VT not covering all OSes signatures?

[Eitan Caspi]

Hello,

Please see this sample:
https://www.virustotal.com/en/file/9de2f485080e027b76da33a75e4538d66ee51b54282b8ebc84cb5c1f99990ae4/analysis/1455730290/

This is the installer of mSpy, a commercial trojan. See at http://www.mspy.com/ and at http://www.mspy.es/en/help-guide/install-on-android/.
Currently only F-Secure detects it at all and detect it correctly.

The funny thing is that, for example, Avast on Android DOES detect this malware and does it correctly, so why not on VT?!
Is it possible that VT uses only a limited set of signatures, not covering all of the OSes?

Eitan

[Emiliano Martinez]

Each antivirus vendor on VirusTotal decides how to configure its engine, heuristic levels, signatures and other settings might differ with respect to the default engine running on Desktop solutions. So this is something you should ask to Avast itself.

Regards.

--
--
Choose a file, check it with more than 50 antivirus, fast and easy: http://www.virustotal.com
---
You received this message because you are subscribed to the Google Groups "VirusTotal" group.
To unsubscribe from this group and stop receiving emails from it, send an email to virustotal+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Eitan Caspi]

That's sad, because this way VT contribute to a situation were users will not trust either VT nor the vendor plus will create false-negative, enabling malware to run freely - which is the opposite of what both VT and the vendors wish to achieve...
Very sad.

I think VT should enforce vendors participating at VT to use maximal means and thresholds for detection, to avoid such issues.

Eitan

[Vladimir Vučićević]

Maximal means = maximal false positives.

[Eitan Caspi]

More secure than false negative