[Dshield] Trendmicro Venting
mj2 at percomp.de
Sat Jun 11 11:35:08 GMT 2005
At 01:37 11.06.2005 +0200, Tony Earnshaw wrote:
>One analyst, feb to sept. 04.
Yes, one organization!
They are collecting publically available databases every minute from all
those vendors listed, then running them against new samples.
This is no analysis, but an emperical measurement.
There is nothing to interprete or complain about.
The figures are reproducable and none of the vendors arguments aginst them,
why should we/you?.
What do you want to say?
>Can't be conclusive.
why not? How can emperical data be inconclusive?
>Recent? More than one analyst?
Recent: yes they are, it is mostly done 24h after a new sample was
detected. Then the missing data is filled in after a few days for those
that were extremely late or where the sample can only be scanned with a
complete installation of the AV-product (e.g. F-Secure and AVast). There is
no need to be more recent.
You can easily see what relative delays there are between the vendors. The
reference to calculate an absolute delay is Messagelab's datadase when they
captured the first sample.
More information about the list