Hi Guys,
Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.
Some of the forum participants may recall the Rosenthal Utilities (RU) tests performed by CNET two years ago. All the 'simulated viruses' generated by the RU were benign (non-viral). 100% detection of the RU samples (achieved by some of the products) meant 100% False Alarm Rate. Detection of non-viral samples may lead to a couple of things: excellent results in some 'tests' combined with a false sense of security, a huge 'virus' signature database and 'dinosaur' update files.
Exponential increase of the number of new malware samples may often lead to a 'path-of-least-resistance' approach: automatic addition of all sample signatures, regardless of their viral nature.
Eset exchanges samples with several av vendors. Opposite statement is incorrect.
Speed of update and reaction time is of essence. Eset is fully aware of that. Advanced Heuristics has been developed and implemented with that in mind. The only acceptable reaction time is equal to zero. NOD32 achieves that often, e.g. it detected the infamous Netsky.A and Bagle.A heuristically.
Once again, I would like to thank you all: for both the samples and your patience :-)
anton
eset感谢用户上报给实验室的病毒,每一个病毒都记录在案并采用不同的方法进行分析.将病毒签名添加到数据库的过程是按照实际需求来做的,提取病毒签名是自动过程可在瞬间完成.但是eset无意参加最大病毒库的角逐,而是尽量保持病毒库的纯净,也就是说,不包含没有意义的无害签名.
一些论坛成员或许还记得CNET前两年做的RU测试,当时RU模拟的所有病毒都是无害的,不具备病毒特性.因此在RU测试结果中,100%查杀就意味着100%误报.检出无害样本会导致在虚假安全表像的测试中取得优异的结果,病毒签名数据库庞大,以及恐龙般大小的升级文件.
新恶意软件样本的成倍增长,常常会使杀软开发商走避重就轻的捷径:自动添加所有样本签名,而无视其病毒特性.
eset与数家杀软开发商之间交换病毒样本,任何反面的说法都是不正确的.
升级速度和反映时间是至关重要的,eset深知这一点,高级启发式判断技术就是由此开发和实施的.可以接受的反映时间几乎是零,nod32常常做到这一点,比如启发式技术同步检测出臭名昭著的Netsky.A和Bagle.A病毒.
对大家所提交的病毒和各位的耐心,表示再次感谢!
anton
eset官方论坛版主
由此可见nod32之严谨! |
发表于 2007-3-14 11:55:19
发表于 2007-3-14 13:20:46
