Why I don't believe antivirus reports

Discussion in 'Windows Desktop Systems' started by j79zlr, Oct 4, 2006.

  1. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Norton AV is always among the top when AV comparison tests are done, yet I see it constantly miss viruses and computer with NAV updated and installed massively infected. Well, my boss just asked me, hey this looks like a virus, I siad it sure did. It was a small 146k attachment named message.zip. I said to save it to your hard drive and scan it without opening it. He did. NAV say all clean. So I extract the zip to find message.zip.cmd. I knew it was a virus, but NAV said it was clean.

    I decided to send it to virusscan.jotti.org and here are the results:

    AntiVir Found Worm/Stration.C
    ArcaVir Found Heur.Win32
    Avast Found nothing
    AVG Antivirus Found I-Worm/Stration
    BitDefender Found Win32.Worm.Stration.AH@mm
    ClamAV Found Worm.Stration.EK
    Dr.Web Found Win32.HLLM.Limar
    F-Prot Antivirus Found W32/Warezov.CK
    Fortinet Found nothing
    Kaspersky Anti-Virus Found Email-Worm.Win32.Warezov.bi
    NOD32 Found nothing
    Norman Virus Control Found W32/Stration.OZ
    UNA Found nothing
    VirusBuster Found Trojan.Opnis.Gen!Pac2
    VBA32 Found Email-Worm.Win32.Warezov.bi

    NOD32, AVAST!, UNA, Fortinet and Norton [on my bosses PC] missed it, everyone else found it, including AVG, which seems to always get blasted in those comparison tests.

    The morale of the story is, don't use Norton AV. Yet the powers that be here, still think that you need Norton and not someone else, I just don't understand it. Although it probably explains why Microsoft is so popular, they might have a terrible track record, but you still recognize the name.
     
    Perris Calderon likes this.
  2. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    wow, nod32 missed it, that's a surprise

    thanx for sharing the experience..
     
  3. American Zombie

    American Zombie Moderator Staff Member Political User

    Messages:
    2,931
    Location:
    Seattle
    Was NAV set to scan within archives for manual scan as by default I think it is turned off so you have to go into options and enable it.

    Not sure what comparison you used in saying NAV was at the top but this one shows NAV at 22nd. I now use Kaspersky 6 and it uses less resources then the other AV I was using did (NOD32) plus is top notch protection.
     
  4. falconguard

    falconguard Carbon based lifeform Political User Folding Team

    Messages:
    3,406
    Location:
    SoCal
    Namesake holds a lot of wieght to the uninformed, witness Bose. still it is deistressing that the others missed it.
     
  5. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    I scanned the archive and then extracted it and scanned the contents, came up clean both times.

    Scan within compressed files is checked by default, at least it is here and noone changed it.
     
  6. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    I am also surprised that NOD32 missed it, shocker there.

    That being said, I have had very good results with Sophos lately.
     
  7. Mainframeguy

    Mainframeguy Debiant by way of Ubuntu Folding Team

    Messages:
    3,763
    Location:
    London, UK
    I am not surprised....

    And I would like to also add that the Bloodhound hoax is a pain int he fundament - one that I guess you only get with NOD? Educate me if my knowledge of bloodhound is lacking....
     
  8. pip22

    pip22 OSNN Junior Addict

    Messages:
    14
    Let's not get too hasty in condemning/recommending virus-scanners on the strength of the results from just one particular virus. With a different virus, the results could well be entirely different or reversed. Let common sense prevail. If a particular AV program is *consistently* bad (or good), that means something. The results above, however, mean very little by way of helping someone decide which to use.

    As for NAV, companies use it despite it's poor performance (in terms of detection as well as use of resources) because Symantec ploughs a lot of money into corporate support and keeping a high profile in the business world.
     
  9. Johnny

    Johnny .. Commodore .. Political User

    Messages:
    5,015
    Location:
    Happy Valley
    Norton would have to pay me to use their chunk of junk, resource hog, pc crashing, poor excuse for a program. Noton produces more trash than anything. And that is just from the stand point of trying uninstall their garbage.

    As far as Antivirus reports and such; it is all based on who pays the reporting org more money. The highest bidder gets the top spot. I use AVG free and haven't had any probs with it yet. It is a very good antivirus and I recomend it to everyone ..
     
