Changes to signatures

Discussion in 'NOD32 version 2 Forum' started by Gauthreau, Apr 14, 2005.

Thread Status:
Not open for further replies.
  1. Gauthreau

    Gauthreau Guest

    In the latest update, I see that Eset has:


    NOD32 - v.1.1063 (20050415)
    Virus signature database updates:
    Changes in existing signatures

    What does that mean outside of Eset changing exisiting signatures? What were the changes?

    Neil
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It means that some other files belonging to a particular threat were added to an already existing signature.
     
  3. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    A change in existing signatures can mean a lot of things:

    1)Improvement of signature (this can be done to stop some trick methods used by the vx coders to bypass detection)

    A good example is an old case of McAfee, where the signature of an existing malware was so weak that changing the icon of the malware executable made McAfee not detect the malware.

    2)New, faster/better/more efficient methods of cleaning the malware
    3)Modifying the signature to include more detailed information for a minimum chance of false positive.

    Moderators/Administrators: If this post is off topic or its not been posted in the right sense or taste, please feel free to delete this post :)
     
Thread Status:
Not open for further replies.