27
abril
2006

VirusTotal += Microsoft

codename: Microsoft Malware Protection
[News] 
We've just added the Microsoft engine to the list of engines used in the service. It is soon to have an accurate idea of detection rates and so on, but time will tell. An interesting inclusion anyway.

Sent by jcanto @ 11:12 | Permalink | Comments (38) | Trackbacks (1)
Comentarios
Re: VirusTotal += Microsoft

Ithink you have to update Kaspersky's engine to last version - 6.0.0.299, because they have absolutly new system of detection and version 4.x that you are using it's too old (5-6) years old!

Try to update!

Posted by: Michel at abril 27,2006 12:32
Re: VirusTotal += Microsoft

@Michel

i think the update is not as critical as it may seem at the first moment. true version 4 is very old and the new version 6 has some very powerful new technologies, however the scanning engine is actually in both versions more or less the same and it is version 3. you have to understand that there is a difference between the scanning engine version and the rest of the technologies and features that are all combined in an av package. for example the mcafee program is also at version 10 or (something like that) and their scan engine is version 4.xx (they are also working on version 5.00). so since virustotal is using it only for doing on-demand scans it should in most cases make no difference. specially since allot of kaspersky scan engine is also in the bases and they are the same for all program version. but yes, if they are able to upgrade... why not :)

Posted by: saso at abril 27,2006 13:13
Re: VirusTotal += Microsoft

question about the microsoft engine... what engine? :) the one from their corporate av (sybari), or the one for their personal av (rav), or the one from the windows defender/antispyware (giant)?

Posted by: saso at abril 27,2006 13:16
Re: VirusTotal += Microsoft

virus search squire

Posted by: jean mc gonigal at abril 27,2006 16:25
Re: VirusTotal += Microsoft

my internet explorer is open even when i close it

Posted by: jean mc gonigal at abril 27,2006 16:31
Re: VirusTotal += Microsoft

Yes, we're going to update the Kaspersky engine ASAP. The Microsoft one is called Malware Protection, and includes 'separate' signatures for virus and spyware. Ask MS for details about it :) Sybari was an agregation of third party engines (Sophos, Kaspersky, VirusBuster, etc).

Posted by: jcanto at abril 27,2006 18:57
Re: VirusTotal += Microsoft

Please adds the f-secure scanner or trend micro scanner,f secure is a good antivirus,the scan engine is based to kasperky,Microsoft engine is a good idea,thanks

Regards

Posted by: Luc at abril 27,2006 19:41
Re: VirusTotal += Microsoft

since f-secure is based on kaspersky i guess there is no real need for adding it. i also think you could review the antivir and avira, since as far as i know this is now the same thing. no need to spend you system resources and scan times for several same scanners.

however i also give my vote to add trent micro :)

Posted by: saso at abril 28,2006 01:02
Re: VirusTotal += Microsoft

Please update the version of Symantec too.
They are in version 10 that are more efficient to get trojan horses. Everytime I use Virustotal,
Symantec fails when dealing with trojans and when I go to a workstation with Symantec 10 if detects the trojan.

Congrats about the new response system. Its beautifull.

Posted by: Abel at abril 28,2006 01:59
Re: VirusTotal += Microsoft

This is true "since f-secure is based on kaspersky i guess there is no real need for adding it"

But just because its based on the same scanning engine DOES NOT MEAN both av vendors detects the same amount of viruses...

AGAIN THE SAME ENGINE IS THE SAME ENGINE. THE SAME ENGINE IS NOT THE SAME AS THE VIRUS SIGNATURES WRITTEN FOR THAT AV PROGRAM AND NEVER WILL BE

Posted by: SFSDF at abril 28,2006 10:08
Re: VirusTotal += Microsoft

Although at first we got the TrendMicro Spain permission to use the engine, we received some time before making VirusTotal public a notification from their central to remove the engine from the service.

F-Prot refused to join the project when we asked them to do it some months ago.

About updating Symantec to version 10, we're in contact with them about that matter, but we're still waiting for a response from them providing us with a scanner that we can use in the VT framework.

About Avira and Antivir, they both asked to join VT in different moments, and we thought it would be a good idea to put them all. I suppose in not much time, Antivir will 'dissapear' in the service to let Avira be alone.

Posted by: jcanto at abril 28,2006 11:08
Re: VirusTotal += Microsoft

Correct me if im wrong!!!!!!!

But what this guy said "F-Prot refused to join the project when we asked them to do it some months ago." IS WRONG. I swear everytime I scan a file, I see a F-Prot result.

AM I SEEING THINGS. IM 19... AM I STUPID!?!?!?!?

Another thing I do not understand is if Avira and Antivir are the same thing then why do I get the result
Avira 6.34.1.58 04.28.2006 no virus found
AntiVir 6.34.0.24 04.20.2006 TR/Dldr.Adload.AM????????

