KW> -=> Mocking Luther Kolb to Denis S. Kotov <=-
 KW>    
 KW> LK> 11783 is not "enormous" if you believe that Dr Solomon can detect
 KW> LK> >16,000, but here's where virus detection claims start to smell like
 KW> LK> bullshit,
 KW> LK> and IMO, even though Dr. Solomon is a very good AV program, it has a
 KW> LK> strong smell of bullshit!
 KW> yeah, but you're rather biased...
Biased like how ?  I'm not saying Dr. Solomon is no good, just that it's 
surrounded by too much bullshit.  Most advertising, AV or anything else, has 
its fair share of bullshit, but there's a limit, and the Dr. Solomon 
promoters have gone past it.  Too much bullshit doesn't make the program any 
better or worse, but it's fucking annoying to have to wade through it.
 KW> LK> There are "Confusion Engines" which will easily create 50 minor
 KW> LK> variants of a virus.  If "Scanner A" detects all 50 of these
 KW> variants
 KW> LK> with ONE definition but "Scanner B" has to use 50 definitions, or if
 KW> LK> "Scanner A" refers to the 50 variants as a "family" and "Scanner B"
 KW> LK> calls each variant an individual virus, does "Scanner B" detect 49
 KW> LK> more VIRUSES than "Scanner A" ?  NO WAY!
 KW> correct... they detect the same number of viruses, and if
 KW> the people who
 KW> make scanner A are smart, they'll enumerate those viruses
 KW> in a manner
 KW> which serves their purpose best (that being to sell a
 KW> product - thus
 KW> they'll say they detect 50, they won't tell you they detect
 KW> all 50 with
 KW> the same definition though - and good for them, i'm rather
 KW> partial to
 KW> "exact identification" and detecting 50 different viruses
 KW> with the same
 KW> definition is not exact)...
This gets down to marketing hype.  If TBAV detects 512 Jerusalem variants 
with "inexact identification" and McAfee detects 450 with "exact 
identification", which is the better scanner ?
 KW> LK> AVP, with its claimed 11783, detects more of my virus test set than
 KW> LK> Dr. Solomon detects with its claimed >16,000.  ThunderBYTE, with its
 KW> LK> claimed 6487, detects more of my virus test bed than Dr. Solomon
 KW> LK> detects with its claimed >16,000.
 KW> avp has a higher false alarm rate than dr. solly... fact is
 KW> most
 KW> scanners have a higher false alarm rate than dr. solly...
I'll go along with that, but AVP detected 1.2% more viruses than Dr. Solomon 
in the January Secure Computing test.  This equates to 120 viruses, and 
that's a fucking LOT of viruses!  I'll take a few false alarms any day!
 KW> LK> Dr. Solomon's staff continually ram the UT "independent review" down
 KW> LK> everyone's throat in alt.comp.virus, but it's snake oil.  If Dr.
 KW> LK> Solomon's policy is to ensure that it always detects 100% of Joe
 KW> LK> Wells' Wild List, even at the expense of detecting other viruses,
 KW> then
 KW> LK> Dr. Solomon can never be anything but #1 in any "independent test"
 KW> LK> which is based solely on this List. Can you smell the bullshit ?
 KW> this is why i don't look at the uni-tampere test as much as
 KW> i used to...
 KW> last i read, the virus research unit at uni-tampere
 KW> consisted of a whole
 KW> one person - the scope of the test has been scaled down to
 KW> wild list
 KW> testing...
 KW> take a look at february's uni-hamburg test though... wild
 KW> list and non
 KW> wild list viruses, numbering close to 12,000... in it, dr.
 KW> solly STILL rates
 KW> as #1, with avp a very, very close second for overall virus
 KW> detection,
 KW> and both scored 100% for wildlist virus detection...
Take a look at the versions of the programs being tested.  Last time I 
looked, both Hamburg and Tampere were way behind.  Also, if a program is 
updated every week, should you test a 3 months old version of that program 
TODAY because come competition scanners are only updated every 3 months ?  NO 
FUCKING WAY, but that's what a lot of the testers do, saying they want the 
test to be "fair".
To be "fair", testers should point out that if the opposition want to get a 
better score they should update their programs more frequently.  Why the fuck 
should program A be penalized for being faster off the mark with new viruses 
then program B ?  That SUCKS severely!
 KW> LK> AVP is also on http://www.antivirus.com.au and ftp.antivirus.com.au
 KW> LK> for download.  There's nothing fancy on the sites, just the
 KW> downloads.
 KW> is it just me, or does it seem like people forget that
 KW> scanners aren't
 KW> the only av programs... www.dials.ccas.ru is a good site,
 KW> and it
 KW> contains adinf, which wasn't even mentioned in that
 KW> message...
Yeah, and Integrity Master is good too.  Why didn't we mention it ?  And even 
InVircible has 1 or 2 good features.  Why didn't we mention it too ?
LuKE
---
---------------