ESET should work on adding more signatures...

I think that's exactly what I said...

I wasn't aware that I had - I certainly never meant to.. if I did, I'm sorry - but it was never my intention to do so.

Choices in AV solutions are a little like the apple mac vs Pc user arguments - everyone thinks they made the best decision - no-one really thinking beyond the notion that what's best for them isn't necessarily best for everyone. I think the argument differs a little in AV solutions, in as much as the potentially better solution doesn't cost the most - but that's my opinion creeping in...

As I said - everyone needs to work out their own list of criteria to determine the best solution for their AV protection, then apply a good dose of reason, with a pint of facts and a pinch of gut feeling - then make a decision, and move forward. Of course, it doesn't hurt to keep reviewing the options, as factors change... and what is the best fit for one person today, might not be tomorrow...

hth

Greg

 

I was a NOD32 winner here recently, and I must say, I like the way NOD32 works. I had KAV installed for a while on my work PC, but it was too resource hungry for my liking. The scheduler really got on my nerves, and the use of hidden ADS ( see http://www.heysoft.de/nt/ntfs-ads.htm ) tags on every file on every drive, is just way ott imho.

I do not like access-based file scanning, so I have AMON/EMON/IMON disabled (I've left DMON on for Office Docs), but any download I'm suspicious of, I can right-click and scan with NOD, before I execute it. IMO NOD is better than KAV by a long way.

 

shouldnt u also disable amon/dmon too then? or what do u mean by access-based?

 

Well, Eset is improving

But here is a little test i made with taking a trojan from a popular website and see how fast NOD32 is to add the sample, using jotti's malware scanner.

First scan:
AntiVir Found TR/Dldr.IstBar.IT
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/Istbar.CO-dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.IstBar.kc
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

___
Next scan a week after the first one, so there should have been time for the companies to add the sample those who dident detect it.

AntiVir Found TR/Dldr.IstBar.IT
ArcaVir Found Trojan.Downloader.Istbar.Kc
Avast Found Win32:IstBar-AJ
AVG Antivirus Found Downloader.Istbar.AH
BitDefender Found Trojan.Downloader.IstBar.KC
ClamAV Found nothing
Dr.Web Found Trojan.Isbar.281
F-Prot Antivirus Found nothing
Fortinet Found W32/Istbar.CO-dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.IstBar.kc
NOD32 Found nothing
Norman Virus Control Found nothing
VBA32 Found nothing

.. Well well... but as i said Eset Is improving

 

i'm just rehashing what has already been said, but here goes anyway...

1. you shouldnt rely on Jotti too much anyway, seeing as the nood32 scanner may not be all maxed out. could try the scan at http://www.virustotal.com/ if you really feel you need to, as i understand it that service runs on windows. Even then I wouldnt get too excited by the results.

2. eset gets LOTS AND LOTS of samples, including those sent from Jotti and those submitted by users, both through the Early Warning System and manually by users, and all the other methods i'm not aware of. I can only imagine how long it takes to sort through them all and then prioritise the ones that pose the biggest threats and need adding as signatures first. You may have already read it, but if not: https://www.wilderssecurity.com/showpost.php?p=198429&postcount=18

lee

 

It's already been said, but again: how can you be sure the file is actually working? To my best knowledge, IstBar trojan variants are picked up by advanced heuristics, if the file isn't actually corrupted. There may rarely be some exceptions, so I wonder if you could send this particular file to support@eset.com with a link to this thread so that I can comment on this further.

 

ohh forgot one thing...

NOD32 says:
Error while unpacking or something like that

But nevermind, don't want to be negative

Edit: NOD32v2 1.1154 06.25.2005 error - unknown compression method

 

it's a packing method needing to be added then, not a signature- the threat is probably going to be found as soon as the file can be unpacked... again, please submit the file as per Marcos' post, and it WILL get the attention it deserves...

 

Another outbreak imminent (probably a new Bagle, it's being analysed right now). Strange that the other "big players" didn't provide zero-time protection:

 

This is what I thought about a couple of Istbar variants I had also. But it turned out that NOD32 only would react if I ran them. At which point the Istbar "trojan" tried to download something from the Internet which NOD stopped

And also, nothing was done to the computer as an effect of having run said "trojan" variants (thanks to NOD!) except a small registry change (a startup entry had been added).

 

Yes thats one of NOD32 unique features to detect most emailworms using heuristics

 

About an hour ago, Eset issued a newer update with the new Bagle signature included. As you can see, NOD32 was the only AV that picked it up heuristically and, despite the late hour here in Slovakia, added its signature instantly. Some other AVs that didn't detect it before at all, now detect it by signatures as well:

 

The beginning of the outbreak:

 

This figure shows Eset's reaction time:

 

Marcos I Got this sent to me 6 times in the last week but NOD still doesn't Detect it but most of the others do!!

I just Keep deleteing them!!

And yes I did send to samples@nod32.com


Cheers,

 

OK, I will look at it tomorrow. I reckon I checked one file called crack.exe on Thursday on Friday and it was a kind of garbage. Maybe you could send it to support@eset.com as well so that I'm sure I check the right file. (Well, tomorrow doesn't mean in 10 minutes here

 

http://www.kaspersky.com/viruswatch <------------- Kaspersky Labs virusupdate. Updates instantly when the defs are updated (about 5-10 times an hour, other AV companies try to beat that)

 

No problem Keep up the Great work!!

Funny thing none of my other security programs stopped it from going into my inbox either!! But TDS-3 detects it with a scan that's Great!!

Cheers,

 

No [flaming] wars here Dude!!

Cheers,

 

I didn't mean to bash other AVs here, just wanted to react to the topic. However, if I was to react to your post, I wonder if you could note the time the screenshot in post 34 was taken at. It was about 10 PM (CET) when none of the other AVs didn't detect it by name, whereas the outbreak actually started between 6-7 PM (CET). I merely wanted to highlight the importance and efficiency of NOD32's proactive detection and Eset's reaction time in the event of huge outbreaks.

 

The biggest plus with NOD32 and other AVs that rely on heuretics is that is has a bigger chance to find an unknown virus like a modified version of Beagel. The problem that I see with NOD32 is that it relies to much on heuretics and neglects the value of well kept defs. In other words It has a slightly better chanse to find new viruses but may fail to find variants of a virus that could easilly be found with generic defs that comes out quckly. And really, how often does the new viruses hit YOU in the first 2-3 hours. Think about it isn't it the viruses that have been out there a while all ready that hits you. In those cases an AV that keeps updating their defs at a quick pase will keep you more save.

 

??

VirusRadar.com updates in realtime to threats found in the wild - Eset pulls that information and the following script:

http://www.nod32usa.com/cgi-bin/getupdatever.cgi

update once every 10 minutes of update of the mirror we run from NOD32 update servers - it used to be realtime, but the number of checks per minute got silly... bandwidth does actually cost money!

regards

Greg

 

I handle the bounce messages from about a dozen mailservers - I guess my risk factor is more than most, but certainly NOT what I could call CRITICAL - unless one of my two desktop machines goes down - in which case, I don't care WHAT the reason, downtime for my two main machines is NOT an option. Zero-day protection would be be worth almost ANY cost. Not having it would be like unprotected adult encounters - for want of a more neutral phrase - SERIOUSLY not worth the risk!

 

forgot to add "in Bangkok".

 

Guess I'll have to take your and those documentary film makers' words for that!