Ewido Plus

I heard through the grapevine that Ewido Plus (paid version) should be out in the next week or so.

Based on the feature comparison between the Free and Plus, it looks like Plus has serious potential (scroll to the bottom of page)

http://www.ewido.net/en/?section=ess

 

I agree. If the software works as good as the feature list sounds, it could be a real competitive product.

 

Forgot to mention it's going to be priced @ $35 and 29 Euro.

 

Just got more scoop. Looks like latest is EOM.

 

Looks like it has real potential

 

I tested the beta version of Ewido Plus on a disk with 450 worms on it a couple weeks back.

Ewido Plus: 431 Detected and Cleaned

TDS3: 218 Detected

Trojan Hunter: 0 Detected (and I set it up correctly)

Ram usage was only about 8,000k, with only a tiny bit of cpu use over a 6 hour period. The Plus version has more definitions and a way better scanner than the current free version, i'll tell you that much, and the heuristics really seem to work.

So far it looks like we are going to have a new superstar antitrojan application on the block come the end of the month. Save your pennies.

 

450 worms or trojans?

TrojanHunter really detected zero? That is hard to believe. If you feel any of the 450 samples, fall into the category of trojans, it would be very helpful if you submitted the samples to Magnus (submit@trojanhunter.com). Im sure it will be greatly appreciated

 

While you are at it, maybe submit the ones TDS-3 missed to DiamondCS. ( support@diamondcs.com.au ). I'm sure both companies would like to have a look..

 

why is ewido the only trojan scanner that doesnt list the names it detects? a number doesnt mean anything. Maaybe they hiding what they really detect because they dont detect much, lol

 

Huh? Ewido-Plus lists full names of the trojans its detecting. Maybe the free doesn't, but who cares about the free, when the Plus version is coming out shortly.

Here, look at my Ewido scan log if you don't believe me:

E:\Worms\I-Worm.Tanatos.a -> Worm.Tanatos-Bugbear -> Cleaned
E:\Worms\I-Worm.Tanatos.b -> Worm.Tanatos.b -> Cleaned
E:\Worms\I-Worm.Yo -> Worm.Badtransii (Heuristic) -> Cleaned
E:\Worms\I-Worm.Mapson.a -> Worm.Lorrin.A (Heuristic) -> Cleaned
E:\Worms\I-Worm.Sober.c -> Worm.Sober.C -> Cleaned
E:\Worms\I-Worm.Sober.f -> Worm.Vb.C (Heuristic)-> Cleaned

I see names, don't you? As for definitions, the Plus beta test version has almost 50,000 trojan definitions in it, and level 4 fuzzy logic detection with heuristics.

 

Thank you for fast reply!! but i mean the names of everything it detects not just the ones it detect when scanning i just wannt to compare it with the other trojan lists

> 50,000 trojan definitions
that doesnt mean it detects 50000 different trojans but. my boss is good at virus things and stopped me useing it at work because he thinks the number is just made up to misslead people and so he doesnt trust it but i still try it at home i am interested but need to test it more

> level 4 fuzzy logic detection with heuristics
how do you know so much do you work there? and can you tell us all what exzactly level 4 fuzzy logic detection is. is there an ewido suport forum i cant find it. Thank You!

 

I don't think your boss is the techno wiz you think he is.

Features are in the product description on the ewido site.

Fuzzy logic = heuristics/generic pattern detection/some sort of sandbox analysis. Basically it is detection that does not solely rely on signatures.

Moe is getting this info because he's using a private beta of the product. The info is out there if you google.

 

Re: Ewido Plus - test shown to be useless

Was just pointed to this thread by somebody at DSLReports. Turns out "Moe" is actually "Kobra007_", a registered DSLReports user. If you believe his test is credible, see this page and read his posts:
http://www.dslreports.com/forum/remark,10715731~mode=flat~start=0
He even refers to Trojan Hunter as "Toejam Hunter", if that gives you any hints as to his credibility and maturity.

