So, you know, I do this whole support thing at a couple of different forums. It keeps me in the loop about all the new threats, trojans, viruses, spyware, malware and other crap like that. I enjoy helping people out, and I've managed to discover a couple of viruses (variants of them) that were yet unknown over the past couple years.

Well, about a year and a half ago, someone came to a gaming forum I'm admin at with a very strange problem ... we looked at his Hijackthis logs and found an interesting little script on his computer. I knew it was a hijacker/trojan/virus of some sort so I had him zip it up for me and post it for me to download. I downloaded it, reviewed it, the code in the file was "obfuscated" (scrambled so you couldn't plainly read it), so I sent it off to all of the leading antivirus software makers like Norton, McAfee, AVG and a few others. Norton said it was clean and I never heard back from the others.

Well, this brand new service called "VirusTotal" started up and you can submit a file to them and they will (in real-time) scan the file for you against a couple dozen leading antivirus vendors out there. So, I still had this file PGP encrypted on my computer to keep anyone from running it. I figured, "hell, I'd like to test out this new service!" so I decrypted my 18+ month old copy of the file that I'd submitted to all those antivirus companies a looong time ago and I re-bumitted it to this new virustotal.com site for them to scan it by a lot of the major antivirus vendors out ther e- here are the (rather surprising) results of a real-world test:

http://www.virustotal.com/vt/en/resultadof?14bb13be237e83270b55ca01787f00d1

This is another glaring reason displaying why not all antivirus is created equal. There are a LOT of crappy brands out there, and many of them are not created equal.

I'm really happy to see that both AVG and Avast came out on top, as did NOD32 (no surprise there - best heuristics scanner on the market!)

Anyway - in case that page is removed, here is an archive of my results of scanning this nasty file from 18-20 months ago which is a variant of a very, very well-known trojan/downloader/hijacker:

AntiVir 6.35.1.11 :: no virus found
Authentium 4.93.8 :: no virus found
Avast 4.7.844.0 :: VBS:Malware
AVG 386 :: Startpage
BitDefender 7.2 :: WinReg.StartPage.Gen
CAT-QuickHeal 8.00 :: no virus found
ClamAVdevel-20060426 :: no virus found
DrWeb 4.33 :: Trojan.StartPage.632
eTrust-InoculateIT 23.72.111 :: no virus found
eTrust-Vet30.3.3052 :: no virus found
Ewido 4.0 :: no virus found
Fortinet 2.77.0.0 :: no virus found
F-Prot 3.16f :: no virus found
F-Prot 44.2.1.29 :: no virus found
Ikarus 0.2.65.0 :: no virus found
Kaspersky 4.0.2.24 :: Trojan.VBS.StartPage.ad
McAfee 4841 :: VBS/IEstart.gen.e
Microsoft 1.1560 :: no virus found
NOD32 v21.1733 :: probably a variant of VBS/StartPage.AK
Norman 5.90.23 :: VBS/StartPage.AR
Panda 9.0.0.4 :: Adware/Startpage.ME
Sophos 4.09.0 :: no virus found
Symantec 8.0 :: no virus found
TheHacker 5.9.8.202 :: no virus found
UNA 1.83 :: Trojan.VBS.StartPage
VBA 323.11.1 :: no virus found
VirusBuster 4.3.7:9 :: VBS.Startpage.EF

If the software version next to the vendor is to believed then they are using a verson of Symantec's engine that is 4 years old. I'm not sure if that lends to the credibility of this test or the site providing the service.

I think that's only the version of the actual engine, but the engine only lends in process, it's the antivirus definitions that are important. It is definitely using most recent definitions.

I think that's only the version of the actual engine, but the engine only lends in process, it's the antivirus definitions that are important. It is definitely using most recent definitions.

I fully understand how anti-virus software works and the importance of up-to-date definitions. However, if you're going to test and compare, shouldn't you be using the latest software releases to lend fairness and creedence to the results? Maybe the results are correct and verifiable, but maybe they are not. As an industry professional, I wouldn't take this test as a definitive reason to tout the virtues of nor discredit the usefullness of any software. Its too bad some people do and then try to sway the less informed that this is the end-all and be-all proof to support their beliefs.

Others who would read this may not fully understand how antivirus software works, and that makes it extremely important to dinstinguish between the engine and the definions for them to develop an understanding of why the data is relevant.

The software above is the latest automated software using the latest engine the company is offering for automated scanning (8.x, in this case - not to be confused with Norton Antivirus CE 8.0). The insulting part about this, and why it would not matter if the latest engine was used, is Norton has had this item submitted to them two years ago (I looked it up - I will provide a link to the post if you want to see it) and they never added it to their definitions, even after two separate submissions! If you don't add this to your definitions, which engine or version of the software you're using is utterly irrelevant.

As an industry professional, I wouldn't take this test as a definitive reason to tout the virtues of nor discredit the usefullness of any software. Its too bad some people do and then try to sway the less informed that this is the end-all and be-all proof to support their beliefs.

But you would surely jump all over someone to sway others when I try and break something down into relatively layman's terms to express the importance between antivirus engines and virus definitions? Please, spare me. :rolleyes:

:)

Any antivirus is "useful", and something is better than nothing; However, when it comes to an invasive item like this one, for 75% of the antivirus makers on the market to ignore it after having it submitted to them, and to blindly decide it is not a threat to their users is absurd - and Norton/Symantec is in that crowd...and the less experienced users in that bunch need to be aware of that kind of behavior.

I'm still beside myself. I use their CE version product on my network and will until we move on to (most likely) Trend's enterprise solution at the end of the year. I'm quite pissed that they tout themselves as a leader in security, but ignore this?

Cut me down - flame me - spin my words or information above any way you like ... the bottom line is still the bottom line - two years - submitted twice - out of every company I submitted to (and I'm probably not the only IT professional who submitted this out to SARC), they felt obligated to overlook it and never add it to their virus defs?

It's pathetic. And it really just backs up the way I and several other people feel about their product.

Been a AVG user ever since you reccomended it Shifter, this is my 3rd
computer, I am on line 4-6 hours a day minimum, go alot of places and
visit sites I probably shouldn't, the 1st puter died using Norton, the 2nd
one using Mcaffee (Both in a 3 year period) this one I have now is very
close to 2 years, I have yet to have any issues, JMHO but AVG rocks :cool:

Nerd Fight :d

Nerd Fight :D

:haha: LMAO

LOL

I find it interesting that Norton was the only one that replied to you at first.
At that time they probably didn't know it was a virus/trojan.
The others didn't even bother to respond, that says a lot about the other companies in my opinion.

I am sure there are some things that Norton has found that the others have not. None of them are perfect.

LOL

I find it interesting that Norton was the only one that replied to you at first.
At that time they probably didn't know it was a virus/trojan.
The others didn't even bother to respond, that says a lot about the other companies in my opinion.

I am sure there are some things that Norton has found that the others have not. None of them are perfect.

Norton auto-responds via email to the person who submits it to them - no human interaction. They have their system setup to automatically scan your attachment when you submit it to SARC (the submit utility emails it in). Norton did not detect a threat. I know for a fact that AVG picked up on it quick - it was detected on my home computer about a week after submission when I opened the email I used to send it to myself at home (so I could dissect it)