They all get the samples offered to include in their databases, what they include and for how long is their policy only and exclusively and that is OK.
Some decide to whitelist files, some “do not do casino’s”, some do not flag jokes, others even flag very comical hoaxes because of the risk one could choke during an outburst of laughter (DrWeb once had such a detection). It all is not that simple and straight-forward as it seems. Some detections cannot be added, because the malware did not survive the processing of the malcode by the av analysts.
We only catch the fish so to say, they decide what is being brought to the market…
That is also why one can never be fully secure with one resident av-solution. You need to include at least MBAM, SAS non-residential for added security.
I would also would like to suggest the avast av-solution would come with a built-in VT plug-in to alert on eventual non-detects, FPs. Well as a kind of inbuilt “second op” tool so to say,
The authors1. claim to have tested two hypotheses: “1) if the signatures of all AVs collectively were considerably better than using any one signature set individually
2) if over time it was reasonable to expect each piece of malware to be detected by all antivirus products.”
The first hypothesis is blindingly obvious: taking 43 shots at malware, one from each antivirus product, will result in significantly more hits. No surprise here.
The second hypothesis should be stated more specific, since “… the results, just like the previous study, are limited to static signatures.” I do not find it reasonable to expect antivirus producers to analyze, develop, test and distribute signatures for each and every piece of malware. After all, there are other techniques of detection and aiming for 100% coverage by signatures would constitute a waste of effort. And if a signature is to be developed, I’d expect this to be done shortly after a new outbreak. Again, this is exactly what their results show.
So, what’s the big news?
1. R.M. Gerard writes in plural “we conducted a study” etcetera, so it’s they, their and authors.
Attentive, so I found the other contributer to the article in the “click-through link” for “we”. Added, thanks…
The big news is not so big. But it has more to do with the reality of every day.
Sometimes reporting existing av detections to be added does not work.
My experience for instance different av engines have a different scope.
A striking example for me has always been DrWeb’s versus avast.
often when DrWeb flags urls for malware, avast does not have these and v.v.
So what you like to do is fill up the blind spots…
Also after a couple of hours malware is mostly being taken down,
sample has not been filed, detection is not being added.
Some make exemptions for certain whitelisted programs (Kaspersky’s), where other do detect.
Some av solutions like avast do not flag casino’s.
Others do malware that is not malware but the pure panick could cause health-riks,
for instance a joke virus, e.g. virtual representation of the hard disk being wiped
(DrWeb flags that one, because there was a lady that got a heart-attack,
because she thought her hard disk was actually really being wiped)
Then virus detection has a span of time for which it is being detected and then again may disappear,
depending the size of the virus definition database (that is restricted).
So it is always a cocktail that should fit the average user of the av-solution best.
Added shields detection was the best avast av solution added as an additional security layer,
Bookmarked that link. And yes, establishing the real full protection range of a residential av solution is not that easy. Remember there is also a lot being done through third party blacklisting and so preventing users to go out to infected sites (Google Safebrowsing for instance, url webchecker extensions, etc). I closed the vulnerability gap further through non-residential MBAM and SAS installed on my machine, and Bitdefender’s QuickScan from within the Click&Clean browser extension. In-browser protection like script blocking (NoScript/NotScripts, RequestPolicy, Better Pop up Blocker and ABP with malware list filter subscription also helps to be/feel better protected. O also have VTchromizer in the browser to scan urls on the fly with VirusTotal,
Thanks for giving the link. I was aware it existed. The quintessence is that it is not that easy to assess the detection range of an av solution and how that should be related to the overall VTdetection results,