And now they are saying Antivir will 'dissapear'.. For what just because they have the same engine. Like I stated before THE SAME ENGINE IS THE SAME ENGINE. THE SAME ENGINE IS NOT THE SAME AS THE VIRUS SIGNATURES OR DATA WRITTEN FOR THAT AV PROGRAM AND NEVER WILL BE....MEANING THOSE TO PROGRAMS ARE NOT REALLY THE SAME IN WHAT THREAT THEY DETECT..SO IN MY MIND THEY ARE DIFFERENT..BUT THATS JUST ME.

AND YET ANOTHER THING. VT's information on what version of antivirus is running on VT's framework is WACKYYYYY.
Example
For Ewido. Version 3.5 is correct, but for Sophos, version 4.05.0 is wrong. For instance Sophos's program version is 5.2.0 and Sophos's virus data is 4.05. Are we informing VT users of the software version or the virus data? Or we just randomly choosen numbers that seem to look like a "version"??

Posted by: UMMMMMMMMM at abril 28,2006 14:36
Re: VirusTotal += Microsoft

Yep, I'm sorry, I just wrote it wrong, I meant F-Secure. F-Prot is obviouslly in the service since a lot of time ago :)

About that number shown, it depends. I'll contact Sophos people about that interesting remark you've done to see if they prefer to show different data.

Anyway, please take it easy. I frankly don't understand why you write like if somebody offended you :)

Posted by: jcanto at abril 28,2006 17:14
Re: VirusTotal += Microsoft

HAHAHHAHAHAHHAHAHAHHAHAHAHAHHAHAHHAHAHAHAHHA

im not offended I just don't understand why people don't check their writing, their information, their facts.!!!!!!!

When I wrote on april 28,2006 14:36, the writing was purely to state a point. The point was that their is tons of misleading and incorrect information on VT framework and VT blog, and, I was hoping for the educated users to agree with me. I understand there is uneducated users "jcanto" I just wanted to prove a point!!!!

Posted by: UMMMMM at abril 28,2006 23:05
Re: VirusTotal += Microsoft

Great, then I'll be the first one to learn from your wise teachings :)

Posted by: jcanto at abril 29,2006 08:47
Re: VirusTotal += Microsoft

!!!COCKY JCANTO!!! Good. Great. Fantastic. Im glad you actually listen.

Posted by: ummm at abril 29,2006 11:16
Re: VirusTotal += Microsoft

Can You please update Avast! engine changes since that last summer version You list on website are major and affects quality of detection ...

Posted by: Dwarden at abril 29,2006 19:22
Re: VirusTotal += Microsoft

I agree and also symantec engines, i have no problems having symantec detect trojans and viruses but its seems that symantec does not detect adware. But when i subbmted files to sarc. they come back as adware such as adware-spysherriff

Posted by: UMMMM at abril 29,2006 21:52
Re: VirusTotal += Microsoft

http://blogs.technet.com/antimalware/archive/2006/04/28/426755.aspx

The above blog entry gives some info on the scanning engine and definitions used.

Posted by: bill sanderson at abril 29,2006 22:06
Re: VirusTotal += Microsoft

This scanner is based on the same technology found in Windows Live OneCare, the Windows Malicious Software Removal Tool, and Microsoft Antigen

Ok so microsft has windows live care, malicious software removal tool. microsoft antigen. don't they also have Malware Protection, and, windows defender

Im confused so Microsft has 3 antimalware,virus protection softwareprograms

Windows Defender
Malware Protection
Microsoft Antigen

Are thesejust different names for the same program or just different versions and different programs. like they will have with windows vista when its released?

Posted by: helloooo at abril 29,2006 23:38
Re: VirusTotal += Microsoft

@helloooo

we have to look a bit in the history books to understand this :)

1. in the past microsoft bought 3 different anti-malware companies. this ware the sybari antigen (an anti-virus platform that uses several different anti-virus engines from the most of the well known anti-viruses); RAV (reliable anti-virus, an well known and good anti-virus from romania); giant anti-spyware (an well known and good anti-spyware program).

so this is the history, now lets take a look what microsoft has made out of this :)

from the giant anti-spyware, they made the windows defender, an anti-spyware solution.

from rav anti-virus they use the anti-virus engine in Windows Malicious Software Removal Tool and
Windows Live OneCare and this is IMO also the engine that was added here at VT.

from the sybari antigen, then made the microsoft antigen, corporate solution based on several different well known anti-virus engines and including the above microsoft anti-virus engine (formally RAV).

Posted by: saso at abril 30,2006 12:14
Re: VirusTotal += Microsoft

it is a great pity that trend micro is refusing to be added. well here is a list of few other av engines that could be added: arcabit, virusbuster, authentium, ahnlab, hauri

anyway, i love this service, thank you very much for running it and thank you very much for sharing the samples with all the av vendors, i just hope av vendors anre analyzing them and addin to the beses :)

Posted by: saso at abril 30,2006 12:19
Re: VirusTotal += Microsoft

Is it possible that someone vt framework has other statistics for the framework beside whats shown on the statistics page. I would like stats of maybe the number one threat submitted in a yearly period. I would like whatever statistics that are not shown on the main stats page.

