你上报病毒后不一定会立即加入到病毒库

The EQs

Hi Guys,

Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.

Some of the forum participants may recall the Rosenthal Utilities (RU) tests performed by CNET two years ago. All the 'simulated viruses' generated by the RU were benign (non-viral). 100% detection of the RU samples (achieved by some of the products) meant 100% False Alarm Rate. Detection of non-viral samples may lead to a couple of things: excellent results in some 'tests' combined with a false sense of security, a huge 'virus' signature database and 'dinosaur' update files.
Exponential increase of the number of new malware samples may often lead to a 'path-of-least-resistance' approach: automatic addition of all sample signatures, regardless of their viral nature.

Eset exchanges samples with several av vendors. Opposite statement is incorrect.

Speed of update and reaction time is of essence. Eset is fully aware of that. Advanced Heuristics has been developed and implemented with that in mind. The only acceptable reaction time is equal to zero. NOD32 achieves that often, e.g. it detected the infamous Netsky.A and Bagle.A heuristically.

Once again, I would like to thank you all: for both the samples and your patience :-)

anton

The EQs

eset还是比较负责任的。。。。。

solcroft

不见得
不是病毒的话，不加入库也罢，情有可言
是真实病毒的话，这种拖泥带水的态度也称得上负责任了？？

The EQs

eset是要仔细分析的。。。。。不像其他厂商那样草草了事。。。。而且是trojan的反应是最快的。。malware最慢。。。。

solcroft

记得上次EQ2兄给我提供了所谓的“中国官方病毒上报地址”
结果是：处理样本速度竟然比Slovakia官方地址更慢！！

solcroft

原帖由 EQ2 于 2007-3-14 13:24 发表
eset是要仔细分析的。。。。。不像其他厂商那样草草了事。。。。而且是trojan的反应是最快的。。malware最慢。。。。

“仔细分析”？
可不见得红伞，卡巴，AVG等厂商需要一个星期的时间来分析样本
就算不是病毒，卡巴回复何等神速：“No malicious software was found in the attached file”。
这个到底代表什么，我也不多说了

The EQs

请问你真的知道卡巴的效率？？？偶以前卡巴最快是5小时给回复。。。最慢要好几个月。。。。这个就是效率？？？

solcroft

ESET严谨处理样本，难道其他厂商就不严谨了？
可又不见得其他厂商出现过这种忽悠的态度
NOD32当然有自己的过人之处，但我可以肯定地告诉你，处理样本速度绝对不是它的优势之一。其实我也相信你早就很清楚地看出了这个事实，只是你想为自己喜欢的杀软辩护辩护一下而已。

The EQs

修正错误：卡巴最快5分钟，最慢几个月

PS：偶说过nod32的速度的确很慢。。。但是木马的处理速度还是比较快的。。两天前发的木马，。，现在可以干掉了。。。

The EQs

不过这个速度的确无法和很多厂商相比。。。连国内的厂商速度都不如。。。。