I'm not saying anything about the Ewido program itself, just this amazingly useless test.

Anyway I'll let you make up your own minds.

Best regards,
Wayne

 

Thanks for pointing that out Wayne.

 

Somebody here who uses Ewido should contact the author and point this out, I'm sure he wouldn't appreciate his program being promoted at the cost of others, especially due to such extraordinary claims.

 

Thanks Wayne.I do use Ewido,but using such methods to promote a software is really lame.At the end it works as a boomerang.

 

Heh, good analogy. I find it similar to Mutually Assured Destruction from the Cold War

But we must remember that we dont really know who this person is, so although he's promoting Ewido whilst attacking other scanners, it's unknown what role the Ewido author has in this (if any), and I'm sure he's probably just as surprised and annoyed as everyone else is, so if I was you (as a user of Ewido) I wouldn't think any less of the Ewido program itself simply because one individual has made such outrageous claims, because the author probably/hopefully has nothing to do with it.

Best regards,
Wayne

 

I just received a polite privmsg from Peter (from Ewido) explaining things in clearer detail and I'm happy to report that, as I suspected, "Moe"/"Kobra007" is not involved with the development of the Ewido program - he's just an overenthusiastic tester (which is soon to change due to his childish actions), so my message to Ewido users is don't let the behaviour of one person change your opinion of the Ewido program, as it was beyond the control of the author.

Best regards,
Wayne

 

As I just already wrote to Wayne and Magnus, I want to apologize for the outrageous and impudent behaviour of Kobra (Moe). Kobra isn't connected to ewido at all, he is just an alphatester. Altough he wasn't allowed to talk about this version in public and post test results, he unfortunately did in a very ridiculous way, sorry for that - it will have its consequences.

 

I agree Wayne.I didn't mean that he is part of Ewido team,nor that Ewido isn't good.Sorry if i left that impression.I don't know how good Ewido is(last test i had seen was by Andreas Clementi ,who as far as i know since then has submitted samples to Ewido to increase the detection rate) since i haven't been infected (thank God) yet,and i don't like playing with trojans ( i just have 300 zipped virii on a floppy) ,but i do like the interface very much.
However,it is counterproductive for the software itself,having such "fans".I read a thread in the forum Wayne pointed out and it is indeed very unreliable as well as hard to beleive (TH 0) . IMHO a survey in order to be credible ,must use a malware sample with some characteristics:

1)Representative(i guess otherwise one can come up with some in the zoo samples that has submitted only to one AV vendor or use modified samples to prove another software is useless,while his isn't.)

2)Wide (the less elements in the sample,the higher the probability the statistical error becomes significant)

3)Present the criteria with wich the sample was selected and give in pubblic the sample names used and under what form the detection is considered failed (zipped,exe,packed,upon execution etc).

4)Define the settings for each programme.

5)Give detailed results for each product.

The less points the test follows the less is credible ,at least for me.ANd certainly the presentation of "hey ,i scanned 400 trojans (later proved as Wayne said to be worms) and the results were these " isn't very serious,specially when there is a known tradition for the poster in supporting certain products with passion (like Extendia AVK,another example) and bashing others (TH being the latest example,indirectly,yet clearly).

I trust much more someone neutral,who doesn't follow a crusade in favour of a product and does the same presentation as Kobra's. Last but not least,i wonder why posting as Moe here(i think as " Kobra" is banned,but couldn't he post as guest Kobra?) ,while obviously someone who goes around many security forums would see his post as Wayne did.

My reaction wasn't against Ewido,but against this kind of presentation that IMHO is counterproductive for Ewido's interests (although it's not Ewido's fault clearly),because someone who doesn't follow this forum regularly ,can think that Kobra actually works for Ewido.

 

Personally I don't think the price for EWIDO Plus is a fair price, especially for those of us that have been using EWIDO since beta stages

 

Hyperion, well said.

I actually meant the comment to Ewido users in general (it wasn't in regards to anything you said) -- so likewise I'm sorry if I left that impression.

Cheers,
Wayne