I do manual antivirus scanning with three or four different software. But I'm losing faith in all of them because the
results are so different...even in the rare event that they spot the same suspect file, they can't seem to get the name
of the virus right. One says one thing, the other something completely different. I often go online and try to find
information on a named virus(or trojan, or whatever) and usually can't find anything but a very sketchy few words such
as "yes this is a virus". Most of the time when I google a virus name the first 10-20 entries are those web sites that
try to convince you the end of the world is coming (via a virus) and you have to immediately use their web based scan.

I'm using Avast 4.7, Norton Corporate Antivirus, Solo Antivirus, AVG. Today a rare thing happened, two of the software
agreed that a certain file was a "virus". The problem was they each had a different identification for it...Norton
called it a "downloader", Avast said it's "Win32: Trojan-gen (Other)". Avast likes to use this designation a lot.

Is there a gold standard web site or software that is highly accurate...one that I could use to double check these flaky
results. Or do I have to create a new partition and OS just to test every suspicious file because I have no faith left
with these softwares. What a lot of time that's going to take!

jc

jbclem wrote:

What is with the excessively long 130-character lines? So why did you
change the default line length in Outlook Express from 76 to 130?

Not all newsreaders have a rewrap function (when replying to reformat to
shorter line length). Not everyone uses a newsreader that provides for
automatic linewrap, and having to scroll to the right or possibly end up
with truncated lines is a nuisance. All following lines were truncated
at 76 characters to show you what your post might look to someone else.

> I do manual antivirus scanning with three or four different software. But I
> results are so different...even in the rare event that they spot the same su
> of the virus right. One says one thing, the other something completely diff
> information on a named virus(or trojan, or whatever) and usually can't find
> as "yes this is a virus". Most of the time when I google a virus name the
> try to convince you the end of the world is coming (via a virus) and you hav
>
> I'm using Avast 4.7, Norton Corporate Antivirus, Solo Antivirus, AVG. Toda
> agreed that a certain file was a "virus". The problem was they each had a d
> called it a "downloader", Avast said it's "Win32: Trojan-gen (Other)". Avas
>
> Is there a gold standard web site or software that is highly accurate...one
> results. Or do I have to create a new partition and OS just to test every s
> with these softwares. What a lot of time that's going to take!

There is no international organization is that is assigned the
responsibility for naming viruses or their variations. Each antivirus
vendor has their own detection and analysis lab, not just one facility
that they all pay and use together.

Using multiple partitions for separate instances of antivirus detection
will not alter that each vendor uses their own name, so you will still
be stuck with different names used by different antivirus vendors to
identify the same virus.

As for faith, that is a topic of more contentious newsgroups. If you
trusted someone to repair your car who was called John by himself but
found out he was called Red by his coworkers because of his hair color,
used Jalopy as his moniker in newsgroups, and found out his legal name
was Ian, would you lose faith in John aka Red aka Jalopy aka Ian to
repair your car?

"What's in a name? That which we call a rose
By any other name would smell as sweet."
(Juliet, in "Romeo and Juliet", by Shakespeare)

Thanks for the referral to Virus Total, that really helps in the determination. For example, the file I was most
concerned about was tagged by 23 of 38 antivirus machines, including most of the big name ones. That means a lot more
than another file that was mildly tagged by 8 of 38, none of which was a big name, and only five of which actually put
some kind of name to it (one actually called it "not a virus").

I wasn't so much concerned about the name disparity as I was by the complete lack of unanimity between antivirus
programs that I'd used. I'm also relieved to hear your opinion about Solo Antivirus, I liked it because it was so quick
but there may be a reason for that. Why is it you think it's worthless? How about some of the unknown(to me) machines
on Virus Total. Are there some that you pay more attention to than others?

jc



"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news(E-Mail Removed)...
> From: "jbclem" <(E-Mail Removed)>
>
> | I do manual antivirus scanning with three or four different software. But I'm losing
> | faith in all of them because the
> | results are so different...even in the rare event that they spot the same suspect file,
> | they can't seem to get the name
> | of the virus right. One says one thing, the other something completely different. I
> | often go online and try to find
> | information on a named virus(or trojan, or whatever) and usually can't find anything
> | but a very sketchy few words such
> | as "yes this is a virus". Most of the time when I google a virus name the first 10-20
> | entries are those web sites that
> | try to convince you the end of the world is coming (via a virus) and you have to
> | immediately use their web based scan.
>
> | I'm using Avast 4.7, Norton Corporate Antivirus, Solo Antivirus, AVG. Today a rare
> | thing happened, two of the software
> | agreed that a certain file was a "virus". The problem was they each had a different
> | identification for it...Norton
> | called it a "downloader", Avast said it's "Win32: Trojan-gen (Other)". Avast likes to
> | use this designation a lot.
>
> | Is there a gold standard web site or software that is highly accurate...one that I
> | could use to double check these flaky
> | results. Or do I have to create a new partition and OS just to test every suspicious
> | file because I have no faith left
> | with these softwares. What a lot of time that's going to take!
>
> | jc
>
>
> Solo Antivirus is nothing but crap. Pure worthless crap.
>
> As for naming a given infector, it is true. It is rare when all AV vendors identify the
> same infector using the same name. This has always been a problem. However, this is NOT
> a "flaky" result. They just don't name the same infector the same. There no
> collaboration. This doen't mean there flagging a given file is unjustified it only meand
> they have assigned it differently. Even when they might identify it with the same
> familily name like Zlob, they may assign in a different variant suffix.
>
> This is a problem that had plagued the AV industry from the beginning. To try to deal
> with this problem, MITRE was contracted by the US CERT to come up with a common naming
> convention for malware that was deemed to have infected numerous systems. This the the
> MITRE Common Malware Enumerator (CME) list. MITE will assign a CME number and provide a
> cross-indexed listing. For example, MITRE assigned 711 to a given downloader trojan and
> thus the name becomes, CME-711.
>
> "CME-711 is a Trojan Downloader that is spread as an attachment to emails with news
> headlines as the subject lines which downloads additional security threats,"
>
> When this happens hopefully the AV company will append their name with !CME-711
>
> http://cme.mitre.org/data/list.html
>
> Unfortunately, I haven't seen MITRE keep up with the new threts so this has basically
> failed.
>
> This is a problem, I am afriad to see, will last.
>
> However systems like Virus Total are helpful in that when you submit a malware sample you
> can see who falsgs and what they flag it as and you can then, hopefully, use their
> encyclopedia/dictionaries to see what the infector is and does.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>