What kind of worms is wormguard made for?

I´m not sure about this, is Wormguard made to protect against Email, P2P and IRC worms or just any worm. For example - was wormguard able to stop msblast and sasser ? I realy don´t want to do a selftest

 

Wormguard blocks execution of as much as it can. When first released, VBS and script based worms were the most popular, and Wormguard has an extremely high rate of detection on these worms, even though less popular now. They were also mostly email worms, not pure Win32 worms which connect to a vulnerable port/service

Many of today's worms can still be stopped, however we are adding executable packer decompression for the new Wormguard as these change an EXE file's visible contents, hiding the actual code from the scanner.

As for Win32 worms (network aware worms), we might make Wormguard check your installed patches and browser settings to help limit the effect of those worms. The best way to avoid those is to stay patched and use a firewall, but there will still be a place for Wormguard to help limit dangers from things you execute.

 

Thank you for the reply. I have to bother once more - if i got it right wormguard takes a file, extract the strings and checks them for suspicious words - like "pingflood", "bot", "HELO", "RCPT TO" for example and decides if it blocks the execution. But is there also something, that analyse the "behaviour" of a file ? For example, if a .exe wants to read the addressbook of Outlook or something - even without having typical strings in the file - would it cause an alert?

 

If that is what you are looking for then you should also have a look at TPF5.5

Chiao
Itsme

 

If "read addressbook" is supposed to be suspicious it is detected and your permission is asked. In most cases it will be an action from a known nasty --think this is what you mean?-- and the nasty is stopped anyway.
The other action as send out whatever smtp server is used it would be very suspicious too and blocked from happening.

 

Thank you. I just checked it out and found my answers.

 

WormGuard is an extra layer in your security, with execution protection for malware; you firewall might have email protection already, then the AV/AT and/or other specific email scanner, then WormGuard if you still insist to open a file which came either by email or otherwise on your system.
Can but tell you from own experience it saved my computer's life various times!
And i like the warnings when i want to open doc and xls files from reliable source it still warns me for macros and other suspicious parts in them.
The tools all work very nice together for our security!