Avast! virus/trojan detection speed/quality

In last month i got 5 or 6 “events” where customer which was usually positive about Avast! antivirus
ordered different Antivirus solutions (McAfee, NOD32, Kaspersky, AVG) with explaining
“we were in last months infected multiple times by viruses / trojans passing via up2date Avast!”

in numbers it mean for Alwil loss of dozens Avast! Pro versions, some SBS licenses and some other server licenses …

and i must admit this is not first time in this year i hear such story from firms paying theirs AV defense …

also to my suprise another bad opinion about Avast! came this week from my good friend …
where he work they run together multiple AV engines on server to increase detection chances on files passing IN/OUT network and experimentally using multiple AVs at some clients … outgoing results are that Avast! fails to detect huge block of new viruses and trojans “in time”…

now if i add my own experience with huge delays on some trojans and viruses before they added to Avast! VPS …

as result I’m very worried if i can continue to suggest Avast! as good solution for home users & firms in same way like i was in last 2 years …

as workaround for Home users I’m experimenting with ‘Avast!Home + AVG 7.1 free edition + ClamAV’ package … so far it works (wXP) … suprising including both Avast and AVG residents at once and where ClamAVsurprising is used as on-demand backup …

i hope with new Year there will be some major change in virus/trojan submission system for Avast! and improved times on adding trojans/viruses into VPS …!

Interesting story.

However, it is just that - sorry to be critical but it is totally lacking in verifiable information. I rather suspect I might find a similar story in the AVG forum. For now your post is just FUD (fear uncertainty and doubt).

Please let us know when you have more detailed and verifiable analysis of your customers’ experiences.

Here on the forum I often see people with a problem with malware which hasn’t detected, and too often when I do a search for that malware, a link comes up for a writeup from Sophos or Symantec or McAfee.

I find the same thing cleaning computers for the occasional customer. Too many times I find a Trojan using Hijack This! which avast! hasn’t noticed, and a write up for that Trojan in another AV site.

Admittedly I run Trend Micro Sysclean before avast!, so Trend has missed them too!

It’s true that any AV can miss viruses: I’ve seen computers infected by a virus Symantec has missed.

But dismissing stories like this out of hand is like putting your head in the sand: if avast! wants to be taken seriously as an AV, it needs to improve the speed with which malware is added. I’ve seen too many stories of how people submitted malware which was not added for weeks, checked too many files on Jotti and seen Kaspersky and others identify malware but avast! not.

avast! needs a kick up the pants, and Dwarden is doing just that. Don’t shoot the messenger!

I did not shoot the messenger.

If the messenger came with information I can check and not just generalities then I would pay a lot more attention.

I am far - indeed very far - from being uncritical of avast! myself - but I will not indulge in “avast is failing” posts unless I can back it up with facts.

If indeed it is true that:

results are that Avast! fails to detect huge block of new viruses and trojans "in time"

then surely some evidence of these “huge blocks” can be provided and some further indication of how far avast! is failing to be “in time”.

I did not suggest that no problem exists but anyone can walk in and say there is some undefined problem.

Undoubtly, Kaspersky has a very very good detection, submition and analysis procedures.

But, like Alan, in this issues we need to know: file name, path, virus name, date of submition, etc.
Otherwise, just throwing words in the wind. I have my complains about avast detection for sure.
Using two residents (even AVG at Windows XP), well, I won’t trust in the user coments after this.
There are a lot of situations, discussed a lot here, that this won’t work, on contrary, will mess everything.
I won’t trust in non-technical complains about this kind of user.
Merry Christmas ;D

uhm so you trying disrespect / nullify what i said ? …

please don’t use arguments about malware detection here this post was about viruses and trojans not rest of malware (like spyware) …

sorry but i said and i repeat this is about Avast! repeatly failing to prevent infection ‘in time’… on correctly (High) set configurations on up2date VPS and program versions … and that story came from multiple customers NOT just some rare ones …

re:Tech = nowhere in my post is said that fail was when running multiple residents, Avast! was the single used. What you mean with ‘I won’t trust in non-technical complains about this kind of user’ ? who You got in mind me or my customers? i doubt You know anything about me or them anyway so You not in position to even try to judge …

But, like Alan, in this issues we need to know: file name, path, virus name, date of submition, etc.

filename useless, path useless, only what matter is hash of infected binary, date of submission and name … but why i should repeat myself … search some of my months old posts in virus section , i named some of them there … (but to say at least one here from new ones 8.12.2005, Trojan-Clicker.Win32.Small.is )

what you want as proofs ? magic ? or You think network admins care about product which is failing writing up each missed piece ? no, they simple move to products which not fail them … yes it’s hard but true …

it’s problematic get samples of viruses / trojans which avast! not found for events which happened days or weeks ago … most of them don’t keep these … and if samples are kept , they were always sent to Alwil …

detection speed examples? … trojans multiple times submitted in last year were added with 4+ months delays … some were never added by Avast! (but for example Kasperky added them within days) … from trojans submitted 2 weeks ago only one was added yesterday … etc.

or You suggest to publish on some website what viruses, trojans, spyware, malware whatever is undetected by Avast! ? (some sort community driven site?) that’s not bad idea … why such site don’t exist yet ? :slight_smile:

related to multiple residents …

until You prove me that resident solution Avast!+AVG is failing i will take your comments as just throwing ‘genius’ words into wind …

tried it yet? we got 3 test machines running 24/7 with this config testing false alarms, various types of infections etc. against machine with just single of of them … if we find moment where it fails … then you right … so far nothing such happened …

also if you experiment often with multiple AV you find various combinations working w/o problem (if you don’t fear to loose some performance) … it’s all about skills of these who config it …

plus don’t mismatch server side multi AV solution with clientside multi AV solution … two totally different things …

Dwarden,

  1. about the detection rates and speed of updates: I sort of agree that avast! is currently not in its best form but we’re working hard to change this. We have just hired 3 more virus analysts, are actively working on a way to greatly improve the process of sample submissions etc… However, all those things take some time. I’m hoping 2006 will be a pivotal year in this sense - you guys will see a dramatic improvement in the detection rates as well as reaction speeds - and avast! will return to where it was in the late 90’s - on the very top.

