Corrections to Windows 2000 server comparative review

2006-11-01

Helen Martin

Virus Bulletin, UK
Editor: Helen Martin

Abstract

Updates and corrections to last month's Windows 2000 Server comparative review.


Following the publication of last month's Windows 2000 Server comparative review, some questions have arisen over several of the files from the clean test set which caused false positives from a number of vendors. After some deeper analysis, VB concludes that some amendments are required to the clean test set, as well as to the number of VB 100% awards given in last month's review.

The file that spoiled BitDefender's chances of gaining a VB 100% award, along with those of G DATA and AEC (manufacturer of Trustport), has been identified as a hacker tool, detection for which was recently added to the BitDefender product. The file will be struck from the clean set, and since this was the single point of failure for all three of these products, all three are now awarded a VB 100%. G DATA also joins the elite group of products detecting 100% of samples across all the test sets in October's review. VB extends its apologies to all three companies.

The file labelled 'suspicious' by Symantec has also been identified as a hacker tool, and as such it will be removed from the clean set (since Symantec's product merely labelled the file as 'suspicious', rather than claiming that it was malicious, the product was not denied a VB 100% in last month's review).

Finally, a corrupted zip which Avira's Antivir product flagged as infected, has been identified as a file which should have been removed from the clean set a while ago. The file has been confirmed as containing code of the Fosforo virus, which after careful extraction remains a working threat. Antivir was the only product to detect this. The remaining clean set file alerted on by Avira has been confirmed to be a false positive - we are told that Avira developers spotted and fixed this issue in late September.

Moving on from false positives, VB regrets that typographical errors appeared in both the on-demand and on-access tables published for the October 2006 comparative review. In both tables the number of files missed by Antivir in the polymorphic and standard test sets were transposed. In both tables the numbers should have read '0' in the standard set and '150' in the polymorphic set. The percentages reported in the tables are correct as they stand. VB apologises for the confusion.

A thorough review of the VB clean test set will be conducted before the next comparative review, which will test products for the Windows XP 64-Bit platform. The results of that review will be published in next month's issue of VB. Vendors wishing to submit products for future reviews should contact John Hawes at [email protected].

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.