Malware submissions again!

Ok,now i’m really angry. Sending samples to Alwil and nothing added. False positive for ages. Submitted two times,nothing. Some samples haven’t been added and they are almost 3 months old. Nothing.
If this is going to keep up i’ll be forced to toss avast! and search for alternative.
I was on McAfee for like two weeks back from now (i have a VSE8.0i license) but i experienced startup lockups and so i went back to avast! for now.
I check the samples in archived avast! Chest and nothing changed except one SdBot more detected. Very dissapointed.
But here is the catch.
Whenever and whatever i sent to McAfee they analysed and replyed within at least 6 hours. Sample was ofcourse added next day if it was found to be any kind of malware.
They also have nice WebImmune submission web form.

Is this the way how you treat users that submit you samples? I don’t think so.

I sent a false positive last thursday, it has been corrected :slight_smile:

AVG is starting to look good now. ;D

AVG is something that i’ll never use for sure. I guess i’ll try to find out whats the reason for McAfee ocassinal lockups on startup…

Hi Rejzor,

Not so pessimistic, everything will be fine I think, download stinger.exe to close your vulnerability window and on-line scan for the latest. The production of new malware is gigantic, new variants all the time. We just had a discussion what an AV product should scan. What is spyware and what is virus and trojan? The overlapping lines are thin. AVAST is a good product, and I think the makers do everything to uphold quality and close your vulnerability window. Your problem with the big two is that they are more and more developping another product in the line of a total anti-malware/anti-scumware/anti-virus solution. This is also why you are not satisfied, because they lean heavily on your system resources, slowing your system and it becomes more and more unstable. In this sense Norton has a worse track record than McAfee. But both have this nevertheless. The days that for a total security solution one could rely on an updated AV product and a good firewall are long gone, and probably will never return. This is a transition period to another way of computing, where your OS is not at home any longer and you only log in to a secured environment to do your thing. When this will arrive is not clear yet, but I can predict you it will be there for us in the future, sure as I am polonus.

All the best,

polonus

If i’m willing to take time to submit sample to them (most of people don’t even bother) i also expect they’ll add it in acceptable timeframe.

Now mail submission is pain in the ass as GMail blocks exe and similar files and i have to pack them etc…
Chest submission is ok,but still far from good and SMTP passwords and usernames are not encypted at all in avast!-s settings database.

I already suggested a web form based submission like one used by McAfee (WebImmune),but on other hand you also expect they’ll add submitted samples,otherwise such (new) submission method is useless.

I agree the easier it is for people to submit either an undetected virus or false positive the better, the more submissions avast will receive, improving the detection rate of the product.

Many people have problems submitting viruses to avast, they are either not familiar with the technology, or don’t have a zip program much less how to password protect it to ensure some ISP’s virus filter doesn’t delete it on route. To this end an autoresponder email would at least confirm receipt by avast and is much better than no response at all.

We are regularly having to explain to users how to send virus or false positive submissions. So the easier it is to submit, the better for users and avast!

Exactly,and web based submission would be the easier way.
No need to encrypt samples and explain users how to use ZIP and passwording such archives,no nee to explain them on which mail address to send them etc…
But then Alwil guys should do something on th eir end too if users submit the samples.
I know their team is quiet small,but that shouldn’t be an excuse. At least not if you want to make a better product.
Imagine,if all Home Edition users (or even half of them)? By submitting samples,they also help those who paid for Professional Edition. And primary AV thing is detection for sure.

