ess

Discussion in 'other anti-trojan software' started by erikguy, May 12, 2005.

Thread Status:
Not open for further replies.
  1. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    Does anyone know if ewido uses heuristics by default?
    Also, each single signature includes all the "junk" dropped by the main file, right Fish? ;) That's the way it should be done I think. None of this "traces" sigs deal done by others. So ewido EFFECTIVELY finds ~113000 DIFFERENT malware AND their junk files right? Is there any riskware in the database?

    Regards,
    erikguy
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Heuristics are planned for Version 4 I believe.
    Would you define riskware Erik?

    new engine (3.5) is planned in a few weeks I recall Peter's post somewhere...and I am not stating that Ewido is better or worse...both have their weaknesses, both have their strong points. but Ewido is only a year old ...
     
  3. mr.privacy

    mr.privacy Guest

    Will version 4 still be free?
     
  4. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    the free version will be free mr.privacy :)...but I am not sure how exactly it will be for some of us who were one of the first to purchase the licence...I guess till version 4 we're good to go...hopefully version 4 will be finished lol ;)
     
  5. mr.privacy

    mr.privacy Guest

    Thanks Infinity. Yes, I should have said will there still be a free version available when version 4 comes out. Good point about those who have already purchased Ewido though, will they have to pay again for newer versions?

    Erikguy, when you check their website it does say: We offer you realtime protection against, Hijackers and spyware, worms, dialers, trojans and keyloggers. That sounds like riskware to me.
     
  6. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    yep, that's what I was thinking too...however riskware can also mean: serials/keygens/cracks...miscoded software...whatever ware :)

    I believe a free scanner is good for the community. especialy those concerned about hijackthis logs and helpers all around the world. I guess if they make the free one a little more effective it would be of great help for Ewido...let me refrain myself better:
    If the new free version has automatic submitting of "dubious" malware (from heuristics or behaviour detection) from within the program (not first being redirected to the Ewido site) they will get a lot faster their samples...and that means again a good thing for everybody if you know what I mean.

    /edit: that means better for Ewido too imho...good reputation, a lot of samples and the registered users can have the full featured version... :cool:

    Take care
     
    Last edited: May 12, 2005
  7. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Erik,

    The way KAV defines riskware (based upon my experiences), is program modules which in in themselves are "neutral" (i.e., will not cause any problems) but may be (often are?) associated with programs that can be classified as malware. In most cases, the "riskware" that KAV has detected on my machine have been clean as were the modules associated (e.g. in the packed file) with them.

    As for the next generation of software, the bar has been raised really high. KAV not only has a giant database that covers all kinds of malware, but will also include proactive detection. Whether or not, or the extent to which, this proactive detection will overlap with ProcessGuard and RegDefend is still not clear to me.

    But, it is very rare nowadays that I find anything seeping through these three products. The one product that has genuinely found something has been BitDefender - which I think is pretty impressive. Ewido will still find some stray "tracking cookies" that maybe Ad-aware hasn't found, but I think that Ewido will be challenged to come up with "must have" technology the next time around - as opposed to "nice to have". At this time though, I consider it an excellent companion to most AVs that are out there.

    Rich
     
  8. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    yep, I can fully follow your opinion Rich.

    Ewido will come up with some kind of heuristics/malware behaviour detection...at least that's what I remember from a post Peter made once, so it's nothing new I'm saying here. the more behaviour detection the better...as long as it's kernel level it's ok to me ;)
     
  9. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    Sorry for not replying earlier, work you know....

    Hello again, Infinity. I also am not claiming ewido better or worse, in fact I think it's definetely a top runner for "best AT".

    Also, Yes that is what I would define as a "riskware". Keygens and serials are OFTEN packaged with some sort of malware but many times not. I bet you if I tried to DL five "risky" programs such as these maybe one or two would have some sort of malicious code with it, but it's no reason to label all keygens "malicious". I hope (for all us internet user's sake) Ewido Networks doesn't waste their time with such trivial files and really focus on the exact malware such a file could be packaged with. Again the key word is COULD. It could also be good business for the company to claim that their product detects 113000+ actual malwares.

    Thanks for the heads up on v4 Infinity, that does answer my question about heuristics. As for riskware in the current database question I think it's best left for someone who knows for sure.

    Your info is also appreciated, Rich. :)

    Regards,
    erikguy
     
  10. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    Yea see that's what I was talking about, riskware. I just installed NOD32 and it flagged the internet driver patch from LvLLord as a threat (EvID4226). I admit its a "risky" file but I have used it without problems and in fact recommend it to people who are connected to more than 10 computers at a time (usually file sharers). Unchecking the "Adware/Spyware/Riskware" box prevents it from bringing up the alert window so I'm assured its considered "riskware" by Eset. Oh well, I guess.
     
  11. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    You know what's funny? I think it's funny that Fish was so fast to defend ewido in this thread about submits...
    And yet it is clear that Nancy was right. I submitted a file to ewido networks a day or two before I started this thread, which is almost ten days old and I have still to receive a confirmation email saying "thank you for your submission" much less closure about what they're going to do about it.
     
  12. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    We get so many malware samples, most of the time we simply can't answer anymore. When exactly was the file sent? Without that info it's impossible to check what happened with the submission, sorry :(
     
  13. erikguy

    erikguy Registered Member

    Joined:
    Jul 5, 2004
    Posts:
    236
    Location:
    Salem, OR
    To tell the truth I don't really care about the submission. :oops: I just wanted to attract your attention to this thread cuz I wanted my other questions answered. (see above)
     
Thread Status:
Not open for further replies.