Proof of AVG weakness!

[Fritz Wuehler]

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

Where is the usefullness of such a false certification by AVG?
It will give stupid users the false sense of security!

It is a worthless advertising spam for a worthless AV program!

_______________________________________

 

[Nick FitzGerald]

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

And your point is???

Anyone with two functioning brain cells has been pointing this out
since Adam was a cowboy...

Where is the usefullness of such a false certification by AVG?

It certainly is useless for what it claims to be, which as I just
said, has been obvious for as long as the free version has been
available.

It will give stupid users the false sense of security!
Yep.

It is a worthless advertising spam ...

So you did know its "usefulness", so why did have to you ask above?

Actually, I suspect that it is not _worthless_ advertising. I'm sure
the marketing folk at AVG/Grisoft see some positive value from it.
For example, I sure has some consciousness raising value -- all those
AVG users must send some amount of Email to small businesses (and
even some larger ones) where this previously unheard of product is
not being used. Some of them may decide to change to AVG (or even
start using AV s/w for the first time) and that is a gain to the
company from a nil-cost "investment" (it's actually not quite nil-
cost -- each user of AVG who has not turned off this "feature" sends a
very slightly larger volume of network traffic when sending their
messages and thus contributes to slightly higher network traffic costs
(although they may not see it as such -- depending on the basis of
their payment plan perhaps the rate at which their access cost drops
falls at slower rate)).

.... for a worthless AV program!

That is a tad harsh, but it is probably easy to make a stronger case
for other products if speed of updates, detection rate in obscure zoo
collections, detection rate of "unknown" malware based on heuristic
and/or generic detection methods and so on are more important factors
than just cost...

 

[Richard Steven Hack]

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

Are you saying this is a new variant which AVG does not have a
signature for? If so, then how do you expect ANY antivirus to detect
it if there is no signature for it? And if it can't detect it, then
obviously there is nothing wrong in saying it can't find a virus in
the email, right?

Where is the usefullness of such a false certification by AVG?
It will give stupid users the false sense of security!

Right - it will give STUPID users a false sense of security. Until
they run their next update and get the signature - or the person
receiving the email who is running an AV WITH the signature notified
them that they need to update their definitions. Which is exactly
what ALL antivirus software does.

It is a worthless advertising spam for a worthless AV program!

AVG is adequate for people who do not get tons of email (and therefore
tons of viruses). It is FREE! If I was paying $100 for it, I might
complain. If I buy Norton and it proceeds to fight with every
freaking program I have running on the system, I would complain.

I have had people tell me it was nice I had the certification on my
email because it indicated that I cared - unlike the numbnuts who
don't - which is why we HAVE viruses everywhere.

Get a clue.

 

[Joseph Morlan]

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

Where is the usefullness of such a false certification by AVG?
It will give stupid users the false sense of security!

It is a worthless advertising spam for a worthless AV program!

_______________________________________

AVG detected it on incoming for me today:

Viruses found in the attached files.
The attached file www.paypal.com.pif: I-Worm/Mimail.J. The attachment was
removed from the mail.

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.541 / Virus Database: 335 - Release Date: 11/14/03

AVG issued new virus definitions today.

 

[Tech Zero]

The voice of "Fritz Wuehler" drifted in on the cyber-winds,
from the sea of virtual chaos...

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

Where is the usefullness of such a false certification by AVG?
It will give stupid users the false sense of security!

It is a worthless advertising spam for a worthless AV program!

All that proves is that NAV is better at holistics then AVG...

Detection for the latest Mimail worm (I-Worm/Mimail.J) wasn't added
until the today's update (336). This is AVG's typical style; don't flag
a virus or worm until you know it's infectious. But since this little
nasty has a built-in SMTP engine it's quite likely that it's adding
that SPAM TAIL to end of it's messages itself.

All of today's AV software has problems detecting the current crop
"Hybrids"... Because NAV went the pro-active long ago it has a slight
edge these days, but it still gets too many false positives as well,
including yelling wolf at every harmless email trick.

AVG is still "old school"; it can't detect what it doesn't have a
signature for. This does make it less affective against unknown
viruses, but so is most of the most of the competition. Grisoft does
update their definitions far more frequently though, often as soon as a
virus has been "defined".

In the end it's a matter of choice...
Do you like a quiet AV program, with the narrow chance that it'll miss
today's mutations because you only have yesterday's definitions? Or do
you want an AV program the yells wolf at even at the slightest smell of
viral, even if it's wrong *this time*?

Personally, nothing beats practicing safe Hex and deleting all incoming
attachments. Just delete any messages over 10k in size at the server
and you'll never get the infected to begin with. }:8P


Now, as for you *Fritz Wuehler*...
Your just a anon behind your little dizum. Why would anyone care what
your opinion is when you won't stake your personal reputation on it.

 

[Richard Steven Hack]

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

AVG updated today - November 18, 2003 - detects new MiMail variant.

You were saying?

 

[Malev]

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

Where is the usefullness of such a false certification by AVG?
It will give stupid users the false sense of security!

It is a worthless advertising spam for a worthless AV program!

It's not mandatory to use AVG.
If you don't like it, use something else.

 

[Blevins]

It is a worthless advertising spam for a worthless AV program!

Precisely.

 

[Blevins]

All that proves is that NAV is better at holistics then AVG

Better what?

 

[Roy Coorne]

Better what?

Perhaps Tech Zero speak for heuristics?

Roy

 

[John Coutts]

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

Where is the usefullness of such a false certification by AVG?
It will give stupid users the false sense of security!

It is a worthless advertising spam for a worthless AV program!

