Ithink you have to update Kaspersky's engine to last version - 220.127.116.119, because they have absolutly new system of detection and version 4.x that you are using it's too old (5-6) years old!
Try to update!
i think the update is not as critical as it may seem at the first moment. true version 4 is very old and the new version 6 has some very powerful new technologies, however the scanning engine is actually in both versions more or less the same and it is version 3. you have to understand that there is a difference between the scanning engine version and the rest of the technologies and features that are all combined in an av package. for example the mcafee program is also at version 10 or (something like that) and their scan engine is version 4.xx (they are also working on version 5.00). so since virustotal is using it only for doing on-demand scans it should in most cases make no difference. specially since allot of kaspersky scan engine is also in the bases and they are the same for all program version. but yes, if they are able to upgrade... why not :)
question about the microsoft engine... what engine? :) the one from their corporate av (sybari), or the one for their personal av (rav), or the one from the windows defender/antispyware (giant)?
my internet explorer is open even when i close it
Yes, we're going to update the Kaspersky engine ASAP. The Microsoft one is called Malware Protection, and includes 'separate' signatures for virus and spyware. Ask MS for details about it :) Sybari was an agregation of third party engines (Sophos, Kaspersky, VirusBuster, etc).
Please adds the f-secure scanner or trend micro scanner,f secure is a good antivirus,the scan engine is based to kasperky,Microsoft engine is a good idea,thanks
since f-secure is based on kaspersky i guess there is no real need for adding it. i also think you could review the antivir and avira, since as far as i know this is now the same thing. no need to spend you system resources and scan times for several same scanners.
however i also give my vote to add trent micro :)
Please update the version of Symantec too.
They are in version 10 that are more efficient to get trojan horses. Everytime I use Virustotal,
Symantec fails when dealing with trojans and when I go to a workstation with Symantec 10 if detects the trojan.
Congrats about the new response system. Its beautifull.
This is true "since f-secure is based on kaspersky i guess there is no real need for adding it"
But just because its based on the same scanning engine DOES NOT MEAN both av vendors detects the same amount of viruses...
AGAIN THE SAME ENGINE IS THE SAME ENGINE. THE SAME ENGINE IS NOT THE SAME AS THE VIRUS SIGNATURES WRITTEN FOR THAT AV PROGRAM AND NEVER WILL BE
Although at first we got the TrendMicro Spain permission to use the engine, we received some time before making VirusTotal public a notification from their central to remove the engine from the service.
F-Prot refused to join the project when we asked them to do it some months ago.
About updating Symantec to version 10, we're in contact with them about that matter, but we're still waiting for a response from them providing us with a scanner that we can use in the VT framework.
About Avira and Antivir, they both asked to join VT in different moments, and we thought it would be a good idea to put them all. I suppose in not much time, Antivir will 'dissapear' in the service to let Avira be alone.
Correct me if im wrong!!!!!!!
But what this guy said "F-Prot refused to join the project when we asked them to do it some months ago." IS WRONG. I swear everytime I scan a file, I see a F-Prot result.
AM I SEEING THINGS. IM 19... AM I STUPID!?!?!?!?
Another thing I do not understand is if Avira and Antivir are the same thing then why do I get the result
Avira 18.104.22.168 04.28.2006 no virus found
AntiVir 22.214.171.124 04.20.2006 TR/Dldr.Adload.AM????????
And now they are saying Antivir will 'dissapear'.. For what just because they have the same engine. Like I stated before THE SAME ENGINE IS THE SAME ENGINE. THE SAME ENGINE IS NOT THE SAME AS THE VIRUS SIGNATURES OR DATA WRITTEN FOR THAT AV PROGRAM AND NEVER WILL BE....MEANING THOSE TO PROGRAMS ARE NOT REALLY THE SAME IN WHAT THREAT THEY DETECT..SO IN MY MIND THEY ARE DIFFERENT..BUT THATS JUST ME.
AND YET ANOTHER THING. VT's information on what version of antivirus is running on VT's framework is WACKYYYYY.
For Ewido. Version 3.5 is correct, but for Sophos, version 4.05.0 is wrong. For instance Sophos's program version is 5.2.0 and Sophos's virus data is 4.05. Are we informing VT users of the software version or the virus data? Or we just randomly choosen numbers that seem to look like a "version"??
Yep, I'm sorry, I just wrote it wrong, I meant F-Secure. F-Prot is obviouslly in the service since a lot of time ago :)
About that number shown, it depends. I'll contact Sophos people about that interesting remark you've done to see if they prefer to show different data.
Anyway, please take it easy. I frankly don't understand why you write like if somebody offended you :)
im not offended I just don't understand why people don't check their writing, their information, their facts.!!!!!!!
When I wrote on april 28,2006 14:36, the writing was purely to state a point. The point was that their is tons of misleading and incorrect information on VT framework and VT blog, and, I was hoping for the educated users to agree with me. I understand there is uneducated users "jcanto" I just wanted to prove a point!!!!
Great, then I'll be the first one to learn from your wise teachings :)
!!!COCKY JCANTO!!! Good. Great. Fantastic. Im glad you actually listen.
Can You please update Avast! engine changes since that last summer version You list on website are major and affects quality of detection ...
