I heard through the grapevine that Ewido Plus (paid version) should be out in the next week or so.

Based on the feature comparison between the Free and Plus, it looks like Plus has serious potential (scroll to the bottom of page)

http://www.ewido.net/en/?section=ess

-{ Quote: "Based on the feature comparison between the Free and Plus, it looks like Plus has serious potential" }-
I agree. If the software works as good as the feature list sounds, it could be a real competitive product.

Forgot to mention it's going to be priced @ $35 and 29 Euro.

Just got more scoop. Looks like latest is EOM.

Looks like it has real potential :)

I tested the beta version of Ewido Plus on a disk with 450 worms on it a couple weeks back.

Ewido Plus: 431 Detected and Cleaned

TDS3: 218 Detected

Trojan Hunter: 0 Detected (and I set it up correctly)

Ram usage was only about 8,000k, with only a tiny bit of cpu use over a 6 hour period. The Plus version has more definitions and a way better scanner than the current free version, i'll tell you that much, and the heuristics really seem to work.

So far it looks like we are going to have a new superstar antitrojan application on the block come the end of the month. Save your pennies.

-{ Quote: "I tested the beta version of Ewido Plus on a disk with 450 worms on it a couple weeks back.

Trojan Hunter: 0 Detected (and I set it up correctly)" }-

450 worms or trojans?

TrojanHunter really detected zero? That is hard to believe. If you feel any of the 450 samples, fall into the category of trojans, it would be very helpful if you submitted the samples to Magnus (submit@trojanhunter.com). Im sure it will be greatly appreciated :)

While you are at it, maybe submit the ones TDS-3 missed to DiamondCS. ( support@diamondcs.com.au ). I'm sure both companies would like to have a look..

why is ewido the only trojan scanner that doesnt list the names it detects? a number doesnt mean anything. Maaybe they hiding what they really detect because they dont detect much, lol

Huh? Ewido-Plus lists full names of the trojans its detecting. Maybe the free doesn't, but who cares about the free, when the Plus version is coming out shortly.

Here, look at my Ewido scan log if you don't believe me:

E:\Worms\I-Worm.Tanatos.a -> Worm.Tanatos-Bugbear -> Cleaned
E:\Worms\I-Worm.Tanatos.b -> Worm.Tanatos.b -> Cleaned
E:\Worms\I-Worm.Yo -> Worm.Badtransii (Heuristic) -> Cleaned
E:\Worms\I-Worm.Mapson.a -> Worm.Lorrin.A (Heuristic) -> Cleaned
E:\Worms\I-Worm.Sober.c -> Worm.Sober.C -> Cleaned
E:\Worms\I-Worm.Sober.f -> Worm.Vb.C (Heuristic)-> Cleaned

I see names, don't you? As for definitions, the Plus beta test version has almost 50,000 trojan definitions in it, and level 4 fuzzy logic detection with heuristics.

Thank you for fast reply!! but i mean the names of everything it detects not just the ones it detect when scanning i just wannt to compare it with the other trojan lists

> 50,000 trojan definitions
that doesnt mean it detects 50000 different trojans but. my boss is good at virus things and stopped me useing it at work because he thinks the number is just made up to misslead people and so he doesnt trust it :( but i still try it at home i am interested but need to test it more

> level 4 fuzzy logic detection with heuristics
how do you know so much do you work there? and can you tell us all what exzactly level 4 fuzzy logic detection is. is there an ewido suport forum i cant find it. Thank You!

I don't think your boss is the techno wiz you think he is.

Features are in the product description on the ewido site.

Fuzzy logic = heuristics/generic pattern detection/some sort of sandbox analysis. Basically it is detection that does not solely rely on signatures.

Moe is getting this info because he's using a private beta of the product. The info is out there if you google.

Was just pointed to this thread by somebody at DSLReports. Turns out "Moe" is actually "Kobra007_", a registered DSLReports user. If you believe his test is credible, see this page and read his posts:
http://www.dslreports.com/forum/remark,10715731~mode=flat~start=0
He even refers to Trojan Hunter as "Toejam Hunter", if that gives you any hints as to his credibility and maturity.

