查看: 3413|回复: 14
收起左侧

[砖头] 你上报病毒后不一定会立即加入到病毒库

[复制链接]
The EQs
发表于 2007-3-14 13:15:03 | 显示全部楼层 |阅读模式
Hi Guys,

Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.

Some of the forum participants may recall the Rosenthal Utilities (RU) tests performed by CNET two years ago. All the 'simulated viruses' generated by the RU were benign (non-viral). 100% detection of the RU samples (achieved by some of the products) meant 100% False Alarm Rate. Detection of non-viral samples may lead to a couple of things: excellent results in some 'tests' combined with a false sense of security, a huge 'virus' signature database and 'dinosaur' update files.
Exponential increase of the number of new malware samples may often lead to a 'path-of-least-resistance' approach: automatic addition of all sample signatures, regardless of their viral nature.

Eset exchanges samples with several av vendors. Opposite statement is incorrect.

Speed of update and reaction time is of essence. Eset is fully aware of that. Advanced Heuristics has been developed and implemented with that in mind. The only acceptable reaction time is equal to zero. NOD32 achieves that often, e.g. it detected the infamous Netsky.A and Bagle.A heuristically.

Once again, I would like to thank you all: for both the samples and your patience :-)

anton

评分

参与人数 1经验 +3 收起 理由
ly250094040 + 3 客观公正,事实求是。各饭榜样

查看全部评分

The EQs
 楼主| 发表于 2007-3-14 13:16:42 | 显示全部楼层
eset还是比较负责任的。。。。。
solcroft
发表于 2007-3-14 13:22:05 | 显示全部楼层
不见得
不是病毒的话,不加入库也罢,情有可言
是真实病毒的话,这种拖泥带水的态度也称得上负责任了??
The EQs
 楼主| 发表于 2007-3-14 13:24:11 | 显示全部楼层

回复 #3 solcroft 的帖子

eset是要仔细分析的。。。。。不像其他厂商那样草草了事。。。。而且是trojan的反应是最快的。。malware最慢。。。。
solcroft
发表于 2007-3-14 13:24:34 | 显示全部楼层
记得上次EQ2兄给我提供了所谓的“中国官方病毒上报地址”
结果是:处理样本速度竟然比Slovakia官方地址更慢!!
solcroft
发表于 2007-3-14 13:27:10 | 显示全部楼层
原帖由 EQ2 于 2007-3-14 13:24 发表
eset是要仔细分析的。。。。。不像其他厂商那样草草了事。。。。而且是trojan的反应是最快的。。malware最慢。。。。

“仔细分析”?
可不见得红伞,卡巴,AVG等厂商需要一个星期的时间来分析样本
就算不是病毒,卡巴回复何等神速:“No malicious software was found in the attached file”。
这个到底代表什么,我也不多说了
The EQs
 楼主| 发表于 2007-3-14 13:28:22 | 显示全部楼层

回复 #6 solcroft 的帖子

请问你真的知道卡巴的效率???偶以前卡巴最快是5小时给回复。。。最慢要好几个月。。。。这个就是效率???
solcroft
发表于 2007-3-14 13:30:58 | 显示全部楼层
ESET严谨处理样本,难道其他厂商就不严谨了?
可又不见得其他厂商出现过这种忽悠的态度
NOD32当然有自己的过人之处,但我可以肯定地告诉你,处理样本速度绝对不是它的优势之一。其实我也相信你早就很清楚地看出了这个事实,只是你想为自己喜欢的杀软辩护辩护一下而已。
The EQs
 楼主| 发表于 2007-3-14 13:33:36 | 显示全部楼层
修正错误:卡巴最快5分钟,最慢几个月

PS:偶说过nod32的速度的确很慢。。。但是木马的处理速度还是比较快的。。两天前发的木马,。,现在可以干掉了。。。
The EQs
 楼主| 发表于 2007-3-14 13:36:28 | 显示全部楼层
不过这个速度的确无法和很多厂商相比。。。连国内的厂商速度都不如。。。。
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-24 01:05 , Processed in 0.115276 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表