Hi Andrew:

 

>> scanner being the main line of defense is dead . . . it's just that most
people don't know it yet<<

 

Well - today there were 80 or so infected emails that would have gone
through. While AV scanning may not be the "main line", it certainly is still
a crucial element. Just ONE email raises the chance that some uninformed end
user and one of our customers could get their entire network taken over and
could cost man-days to rebuild systems that were infected by root-kits.

 

Look at last night's statistics - the "bad guys" certainly knew "how to
beat" AVG. But my other two scanners are NOT beaten - and that's my daily
experience. So there is a pattern here that just can't be ignored!

 

My thinking is - ClamAV and McAfee are being updated many times daily
(because I control the updating process) - so any new virus variants are
caught quickly.  I have no control over how often AVG is being updated?  If
they are only updated daily, then (in today's times) that rendering AVG
worthless. What's even more disconcerting is the fact that some of these
missed virus names appear for days at a time - so even AFTER a daily update,
AVG is missing those.

 

I'm not impressed by whatever "comparisons" were taken a year or more ago.
Version numbers mean very little. The key is the date/timestamp of the
signature file.  You can get any comparison result you want, if you don't
use the most current hourly signature files for each product.

 

I have no hidden agenda - but I can tell you that in all the years that I've
been watching this, AVG is easily been outperformed by the other two
scanners I use, at least for the mix of viruses that MY many hundreds of end
users are targeted with.

 

 


Virus Scanner Summary Report (Integrated AVG Scanner)


Total Messages Processed: 22,303
Virus Infected Messages: 0
Percentage Infected: 0.00%


VIRUS

# INFECTED

PERCENTAGE



No Records Matched Your Criteria



 


Virus Scanner Summary Report (ClamAV)


Total Messages Processed: 22,303
Virus Infected Messages: 154
Percentage Infected: 0.69%


VIRUS

# INFECTED

PERCENTAGE



EMAIL.TROJAN-99

88

0.39%



HTML.PHISHING.BANK-218

28

0.13%



EMAIL.TROJAN-98

12

0.05%



EMAIL.PHISHING.BANK-101

8

0.04%



SUSPECT.DOUBLEEXTENSION-ZIPPWD-2

8

0.04%



WORM.BAGLE-1

7

0.03%



WORM.BAGLE-ZIPPWD-24

2

0.01%



HTML.PHISHING.BANK-1127

1

0.00%



 

 

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Colbeck,
Andrew
Sent: Thursday, May 14, 2009 7:19 PM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal

 

http://www.processor.com/editorial/article.asp?article=articles/P3110/25p10/
25p10.asp

 

"The day of the [AV] scanner being the main line of defense is dead . . .
it's just that most people don't know it yet," says AVG's Thompson. Last
year alone, AVG added more than 650,000 signatures to its antivirus engine.
"There are 20,000 to 30,000 unique binary samples every day. The bad guys
know how to beat a scanner."

 

Interesting and timely commentary.

 

For what it's worth, I find the blocking options in Declude Virus to be as
useful as the actual scanner, but I don't have the hard numbers to back up
that statement.

 

I do have to depend on the scanners when the bad guys use malware PDFs or
other documents. In general, the bad guys have taught email users to be
surprised if they can send a program or even a script via email.

 

 

Andrew.

 

 

 

 

  _____  

From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: Wednesday, May 13, 2009 11:44 AM
To: declude.virus@declude.com
Subject: RE: [Declude.Virus] Internal Scanner missing most viruses
Sensitivity: Personal

Andy,

 

The process of virus signatures being made available is an automated process
this issue was already resolved in January as I said it would be. As soon as
virus definitions are available from AVG they become available to Declude
users. As you can see with the data that we have provided regarding AVG the
signature file date is matches yours which is 5/13/2009. The bottom line is
AVG did not detect this specific virus.  

 

Here is some data from tests done last year with regard different AV
scanners and their accuracy, again this data is about 1 year old but it can
give you a good idea. Another option is to consider using our offering of
Commtouch which has the ZEROHOUR
http://www.commtouch.com/zero-hour-virus-outbreak-protection-sdk  protection
against new viruses. 

 

Rank 

1. G DATA 2008 version 18.2.7310.844 - 99.05% 

2. F-Secure 2008 version 8.00.103 - 98.75% 

3. TrustPort version 2.8.0.1835 - 98.06% 

4. Kaspersky version 8.0.0.357 - 97.95% 

5. eScan version 9.0.742.1 - 97.44% 

6. The Shield 2008 - 97.43% 

7. AntiVir version 8.1.00.331 Premium - 97.13% 

8. Ashampoo version 1.61 - 97.09% 

9. Ikarus version 1.0.82 - 96.05% 

10. AntiVir version 8.1.00.295 Classic - 95.54% 

11. AVG version 8.0.100 Free - 94.85% 

12. BitDefender 2008 version 11.0.16 - 94.70% 

13. Avast version 4.8.1201 Professional - 93.78% 

14. Nod32 version 3.0.650.0 - 93.36% 

15. F-Prot version 6.0.9.1 - 91.87% 

16. BitDefender version 10 Free - 91.32% 

17. ArcaVir 2008 - 88.65% 

18. Norman version 5.92.08 - 87.72% 

19. Vba32 version 3.12.6.6 - 87.21% 

20. McAfee Enterpise version 8.5.0i - 86.57% 

21. McAfee version 12.0.177 - 86.39% 

22. Rising AV version 20.46.52 - 85.87% 

23. Norton 2008 - 83.34% 

24. Dr. Web version 4.44.5 - 82.87% 

25. Antiy Ghostbusters version 5.2.3 - 80.23% 

26. VirusBuster version 5.002.62 - 77.19% 

27. Outpost version 6.0.2294.253.0490 - 75.35% 

28. V3 Internet Security version 2008.05.31.00 - 75.23% 

29. ViRobot Expert version 5.5 - 74.50% 

30. Virus Chaser version 5.0a - 73.65% 

31. A-squared Anti-Malware version 3.5 - 71.66% 

32. PC Tools version 4.0.0.26 - 69.82% 

33. Trend Micro Antivirus+Antispyware 2008 version 16.10.1079 - 67.28% 

34. Iolo version 4.325 - 63.98% 

34. Panda 2008 version 3.01.00 - 61.41% 

36. Sophos Sweep version 7.3.2 - 54.71% 

37. ClamWin version 0.93 - 54.68% 

38. CA Anti-Virus version 9.00.170 - 51.08% 

39. Quick Heal version 9.50 - 47.97% 

40. Comodo version 2.0.17.58 - 43.15% 

41. Trojan Hunter version 5.0.962 - 31.39% 

42. Solo version 7.0 - 21.10% 

43. Protector Plus version 8.0.C03 - 20.14% 

44. PCClear version 1.0.8.0 - 19.63% 

45. AntiTrojan Shield version 2.1.0.14 - 14.74% 

46. Trojan Remover version 6.6.9 - 13.49% 

47. VirIT version 6.2.94 - 8.63% 

48. True Sword version 4.2 - 3.42% 

49. Abacre έκδοση version 1.4 - 0.00% 

 

David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
 <mailto:dbar...@declude.com> dbar...@declude.com

 



---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to imail...@declude.com, and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

Reply via email to