Sick and tired of ESET letting things through

See my response above. There should be no problem with responding to samples and, if there is, feel free to PM me the email address as well as the subject of the email so that I can look it up in the system and let you know the status.

 

I've had quite the laugh going over this thread. Alls it is anymore is just uneducated and ignorant people crying over something they do not even seem to understand. Honestly, the main reason why Eset is falling behind with rogues is the simple fact that they are still relying on signatures and heuristics. They are one of the few that have not brought in a behaviour blocker. I'm sure if they did that then it wouldn't let nearly as many things slip by.

Other than that I've not managed to see any trojans, worms, etc. get by, only these rogue applications. And it's not easy to make signatures for these all the time seeing as they reproduce and get altered hundreds of times a day.

If you have a problem with a product be mature, leave honest feedback without trying to sound like a bickering child to help the developer develop based on logical reasoning and switch to something else. This is not a school yard for people to gang up on someone because they made a mistake.

 

a behavior blocker (hips) can not prevent a browser from executing malicious scripts.
on the other side hips has to be trained - thats not possible in a couple of days.
failed.

 

Not sure why this thread has turned into a moody flame war... I guess this is what you might call a "hot topic", with alot of emotion behind it...

What I was looking for with my post was a professional response, to the tune of:

There. Basically, we are aware of it, and we will do a better job in the future...that is all that is needed guys...was that so hard?

 

I have been following this thread and have to say that i totally agree.

The thread started with a frustrated customer that didn't find the product to live up to his expectations. Then several people replied to blame it on everything except Nod32 and even a Eset representative replied just to agree with the nod fanclub. I'm not convinced that's the proper way to respond to a customer in a support forum and probably not how to keep a customer. If i post in a Windows support forum because my Windows keep crashing i'm not expecting a reply that's says no OS is perfect or it's your own fault and not Windows. No one ever said anything about a perfect product or a antivirus with 100% detection, not sure why some bring that up every time. Even if there are several steps that can be done to be protected and several steps that is recommended Eset must not forget that Nod32 is supposed to give some protection as well.....isn't that the whole point with a antivirus software? And when a customer feel that the protection isn't good enough don't blame it on everything else and try to respond in a professional way.

I'm not saying that nod32 is a bad product or anything like that. I got my opinion, but i'm not getting into this discussion about how bad or good nod32 is since that will lead to nowhere and just start a new flame war. I'm just saying that often (this is not unique for the eset forum) there are some fans that kind of ruin the whole thread by defending the product they love more than life and it turn into a war while the starter of the thread get no useful respons. I also think the Eset representatives could repsond in a more professional way.

No offence to anyone and hope no one take this too personal or the wrong way. But put yourself in the position to the starter of this thread, you have a problem and post in the support forum to release some frustration and ask for help, would you be happy with the replies and support based on the replies from this thread? Even if it's not possible to reply and say "The product is now fixed and will never happen to you again" it's possible to give a professional response to calm the customer.

-gan

 

A behaviour guard is designed to block files that act like malware. It may not block the browser from executing the scripts but it can determine if the executable file downloaded and run is behaving like a rogue or other malware.
It also provides a faster way to determine which files are malicious seeing as they act like malware so signatures can be added for the malicious files.

You can definitely see a difference in rogue detections with turning the behaviour guard off and on with quite a few antiviruses.

Take avast for example. before v5 it barely blocked rogues at all, now with the behaviour guard it blocks quite a few of them.

 

it does not need any executable - java is enough to do the job.
ofc - java does not behave like before - how to judge whats right or wrong?
to do so may possible - i have seen the difference between java on/off in a
sandbox with some encrypted script (wasn't blocked for purpose).
the bad combo was JS+JAVA+Flash = fail.
the other example without java was rogue antivírus like here.
for me easy to kick off browser with the complete sandbox.
and i am not sure how safe the sandbox of ie7/8 is (firefox is almost unbreakable)
aint it nice to run an wonderful brand new scientific calculator?

yet another constructed worse case. the trouble is to judge on a hips whats
right or wrong. i like the combo av+hips - as long - it doesnt bother me.
set and forget is not really possible - there is to many new and nice software.
even me tries a lot each day - in a sandbox - and hips dont watch it - its
safe (should be safe).
what i triy to say is that (for me) a testing (isolated) sandbox is more worth
than any hips. dont like it - kick it off. like it - keep and install it for real.

unfortunately torchsoft malware defender aint longer developed. trusted apps
can do like they want (i didnt had installed them if i dont trust them).
now i am testing some alternates but MD is not comparable this time.

sorry - i got a bit away - i always start mixing theads cause security is not
that simple in installing any av-software.
i understand your point of view but as long hips aint idiot proof enough
it is worth nuts. therefor i like outpost and online armor with its database.
MD does not have that feature like some others.