I'm not saying anything about the Ewido program itself, just this amazingly useless test.

Anyway I'll let you make up your own minds.

Best regards,
Wayne

Thanks for pointing that out Wayne.

Somebody here who uses Ewido should contact the author and point this out, I'm sure he wouldn't appreciate his program being promoted at the cost of others, especially due to such extraordinary claims.

Thanks Wayne.I do use Ewido,but using such methods to promote a software is really lame.At the end it works as a boomerang.

-{ Quote: "At the end it works as a boomerang." }-
Heh, good analogy. :) I find it similar to Mutually Assured Destruction from the Cold War

But we must remember that we dont really know who this person is, so although he's promoting Ewido whilst attacking other scanners, it's unknown what role the Ewido author has in this (if any), and I'm sure he's probably just as surprised and annoyed as everyone else is, so if I was you (as a user of Ewido) I wouldn't think any less of the Ewido program itself simply because one individual has made such outrageous claims, because the author probably/hopefully has nothing to do with it.

Best regards,
Wayne

I'm pretty sure the software developer isn't involved. Anyway, I dropped them an email pointing to this thread in order to comment ;)

regards.

paul

I just received a polite privmsg from Peter (from Ewido) explaining things in clearer detail and I'm happy to report that, as I suspected, "Moe"/"Kobra007" is not involved with the development of the Ewido program - he's just an overenthusiastic tester (which is soon to change due to his childish actions), so my message to Ewido users is don't let the behaviour of one person change your opinion of the Ewido program, as it was beyond the control of the author.

Best regards,
Wayne

Well, Peter just got another email about this in his inbox (see my post above). It's good to know all has been clarified ;).

regards.

paul

As I just already wrote to Wayne and Magnus, I want to apologize for the outrageous and impudent behaviour of Kobra (Moe). Kobra isn't connected to ewido at all, he is just an alphatester. Altough he wasn't allowed to talk about this version in public and post test results, he unfortunately did in a very ridiculous way, sorry for that - it will have its consequences.

Thanks anyway Fish ;)

This is a flagrant abuse of trust indeed:

-{ Quote: "Altough he wasn't allowed to talk about this version in public and post test results, he unfortunately did" }-

As for:

-{ Quote: " it will have its consequences." }-

Knowing you gents, I wouldn't expect otherwise.

Best of luck and succes,

paul

-{ Quote: "But we must remember that we dont really know who this person is, so although he's promoting Ewido whilst attacking other scanners, it's unknown what role the Ewido author has in this (if any), and I'm sure he's probably just as surprised and annoyed as everyone else is, so if I was you (as a user of Ewido) I wouldn't think any less of the Ewido program itself simply because one individual has made such outrageous claims, because the author probably/hopefully has nothing to do with it." }-

I agree Wayne.I didn't mean that he is part of Ewido team,nor that Ewido isn't good.Sorry if i left that impression.I don't know how good Ewido is(last test i had seen was by Andreas Clementi ,who as far as i know since then has submitted samples to Ewido to increase the detection rate) since i haven't been infected (thank God) yet,and i don't like playing with trojans ( i just have 300 zipped virii on a floppy) ,but i do like the interface very much.
However,it is counterproductive for the software itself,having such "fans".I read a thread in the forum Wayne pointed out and it is indeed very unreliable as well as hard to beleive (TH 0???) . IMHO a survey in order to be credible ,must use a malware sample with some characteristics:

1)Representative(i guess otherwise one can come up with some in the zoo samples that has submitted only to one AV vendor or use modified samples to prove another software is useless,while his isn't.)

2)Wide (the less elements in the sample,the higher the probability the statistical error becomes significant)

3)Present the criteria with wich the sample was selected and give in pubblic the sample names used and under what form the detection is considered failed (zipped,exe,packed,upon execution etc).

4)Define the settings for each programme.

5)Give detailed results for each product.

The less points the test follows the less is credible ,at least for me.ANd certainly the presentation of "hey ,i scanned 400 trojans (later proved as Wayne said to be worms) and the results were these " isn't very serious,specially when there is a known tradition for the poster in supporting certain products with passion (like Extendia AVK,another example) and bashing others (TH being the latest example,indirectly,yet clearly).

