Well, I have no diploma in Computer Science but I think someone can investigate by himself to stimulate assistance in malware fighting and that initiatives like PotatoMan may open new roads to research :-X
Hi Avast readers and writers,
Re: Plagiarism:
The evidence is damning: for proof type the word “standing” into a highlight search.
Go to the initial post at the top of this thread on page 1 and look for the highlight.
Then, go to the link kindly given by streetwolf in Reply # 15 at the top of this page;
where about half way down you will again see the word “standing” highlighted.
Then read the words arounds each of the hits or, if you have the time and inclination,
read everything thoroughly as PotatoMan demands and then draw your conclusions.
If PotatoMan understands the value of silence I will not make further comment here.
My regards
you guys are way over my head i am just a old country boy from north carolina. ;D
Wow, a couple words, that is so plagiarist of me, when I clearly stated I got this ideal from a link off of Wikipedia, yes, I did what the man did in that article, but I did it differently
Why must you insist on being a troll?
Well, I refuse to argue with someone that doesn’t even know how to use the quote system.
I Agree 100% with gdiloren, wow, the first time on this forum that someone agrees with me/compliments me, atleast, that is how I took it with the "may open new roads of research.
And I hate to be so ready to throw a PhD in someone’s face, but he questioned my qualifications, so I answered those questions.
I swear, I would make a good lawyer, hmmm??
Well said. I learn new things just reading thru this forum.
In addition to ways that viruses can mutate, there is also the matter of
opening up holes in your system intentionally . For example, online gaming.
Not only does an anti-virus software have to be designed to detect all sorts of
malicious behavior, it must also be given the ability to allow such behavior that
could lead to malicious behavior. My hat is off to any of the hundreds of software
engineers that have to stay on top of this every day. ;D
Thanks to the avast! engineers for creating a really good product…(gratuitous sucking up)
BTW, any screen shots of version 5 available? ;D ;D ;D
I wish 
;D
No, we don’t think you’re stupid, but we do think you have problems understanding what you read (if you have read anything at all).
Quote from EICAR sample site:
The first 68 characters is the known string. It may be optionally appended by any combination of whitespace characters with the total file length not exceeding 128 characters. The only whitespace characters allowed are the space character, tab, LF, CR, CTRL-Z. To keep things simple the file uses only upper case letters, digits and punctuation marks, and does not include spaces. The only thing to watch out for when typing in the test file is that the third character is the capital letter "O", not the digit zero.
If AV doesn’t detect the sample which is not bound to these rules it’s not AV’s fault not to detect that.
And yes, changing three letters is not even a real modification. But then again, EICAR is not a real malware either so that doesn’t apply.
Ppl miss the point of EICAR sample alone. It’s not there to test antivirus heuristics capability or generic detection.
It’s solely for testing if AV detects anything at all. If it does, it’s working. If it’s not something is wrong. Could be the POP3 scaning part, maybe filesystem filter, maybe something third, depends on what you’re testing. Thats what EICAR is really meant for.
Even so, if Rising, F-Prot, and Authentium STILL detect it, that has to mean something, right? If avast! doesnt detect a three char modification, and those three do, avast! must only be recognizing certain parts of file?
Rising, Authentium, and Fprot for all my knowledge use advanced heuristics.
See my reply about VBscripting
You should ask yourself why only those 3 are detecting it and NO one else…
My answer is that all others follow the very specific detection rules for EICAR and these 3 AV’s don’t.
avast! still needs better heuristics
It may or it may not, but that still doesn’t have much to do with EICAR specifically.
It just means those three do not follow EICAR rules as designed by EICAR creators.
AVG is now running heuristics and the amount of people posting and asking for help at G2G has increased with false positives generated by AVG. Also it blocks some analysis tools making the cleanup task harder. Heuristics are a two edged sword
My 2p
torelly agree with RejZor…the question is not why only three detected it but why did they detect it?
PotatoMan,
(a) Re your final words as quoted from your Reply # 7 [my corrections]:
…every member on this forum is going to do everything in there [their] power to prove me wrong. Please lock this forum [thread].
(b) Re your final words as quoted from your Reply # 23 [my comment]
I swear, I would make a good lawyer, hmmm??
[Lawyers are trained to understand the importance of grammar,. words and spelling.]
I would have to agree with this, but that will be true for any AV that is advancing scanning techniques.
I think it is important to note that you should not depend solely on a single piece of software, but rather a combination
that work well together to provide an all around balanced approach to keeping the system safe.
I am NOT a big fan of false positives, but they are bound to happen as the AV software versions advance. Sort of a debug
phase.
If I thought that one single piece of software would do the job, my start up folder would be alot smaller…lol. ;D
I hate you, please go away, troll…
Anyways, I guess I am wrong, I just thought this test would help avast! improve, but, oh well. Thanks for everyone who posted positive comments (not the guy I am quoting).
Sorry for any false data I may have provided…
You keep talking about avast! Heuristics (or better heuristics) and as far as the definition of Heuristics goes, avast doesn’t have heuristics, confirmed in many topics in these forums. So any test you devise to test its heuristics will fail as it doesn’t have heuristics.
The Internet mail is said to have heuristics (which doesn’t extend to the standard shield or other shields), but this is very basic and not what most would call heuristics.
Besides what David said, the effectiveness of the generic signatures is there…
http://forum.avast.com/index.php?topic=38131.msg319212#msg319212