Trojan Zlob

Isn't the point(or at least the main one!) of using AH that Nod should detect malware without updates

 

It certainly is, and Nod32 does (and admirably so, I might add), but no heuristics are able to catch ALL new malware....

 

I know and to be honest I dont think they ever will,unfortunately we will always need sig updates to protect us,and to be honest I doubt the AV vendors want to develop"the perfect" av,after all how then could they sell us "a new improved version" lol

 

If heuristics was to catch all new Zlobs you'd better leave it disabled coz it would catch many clean files.

 

Thought the technology was supposed to differentiate between clean(safe!) and malware by behaviour or something?,it seems in some ways to becoming more of a marketing tool than an av tool(lol)

 

I think here, you mistakenly made the mistake of thinking heuristics is magic. Heuristics can only carry it to the point where it can be sure a certain behavior is utilized by malware and only malware. Once it acts more like a normal program, but is malicious in intent, it is ultimately up to signatures and the user.

Which is why I think Eset should add an IDS module to NOD32 IMO, which can be separate or an extension of AH (get a prompt to allow running a program if it hits two or more danger criteria).

 

New one.
Sent it.

 

No in fact I do realise the limitations of this technology,the problem is in the way it is "hyped" by eset and by some users on this forum as a magic bullet!,in a recent test(using old sigs)and therefore relying on AH technology only 58% of malware was detected AND some of those probably were detected by the old sigs,so as an extra form of defence it provides some but very little protection,42% getting through isn't what I would call satisfactory

 

As this was the head of the class you would prefer to have something lower than this I don't think so.

Cheers

 

ThreatSense is improved on a daily basis so NOD32 would score much better these days.

 

I know it is the best but still not good enough to rely on for protection:-I want something better if possible!(don't you?)

 

So its working more like a sig based AV? thats not really the idea is it?
How will V3 work?

 

ThreatSense is part of the engine plus there is a stand-alone module for Advanced heuristics which is constantly being developed as well.

 

If I was able to do something really well I'd be sure to tell people about it too. www.av-comparatives.org

 

That quote is cut to suit!It is more the users(and resellers!!??) that hype it more than Eset!You consider 58% detection adequate(or even really well!)?Like I have already said I know it is the best,but it is still not good enough to rely on!
Heres a question for you:-actually how many threats has Nod been able to nulify without updates to the sig base? compared to ones dealt with by updates this number is tiny!

 

See here .

 

And?why redirect me to my own post?

 

Can you not see your own contradiction?

 

What contradiction

 

You say AH is Hyped by ESET and some users on this forum. Yet you say it's Hyped by more by the users and resellers in a previous statement. In both cases you are incorrect. The technology works and it's a compeditive advantage. AH works very well, it's more effective a solution when compared to other vendors. This isn't hype... this is a fact.

Is it becasue the 'Zlobs' aren't all detected proactivly with Heuristics that you believe it's hype? There are many new modifications of bagle spammed this week. All of them detected by AH and Generic detection. No hype here.... just a job well done IMHO.

 

Users hyping it no! your not doing that now are you!
When AH was introduced figures of 90% detection on new malware were banded about(without the need for updates!)this figure has never been realised or likely to,so you decide has AH been hyped or not!
PS I do like the extra protection AH offer,I just wish it was as good as promised initially:-the ref to resellers was a little(jokingly I add)go at Blackspear re his post

 

You're right. I am not hyping it. I'm stating facts.

Agreed. This is BS from certain resellers.

Ah rite So it was BS also

 

Completely missed me Everyone knows I'm a Reseller so I don’t know what your point was, and if they don't it is plainly stated in my profile, however in saying this I do not want a single sale through Wilders because I have and always do encourage local purchase for local support, as well the day I'm a little late in getting a license to someone it would be posted to the world (for the record we generally only send out licenses once a week ~ eval/temp keys are supplied until the license comes through). From memory since joining Wilders I would have sold about 4 licenses to people that contacted me through here.

Of the 11,000 odd posts that I have made, about 9,000 would have been in the NOD32 forum helping people, so I really don't see how you can relate 4 sales as a Reseller to 9,000 posts of support, that's a damn hard slog to get a sale if that was the case

So, now that we have that all cleared up I think it's time to move on about me being a Reseller and get back to the topic at hand.

Cheers

 

Somebody we know had an interesting experience over the weekend - possibly zlob related

http://forums.aanet.com.au/viewtopic.php?t=10041&start=25

 

When I try that I link, I get:

... which is odd, to say the least, as I don't recall even having seen that forum before... LOL!