back to article Viral virus bunfight: Dr Web tested rivals like Kaspersky Lab

Russian anti-malware firm Dr.Web tested rivals to see if they blindly accepted malware reports shared through cross-industry intelligence systems like Kaspersky Lab, according to investigative reporter Brian Krebs. However, Dr.Web stopped short of using services such as VirusTotal to trip up rivals, the focus of fiercely …

  1. Thrud61

    Catch 22

    If AV companies are measured against the VirusTotal samples that they miss its not surprising that they blindly create signatures for everything that is submitted, if they don't add it they will be flagged as less effective than those that do and by the time that they have explained and the scoring has been fixed the damage to their reputation will be done.

  2. x 7

    this story would have more merit if Dr Web's products actually worked in the real world.

    The problem is they don't: past experience has indicated to me that a lot of crap gets through their scans

    1. Justin Goldberg

      Hmmm, we use dr web's post-infection scanner when a computer has unknown rootkits malware. We call it "throwing the kitchen sink" at a badly infected computer, after mbam and sas scans and subsequent reboots.

      We've also seen zero-day malware that gets cleaned from the registry, and therefore cannot run, and mbam and others remove one file from appdata\roaming etc... but leave another dangerous exe file in the same folder. It's benign and doesn't start, but it's still there.

  3. Anonymous Coward
    Anonymous Coward

    Regress

    Behavior like this from any AV company is deplorable if it really is being done. There used to be lots of people submitting the stuff I get mostly in my email now to the AV companies via VirusTotal. I can remember when Hispasec Sistemas was running VirusTotal. I used to give my samples to any AV company that wanted them via back channels. I do it primarily through VirusTotal now. That way I can leave a comment and a negative vote that may help somebody.

    With as much bad stuff as we have now it would seem like any AV company large or small would spend their time at doing better analysis and not worrying about how other AV companies are doing things. Any time some AV company does these things they harm everybody but most especially themselves. Do you want an AV product where that company spends time bad-mouthing other AV companies or one that works harder to both avoid FPs and at the same time handle the tsunami of malware headed people's way?

    Contrary to popular belief, malware on Linux takes a different route. Any excutable Linux binary saved from either website or email is saved with the execute bit off. It won't run until you manually chmod it so that it will run. So desktop Linux systems if there are any left are basically immune from binary malware. They are open to abuses with JavaScript add-ons to browsers. Mostly what you have are exploit kits to take advantage of daemons on the servers and then rootkits to cover the infiltator's presence after they get in. But then a fine AV company like eSet has their sales staff try to sell their product liike Linux is just like Windows; it isn't. I have two machines named gandalftw and sauron. They trust each other just about as much as the real ones in LOTR. If I was rich I would love to have eSet NOD32 on both of them. The hang-up is a GUI that is sufficiently powerful, provides me with xterms with a NavajoWhite1 background and black text, four virtual workspaces, and once it gets to where it needs to go it just becomes a matter of refinement. Instead they try to come up with iPhone GUI wannabees. I am still running with Gnome 2.x because all of the other newer GUIs are unsatisfactory. I will give KDE one last try but I fear that GUI too will be gone in less than 2-3 years.

    I see Windows 8 machines where everybody has a doorstop in nine months flat. Almost every Windows 8 user I know has that problem. Windows 10 seems to be headed the same direction. So what we have is regress instead of progress and AV companies shooting themselves in the foot. Avast, stop installing the Chrome browser with your free product. I don't want it on the Windows 7 side of my machines. Why is Windows 7 there? The ISP install staff don't know what Linux is. It is too bad Linux will be gone entirely in five years because the idiots think you want a Macintosh or iPhone GUI on the Linux desktop.

    1. DryBones

      Re: Regress

      NoScript, Malware Bytes, Windows Defender, and a limited W10 account.

      To get in, first it has to manage to even get access. The OS is as secure as the user.

  4. Justin Goldberg

    The article says that they "submitted clean but modified files". When the others receive the samples that match closely to a valid file with a few bytes changed, it's very hard to say it's a good or bad file. Poweliks is just a few bytes. I think that it's important to use automated malware analysis tools that can spin up a new vm for every file (like the cuckoo sandbox) to keep up with the million new malware samples every day, to at least flag suspicious files for further human review is the way to go, if they're not already doing this.

    I myself have submitted files which I thought were viruses but ended up being benign. They ended up being flagged by Mcafee-Artemis on Virustotal. It was probably a heuristic scan combined with automated analysis, but went awry.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like