Bugbear.b Worm couldn't fool NOD32

Discussion in 'NOD32 version 1 Forum' started by crazykidjoe, Jun 12, 2003.

Thread Status:
Not open for further replies.
  1. crazykidjoe

    crazykidjoe Registered Member

    Joined:
    Dec 26, 2002
    Posts:
    47
    This is a nice read regarding NOD32 being the only AV to detect BBW without any updates for the worm..

    http://antivirus.about.com/library/weekly/aa060603a.htm
     
  2. Yes, but is it really true?

    I was under the impression FSecure and McAfee Also detected it heuristically...
     
  3. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Why not contact the author of the article to find out what that info is based on?

    http://antivirus.about.com/mpremail.htm
     
  4. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi all,

    I don't know about the other vendors, but NOD32's advanced heuristics
    engine, released before April 10th (in beta4), is capable of detecting
    win32/bugbear.b by means of heuristics.

    Cheers, :)

    jan
     
  5. F-Secure was the first to release an update for detection, with McAfee not far behind. But the only heuristic detection was via Nod32.

    I happened to be testing the beta v2 of Nod32 and was quite impressed by IMON's response.

    Regards,
    Mary Landesman
    Antivirus About.com Guide
    http://antivirus.about.com
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks for the confirmation - and welcome once more.

    Looking forward to your opinion on the Final v2 release!

    Regards,

    Paul Wilders
     
  7. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Perhaps this is somewhat academic, but I think the question is, did NOD version 1, which was the only released final version at the time of the Bugbear B outbreak and presumably used by the majority of NOD users, provide heuristic detection?
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Sig,

    That's exactly what Mary Landesman is stating ;)

    regards.

    paul
     
  9. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Ah well she mentioned v2 of the Beta, so it wasn't quite clear to me (and perhaps others) that it was NOD version 1 that had detected Bugbear B. Additionally, the Eset Oz site also refers to the advanced heuristic capabilities of the Beta re: Bugbear B but not version 1. So I think it may not be absolutely clear to everyone that the actual release version version 1 also had this capacity.

    Just trying to clarify. :)
     
  10. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Again...I really was asking for a definitive specific answer that indeed NOD 1 either could or could not heuristically detect Bugbear.b.

    I still ask since Eset's public comments do not make any claim that NOD version 1 detected Bugbear B heuristically, only that the advanced heuristics of the Beta detected it without requiring a signature update. And Mary's comments re: using IMON refers to the Beta which confuses things a bit since no specific reference is made to version 1 or AMON.

    So, for clarification could someone at Eset confirm that NOD version 1 either did or did not detect Bugbear heuristically without updates as stated in the article above?

    Because if indeed NOD 1 could not detect only with heuristics, the article is misleading and confusing to consumers, in that it may be comparing a pre-release beta to released versions of other avs.

    Furthermore, if NOD 1 could not heuristically detect Bugbear B, no matter how great the Beta 2's heuristics were at the time, the fact nevertheless would remain that the majority of Eset customers who were using the actual released product (NOD1) would have had NO such heuristic protection and indeed were in no better position than users of any other AV on that point.

    And if that were indeed the case, the boasts on the Eset Oz site noted elsewhere regarding the Beta's capabilities really wouldn't mean squat to any NOD user who was not running the beta at the time. (Especially considering that at the time Eset was advising ordinary users to run the final release NOD 1 rather than the NOD 2 beta).

    So could someone definitively clarify the situation specifically in regard to NOD 1? Since absent that clarification others as you know may claim that Eset isn't quite "playing fair" with the competition since it is allowing potentially misleading info to be presented to consumers without correction or clarification.
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Sig,

    ]quote]Again...I really was asking for a definitive specific answer that indeed NOD 1 either could or could not heuristically detect Bugbear.b.Actually, it's of no importance anymore, since v2 has been released, isn't it?

    Sure - but do you prefer preaching for one's own choir?

    Since most prefer an independent "third party" comment on this: contact Mary Landesman - she knows what she's talking about ;)

    Since you are focussing on Nod32 version 1, I'll move this thread to the version 1 forum - out of date in the meanwhile, but nevertheless ;).

    regards.

    paul
     
  12. Gary1

    Gary1 Guest

    Sounds like NO, version 1 could not detect bugbear.b heuristically.
     
Thread Status:
Not open for further replies.