New detection methods for future version of nod32?

According to the info by VIRUS INFO
http://virusinfo.info/index.php?page=testseng

Nod32 uses only two detection methods compared to Avira that uses three. & Esafe that uses another method.

Any plans to incorporate this unused methods in future release of nod32?


1) detection of suspicious file (detecting yet unknown malware by the method of informing the user about suspicious characteristics of a sample under analysis. Examples: "Suspicious file"; "VIPRE: Suspicious") Ex. Esafe

2) detection of suspicious cryptor / packer (detecting yet unknown malware by the method of informing the user about the unknown / rare / suspicious packer / cryptor or about the fact of multiple packing / crypting. Example: "HEUR/Crypted"). Ex. Avira

 

Considering how long we waited for the newly released v3 this week, I for one am not going to concern myself with future releases. I might be in the Home by then.

 

i think when our childrens grow up they will see it

 

Hahhaha. That is good joke. But Really it would really help nod32 a lot if it is added, it can very useful as proven by avira & esafe.

 

you post your thread on wrong section this forum is for only eav v3

 

As for 1, NOD32 already includes a relatively advanced heuristics engine. As for 2, Eset's method is to try to strip off the packer and scan the underlying code instead of just reporting the packed file, which may or may not be malware (it's like reporting that a file is zipped because the antivirus product doesn't know how to unzip and scan the file inside).

 

AFAIK, ESET does some packer-based detection:
- Win32/Packed.Themida
- Win32/Pacex.Gen

 

Problem with those kind of detection methods is that they also lead to false positives. While they might be usefull (and easily implemented) you'll still need the user to be capable of understanding wheter or not it is an FP or not.