Eset. Speed of virus lab.

Discussion in 'NOD32 version 2 Forum' started by Owner, Dec 19, 2006.

Thread Status:
Not open for further replies.
  1. Owner

    Owner Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    24
    Location:
    Moscow
    I think that NOD32 is a very good AV product. Its fast easy and effective.
    If Eset speed up the work of virus lab (I mean:fast update after recieve virus sample) it wil be best AV product.
    Sorry for my English
    Regards
     
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    They are working on that... ;)
     
  3. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376

    Absolutly right!!!
    When I submit a new sample, that can't detect nod32, I wait several days (even weeks) ESET add it to their virus signatures while other AV companis do that very quiqly..

    sorry for my english
     
  4. ASpace

    ASpace Guest

    ESET appreciate the samples everybody send them .

    I personally have sent them undetected stuff twice and they were both added some hours later with the next update . It seems that what I have sent was quite important because it has been discussed before that ESET adds malware on priority bases , Official Statement here by anton , ESET Moderator .
     
  5. Owner

    Owner Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    24
    Location:
    Moscow
    I dont think that Win32/TrojanDownloader.Zlob, trojan which I sent was non important. Very sad that viruswriters updating malware like paid soft. <snip> on this link always fresh malware for users and AV products :D (do not download for your PC safety)

    edited to remove link - please do not link to malware or suspected malware! Detox
     
    Last edited by a moderator: Dec 19, 2006
  6. ASpace

    ASpace Guest

    You'd better remove that link , links to live malwares are not allowed on Wilders , at least in the way you wrote it (clickable link)

    ESET will add it soon because Zlob is treated with high priority :thumb:
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Zlobs are modified several times a day to evade detection, this is a matter of fact.
     
  8. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Zlobs are released in tens each day. Any AV is going to miss a certain variant some day
     
  9. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    Right, but when you send that samples to AV compani, they must add it in next update... not 5 or 7 days after!

    sorry for my english
     
  10. Owner

    Owner Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    24
    Location:
    Moscow
    Marcos: Zlobs are modified several times a day to evade detection, this is a matter of fact.
    lucas1985: Zlobs are released in tens each day. Any AV is going to miss a certain variant some day

    I agree but we are not talking about detection or missed malware samples by Nod32 or some other vendors. We are takling about speed of Eset's virus lab, it means: how fast will be NOD32 update done, after recieve virus sample? I can say that not so fast. I sent many samples to Esets' virlab.
    sorry for link
     
  11. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    NOD32's imon blocks you from accessing the vast majority of zlob-downloading sites, IMHO that's better than constantly trying to catch up with signatures.

    With regards to speed of adding sigs, this depends on how 'dangerous' the sample you've submitted is regarded, I must admit I am surprised at the (sometimes huge) differences between AV's in the priorities they give a specific threat. Nod's not that bad for zlobs, some don't even add zlob sigs at all.

    Londonbeat
     
  12. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    In response to the OP, in my experience eset is not among the quickest at adding samples, although the excellent Advanced Heuristics do compensate for that.

    Londonbeat
     
  13. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    All samples are dangerous if your AV don t detect it
    It doas no matter what is your damage, when AV can t detect sample, that company must fix problem...

    For me there is no difference between Trojan or Worm..
    Virus must be killed!
     
  14. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    I don't think Nod misses any more zlob's than other AV's so that is a bad example to use!One thing re updates I dont like is the lack of them at weekends,the malware writers dont "break" for weekends so neither should the anti-malware writers.In my opinion this shows over-confidence in heuristic detection,which is far from perfect even with Nod,which is currently the leader in this field
     
  15. Owner

    Owner Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    24
    Location:
    Moscow
    tsilo:
    I agree with you

    Londonbeat:
    There are too many bad sites, imon not only way to fight with zlob>>> good Heuristic engine, fast virus lab and often signature updates.Thats how should be IMHO. Eset made briliant Heuristic engine
     
    Last edited by a moderator: Dec 19, 2006
  16. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    I know nod have best heuristic, for that I love this AV.. But we are talking about samples nod hauristic coudn t detect...

    Earlyer I was infected with Rbot, I realised it was virus and don t let him connect to internet,I blocked it with my firewall...
    I submit this sample to ESET and only 7 days after when I post there thread about it they add this sample in signatures..
    What can do users who can t idenyifid viruses himselfo_O
    In 7 or 10 days every virus can damage your system, It s too big time...

    sorry for my english
     
  17. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Don't forget "common sense":-very good AV!
     
  18. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Yeah, an essential part of your ideal security suite :D :rolleyes: :D (speaking about common sense, was I, talking like yoda now, I am)
     
  19. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I agree with you Owner. I"ve also sent them many, many samples and I got them added after days or weeks. There were some added in 24-48 H but not too many. :( Hope they'll make something to this.... maybe a Christmas gift or something :p
     
  20. Owner

    Owner Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    24
    Location:
    Moscow
    tsilo:
    Thats why I have Tiny Firewall on my PC which has good HIPS. So when i download malwere file masked under AVI or TXT file and click it, Tiny alerts that for example: process A trying to inject into process b, allow or deny it depends on user :)
     
    Last edited by a moderator: Dec 19, 2006
  21. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh

    How does it do that? Exactly what protection does IMON give? I'm interested on how it performs it's task. Is it signature, black list, heuristic or something else based?
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    See attached screenshot.

    Cheers :D
     

    Attached Files:

  23. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Would be good to know which settings and definitions were used.
    I´m sure that the delay on adding samples may be related to tweaking of existing signatures.
     
  24. Owner

    Owner Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    24
    Location:
    Moscow
    Wed, 20 Dec 2006 14:51:22 +0300 (MSK) write now I send fresh Trojan-PSW.Win32.LdPinch to samples@eset.com. Someone sent link in ICQ and said that its some kind of soft so I download this malware :)
    virus signature database version: 1931
     
    Last edited: Dec 21, 2006
  25. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Not being nosey:-but what sites are you visiting to have so many attacks?:-thats where "common sense" should "kick in"
    No av in the world will protect against stupidity,no matter how fast defs are updated!
     
Thread Status:
Not open for further replies.