virus Scanner Summary Report (ClamAV) Total Messages Processed: 22,303 Virus Infected Messages: 154 Percentage Infected: 0.69% VIRUS # INFECTED PERCENTAGE EMAIL.TROJAN-99 88 0.39% HTML.PHISHING.BANK-218 28 0.13% EMAIL.TROJAN-98 12 0.05% EMAIL.PHISHING.BANK-101 8 0.04% SUSPECT.DOUBLEEXTENSION-ZIPPWD-2 8 0.04% WORM.BAGLE-1 7 0.03% WORM.BAGLE-ZIPPWD-24 2 0.01% HTML.PHISHING.BANK-1127 1 0.00% From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck, Andrew Sent: Thursday, May 14, 2009 7:19 PM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Internal Scanner missing most viruses Sensitivity: Personal http://www.processor.com/editorial/article.asp?article=articles/P3110/25p10/ 25p10.asp "The day of the [AV] scanner being the main line of defense is dead . . . it's just that most people don't know it yet," says AVG's Thompson. Last year alone, AVG added more than 650,000 signatures to its antivirus engine. "There are 20,000 to 30,000 unique binary samples every day. The bad guys know how to beat a scanner." Interesting and timely commentary. For what it's worth, I find the blocking options in Declude Virus to be as useful as the actual scanner, but I don't have the hard numbers to back up that statement. I do have to depend on the scanners when the bad guys use malware PDFs or other documents. In general, the bad guys have taught email users to be surprised if they can send a program or even a script via email. Andrew. _____ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Wednesday, May 13, 2009 11:44 AM To: declude.virus@declude.com Subject: RE: [Declude.Virus] Internal Scanner missing most viruses Sensitivity: Personal Andy, The process of virus signatures being made available is an automated process this issue was already resolved in January as I said it would be. As soon as virus definitions are available from AVG they become available to Declude users. As you can see with the data that we have provided regarding AVG the signature file date is matches yours which is 5/13/2009. The bottom line is AVG did not detect this specific virus. Here is some data from tests done last year with regard different AV scanners and their accuracy, again this data is about 1 year old but it can give you a good idea. Another option is to consider using our offering of Commtouch which has the ZEROHOUR http://www.commtouch.com/zero-hour-virus-outbreak-protection-sdk protection against new viruses. Rank 1. G DATA 2008 version 18.2.7310.844 - 99.05% 2. F-Secure 2008 version 8.00.103 - 98.75% 3. TrustPort version 2.8.0.1835 - 98.06% 4. Kaspersky version 8.0.0.357 - 97.95% 5. eScan version 9.0.742.1 - 97.44% 6. The Shield 2008 - 97.43% 7. AntiVir version 8.1.00.331 Premium - 97.13% 8. Ashampoo version 1.61 - 97.09% 9. Ikarus version 1.0.82 - 96.05% 10. AntiVir version 8.1.00.295 Classic - 95.54% 11. AVG version 8.0.100 Free - 94.85% 12. BitDefender 2008 version 11.0.16 - 94.70% 13. Avast version 4.8.1201 Professional - 93.78% 14. Nod32 version 3.0.650.0 - 93.36% 15. F-Prot version 6.0.9.1 - 91.87% 16. BitDefender version 10 Free - 91.32% 17. ArcaVir 2008 - 88.65% 18. Norman version 5.92.08 - 87.72% 19. Vba32 version 3.12.6.6 - 87.21% 20. McAfee Enterpise version 8.5.0i - 86.57% 21. McAfee version 12.0.177 - 86.39% 22. Rising AV version 20.46.52 - 85.87% 23. Norton 2008 - 83.34% 24. Dr. Web version 4.44.5 - 82.87% 25. Antiy Ghostbusters version 5.2.3 - 80.23% 26. VirusBuster version 5.002.62 - 77.19% 27. Outpost version 6.0.2294.253.0490 - 75.35% 28. V3 Internet Security version 2008.05.31.00 - 75.23% 29. ViRobot Expert version 5.5 - 74.50% 30. Virus Chaser version 5.0a - 73.65% 31. A-squared Anti-Malware version 3.5 - 71.66% 32. PC Tools version 4.0.0.26 - 69.82% 33. Trend Micro Antivirus+Antispyware 2008 version 16.10.1079 - 67.28% 34. Iolo version 4.325 - 63.98% 34. Panda 2008 version 3.01.00 - 61.41% 36. Sophos Sweep version 7.3.2 - 54.71% 37. ClamWin version 0.93 - 54.68% 38. CA Anti-Virus version 9.00.170 - 51.08% 39. Quick Heal version 9.50 - 47.97% 40. Comodo version 2.0.17.58 - 43.15% 41. Trojan Hunter version 5.0.962 - 31.39% 42. Solo version 7.0 - 21.10% 43. Protector Plus version 8.0.C03 - 20.14% 44. PCClear version 1.0.8.0 - 19.63% 45. AntiTrojan Shield version 2.1.0.14 - 14.74% 46. Trojan Remover version 6.6.9 - 13.49% 47. VirIT version 6.2.94 - 8.63% 48. True Sword version 4.2 - 3.42% 49. Abacre έκδοση version 1.4 - 0.00% David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
