这几天的战果

The EQs

偶去官方论坛问过了


Hi Guys,

Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.

Some of the forum participants may recall the Rosenthal Utilities (RU) tests performed by CNET two years ago. All the 'simulated viruses' generated by the RU were benign (non-viral). 100% detection of the RU samples (achieved by some of the products) meant 100% False Alarm Rate. Detection of non-viral samples may lead to a couple of things: excellent results in some 'tests' combined with a false sense of security, a huge 'virus' signature database and 'dinosaur' update files.
Exponential increase of the number of new malware samples may often lead to a 'path-of-least-resistance' approach: automatic addition of all sample signatures, regardless of their viral nature.

Eset exchanges samples with several av vendors. Opposite statement is incorrect.

Speed of update and reaction time is of essence. Eset is fully aware of that. Advanced Heuristics has been developed and implemented with that in mind. The only acceptable reaction time is equal to zero. NOD32 achieves that often, e.g. it detected the infamous Netsky.A and Bagle.A heuristically.

Once again, I would like to thank you all: for both the samples and your patience :-)

anton

风野胤

原帖由 EQ2 于 2007-3-10 18:05 发表
偶去官方论坛问过了


Hi Guys,

Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a s ...

这解释很让人开心啊
eset果然是严谨的

The EQs

哎。。。又得等待偶发送的样本了。。。。。

yzt1004

印象中Eset以前说过他对待病毒样本有一个优先的问题，工程师会将大规模爆发的病毒设定高优先，先分析，至于低优先的什么时候排得到就难说了，一年都不一定。。。不知道现在是不是这样的。。。
EQ2有没有测试哪种方法得到回复最快？这个页面http://www.nod32-av.com/samples.htm效率怎么样？

The EQs

偶都是用邮箱＋nod32自身的上报功能上报的。。。。很少用到网页上报。。。不过偶估计这个网页上报可能作用不大。。。因为如果是加密的话。。。。不知道他们会怎么分析。。。难道是暴力破解？？？

easy002008

原帖由 风野胤 于 2007-3-10 18:31 发表

这解释很让人开心啊
eset果然是严谨的

支持严谨,并不希望nod32把什么垃圾都往病毒库里堆

backupID

楼组那么用心，何不当个版主玩玩，提升下nod32区的人气！