I trust much more someone neutral,who doesn't follow a crusade in favour of a product and does the same presentation as Kobra's. Last but not least,i wonder why posting as Moe here(i think as " Kobra" is banned,but couldn't he post as guest Kobra?) ,while obviously someone who goes around many security forums would see his post as Wayne did.

My reaction wasn't against Ewido,but against this kind of presentation that IMHO is counterproductive for Ewido's interests (although it's not Ewido's fault clearly),because someone who doesn't follow this forum regularly ,can think that Kobra actually works for Ewido.

Personally I don't think the price for EWIDO Plus is a fair price, especially for those of us that have been using EWIDO since beta stages :o

Hyperion, well said. :)

-{ Quote: "I didn't mean that he is part of Ewido team,nor that Ewido isn't good. Sorry if i left that impression" }-
I actually meant the comment to Ewido users in general (it wasn't in regards to anything you said) -- so likewise I'm sorry if I left that impression. :)

Cheers,
Wayne

-{ Quote: "Personally I don't think the price for EWIDO Plus is a fair price, especially for those of us that have been using EWIDO since beta stages :o" }-

That's something you should take up with the dev if you are a official tester. Most tend to hook people up with a free version or at worst, a heavily discounted version.

No other company is going to cut you a deal if you use a public beta. You get the privilege (LOL) of using the beta, they get more feedback with greater diversity of configurations before the official product is released.

Do you think MS is going to hook you up with a discount for using a SP2 beta?

Competitively speaking, it's priced less than some of its competition and offers a broader featureset. Not exactly a bad deal.

Regardless of who Moe is, the itent of this thread is not to vilify Kobra, so let's get back on topic

Wayne, given the fact that you are a representative of Diamond, perhaps staying in your playground would be a good idea.

As to his test, if he has a sample of baddies and is reporting the results, I think it has some value since it represents a user's experience with the product. Official tests are nice, but as we know, their results can cause question as well.

-{ Quote: "

Do you think MS is going to hook you up with a discount for using a SP2 beta?
" }-
We won't go there.

-{ Quote: "We won't go there." }-

As I said before, regardless of the company...

-{ Quote: "No other company is going to cut you a deal if you use a public beta. You get the privilege (LOL) of using the beta, they get more feedback with greater diversity of configurations before the official product is released. " }-

tazdevl,

-{ Quote: "Regardless of who Moe is, the itent of this thread is not to vilify Kobra, so let's get back on topic" }-
I'm not sure if you're referring to Kobra007 or Kobra, but just to clarify, it has been proven (and verified by the Ewido author) that Moe and Kobra007 are one and the same.

-{ Quote: "Wayne, given the fact that you are a representative of Diamond, perhaps staying in your playground would be a good idea." }-
I'd love to stay "in the playground" as you put it, but I won't stand by and have my company and fellow reputable vendors attacked like that - if "Moe" hadn't made such ridiculous claims I wouldn't have to be posting here, but if such claims are made then I have every right to defend myself and my fellow vendors, it's that simple. End of story.

Best regards,
Wayne

If you have something of value to add about Ewido Plus, please post your comments.

If you do not, your silence would be most appreciated and if you have issue with information posted, take it up with Paul and have the offending material deleted.

Actually, you have the right to defend your company. Other vendors have the right to defend themselves.

TazDevil,i think you are unfair with Wayne.After all,he didn't just came out of the blue to strike Ewido or something.

His reply is to Moe's post,that could have very well said "in my tests Ewido scored xxx out of YYY" .But instead he trasformed the topic to a comparison between 3 softwares and to that Wayne replied.

Tomorrow i can go googling a bit in malware sites,download some trojans or viruses,run 3 AVs,take a screenshot showing detection of 5-6 of them,come here and say "this took XXX the other YYY and the 0". i am supposed to be beleived without a question?

And no i don't use TH nor any Diamond product ,apart Reg Prot,actually i use Ewido and a^2,but i don't understand why someone can come and say whatever he wants and be "criticism-bulletproof".