To be fair i already suggested to VLK they should use their’s online scanner interface for this …
i already mentioned this before but got no time explain in details …
here is my vision of this system:

  1. partly utilizing Avast! online file scanner/analyser

  2. there will be checkbox allowing “submit” file as sample

  3. additional field appear “asking” for archive password if archive is locked

  4. there will be MD5 checking of submitted file itself (making sure file was uploaded correctly)

  5. there will be MD5 check of file(s) included within archive against “ALREADY” submitted files (sql db)

  6. files will be split into information categories like:

  • not investigated yet
  • under investigation
  • already investigated : not virus/trojan/malware/spyware/adware : damaged file
  • already investigated : not a virus/trojan/malware/spyware/adware : clean file
  • already investigated : not a virus but suspicious : ie.: jokes or low class adware etc.
  • already investigated : will be in next VPS : is a virus/trojan/malware/spyware/adware
  • already investigated : already in VPS : is a virus/trojan/malware/spyware/adware

What is gain from this system?

  • Any submitted sample(s) to Alwil will be stored in SQL database as MD5 hash
  • All of files or at least all suspicious one will be stored into big “cache” which I’m sure Alwil already have :slight_smile:
  • Person who submit sample can FAST and EASY check if file(s) were already submitted, what’s status of this file etc.
  • it’s simple, it’s fast, it’s modern and easy :slight_smile:

I like the way you can submit viruses to ClamAV: http://cgi.clamav.net/sendvirus.cgi
I’m sure avast can have a simmilar submission page, right? ::slight_smile:

I sent them Nail.exe about 2 weeks ago, most virus scanners started picking it up about a month ago. I too am considering a new virus scanner/recommending a different product if I don’t get repsonses about my submissions. I sent an email directly to the “virus expert” guy at avast and have yet to get a response but this was last night. So I’ll give it another week before I go crazy and get mad :wink: Also worries me when I email a company and I never get a response from them :frowning: I start to wonder if maybe they don’t stand behind their product :frowning:

Spyware Removers

I send a sample to alwil a long time ago dealing with a virus in Spybot Teatimer, alwil never responded so I went to Anti Vir and give them the sample, they responded the next day and said it was a false positive and fix it on the next update.

that was brilliant idea, Dwarden.
this will make virus submit easily even for computer newbies. no need to password archive anymore.
im sure avast will get more sample.

I recommended this long time ago, but nothing happend (same as with latest threats list) ::slight_smile:

Hi RejZor,

While a lot of attention has been given to this malware, see e.g.:
http://forum.avast.com/index.php?topic=14430.0
. I have seen too many of your postings in this respect lately, is not ot?

greets (pozdrawiam)

polonus

I do have concerns about submissions myself.

I sent a false positive to avast about 3 weeks ago, avast replied within 12 hours and the false positive was corrected fairly quickly.

On the other hand I have had a bad experience with submissions I sent avast a file today (which antivir detects only-i don`t use antivir normally). I have had no reply. Will I ever hear from avast about this file?

I then sent the file to kaspersky, they replied within 20 mins.

the file was sent to antivir as well, Antivir replied within 3-4 hours.

And I totally agree with Rezor, if virus samples are sent to avast then they should be added to the data base very quickly. This will help avast detect more threats. Plus it will protect future users of avast!

I appreciate that NO Anti Virus programme can detect 100% but what is the point of sending samples to avast, if they don`t get added to the next update? It seems astonoshing that submissions have not been added after a few months.

Is it not the case that if submissions are not added promptly to database then people just won`t bother sending anymore in the future? Or worst, people may choice another AV instead of avast!

Why don`t avast add the samples to the next update very quickly compared to other AV firms?

On a positive note it is good that avast gets updated 6-7 days a weeks. Before it only used to get updated 2-3 days a week!

If avast have manged to sort out the shortage of updates, surely they can sort out the malware submissions!

One way of possible shortcutting the system (or submission idea) would be to submit the file to Jotti, because files that are infected but not detected by one of the participating AV companies will receive copies.

I’ve now sent emails to avast about nail.exe on the following days to the following people!

I’ve now sent an email to
virus @ avast Just now
virus@avast the 28th of June
divis at avast the 29th
cenik at avast the 29th
virus@avast june 19th

that is NOT what I call response time.

WELL WELL WELL, they now pick up nail.exe as a trojan horse!

WELL WELL WELL, they must have been worried about your threat to jump ship ;D