  2. About running two resident AV’s at the same time. In most cases, if the two AV’s don’t lock the machine (-- Avast and AVG is an example of such a setup) the problems usually crop elsewhere than in the Standard Shield (I mean the on-access file system scanner) - and they’re more subtle and harder to debug. Take e.g. the mail scanner. It’s usually like this: avast pops the infected mail from the server and extracts the viral attachment to a temp folder. AVG’s on-access scanner detects the virus in it, and denies read access to the file. I.e. avast’s mail scanner can’t scan the file, and passes the infected mail to your inbox. Then the same things goes vice versa - AVG’s mail scanner is blocked by avast’s file system scanner. The same applies to other “providers” - the WebShield, the ScriptBlocker etc etc…

Thanks
Vlk

I for one needed to hear that. Good luck to you. avast! is an excellent AV, and this gives me the confidence to continue using it.

Seasons greetings.

FwF

Dwarden, sorry to butt in on your post, but I seem to have had the same concerns.

I’m very very glad to hear that, this seems like the valuable gift of New Year for me (and I believe this for all avast! users) indeed.

I must admit, sometimes I’ve always wondered, as far as I know, while other scanners (NOD32, Kaspersky, BitDefender, VBA32 or even AntiVir, AVG) keep on improving their detection technology & means like crazy but it seems to me that avast! still stays the same as it was in 2 years ago.

And don’t forget to write up more malware infromation (even in brief) on avast! website this will make avast! Antivirus looks more promising.

well I’m very glad to hear this news (You sure know that I’m pushing for some speedups / changes for nearly year) …

main reason of this post was that there are some issues and i would like to see them resolved …

i like Avast! and i think it’s really well done antivirus (in feature set etc.) and this was one of the “black” dots on shield …

that’s why i wrote in first post i hope with new Year there …

Vlk,

I am impressed by the honesty and openness in the post you made to in response to Dwarden’s comments. Many thanks.

While I must remain an avast! Home edition user since I support a number of other such avast! users (gratis) your comments persuade me that I should contribute to the improvement efforts of the avast! team (albeit in a very humble way) by purchasing a license for the product.

Wishing you and the whole avast! team a very Merry Christmas and a most successful 2006!

Alan

as the saying goes “money put where mouth is” now a paid licensee of avast!

No, I never do this.
First because I’m not the owner of the truth.
Second because I respect other users here.
Third because you don’t deserve disrespect 8)

I did not argument. Just post my opinion.

I’m just saying that your customers, if blaming or complaning, would be useful if they post more info about the virus, the infected file, etc.
Again, I don’t know anything about them and this is exactly what I’m saying: they can’t blame or complain without leting us (and Alwil team) know what is happening. It’s useless in my opinion.

I don’t judge the more info is useless, neither for us user nor for Alwil team.
For me, to help, I need more info. It’s not useless.

Ok. I expect Administrators that wants to learn but, maybe, I’m too romantic 8)

Blaming to get a better avast. This I respect and follow. Please, blame as much as you can :slight_smile:
We (the users) are claming for a better product, better detection, all the time. I don’t think they’re angry with us about this. Are you Vlk?

I did not understand… I’m not a native English, can you rephrase?

I’ve tested this and experiment is in two XP SP2 computers. What Vlk said is just what happens indeed.

once more to Vlk :
now noticed the speed improvement You speak about … trojans sent 20th were added some hours ago
must bow for that good job just one day before Xmas …

re:tech = well we were able overcome some technical issues so it’s usable :slight_smile: but definitely nothing for absolute n00b users …

Merry Christmas to everyone…

Very glad to hear that ;D

Keep the good work :wink:

Vlk,

Its your humility in admitting that will keep me glued to Avast till you guys pry me off with a crowbar:)

Keep up the good work and my next year, Avast will kick butt.

Vlk, you don’t know how I am glad of reading it, like we say in Spain “it was time to catch the bull for the horns” in this aspect. I hope that this hard work starts noticing soon.

First of all, I appreciate the honesty in admitting that Avast still has some work to do. I don’t think companies like Symantec would ever admit that (and they are far, far from perfect)

I too am hoping for better detection rates. I feel that Avast is a high quality product, but I can’t yet find myself wanting to buy the Pro version since I am not yet convinced that its detection rate and virus database is as good as other companies.

I know that Symantec can detect about 70,000 viruses, PandaSoftware over 90,000 viruses, and Kaspersky nearly 157,000 viruses!!!

How many viruses can Avast detect so far?

See this thread
http://forum.avast.com/index.php?topic=17856.msg151968#msg151968

Do you know how many viruses NOD32 or AVG can detect? I think the number of viruses in antivirus database tells nothing about the overall efficiency of antivirus in the real world.

jujubee

If that is to be the basis of your judgement then I would assume that you also must believe the Symantec users get infected more than twice as much as Kaspersky users and I rather doubt that is true.

Surely the major issues are earliest recognition and deployment to ensure protection of users from current threats - not whose database contains the most antique viruses. I have to concur with TAP; how much do you (or I) know what those numbers really mean?

I wish there was a reliably independent league table of infection rates of users of the competing antivirus products.