I'm currently evaluating NOD32 for a possible network install. I've been very impressed with the product so far. I attempted to use the Spycar testing tools, but NOD32 allows them all to execute... Is this a good thing or a bad thing? For those who don't know: http://www.spycar.org
NOD32 is not a behavior blocker so, for instance, it will not notify you if a benign application writes into the run registry key.
Well that depends .. Personally I've never heard of 'Spycar' and since it's just a test tool (out of hundreds) it really shouldn't be detected since it's not a real threat... If you want to test you can use EICAR X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* or the BAT TEST FILE @echo off resident.bat Just copy the above code to a txt file and both of them should be detected
Well, my point in trying the more unknown testing tools was to see if the heuristics would allow such things as changing the default search page or adding entries to the hosts file. I must be on the wrong track here. I guess we still haven't reached a point in anti-* tools where one does it all. So I still need a behavior-based detection tool (such as Ad-Watch) in addition to the more "classic" virus scanners? I didn't bother with EICAR, that has been in every signature database since the 70's hehe.
Just for fun and try the tests at the Spycar site. I'm using SpywareTerminator (freeware) and most is detected!