It's sad to say but sometimes NOD misses some trojans that Norton picksup.

Discussion in 'NOD32 version 1 Forum' started by Viraltest, Dec 9, 2002.

Thread Status:
Not open for further replies.
  1. Viraltest

    Viraltest Guest

    I know that sometimes it's the other way around but please if you want to be the best at least look at what Norton has for definitions and try to update yours...I know that it might be considered as cheating but hell other companies are doing it. :)
    For example I just got a new trojan which is quite simple, TDS-3, Norton, BitDefender and Vexira did a fine job detecting it but NOD missed it.
    I know that you guys are saying that you are virii specialists but keeping up with trojans might also be a good idea in order to be a great antivirus and a good overall protection system.

    header changed from "virii" into "trojans" - Forum Admin
     
  2. Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    Hello,
    I think I remember you (or your Forum name) from CNET.. I am not an ESET employee, but I think it would be helpful if you mention the name of the infection, it would certainly help the ESET team..

    1. Many viruses go under 2 or more names, but NOD32 should be able to detect them, because they are the same..

    2. If it's a trojan, NOD32 may or may not detect them.It is better to do one thing well, then a couple of things mid way.. When one uses NOD32, one should also use a good trojan detector, too

    3. From what I remember in the CNET post, why do you even care? (If you are the person who posted the CNET post.. If I remember correctly, you weren't happy with NOD and had the opinion that it skipped viruses and so on and so forth.. You can use anything you want. NO ONE is forcing you to use NOD...

    I think an ESET person should reply to this thread..

    o_O
     
  3. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    We don't have to share your point of view, do we ?
    I sure don't. I have TDS for trojans, so couldn't care less about Nod catching any trojans.
    But it better not miss viruses, as this is what i'm paying for Nod to do, but do it well.
     
  4. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
  5. viraltest

    viraltest Guest

    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    On the contrary to others belief I do Like NOD32 and I am a NOD32 user, I like NOD32 to the point whence it fails to catch a virus I get upset since I don't want symanted or Macrappe to win since I know that their utilities are bloatware. But I also test code and hence I have contact with more harmful programs some of them being soo insignificant that it's easy for them to slip through the cracks. And yes I send everyone of the codes to every major AV manufacturer (including NOD).
    I never complian when no AV responds to a trojan (except TDS-3 which is exceptional) or a virus since I know that no other company knows of it's existance, but when few AV companies allready have the signature I get a bit upset with NOD and hence send them a file telling them that others have it.
    And also sometimes a negative feedback is good for a company, I don't want to go to any board and just read all the praises about an AV or any other software without knowing it's negative sideeffects. I know that we as humans have a tendancy to care more about one product to a point where no sideeffects are seen. Thus sometimes it's good to have an open mind and see that once in a while a program might skip a definition or two thus requires a closer look in order to better itself.
    I give kudos to Eset team for makeing a exceptional tool and I want to keep makeing it, even better than it is.

    If anyone wants I can send them the code which is currently not being detected.
    ESET team should allready have the code in their mail box as of my intial posting.
    It's Itadem Trojan Version 3.0

    Cheers
     
  6. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    Hullo,

    Send it please here : (click on the link to answer)

    http://www.cerbermail.com/?cX2tGvqCul

    Cheers,
     
  7. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    I want a copy. Just send it to virus @ eurosecure.com.

    Best regards,
    Anders
    EuroSecure
     
  8. Vampirefo

    Vampirefo Guest

    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    Found trojan file: C:\Documents and Settings\Default\Desktop\Itadem30.ZIP/Server.exe (Nimoo.100)

    TH and NAV detect it, but both claim to detect Trojans, NOD doesn't make this claim, however they do from time to time add Trojan detection.

    I see NOD as only a AVP, nothing more if you want Trojan detection get TH,TDS-3 or even NAV.
     
  9. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    I use NOD32 myself.It really doesn't matter that much to me if NOD32 misses some trojans.I use TDS-3 for trojan detections.I don't rely on one program to detect everything.I can't blame you for notifying Eset about this though.Especially if it's something that they may want to add a detection for.
     
  10. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    Ditto:

    I think the poster should realise that Trojans, Viruses, Worms are 3 separate issues, regardless of what each AT, AV, AW vendors have to say about their products.

    The simple fact is NOD has NOT MISSED A SINGLE In The Wild virus at all. Trojans? Well, if it catches ANY trojans, then THAT is a bonus. Just like TDS3 is virtually exclusively for Trojans, NOD is same for Virri IMHO. :D
     
  11. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    With this kind of generic statements there is one 'lil problem: should its author have any interest to improve NOD detection rate in trojan field he really should care:

    1. not to forget include the names of the missed trojans
    2. drop a notice if even not the sample to the ESEt guys
    3. not to forget to place Vexira on the first place on the chart-show of happy, those trojans detecting antivirus product :D

    Regards
     
  12. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    It's the kind of issue that's being debated all the time at boards like this one, and I do sometimes fail to see the point.