_______________________________________

**************** REPLY SEPARATER *****************
You are 100% correct. Anti-Virus software does give a false sense of security
and cannot replace good operating practice and common sense. The MiMail.J
virus was only discovered Nov. 17. Heuristic based software MAY have been able
to detect it, but that is not a given.

The copies that we have were deliberately and maliciously sent direct to
non-existent customers, thereby attempting to bypass our filters. None have
been sent through our filtering service yet, so we don't know if they will be
detected or not. IT TAKES TIME TO UPDATE ANY ANTI_VIRUS SOFTWARE!

 

[ss_spa]

Are you saying this is a new variant which AVG does not have a
signature for? If so, then how do you expect ANY antivirus to detect
it if there is no signature for it? And if it can't detect it, then
obviously there is nothing wrong in saying it can't find a virus in
the email, right?

No, what he is saying is that AVG is certifying the attachment as not
containing a virus. If the claim is to be believed, as it will be by
Joe Average, they will launch the file under a false sense of security
provided by the makers of AVG.

I have had people tell me it was nice I had the certification on my
email because it indicated that I cared - unlike the numbnuts who
don't - which is why we HAVE viruses everywhere.

Yes, and the users who have told you it was nice to have that sig have
now clicked on a file because it was certified by AVG. This is why
that sig should be turned off or removed as a feature of AVG

Get a clue.

Yes, you really should.

tim

 

[Ernest T. Bass]

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

Where is the usefullness of such a false certification by AVG?
It will give stupid users the false sense of security!

It is a worthless advertising spam for a worthless AV program!

You don't have to prove to me it's useless, I found that out the hard way.
F secure is doing great, btw.

 

[Blevins]

Perhaps Tech Zero speak for heuristics?

Heh heh..."Computer heal thyself!"

 

[MJD]

I agree the 'certification' is silly, as are the people who believe what it
says and leave it on their outgoing mail.
But the mail you quote has a database date of 11/14/03.
What date was the mail sent/received?
The current database is 11/18/03.

Outgoing mail underneath is certified Virus Free by AVG anti-virus
system, but it has the virus in attachment. I have 4 copies, each
the same identical! He is a new MiMail variant, now confirmed!

Where is the usefullness of such a false certification by AVG?
It will give stupid users the false sense of security!

It is a worthless advertising spam for a worthless AV program!

_______________________________________

is a part of the renamed object

 

[Anonymous]

Heh heh..."Computer heal thyself!"

Good one, Blevins. (Really!)

 

[Gadi Evron]

All that proves is that NAV is better at holistics then AVG...

Detection for the latest Mimail worm (I-Worm/Mimail.J) wasn't added
until the today's update (336). This is AVG's typical style; don't flag
a virus or worm until you know it's infectious. But since this little
nasty has a built-in SMTP engine it's quite likely that it's adding
that SPAM TAIL to end of it's messages itself.

All of today's AV software has problems detecting the current crop
"Hybrids"... Because NAV went the pro-active long ago it has a slight
edge these days, but it still gets too many false positives as well,
including yelling wolf at every harmless email trick.

NAV may be better at that than AVG in your opinion, but it isn't as much
a "sure thing" as you make it sound.

I tried NAV on some 60 sdbot variants (a.k.a kwbot), and it detected
half of the binaries, some as completely different Trojan horses.

That's a serious improvement over what it used to be like even just 3
years ago, with many AV products. AV products were never very competent
with Trojan horses, but things are getting better.

True, this one is open-source, and copy-cats have been coming out..
erm.. "like crazy", but nothing is truly 100%. Also, if something is
free, stop complaining about it. You want better? Pay up! How important
is it to you?

Gadi Evron

The Trojan Horses Research mailing list - http://ecompute.org/th-list

 

[kurt wismer]

It's not mandatory to use AVG.
If you don't like it, use something else.

the problem, as i understand it, is not that avg is inherently bad
(although the subject says otherwise) but that the certfication
'feature' is pure snake-oil... while the argument showing that it is
snake-oil is old, it's no less useful to have actual recorded instances
of the certification being false (that way we can argue that not only
*can* it happen, it *has* happened)...

i don't think that avg is, technologically, a grossly inferior product
compared to other products... but it does employ snake-oil tactics and
obvious intellectual dishonesty (av's cannot tell you a virus isn't
present, they can only tell you when there is one present - ergo the
certification is a bald-faced lie)... and now that i think of it, i
suspect that's as good a reason as any to steer newbies away from it...
the last thing we need is to replace user awarness with anti-virus
fairy tales...

 

[BoB]

The voice of "Fritz Wuehler" drifted in on the cyber-winds,
from the sea of virtual chaos...


Personally, nothing beats practicing safe Hex and deleting all incoming
attachments. Just delete any messages over 10k in size at the server
and you'll never get the infected to begin with. }:8P

Finally an intelligent point in this thread. Don't be so curious.
Read email in text only and do as above. Your AV should NOT be
your first line of defense.

BoB
For the duration of Swen, my address is inoperative.

 

[Adam Pepper]

Are you saying this is a new variant which AVG does not have a

signature for? If so, then how do you expect ANY antivirus to detect
it if there is no signature for it? And if it can't detect it, then
obviously there is nothing wrong in saying it can't find a virus in
the email, right?

One word 'heuristics'

Reliance on signature based detection will always leave your system open to
infection as there is no way any vendor can release a new signature file
before or at the same time as a new threat is discovered. Duh!

Turn on the heuristic detection and live with a few false positive
detections
--
acmp<><
(e-mail address removed) <not real duh!
acmp at ntl world dot com

http://www.HacksMeOff.pagehere.com