advanced heuristics and AMON

Well, each to his own. I understand that many users, yourself included, want the threat stopped at the border, so to speak, before it gets in even though AMON might alert immediately. I think choices should be available and Anders has replied in another thread that AH WILL be incorporated in some form into AMON but how soon is the main question.
https://www.wilderssecurity.com/showthread.php?t=32086&page=5

As for viruses in email, I have an iron clad rule that I never break and that is that unless I am expecting the attachment, I delete it unopened. If I am expecting it, I ALWAYS download the attachment to disk and then scan via command line adv. heuristics. As for some sort of attack embedded in the html in the email ...I use plain text only. Plus, Proxomitron will force plain text also. I can't download the Eicar text test unless I bypass Proxo as it renders it into plain text. Also, no one else uses this computer so I don't have worry about a user who doesn't practice safe computing. My only real worry is that I might get distracted sometime or be extremely tired and thus do something dumb and acquire a nasty because of my momentary lapse in safe computing practices or that I might sometime visit a site I thought was very reputable and it isn't...but I can't be protected against every single possibility....

 

Support for AH is planned to be incorporated to AMON any time soon.

 

That sentence is confusing...did you leave out the word "not"?

 

Maybe he mixed:
"any time now"
"some time soon"

?

 

Of course, I meant "some time soon" ;-)

 

Too bad you didn't mean "any time now". But "some time soon" is encouraging.

 

Not true. I have the beta and I just disabled IMON for ever. That HTTP scanner really slows my very fast box (3GHz, 1GBRAM on a fast cable modem connection) down! I cannot imagine even thinking of putting something like that on my W98SE box.
I have to sit there watching a download box from IMON! NO WAY!

Plus, I don't want advanced heuristics scanning HTTP. I have enough problems with the false positives that AH gives me when I do an on demand full scan using AH. I've changed my mind and I don't want AH for AMON either. I just want ability to scan inside zipped files so I don't have to unzip first and I want more signatures for trojans. I'm soured on AH. I want faster signature protection.

 

I find the download of a file a little slower - P4 2.8GHz, 2 x 256 3200MHz DDR, Cable Modem - but all-in-all very happy with it...

And if you aren't happy with the HTTP scanner, you can disable it. Personally I like it, and are rather impressed with how it pops up and displays the scan, if I can grab a screenshot I'll post one...

Cheers

 

Nod32 HTTP Scanner checking a downloading file.

Cheers

 

Well that is nice you like the slow down. I don't. I hate that stupid window. I don't pay a lot for a fast connection to sit and watch IMON scanning something with AH and then give me a false positive. No thank you. Now tell me why I want to renew my subscription to pay for something I will never use on even my fast XP box much less my beloved W98SE box that I like better than my XP box? But as you say...each to his own.

I want to see AMON fixed...poor AMON. Some one over at dslr trying out NOD32 and all upset because AMON can't detect the eicar in the zip. Eset is going to loose current customers and not get new ones if they don't fix AMON...not that anyone will go to KAV since Kaspersky neutered KAV's ability to detect in zip in real time in 5.0...but instead i suspect they may go to NAV even with all its problems.

 

Does it help with the speed if you select the "passive mode" per this post?

https://www.wilderssecurity.com/showthread.php?p=179910#post179910

Thanks,

 

Just in general it seems to me that the more an AV does (in terms of scanning and unpacking, etc) the more impact it will have on the system and performance. I wonder if that's partly why KAV 5 Personal reportedly doesn't detect in compressed files in real time. Ironically, NOD's limitations in RT detection in compressed files is one of the things its critics have used to bash NOD LOL. [Although KAV 5 Personal's design may also, intentionally or unitentionally, result in an increasing number of people migrating to KAV 5 Pro since they want more capabilities in their AV. ] It seems that KAV 5 Personal is aimed at the mainstream more so than previous versions. I'm no KAV expert, so I'm just speculating.

People have asked for an AH option in AMON but that too one suspects will have some impact on performance if AH is active. ESET says it will be available to some extent in AMON. No doubt ESET will try to minimize the performance impact of any increased scanning capabilities, whether performed by AH or in another fashion, since "light and fast" is one of NOD's selling points, but it seems inevitable that there will be some trade off in performance whether those increased capabilities are performed by IMON or AMON. As long as there are options available so that the user can choose for himself how his AV is configured and what features are used (which I hope there will be), the user should be able to decide the tradeoffs for himself, increased scanning/detection capabilities or optimal speed.

 

As I was saying above, very little slowdown of a downloading file, no system performance slowdown noticed... and if you don't like it, TURN IT OFF, really very simple

From what I can find, there is no "passive mode" option available, see screenshot...

Cheers

 

That has to be the absolute funniest tray i've seen yet.. The tech guys at the office are gonna love that one when I bring it in.. Anyway, if it slows down downloads, i'd be inclined to disable it.. Lets hope they improve AMON to bring it up to the level I need it so I can re-purchase NOD32.

 

Each to their own, and not everyone has your expertise. I enjoy trialing various software to see what it does, and better safe than sorry

Glad I could make you smile

Cheers