    If you don't engage in frequent "Walks on the Wild Side", any good antivirus will most certainly protect you from the majority of trojans you're likely to encounter in the wild as well.

    If you want even better protection, as many of us here do, go for a really good antivirus, and run a top notch antitrojan alongside of it.

    You will then be a lot better off than by "just" running Vexira, or Kaspersky, for that matter.
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Well said Tony :)
     
  14. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,347
    Location:
    The Netherlands
    Thanks! :)

    These discussions sometimes get pretty wearisome, especially as often there isn't any real exchange of ideas going on.

    Sometimes, people that start such a discussion determined that their pet software is the best and does it all rarely turn out to change their minds, no matter how many facts are thrown at them.

    Ouch, did that sound too harsh? :D
     
  15. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    Hey viraltest,
    NOD32 is mainly an Antivirus - that's a fact. If you want to have a better trojan detection it's good to have a specific third party Antitrojan together with a specialized security policy with a firewall.... Anyway, we can't say we have nothing to improve - thank for your sight - we want to strengthen NOD this area too.
    Thanks for that - it will be added it in today's NOD update.

    Good luck in using NOD32! :D

    rgds,


    jan
     
  16. viraltest

    viraltest Guest

    I am sorry if I miffed few people on this board that wasn't my intention, my original intention was just to alert the company of this new trojan that other companies like Norton Detect. Personally I never liked norton and I always root for the underdog, hence most of the machines here are running a Linux based system with an AMD processor and an ATI card.
    The reason why I posted on the board on which I rarely do, even though I find few trojans a week that bypass some or all viral scanners (yes I understand the defintion of a virus scanner but let me explain).
    I myself am using trojan scanners ala BoClean and TDS-3 plus an Anti-worm in addition I am using NOD32 on my personal machine (where other AV software are installed on a testbed). I trust NOD32 in their anti-viral capabilities and I back myself up with anti-trojan scanners since at the end of the day I don't want to bring a nasty bug home.
    But now is the reason why I posted, many individuals outthere have no knowledge that an anti-virus and an anti-trojan are two seperate beasts many people out there have been educated into thinking by the likes of MacAffe or Norton that an Anti-Virus is a do all device and will protect you no matter what you throw at them. This false sense of security is a bad thing especially when an new trojan finds it's way to a frequenty visited site. Haveing trojans that no one knows about is harmless since even less people will have the capability to distribute them, but finding a trojan on a popular site will promt it's users to download it and load it on other computers for example (academic, governmental etc.). Thus, individuals with inherit trust in their scanning software will be doomed. And there is my reason for posting, it was meant to expedite the release of the Itadem Trojan definitions.
    Once again I know that nod32 is a superior Anti-Virus and I know it from my own experience otherwise I would not use it on my system, but I also have knowlege of Anti-trojans and Anti-worms and other people don't.
    Yes I understand that in order to have a superior anti-virus one must place most of their energies into writting anti-viral heuritics and defintions since that is what makes a specialized tool special (ala TDS-3). But once in a while it won't hurt to include trojan files, yes I know that NOD does include many trojan definitions in ther signatures and kudos for that, it's just nice to see a virtually perfect anti-virus and anti-trojan out there. (there were many trojans that nod didn't pick up nor did Norton nor macaffe nor command etc. and I never posted since I didn't feel a need to do so but if a trojan hits a popular site one needs to take action fast).

    P.S.
    I do send every pieace of code to any respectable anti-virus and anti-trojan company.
     
  17. Vampirefo

    Vampirefo Guest

    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    Do you want new Trojans? Like ANTIantivirus v1.4 This one hates AVP's it attacks mainly KAV, NAV and DR.Web, it kills them but leaves the icon in place to fool the user.

    TrojMax 2.0 common Visual BASIC Trojan, the author includes the source code though.

    I sent them to Magnus today, to add to detection. The Trojan mentioned in this thread by viraltest was released Nov 24 2002.

    ANTIantivirus v1.4, TrojMax 2.0 were released today.
     
  18. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    Sure. I'm always interested in receiving any type of malware.

    Regards,
    Anders
    EuroSecure
     
  19. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Re:It's sad to say but sometimes NOD misses some virii that Norton picksup.

    Great! We'd like to add them too - the ones we don't detect yet - pls. send them to samples@eset.com .

    Thx. :D

    jan
     
Thread Status:
Not open for further replies.