  10. Dublex

    Dublex Quazatron R6 droid

    Messages:
    624
    Location:
    Hertfordshire, UK
    If you want something that is really efficient, try BitDefender. It has more stop points than most software that I have tested.

    It even prevented a .vbs script from running which sole job is to clean out system restore
     
  11. LordOfLA

    LordOfLA Godlike!

    Messages:
    7,027
    Location:
    Maidenhead, Berkshire, UK
    Most people running nod32 turn of heuristic scanning which takes out 80% of nods ability to protect.

    Turn on heuristsics (check for potential bad things) and run the file by it again and see what happens.
     
  12. LeeJend

    LeeJend Moderator

    Messages:
    5,291
    Location:
    Fort Worth, TX
    Funny about the big names.

    I used Mcafee for 5 years because it was available free to me under my companies liscence. It would miss a virus or two a year. I switched to AVG a few years ago because Mcafee changed their interface to something I did not like. AVG has never let a virus through. (I periodically cross check with on line scanners.)

    Brag about your brand names and test scores all you want. I now where I'm staying.
     
  13. gonaads

    gonaads Beware the G-Man Political User Folding Team

    I have used AVG for quite some time now. It has not let anything through for me either. My boss at work has Symantec's System works and has fudged up on catching viruses. I had to go in and manually clean one out last week. It sucks and he just updated his license 2 months ago.
     
  14. dave holbon

    dave holbon Moderator

    Messages:
    1,014
    Location:
    London England
    Norton antivirus has been a bad place to visit now for a long time (four years at least) even worse is their uninstall routines which have never worked correctly causing many users untold hear pulling. Symantec have recently acknowledged this and are working to get themselves back into the top ten, problem is they have spent all the profits on promoting the product and very little on the software development side and as most must know it comes free with just about everything to do with computers.

    The virus/maleware detection market in now huge but strangely if you walk into PC World here in the UK as a normal punter and ask about virus detection software they only have two or three products but say if you by this bit of kit then Norton or Mcafee are free. Most other products are completely unknown to them bar none or they don’t make a big enough margin to stock them. In the end it’s the PC Worlds (of this world) type retailers who will lose out as punters go elsewhere (online).

    I used Norton for many years, it once was a good product but now I think most free Virus checkers are better. I myself use Kaspersky 6 and Spyware Doctor along with HijackThis. They’re not perfect but are amongst the best available at doing what I want from them, detecting Virus and Trojans etc but I have to say that the odd one still gets through as it would seem is the case here.

    :yowch: :eek:
     
  15. pip22

    pip22 OSNN Junior Addict

    Messages:
    14
    The only Norton product I've found invaluable (and actually does the job) is Ghost 2003 for keeping a backup image of my system drive. Everything else is beaten by the competition in ease of use, impact on system resources, and probably reliability too.

    My ISP provides it's members with Norton Internet Security entirely free with no subscription renewals required. That's the only reason I gave it a try. Big mistake. I'd rather pay and have something better -- that's how good Norton is.

    Currently using the ZoneAlarm Security Suite. Doesn't intrude. Get's the job done without bringing my PC to it's knees. Quite happy to stick with it unless Zonelabs do something really stupid with it in future versions.
     
  16. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    I cannot believe everybody missed the cardinal mistake.

    Never open unknown attachments before verifying the sender.

    (I agree with the views expressed in this thread)
     
  17. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    There was no mistake, my boss knew it was a virus and so did I.
    Noone was infected, I was just posting a real life story of NAV missing an obvious virus.
     
  18. Dublex

    Dublex Quazatron R6 droid

    Messages:
    624
    Location:
    Hertfordshire, UK
    Unfortunately, people do this all the time, even people you think should know better.
     
  19. synical33

    synical33 X2 & Lovin' It

    Messages:
    313
    Location:
    California, US
    Yes this whole Norton AntVirus thing is a joke to me. I use to trust Norton AV for years and since I recently saw a "Best AntiVirus" list over @ CyberNews I noticed that yet again Norton AV was a joke. Since then I noticed that Kaspersky was one of the better ones with a great Heuristics code to catch viruses. I will from now on continue to use Kaspersky and recommend it to fellow people. Norton AV is bloated anyways.