A concern about antivirus softwares

[SkyboundSteven]

When testing with some older malwares/Trojans/Worms, some security softwares either failed to report, or failed to cure/fix/delete the file.
The most frequent ones were:
ByteHero (missed 95%, VirusTotal)
V3 Antivirus / Internet Security (missed 20%, Real-time)
Zoner (missed 76%, VirusTotal)
Malwarebytes (missed 100%, VirusTotal)
Of course some other ones like Panda Cloud Antivirus failed to catch some of those files.
(Using viruses from VX Heaven)
Samples:
Panama Trojan
BlackBird Trojan
ArcticBomb Trojan
GameThief.Steam
Parody Trojan
Ive Trojan
[...]

Shouldn't they generate signatures from those old viruses/worms/Trojans/malwares, in case the new variant of them emerges?
I heard that the security solution used in my Middle School failed to catch G variant of Sasser Worm and Blaster Worm and the entire network in school was going insane with infected computers and Windows based systems.

A short story:
While using testing machine, I installed V3 Lite, then ran Trojan.Win32.Panama to test it.
AV missed it, and the system was going insane with Panama virus.
After that, I used Avast! Antivirus and Tiranium Antivirus to clean up the system, and both caught total 100% of malwares that was residential in the system.

 

[Malware1]

Malwarebytes is not an antivirus, it doesn't target 100 years old malware.

 

[SkyboundSteven]

Malwarebytes is not an antivirus, it doesn't target 100 years old malware.

Yeah, I guess you're right and I should change the target, from MBAM to something else.
(If I were to test it on Real-time environment!)

 

[Dubseven]

Some antivirus softwares choose to not keep malwares in them database more than one year, others 3 months, others 5 years..
It's a way to keep the database "small" and "very fast".

And others, like Avast, keep everything possible (7 years as i know, but not sure) on multiple databases (like Tiranium in cloud) and update their users with compressed new databases.
The cloud antivirus softwares like Panda, need to keep the reply very fast on each databases (number of users higher = more requests), that can explain why they try to keep the database as small as possible.
The smaller is faster.

 

[SkyboundSteven]

Some antivirus softwares choose to not keep malwares in them database more than one year, others 3 months, others 5 years..
It's a way to keep the database "small" and "very fast".

And others, like Avast, keep everything possible (7 years as i know, but not sure) on multiple databases (like Tiranium as cloud) and update them users with compressed new databases.
The cloud antivirus softwares like Panda, need to keep the reply very fast on each databases (number of users very high = most requests), that's can explain why they try to keep the database as small as possible.
More small is, more fast is.

I understand that. Some cutting-edge, fast AV/AM programs need to discard some older data to preserve speed. (Like in the case of Panda Cloud Antivirus)
(Oh, and Avast 5 had all 8 Shields available.)

p.s. Tiranium Antivirus worked like charm! Thanks for supporting the awesome software and keeping it on track!

 

[soinvisage]

"p.s. Tiranium Antivirus worked like charm! "

yes its true !

 

[SkyboundSteven]

"p.s. Tiranium Antivirus worked like charm! "

yes its true !

Ohh, yes! V3 sucked in my area.

 

[soinvisage]

Ohh, yes! V3 sucked in my area.

what is the v3 ?

 

[SkyboundSteven]

what is the v3 ?

AhnLab V3 series, including V3 Lite, V3 Internet Security, V3 Antivirus, and V3 GameHackKill series.

 

[Cowpipe]

This is a question I recently asked the guys at BitDefender. They confirmed to me that they do keep their old signatures in the database but a lot of antivirus vendors remove them, as those old signatures will probably never generate a match in the real world (since those viruses are considered 'extinct', and the logic being, why would a DOS virus which has a 0% chance of infecting a Windows PC be detected by an antivirus for Windows?)

 

[soinvisage]

AhnLab V3 series, including V3 Lite, V3 Internet Security, V3 Antivirus, and V3 GameHackKill series.

ah ok thx

 

[SkyboundSteven]

This is a question I recently asked the guys at BitDefender. They confirmed to me that they do keep their old signatures in the database but a lot of antivirus vendors remove them, as those old signatures will probably never generate a match in the real world (since those viruses are considered 'extinct', and the logic being, why would a DOS virus which has a 0% chance of infecting a Windows PC be detected by an antivirus for Windows?)

I only test with Win32 viruses
And yep, there's no reason to keep DOS virus signatures now.
(But still Avast caught DOS viruses)

 

[Cowpipe]

I only test with Win32 viruses

Yeah I mean that's kind of what I meant, some viruses are considered extinct now and so because they almost never appear in the wild and the damage that they would cause on a modern computer would be minimal (for example ILOVEYOU VBS worm wouldn't be able to spread due to Outlook being patched almost universally), you can drop detection for that virus from your compact databases to save memory

 

[SkyboundSteven]

Yeah I mean that's kind of what I meant, some viruses are considered extinct now and so because they almost never appear in the wild and the damage that they would cause on a modern computer would be minimal (for example ILOVEYOU VBS worm wouldn't be able to spread due to Outlook being patched almost universally), you can drop detection for that virus from your compact databases to save memory

I added Obsolete Viruses section there to keep them apart from modern ones.

 

[Mateotis]

Yeah I mean that's kind of what I meant, some viruses are considered extinct now and so because they almost never appear in the wild and the damage that they would cause on a modern computer would be minimal (for example ILOVEYOU VBS worm wouldn't be able to spread due to Outlook being patched almost universally), you can drop detection for that virus from your compact databases to save memory

This. Larger database=more memory required with real time protection, even more while scanning=slower computer=unhappy user.

It's completely logical to remove older samples.

 

[SkyboundSteven]

This. Larger database=more memory required with real time protection, even more while scanning=slower computer=unhappy user.

It's completely logical to remove older samples.

...Unless the user keeps opening older malwares!

 

[Cowpipe]

...Unless the user keeps opening older malwares!

Haha, maybe like me, they like to remember the past

 

[SkyboundSteven]

Haha, maybe like me, they like to remember the past

Hehe, I like to see Panama Trojan counting down from 60. I just turn it on, then watch, and watch, and watch.

 

[Cowpipe]

Hehe, I like to see Panama Trojan counting down from 60. I just turn it on, then watch, and watch, and watch.

Yes! I loved the picture in the background, and holding your breath as it got close to 0 only to wipe the sweat away from your forehead with relief when it started counting -1, -2 etc

Hehe, I like to see Panama Trojan counting down from 60. I just turn it on, then watch, and watch, and watch.

Somebody who loves old viruses like me. I think you and me are going to get along very well

 

[SkyboundSteven]

Yes! I loved the picture in the background, and holding your breath as it got close to 0 only to wipe the sweat away from your forehead with relief when it started counting -1, -2 etc



Somebody who loves old viruses like me. I think you and me are going to get along very well

I guess you are right
I love to see them, and I am now trying to work on a Windows 7 variant of (not-virus) Panama.