Posted by: mary at mayo 01,2006 00:47
Re: VirusTotal += Microsoft

Avira and AntiVir are actually the same program, just different names for distribution in different countries. The company completely switched to Avira though, as you can see when you go to their homepage. It is not only the same engine, it is the same program, the same database -- just another name.

And for the differences: If you look at it, the AntiVir was not updated since april, 20th and thus knows less viruses. The reason for that is that AntiVir is simply no longer maintained, since it was melted with Avira.

Posted by: John at mayo 03,2006 13:34
Re: VirusTotal += Microsoft

Just wanted to say that you provide a wonderful service. Thank you!

Posted by: Cd0MaN at mayo 03,2006 19:22
Re: VirusTotal += Microsoft

Does anybody know where to submit a virus sample for inclusion in the Microsoft engine. I searched microsoft.com for "submit virus sample" but I got no usefull results?

Posted by: Placebo at mayo 04,2006 16:02
Re: VirusTotal += Microsoft

should be avsubmit at submit.microsoft. com for viruses and windefend at submit.microsoft. com for windows defender (spyware?)

Posted by: saso at mayo 04,2006 23:01
Re: VirusTotal += Microsoft

avsubmit@submit.microsoft.com (virus/worm/trojan/etc samples); windefend@submit.microsoft.com (spyware samples). Note that these use @submit.microsoft.com ...

Posted by: asdasd at mayo 05,2006 10:43
Re: VirusTotal += Microsoft

You should try add "Ghostbusters Pro" from Antiy http://www.antiy.net/ or at least theirs free "AVL mini" to Your bulk of scanners ...

Posted by: Dwarden at mayo 08,2006 12:35
Re: VirusTotal += Microsoft

I would recommend to everyone who would like to suggest AV products to be included on the site (or to buy / use one) to first take a look at industry recognized tests (like http://www.av-comparatives.org/) and only consider the programs which appear there. In todays world there is no way a small company with little human resources can put out a product which would protect againts many of the in the wild threats.

Posted by: Cd0MaN at mayo 09,2006 10:57
Re: VirusTotal += Microsoft

Re Fprot/Fsecure stats, I came to visrutotal via linx sent to me by the Counterspy guys.
http://sunbeltblog.blogspot.com/2006/04/these-botnets-are-getting-pretty-slick.html
They show your scan results for a bunch of malware, and of these only Drweb, Antivir and VBA32 have any useful rate of detection. IS THIS REALLY CORRECT?? I have used Fsecure for years (over 10, in fact) and have good faith in their products, when others have gone flaky they have kept performing. They also use more than one engine, not just Kaspersky, I believe they have three or four, and these work in tandem. Antivir is a very good product as well and I am also using it. However DrWeb and VBA32 are not known to me, does this mean that I should be switching to them as they have "apparently" better rates of detection or is your methodology flawed? Can it be that major vendors like Symantec, McAfee, Sophos and Fsecure fail to detect ALL variants of this malware? Seems strange..

Posted by: daxiongben at mayo 12,2006 04:34
Re: VirusTotal += Microsoft

You can't judge performance of any product (neither in positive or negative way) by an 'statistic' taken from a so tiny ammount of references.

Posted by: jcanto at mayo 12,2006 08:24
Re: VirusTotal += Microsoft

virustotal is good

Posted by: blabla at mayo 30,2006 05:15
Re: VirusTotal += Microsoft

Microsoft antivirus??? omg ... well, lets try:
http://img102.imageshack.us/img102/6522/virustotal3ac.jpg
Mmmm, not bad this time. Its one of the five that find the trojan i send.
Dr Web, Microsoft, NOD32, Norman and VBA32.

And yes, i know, my english isnt perfect. Que le vamos a hacer ...

Posted by: FAQsimil at mayo 30,2006 17:58
Re: VirusTotal += Microsoft

um virus encontrado no msn messenger

Posted by: cristina at junio 06,2006 00:59
Re: VirusTotal += Microsoft

A big thanks for running this service, it is incredibly useful! The average human only wants to run ONE anti-virus product, and most corporate-level appliances for email only run two or at most three. So having VT as an additional testing ground is wonderful.

To the comments on efficacy of solutions, I would say that my results with VT show that Symantec has the poorest detection of all...even ClamAV often traps things Symantec can't see. I don't know if updating the scan engine here to v10 would help that or not....

As always, I am a sample size of one, YMMV....

Posted by: pablo at junio 06,2006 04:00
Re: VirusTotal += Microsoft

bueno

Posted by: Christian Llerena at septiembre 22,2006 17:46
Re: VirusTotal += Microsoft

Good job on adding the microsoft AV engine to the list, got a pretty big list now of the major Anti viruses!

Posted by: Stan at agosto 03,2010 14:47
Trackbacks
Please send trackbacks to: http://blog.hispasec.nospam/virustotal/3/tbZ3ping
Replace "nospam" with "com"
Boletín 00054 - 08/05/2006

1.- Escalada de privilegios a través de interfaz HTTP de Cisco Unity Express 2.X2.- Actualización urgente...

Posted by: Weblog de Mauricio (W.O.L.F.) R. Arreola González at mayo 08,2006 18:24
Post a comment