no script checking??, false alarm?! and NO SELF PROTECTION! :(

Quote:

Vigy wrote---"The file you attached does not contain any virus-like code. Because it is interpreted by a web browser, all it does, is write a text on screen. Nothing else. (EICAR is a DOS program interpreted by cmd.exe or command.com)"

Actually that file Insurrection enclosed does indeed contain the eicar test file. I loaded my old anti virus program (which I will not name) and I clicked on the file he attached and it caught the eicar right away and quarantined it.

Does this mean that for those of us who use Nod32 would have been infected if this was a real virus? I am confused.
Is this a real problem?

Quote:

can kill both the krn and ui from the task manager...

Same here - I have Win2000 + SP4 + latest updates.

BTW, I'm running on administrator level, but that has nothing to do with the problem since other services such as my anti-Trojan kernel or firewall kernel CANNOT be shut down this way, even as an administrator. Only the nod32krn service can be terminated via the task manager (but it can be restarted using the SERVICES manager).

There is no explanation to this, for even those who designed the software would not be able to provide any, so I'm not expecting anyone to be able to shed light on this complete mystery. I just wanted to let everyone know that this issue is far from being an isolated case. :'(

Quote:

quoting: puff-m-d link=board=39;threadid=13382;start=15#msg92396 date=1065647549]
... I can kill both the krn and ui from the task manager...

So can I (Windows ME): http://www.wilderssecurity.com/showthread.php?t=17122

If you're running as an Admin, I don't see why process killing would be a valid concern of yours. Any malicious code could open up a command prompt and use "net stop" to disable Nod32. I don't know of any program that can protect itself from Service Manager.

Another reason to use a sandbox..

[Tablet]

Quote:

I don't know of any program that can protect itself from Service Manager.

Fortunately KAV and Sygate are the two I am aware of. If you try to net stop them, you get an error message that the process can't be terminated (access denied). So it is possible, though I agree with the point that if a malicious code is already running, this is more of a second/third level defense. Definitely it makes job for virus writers harder, because it's not enough for them to just create a trojandropper with ability to terminate AVs and FWs and then download a known file.

Quote:

quoting: Tablet link=board=39;threadid=13382;start=15#msg106388 date=1070452399]

Quote:

... If you try to net stop them, you get an error message that the process can't be terminated (access denied). So it is possible, ...

Wouldn't it be great if this were possible for NOD32, too?

[Eliot]

Process Guard by DCS. I use it for this and other things as well.

Quote:

quoting: Eliot link=board=39;threadid=13382;start=30#msg106632 date=1070501347]
Process Guard by DCS. I use it for this and other things as well.

This means that my old computer would have to cope with yet another app just to make sure that the NOD processes are not terminated by malware. Wouldn't it be easier if NOD32 itself took care of its running processes?

Anyway, I'm convinced that Eset will soon make it really difficult for script kiddies to terminate NOD32.