[Dshield] Trendmicro Venting

Matthias Jaenichen mj2 at percomp.de
Sat Jun 11 11:35:08 GMT 2005

At 01:37 11.06.2005 +0200, Tony Earnshaw wrote:
>One analyst, feb to sept. 04.

Yes, one organization!
They are collecting publically available databases every minute from all 
those vendors listed, then running them against new samples.

This is no analysis, but an emperical measurement.

There is nothing to interprete or complain about.

The figures are reproducable and none of the vendors arguments aginst them, 
why should we/you?.

What do you want to say?

>Can't be conclusive.

why not? How can emperical data be inconclusive?

>Recent? More than one analyst?

Recent: yes they are, it is mostly done 24h after a new sample was 
detected. Then the missing data is filled in after a few days for those 
that were extremely late or where the sample can only be scanned with a 
complete installation of the AV-product (e.g. F-Secure and AVast). There is 
no need to be more recent.

You can easily see what relative delays there are between the vendors. The 
reference to calculate an absolute delay is Messagelab's datadase when they 
captured the first sample.


More information about the list mailing list