I agree and also symantec engines, i have no problems having symantec detect trojans and viruses but its seems that symantec does not detect adware. But when i subbmted files to sarc. they come back as adware such as adware-spysherriff
The above blog entry gives some info on the scanning engine and definitions used.
This scanner is based on the same technology found in Windows Live OneCare, the Windows Malicious Software Removal Tool, and Microsoft Antigen
Ok so microsft has windows live care, malicious software removal tool. microsoft antigen. don't they also have Malware Protection, and, windows defender
Im confused so Microsft has 3 antimalware,virus protection softwareprograms
Are thesejust different names for the same program or just different versions and different programs. like they will have with windows vista when its released?
we have to look a bit in the history books to understand this :)
1. in the past microsoft bought 3 different anti-malware companies. this ware the sybari antigen (an anti-virus platform that uses several different anti-virus engines from the most of the well known anti-viruses); RAV (reliable anti-virus, an well known and good anti-virus from romania); giant anti-spyware (an well known and good anti-spyware program).
so this is the history, now lets take a look what microsoft has made out of this :)
from the giant anti-spyware, they made the windows defender, an anti-spyware solution.
from rav anti-virus they use the anti-virus engine in Windows Malicious Software Removal Tool and
Windows Live OneCare and this is IMO also the engine that was added here at VT.
from the sybari antigen, then made the microsoft antigen, corporate solution based on several different well known anti-virus engines and including the above microsoft anti-virus engine (formally RAV).
it is a great pity that trend micro is refusing to be added. well here is a list of few other av engines that could be added: arcabit, virusbuster, authentium, ahnlab, hauri
anyway, i love this service, thank you very much for running it and thank you very much for sharing the samples with all the av vendors, i just hope av vendors anre analyzing them and addin to the beses :)
Is it possible that someone vt framework has other statistics for the framework beside whats shown on the statistics page. I would like stats of maybe the number one threat submitted in a yearly period. I would like whatever statistics that are not shown on the main stats page.
Avira and AntiVir are actually the same program, just different names for distribution in different countries. The company completely switched to Avira though, as you can see when you go to their homepage. It is not only the same engine, it is the same program, the same database -- just another name.
And for the differences: If you look at it, the AntiVir was not updated since april, 20th and thus knows less viruses. The reason for that is that AntiVir is simply no longer maintained, since it was melted with Avira.
Just wanted to say that you provide a wonderful service. Thank you!
Does anybody know where to submit a virus sample for inclusion in the Microsoft engine. I searched microsoft.com for "submit virus sample" but I got no usefull results?
should be avsubmit at submit.microsoft. com for viruses and windefend at submit.microsoft. com for windows defender (spyware?)
firstname.lastname@example.org (virus/worm/trojan/etc samples); email@example.com (spyware samples). Note that these use @submit.microsoft.com ...
You should try add "Ghostbusters Pro" from Antiy http://www.antiy.net/ or at least theirs free "AVL mini" to Your bulk of scanners ...
I would recommend to everyone who would like to suggest AV products to be included on the site (or to buy / use one) to first take a look at industry recognized tests (like http://www.av-comparatives.org/) and only consider the programs which appear there. In todays world there is no way a small company with little human resources can put out a product which would protect againts many of the in the wild threats.
Re Fprot/Fsecure stats, I came to visrutotal via linx sent to me by the Counterspy guys.
They show your scan results for a bunch of malware, and of these only Drweb, Antivir and VBA32 have any useful rate of detection. IS THIS REALLY CORRECT?? I have used Fsecure for years (over 10, in fact) and have good faith in their products, when others have gone flaky they have kept performing. They also use more than one engine, not just Kaspersky, I believe they have three or four, and these work in tandem. Antivir is a very good product as well and I am also using it. However DrWeb and VBA32 are not known to me, does this mean that I should be switching to them as they have "apparently" better rates of detection or is your methodology flawed? Can it be that major vendors like Symantec, McAfee, Sophos and Fsecure fail to detect ALL variants of this malware? Seems strange..
You can't judge performance of any product (neither in positive or negative way) by an 'statistic' taken from a so tiny ammount of references.
Microsoft antivirus??? omg ... well, lets try:
Mmmm, not bad this time. Its one of the five that find the trojan i send.
Dr Web, Microsoft, NOD32, Norman and VBA32.
And yes, i know, my english isnt perfect. Que le vamos a hacer ...
um virus encontrado no msn messenger
A big thanks for running this service, it is incredibly useful! The average human only wants to run ONE anti-virus product, and most corporate-level appliances for email only run two or at most three. So having VT as an additional testing ground is wonderful.
To the comments on efficacy of solutions, I would say that my results with VT show that Symantec has the poorest detection of all...even ClamAV often traps things Symantec can't see. I don't know if updating the scan engine here to v10 would help that or not....
As always, I am a sample size of one, YMMV....
Good job on adding the microsoft AV engine to the list, got a pretty big list now of the major Anti viruses!
Please send trackbacks to: http://blog.hispasec.nospam/virustotal/3/tbZ3ping
Replace "nospam" with "com"
Boletín 00054 - 08/05/2006
1.- Escalada de privilegios a través de interfaz HTTP de Cisco Unity Express 2.X2.- Actualización urgente...