NOD32 vs. running rootkits

Discussion in 'NOD32 version 2 Forum' started by fosius, May 30, 2006.

Thread Status:
Not open for further replies.
  1. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Hi,
    I have read this article http://www.eset.com/company/article.php?contentID=1401.

    According to this:
    So current version of NOD32 is able to detect even running rootkits?
     
    fosius, May 30, 2006
    #1
  2. ASpace

    ASpace Guest

    ASpace, May 30, 2006
    #2
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    well, let's wait for an official answer from ESET stuff. ;)
    I'm not so sure what is that statement reffering to...
     
    pykko, May 30, 2006
    #3
  4. ASpace

    ASpace Guest


    Well , not necessary because the OP asks :
    So current version of NOD32 is able to detect even running rootkits?

    And this is well known - the answer is yes
    The answer is well shown in the article . Please, read carefully Andrew's words

    http://www.eset.com/company/article.php?contentID=1401
    :D
     
    ASpace, May 30, 2006
    #4
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    It's not 100% right, but something is brewing.
     
    Marcos, May 30, 2006
    #5
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    I think you mean rootkits _trying_ to install, AH + defs works for those because I've never heard anything about NOD being able to detect and/or remove running rootkits.
     
    Brian N, May 30, 2006
    #6
  7. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    Could it be V3? ;)
     
    Brian N, May 30, 2006
    #7
  8. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    NOD32 is always on the front of the AV technology... :D
     
    rdsu, May 30, 2006
    #8
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Hope so.... :D
     
    pykko, May 30, 2006
    #9
  10. ASpace

    ASpace Guest


    Andrew:
    We had to re-write significantly part of the engine. It wasn’t that we couldn’t detect these, but once they were installed, they were very difficult to detect. We had to develop a method that the root was installed on the system, that we would be able to see it. Traditionally, what we and other anti-virus companies does is hope that you’re on installed on the system and once someone tries to install a root kit, you can’t defend, because you can see the files at that point. But once the things are actually installed and in memory and running, then it can be very difficult. We actually updated the product there to deal with there.
     
    ASpace, May 30, 2006
    #10
  11. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    Which means they updated the engine to detect them heuristically before getting installed.
    And that is a known fact - The other one where they detect running rootkits.. I've never heard of it.
     
    Brian N, May 30, 2006
    #11
  12. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    Neither I...
     
    rdsu, May 30, 2006
    #12
  13. ASpace

    ASpace Guest


    No problem :)
     
    ASpace, May 30, 2006
    #13
  14. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    ? :D

    I read that, but since they didn't told nothing about that on the updates...
     
    rdsu, May 30, 2006
    #14
  15. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    It's still about detecting them before installed. It's nothing like Blacklight or RootkitRevealer.

    Don't get your hopes up, but if something is 'brewing', I'm sure it means detection of running rootkits...
    (Only guessing of course).
     
    Brian N, May 30, 2006
    #15
  16. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,537
    Yep ;)
     
    rdsu, May 30, 2006
    #16
  17. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    I don't know Blacklight, but RootkitRevealer is not so good. I know better solution.
     
    auriell, May 31, 2006
    #17
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...