Update:
Email-Worm.Win32.Jubon is now being detected by todays update.
Thanks Avast! team.
Hello marc57
Between the sending and the detection of the Email.Worm.Win32.Jubon how much time passed ?
Today after update fotos.scr was detected ( more than one week ).
It is important that the Alwil examines the distribution for the VirusTotal or Jotti. Thus we will have one avast! powerful.
Alwil gets feedback from Jotti and Virus Total on undetected Malware.
Then why is it taking so long to update the virus database ??
I guess that’s something Alwil will have to answer except,
I’ve not seen any one from Alwil in this thread even though they are the only
ones who can answer some of these questions. :‘( :’( 
I fully agree…
There are, at least, two ways to answer this kind of thread:
- with fact: making a better product, improving detection and submition, etc.
- posting here and not only ‘listen’ to the users (if anybody is listening :'().
We now have a full-time employee who’s looking after the virus@avast.com mailbox. Hence most of the submissions are now processed in a timely fashion (at least much faster than previously).
Jotti & VirusTotal are something very different though. Maybe you don’t realize it, but some 80% of stuff we’re getting from these sources is JUNK. It’s not a very good source of samples indeed…
Thanks Vlk for the comeback. That extra employee in the right spot
should help a great deal. Thanks 
Hey Henrique,
I started sending this to Avast about three weeks ago.
My God… Three weeks? It is an eternity….
Hey Vlk,
Junk 80% ? But 20% are malwares !!!
Kaspersky examines all and in few hours it creates the signatures.
Such instances make one wonder if Avast is giving sufficient protection.
I have been trialling F-Secure on my laptop. I doubt that I am going to keep it after the trial period, and one of the options is Avast Home. This thread does not give one much confidence, does it?
Best,
Jerry
Junk 80% ? But 20% are malwares !!!!Kaspersky examines all and in few hours it creates the signatures.
Wrong
But appearently, you know more people in their virus lab then me, so you know better. 
Such instances make one wonder if Avast is giving sufficient protection.I have been trialling F-Secure on my laptop. I doubt that I am going to keep it after the trial period, and one of the options is Avast Home. This thread does not give one much confidence, does it?
You must realize one thing, and that is, prioritization of samples. Some samples require immediate attention, and usually cause a release of an extra VPS (e.g. 30 minutes after we receive the sample), some are medium priority and are usually processed in the timeframe of days, and some are low-priority samples, and these usually get batch processed once in a couple of weeks (may change to once a week in the near future).
To decide what is high/moderate/low priority is up to the experience of the virus analyst, of course (so there may be human mistakes). But I find it ridiculous when someone comes here and starts saying that this and that product processes all samples in a couple of hours, because it’s simply not true (and, indeed, is not even desirable).
If you want to determine the detection rates of a given product, use the results of a respectfull test (e.g. IBK’s www.av-comparatives.org).
Thanks
Vlk
Thanks
Vlk
Such instances make one wonder if Avast is giving sufficient protection.
Just what is sufficient protection - how is it defined?
This thread does not give one much confidence, does it?
How do you measure confidence?
We bandy about these terms with abandon in these discussions as if they have anything other than emotional meaning.
I am grateful for all the self-proclaimed experts telling avast how to do a better job - both technically and in how to run their business - I am sure the avast team must find the advice most helpful. I hope and believe that some of the advice is helping avast be a better product.
However, I look at the price point and I look at on the ground experience. The price point of the home version cannot be beaten. For the two years that I and those I support have been using avast there has been no instance of infection not found by avast that have infected our systems or been detected by the other layered scans that we use - but avast is and has been the resident antivirus.
Sure we could have paid a lot of money over the past two years for a better rated antivirus product - and it would have given us nothing, zero, zilch above and beyond the protection afforded us by avast.
If threads are going to apply terms like “confidence” and “sufficient protection” to avast then the (albeit small) community I represent does have “confidence” and our experience is of “sufficient protection” from avast.
Of course, the instant it lets something through that hurts us - you can bet I will be in here complaining as loudly as anyone (but I do have additional defence layers in case it happens - do you?).
I do agree that the best measure of effectiveness that is easily available are the results of AV Comparatives tests. Those tests give Avast good marks.
