Marx tested Antiviruses: WMF Exploit

..today. In German - but try Bablefish....

73 different examples tested - 100% decection only:

Avast!, BitDefender, ClamAV, F-Secure, Fortinet, McAfee, Nod32, Panda, Sophos, Symantec, Trend Micro und VirusBuster.

80% detection rate:

eTrust (VET), QuickHeal, AntiVir, Dr. Web, Kaspersky und AVG.

 

Re: Marx tested Amtviruses: WMF Exploit

Was this test done with the special Kaspersky Lab WMF patch implentated?

 

Re: Marx tested Amtviruses: WMF Exploit

Marx is the only one who can answer that one. Fact remains several other antiviruses (see above) obviously didn't need a patch. Average Joe's aren't even aware of patches...

 

Re: Marx tested Amtviruses: WMF Exploit

That's a valid argument!

 

Thanks for the info.

I am suprissed that VBA came so low!

I asked Norman AV about this and they will not be able to detect this exploit until they release a new scan engine (Although they are working at this at the moment and it is going through QE so hopefully will be released in the near future)

The Real person that needs to fix this mess up is Microsoft!!! Where is this patch!!

Kind Regards

Jlo

 

No offense intended - but that's not the issue here. antiviruses and their abiliity to cope with serious threats is. Some do very well, some do less as expected...

 

Re: Marx tested Amtviruses: WMF Exploit

1. no.
2. Heuristic detection of the exploits have also been added, detected as Exploit.Win32.IMG-WMF.

 

Re: Marx tested Amtviruses: WMF Exploit

I'll take it, you Marx confirmed your statement?

That's good to hear Don . Then again: as for Marx's test, it's actually beside the point, isn't it? His test has been performed the way it has been for good reasons: in times of real need, which antiviruses do perform best. In this particular case, KAV didn't perform that well - let's not beat around the bush. That said: overall, KAV for sure is a splendid antivirus

 

I accept that statement as well. Thanks Panther.

Kind Regards

Jlo

 

Re: Marx tested Amtviruses: WMF Exploit

Thanks for the answer!

 

Re: Marx tested Amtviruses: WMF Exploit

No, there was no need to, all i had to do was to look at dates/time and the info from the other side (Kaspersky), as you can see in the updated test from today.

I'm not beating around the bush, if you look at it that way, im sure you're choice of AV will perform less good in another test, thats the way it goes, you "win" some battles, you "loose" some. Generally Kaspersky users are on the "winning" side.

 

Yeah after a patch or two

 

Probably still going through quality assurance. We don't want to accuse Microsoft of releasing buggy patches

 

IMHO "bashing" is not the subject, neither the purpose of this thread

 

I agree 100%

Doesn't seem right to pick on the big boy when he slips, and not praise the little guy for great strides.

 

That will never stop, Brian, so i think we can expect more "pearls" later tonight, like the ones last weekend.....

 

hehe, good one - But sadly, I will not be around to give you any pearls tonight.
Maybe next weekend?

 

Very funny exchanges Don between you and Brian, always entertaining.

 

Results have been updated

AntiVir, Avast!, BitDefender, ClamAV, COMMAND, Dr Web, eSafe, eTrust INO, eTrust VET, Ewido, f-Secure, Fortinet, Kaspersky, McAfee, Nod32, Norman, Panda, Sophos, Symantec, trend Micro and VirusBuster recognized now all 73 Samples.
Only the scanners of QuickHeal (11 not recognized), AVG (13), f-Prot (54), Ikarus (67) and VBA32 (67) let still infectious WMF files happen unopposed,

that's a Babelfish translation.

 

Sure i will most likely be around.

 

VBA32 also protect against this threat.

 

F-Prot now detects as of the January 1st update.

 

New results i think? from av-test

These detected all the wmf samples
* BitDefender
* Computer Associates eTrust-VET
* F-Secure
* Kaspersky Lab
* McAfee
* Eset Nod32
* Microso OneCare
* Sophos
* Symantec
* Pctools antivirus


These missed just one file:

* Alwil Avast
* Clam AntiVirus
* Aladdin eSafe

These tools missed a number of samples (total in parentheses):

* Fortinet (1
* AntiVir (24)
* eTrust-INO (25)
* Panda (25)
* Ikarus (26)
* Norman (26)
* Ewido (47)
* AVG (59)
* VirusBuster (61)
* QuickHeal (63)
* Trend Micro (63)
* Dr Web (93)
* VBA32 (110)
* Authentium Command (119)
* F-Prot (119)

i wouldent rely too much on these reulsts since antivirus companies are updating thier antivirus to protect against wmf expliot.