Comments on: What VirusTotal is not https://grey-panther.net/2009/11/what-virustotal-is-not.html Just another WordPress site Tue, 17 Nov 2009 09:32:45 +0000 hourly 1 https://wordpress.org/?v=6.7.1 By: Cd-MaN https://grey-panther.net/2009/11/what-virustotal-is-not.html#comment-224 Tue, 17 Nov 2009 09:32:45 +0000 https://grey-panther.net/?p=177#comment-224 @Peter: information is very rarely pure, especially if it comes from persons who have considerable involvement with the given issue.

While I agree with you that AV is not perfect, I disagree with the method of "talking down" a given technology, especially when your own technology (ie. the "Zero-hour detection") is very similar to the one you criticize. IMHO, it also makes no business sense, because it is much easier to sell using the slogan "we are a better AV" than the slogan "we have magic pixie dust which is better than AV!" – but what do I know, I'm just a techno geek, right?

Disclaimer: I have no detailed knowledge of the inner workings of the "Zero-hour" technology, but from what I've seen, it is very similar to the existing AV technologies (ie. centralized updates, pushed frequently and the clients use pattern matching based on the db). If I understand correctly the distinct features would be the automatic generation of patterns and the collection of samples from clients – however both of these are present in current mainstream AV products (some widely publicized – like McAfee Artemis – others not).

PS. Hopefully you take this as it was intended – as constructive criticism. I still am (and will be) a subscriber to your blog.

]]>
By: Peter Louies https://grey-panther.net/2009/11/what-virustotal-is-not.html#comment-226 Tue, 10 Nov 2009 05:20:08 +0000 https://grey-panther.net/?p=177#comment-226 Hi,

I've read your article and can understand your standpoint but to be honest, what I do with Virus Total is not negative propaganda but pure information. Your arguments are debatable but I respect your arguments.

When I publish a virus report on the MX Lab Blog I include the Virus Total information as additional information but also as a warning that certain viruses, trojans and variants of those aren't detected by the majority of AV engines.

Of course, this is only at a certain 'point in time'. Perhaps I should do a blog article where I submit a virus at certain time frames to see how the AV engines detect the virus over time.

Virus Total allows us to analyse, up to a certain level, okay quite limiting I have to admit, a threat without going to the hassle of installing and maintaining +40 computers or virtual machines with all the available AV engines.

But we have to face the fact that AV engines, with signature based techniques, aren't adequate for the job. And I am not the only person who is thinking this and loudly saying it. You should read the following article: http://www.commtouch.com/download/1476.

]]>