@jeremyf - just lol again - i told ya once you can do better!

 

Sorry, I am honestly confused... what do you mean?

 

Well,

Firstly, I believe that people here have an unclear understanding about what it is and what a Rogue AV does.

Based on the experiences of people who unfortunately have had to deal with Rogues, these creations are nothing but TROJAN HORSES.

They behave like Trojan Horses, act like Trojan Horses and in the end do exactly what those things do: gain unauthorized access to your computer by their creators.

Wikipedia defines what a Trojan Horse is:

After this reading I have come to the conclusion that we are dealing with the WORST breed of Trojan Horses ever created. They morph every second and thousand of variants of the same Fake AV appear on the wild ready to infect newbie and experts alike.

Some Antivirus vendors and some SO CALLED “security experts” have been trying to downplay the fact that the Rogue AV/Fake AV is a major problem on the computer world nowadays. These same people have been blaming the users for getting infected by those Trojans because apparently they are “happy clickers” that click on every Ad and every banner Ad they come across with on the Internet.

I have witnessed several cases at work of people whose computers have gotten infected by those Trojans solely by checking up the weather forecast on one of those reputable news web-sites WITHOUT clicking on anything. They just get a fake prompt that their computers are “INFECTED” and the options of clicking OK or CLOSE. Either option lead to the same result: Download the Trojan a.k.a.: Fake/Rogue AV.

Lastly, I have noticed that all AVs that are weak at detecting Trojan Horses are also weak at detecting Rogue/Fake AVs...coincidence?


Regards,



Carlos

 

if you are habitually being infected by this type of malware and do not feel it useful to consider your own web browing habits i recommend turning on runtime packers and advanced heuristcs as well as adopting a multilayer defence specifically a registry monitoring program like WinPatrol.

I use Nod32, windows Firewall and WinPatrol. I was infected once, but i used the Sysrescue CD and cleaned my computer beautifully. Does anyone have the steps on how to clean your PC using the Sysrescue CD? I don't want to type it all up if there is already some literature out there.

 

and thats the point where to screw on - avoiding such popups or sites.
easy to do - for anyone. those you claimed on with the blame try most times
to point out where to act on - and some excuses are really funny - in special
those here.

ofc i would expect that Eset would protect me from that crap - but my
experience didnt start with such algorithms - that time pretty unknown.
i build up some shields some borders ahead. i dont rely on Eset - if you
would ask me if can go without - YES I CAN
the last instance here is preventing the execution of that crap download.
and the very last is a backup or image.
Any av should be a part of a security model - four or more different parts
which dont need each other so if 1 or 2 fail the other will do the rest.

The funny point here is that an admin started this complaning thread although
he should have known better. the next point is he does not really see his failure.
he should do his job and not trying to blame a company for its 99% work.

 

Just use Any AV + ThreatFire

example, NOD32 + ThreatFire = Protected 4 Life.

ThreatFire is soo under-rated or if that's not the right word, it just isn't popular enough, ThreatFire is the KEY!!

 

~Comments removed~

Please stop posting your rambling nonsense, you completely and utterly fail.

Stronger letter to follow...

 

too bad i couldnt read it...

@Phantasm

Sorry, disagree
>> ThreatFire is the KEY!!

The "key" is to hold that crap away - not to defeat its existence nor behavior.
thats why microsoft developed the GPO - most important tool in a company
environment. easy to set up and easy to share.
122 computers in a company is much work - you cant train each one for its usage.

 

No, TF is not the key. I´ve just installed and it doesn´t detect the AV (Avira 10 premium). This happen at the initial test it does, when check if your system is secure enough. Too bad!!!

Also mem unsage is higher than I´d expected and it have 3 process runing as far as I can remember. I´ve just send them a survey form about this when uninstalling.

So IMMO this security program is not the KEY of a success and clean PC.

Lastly, yes, all AV companies should do something regarding the Rogue AV plague we have. Norton 2010 does a really good job, it was capable of removing completely this two Rogue I´ve recently had:

1.- ave.exe (+info _http://www.malwarehelp.org/ave-exe-a-multiple-rogues-in-one-trojan-fakerean-2010.html)
2.- Trojan FakeAV -- tetirqdtssd.exe (pdfupd.exe).

Neither MBAM, SUPERAntispyware or Spybot could remove them.

I´m planning of start using Sandboxie to surf the web... sad!!

 

send me the install and ill test it in a vm-machine (TF is not meant for active malware already present on the PC)

 

sorry, i had TF this year for testing and it a) slowed me down nor b) was it
really usefull here*. im getting an bit away from hips. to answer this way
your other question - if TF protected your* computer from infection
it is not really clear what already had been damaged.
at least your point of view - if you trust it its ok for me.