Eset. Speed of virus lab.

I think that NOD32 is a very good AV product. Its fast easy and effective.
If Eset speed up the work of virus lab (I mean:fast update after recieve virus sample) it wil be best AV product.
Sorry for my English
Regards

 

They are working on that...

 

Absolutly right!!!
When I submit a new sample, that can't detect nod32, I wait several days (even weeks) ESET add it to their virus signatures while other AV companis do that very quiqly..

sorry for my english

 

ESET appreciate the samples everybody send them .

I personally have sent them undetected stuff twice and they were both added some hours later with the next update . It seems that what I have sent was quite important because it has been discussed before that ESET adds malware on priority bases , Official Statement here by anton , ESET Moderator .

 

I dont think that Win32/TrojanDownloader.Zlob, trojan which I sent was non important. Very sad that viruswriters updating malware like paid soft. <snip> on this link always fresh malware for users and AV products (do not download for your PC safety)

edited to remove link - please do not link to malware or suspected malware! Detox

 

You'd better remove that link , links to live malwares are not allowed on Wilders , at least in the way you wrote it (clickable link)

ESET will add it soon because Zlob is treated with high priority

 

Zlobs are modified several times a day to evade detection, this is a matter of fact.

 

Zlobs are released in tens each day. Any AV is going to miss a certain variant some day

 

Right, but when you send that samples to AV compani, they must add it in next update... not 5 or 7 days after!

sorry for my english

 

Marcos: Zlobs are modified several times a day to evade detection, this is a matter of fact.
lucas1985: Zlobs are released in tens each day. Any AV is going to miss a certain variant some day

I agree but we are not talking about detection or missed malware samples by Nod32 or some other vendors. We are takling about speed of Eset's virus lab, it means: how fast will be NOD32 update done, after recieve virus sample? I can say that not so fast. I sent many samples to Esets' virlab.
sorry for link

 

NOD32's imon blocks you from accessing the vast majority of zlob-downloading sites, IMHO that's better than constantly trying to catch up with signatures.

With regards to speed of adding sigs, this depends on how 'dangerous' the sample you've submitted is regarded, I must admit I am surprised at the (sometimes huge) differences between AV's in the priorities they give a specific threat. Nod's not that bad for zlobs, some don't even add zlob sigs at all.

Londonbeat

 

In response to the OP, in my experience eset is not among the quickest at adding samples, although the excellent Advanced Heuristics do compensate for that.

Londonbeat

 

All samples are dangerous if your AV don t detect it
It doas no matter what is your damage, when AV can t detect sample, that company must fix problem...

For me there is no difference between Trojan or Worm..
Virus must be killed!

 

I don't think Nod misses any more zlob's than other AV's so that is a bad example to use!One thing re updates I dont like is the lack of them at weekends,the malware writers dont "break" for weekends so neither should the anti-malware writers.In my opinion this shows over-confidence in heuristic detection,which is far from perfect even with Nod,which is currently the leader in this field

 

tsilo:

I agree with you

Londonbeat:

There are too many bad sites, imon not only way to fight with zlob>>> good Heuristic engine, fast virus lab and often signature updates.Thats how should be IMHO. Eset made briliant Heuristic engine

 

I know nod have best heuristic, for that I love this AV.. But we are talking about samples nod hauristic coudn t detect...

Earlyer I was infected with Rbot, I realised it was virus and don t let him connect to internet,I blocked it with my firewall...
I submit this sample to ESET and only 7 days after when I post there thread about it they add this sample in signatures..
What can do users who can t idenyifid viruses himself
In 7 or 10 days every virus can damage your system, It s too big time...

sorry for my english

 

Don't forget "common sense":-very good AV!

 

Yeah, an essential part of your ideal security suite (speaking about common sense, was I, talking like yoda now, I am)

 

I agree with you Owner. I"ve also sent them many, many samples and I got them added after days or weeks. There were some added in 24-48 H but not too many. Hope they'll make something to this.... maybe a Christmas gift or something

 

tsilo:

Thats why I have Tiny Firewall on my PC which has good HIPS. So when i download malwere file masked under AVI or TXT file and click it, Tiny alerts that for example: process A trying to inject into process b, allow or deny it depends on user

 

How does it do that? Exactly what protection does IMON give? I'm interested on how it performs it's task. Is it signature, black list, heuristic or something else based?

 

See attached screenshot.

Cheers

 

Would be good to know which settings and definitions were used.
I´m sure that the delay on adding samples may be related to tweaking of existing signatures.

 

Wed, 20 Dec 2006 14:51:22 +0300 (MSK) write now I send fresh Trojan-PSW.Win32.LdPinch to samples@eset.com. Someone sent link in ICQ and said that its some kind of soft so I download this malware
virus signature database version: 1931

 

Not being nosey:-but what sites are you visiting to have so many attacks?:-thats where "common sense" should "kick in"
No av in the world will protect against stupidity,no matter how fast defs are updated!