If the Jotti’s tests are worth anything, however, then it is apparent that Avast lags. Just for my own information, I took 20 of Jotti’s tests results as they came out, and I saw them. Of the 7 AVs Avast had the worst detection record, detecting only 4 out of the 20. The two best were KAV with 12 detections and Dr Web with 11.
While I will not argue that those are not the best tests, if they are worth anything then Avast is slow at adding the malware to their base.
There is nothinthing emotional about this. It is based upon data whether one considers it good or not. The experience of users is also worth considering. That is what we are doing here.
Regards,
Jerry
There is nothinthing emotional about this. It is based upon data whether one considers it good or not.There are times you have to consider what kind of data is used. I personally don't care if avast! doesn't detect some virus that hasn't been around in ages. I do care if I'm not protected from what's currently in the wild. Up till now, avast! has [b]NOT[/b] let me down. When it does, you'll all know..... ;D You also can't trust just one program to be your total arsenal of protection.
If the Jotti's tests are worth anything, however, then it is apparent that Avast lags. Just for my own information, I took 20 of Jotti's tests results as they came out, and I saw them. Of the 7 AVs Avast had the worst detection record, detecting only 4 out of the 20. The two best were KAV with 12 detections and Dr Web with 11.
I don’t understand; Jotti uses 15 engines, not 7.
Anyway, I think it’s ALWAYS a bad idea to use Jotti’s immediate results to judge ANY detection rate. Here’s why:
-
you don’t know what the files are like. They can be false positives. They can be trashed samples. Anything. And as I said, indeed, about 80% of what we’re getting from VT/Jotti is actually junk.
-
Even if all the samples were OK (which is not the case), Jotti uses the linux versions of the engines. But e.g. in the case of avast, the linux version has considerably lower detection rates because of lack of many unpackers. For this reason, it’s always better to use VirusTotal (which uses Windows engines) to verify if certain file is/isn’t picked by avast.
Thanks
Vlk
BTW I just visited Jotti’s web site and here’s what it shows for the last infected file.
Lack of detection? I don’t think so…
Hi Vlk,
I just kept up with 7; BD, Avast, KAV, NOD, Antivir, Dr Web, and AVG.
I did not select the tests in order to prove anything, but wanted to know how the various AVs did. I was, frankly, wondering how BD compared with KAV and NOD.
Of the 20 tests that I noted at random none detected them all for whatever reason.
BD- 5
Avast-4
KAV-12
NOD-9
Antivir-8
Dr Web-11
AVG-7
If one wanted to select the tests to prove his point he could always find some which would show his choice detected more than the rest. However, that was not my purpose, and in this case I was not especially interested in Avast.
But the results are what they were. I do not think that the Jottis results are nearly enough to sway the selection of an AV.
I just now looked and in this case the only AV that caught the sample was Kaspersky. That does not prove much because it happened once. However, there is some legitimate consideration if multiple tests are considered.
There are better indicators than Jottis, but it is worth considering, especially in the area of how fast updates to signatures are made.
Best,
Jerry
especially in the area of how fast updates to signatures are made.Only if the sample is a legitamate contender for an update. Most items or a least a gread deal of them aren't.
True. However, I do see often someone who is well versed in this stuff, tell one to submit the sample to Jotti.
I have seen several reports that noted when a new virus appeared, and how fast the various AVs added it to their signature bases, and it was detected. In all cases Avast was one of the slower AVs, and not by minutes but by days in some cases. I wish I could remember the sites, but I do not and, therefore, my statement is not good in a court of law.
What we are really discussing here is the speed with which Avast does include a signature in its data base. I have seen enough data to convince me that it is one of the slowest. That is not unimportant in selection of an AV.
All AVs are good enough until one gets infected.
Regards,
Jerry
Anyway, things seem to be better and becoming better.
Sure… when we get infected we forgot any other reasons that support the AV we were using 
Other Vlk posts about AV comparisons:
http://forum.avast.com/index.php?topic=4979.msg36041#msg36041
http://forum.avast.com/index.php?topic=12175.msg102828#msg102828
Here how independent are some of these tests: http://forum.avast.com/index.php?topic=14071.0