P.S:There is a "Kobra" and a "Kobra007"? If so ,of course i was referring to the kobra007.

taz,

-{ Quote: "Wayne, given the fact that you are a representative of Diamond, perhaps staying in your playground would be a good idea." }-

Wayne worded his response to this very well. As for what someone's "playground" is, is not up to you to decide - at least not over on this board.

-{ Quote: "As to his test, if he has a sample of baddies and is reporting the results, I think it has some value since it represents a user's experience with the product. Official tests are nice, but as we know, their results can cause question as well." }-

Have another look at the link to DSLR. This so called "test" is regarded as - at most - an untrustworthy private attempt, no more, no less. It's for good reasons an Ewido rep posted his comment over in this thread (and on many other places for that matter). It's for good reasons as well, the thread over on DSLR has been closed. No further comment needed.

regards,

paul

-{ Quote: "If you have something of value to add about Ewido Plus, please post your comments." }-

I could - but I won't. I do respect the rules coming with Alpha testing.

-{ Quote: "If you do not, your silence would be most appreciated and if you have issue with information posted, take it up with Paul and have the offending material deleted." }-

You're missing the point completely. DCS should defend their software against rubbish tests - as Mischel would in regard to his TrojanHunter. Last but not least: your personal opinion in regard to "silencing" is not the standard over on this board.

-{ Quote: "Actually, you have the right to defend your company. Other vendors have the right to defend themselves." }-

Very true.

regards.

paul

My point was that we didn't need 15 posts on the issue and 6 specifically from Wayne. He can defend the results in Kobra's test, but I'm sure he could accomplish all he needed to in 1 post. No resolution will come out of continued discussion of the matter.

Kobra's testing is valid because regardless of his methods, perception begins and ends with the customer. If I run a sample and a company's product doesn't work, ITW or not, my perspective is particulary relevant if the company wants my business. This does provide an opportunity for the vendor to educate and offer suggestions such as running WormGuard in addition to TDS3 on the sample to see how it fares, but you don't crap on someone's view.

Lastly I think you misinterpreted the intent of this thread. I was not attempting to elicit information about an unreleased product. I was merely pointing out that the featureset looks to be pretty impressive. Many folks have not heard of Ewido.

Did you not read a single word Paul just said?

quote]but I'm sure he could accomplish all he needed to in 1 post" }-
Just like you could've accomplished all of your whinging in 1 post rather than those last 4? - they haven't accomplished anything, so surely 1 is enough, according to your theory?

-{ Quote: "but you don't crap on someone's view" }-
Yet you're essentially saying it's ok for people like "Moe" to "crap on" (to use your terminology) someone's business. He attacked us - not the other way around. We certainly don't "crap on" anyones views. We do however defend ourselves when somebody "craps on us" for no reason by using staged tests that promote one program by attacking others, and we've already proven (and the Ewido author agreed) that the test was useless and created by a (now ex)-Ewido beta tester who created the test set so that the Ewido scanner would do well and the others would do poorly - and you're defending him. Here's what the Ewido author actually had to say about the test in the last message I got from him:
-{ Quote: "PS: His so called "tests" were also very ridiculously... :)" }-

There were 15 (or however many - I havent bothered counting) posts made by various people because we were all engaged in a conversation lasting a couple of hours (hint: this is a public forum) -- saying that all those posts can be fit into 1 post is just ridiculous. This thread _had_ actually been quiet for some three or so hours (because everything had been settled) before you came back and fired things up again for no reason trying to start up an petty argument when the rest of us had moved on hours earlier, so yes I would've been able to make less posts if you weren't carrying on. It's interesting that you're telling me to be quiet, yet YOURE the one making all the noise here and keeping us involved in this thread - ever stopped to consider why you're the only one, and why you're not getting any support from any moderators such as Paul Wilders, or the Ewido author, or any other forum users?

Have a good think about it.

Thread locked until further notice as things seem to be getting OT and confrontational.

tazdevil,

Your comments in this thread are clearly over the line as for either good taste or conducive to productive discussion. They didn't further any discussion, served to inflame the participants, and assumed a moral authority that was inappropriate. We will no tolerate such a behaviour over on this board. Consequently, you hereby are officialy warned. In case you feel the need to comment on this decision, contact one of the Administrators.

This thread stays closed.

regards.

paul