Ewido Plus

Discussion in 'other anti-trojan software' started by tazdevl, Jul 2, 2004.

Thread Status:
Not open for further replies.
  1. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    I heard through the grapevine that Ewido Plus (paid version) should be out in the next week or so.

    Based on the feature comparison between the Free and Plus, it looks like Plus has serious potential (scroll to the bottom of page)

    http://www.ewido.net/en/?section=ess
     
  2. se7engreen

    se7engreen Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    369
    Location:
    USA
    I agree. If the software works as good as the feature list sounds, it could be a real competitive product.
     
  3. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    Forgot to mention it's going to be priced @ $35 and 29 Euro.
     
  4. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    Just got more scoop. Looks like latest is EOM.
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Looks like it has real potential :)
     
  6. Moe

    Moe Guest

    I tested the beta version of Ewido Plus on a disk with 450 worms on it a couple weeks back.

    Ewido Plus: 431 Detected and Cleaned

    TDS3: 218 Detected

    Trojan Hunter: 0 Detected (and I set it up correctly)

    Ram usage was only about 8,000k, with only a tiny bit of cpu use over a 6 hour period. The Plus version has more definitions and a way better scanner than the current free version, i'll tell you that much, and the heuristics really seem to work.

    So far it looks like we are going to have a new superstar antitrojan application on the block come the end of the month. Save your pennies.
     
  7. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    450 worms or trojans?

    TrojanHunter really detected zero? That is hard to believe. If you feel any of the 450 samples, fall into the category of trojans, it would be very helpful if you submitted the samples to Magnus (submit@trojanhunter.com). Im sure it will be greatly appreciated :)
     
  8. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    While you are at it, maybe submit the ones TDS-3 missed to DiamondCS. ( support@diamondcs.com.au ). I'm sure both companies would like to have a look..
     
  9. ArneV

    ArneV Guest

    why is ewido the only trojan scanner that doesnt list the names it detects? a number doesnt mean anything. Maaybe they hiding what they really detect because they dont detect much, lol
     
  10. Moe

    Moe Guest

    Huh? Ewido-Plus lists full names of the trojans its detecting. Maybe the free doesn't, but who cares about the free, when the Plus version is coming out shortly.

    Here, look at my Ewido scan log if you don't believe me:

    E:\Worms\I-Worm.Tanatos.a -> Worm.Tanatos-Bugbear -> Cleaned
    E:\Worms\I-Worm.Tanatos.b -> Worm.Tanatos.b -> Cleaned
    E:\Worms\I-Worm.Yo -> Worm.Badtransii (Heuristic) -> Cleaned
    E:\Worms\I-Worm.Mapson.a -> Worm.Lorrin.A (Heuristic) -> Cleaned
    E:\Worms\I-Worm.Sober.c -> Worm.Sober.C -> Cleaned
    E:\Worms\I-Worm.Sober.f -> Worm.Vb.C (Heuristic)-> Cleaned

    I see names, don't you? As for definitions, the Plus beta test version has almost 50,000 trojan definitions in it, and level 4 fuzzy logic detection with heuristics.
     
  11. ArneV

    ArneV Guest

    Thank you for fast reply!! but i mean the names of everything it detects not just the ones it detect when scanning i just wannt to compare it with the other trojan lists

    > 50,000 trojan definitions
    that doesnt mean it detects 50000 different trojans but. my boss is good at virus things and stopped me useing it at work because he thinks the number is just made up to misslead people and so he doesnt trust it :( but i still try it at home i am interested but need to test it more

    > level 4 fuzzy logic detection with heuristics
    how do you know so much do you work there? and can you tell us all what exzactly level 4 fuzzy logic detection is. is there an ewido suport forum i cant find it. Thank You!
     
  12. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    I don't think your boss is the techno wiz you think he is.

    Features are in the product description on the ewido site.

    Fuzzy logic = heuristics/generic pattern detection/some sort of sandbox analysis. Basically it is detection that does not solely rely on signatures.

    Moe is getting this info because he's using a private beta of the product. The info is out there if you google.
     
  13. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Re: Ewido Plus - test shown to be useless

    Was just pointed to this thread by somebody at DSLReports. Turns out "Moe" is actually "Kobra007_", a registered DSLReports user. If you believe his test is credible, see this page and read his posts:
    http://www.dslreports.com/forum/remark,10715731~mode=flat~start=0
    He even refers to Trojan Hunter as "Toejam Hunter", if that gives you any hints as to his credibility and maturity.

    I'm not saying anything about the Ewido program itself, just this amazingly useless test.

    Anyway I'll let you make up your own minds.

    Best regards,
    Wayne
     
  14. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    Thanks for pointing that out Wayne.
     
  15. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Somebody here who uses Ewido should contact the author and point this out, I'm sure he wouldn't appreciate his program being promoted at the cost of others, especially due to such extraordinary claims.
     
  16. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Thanks Wayne.I do use Ewido,but using such methods to promote a software is really lame.At the end it works as a boomerang.
     
  17. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Heh, good analogy. :) I find it similar to Mutually Assured Destruction from the Cold War

    But we must remember that we dont really know who this person is, so although he's promoting Ewido whilst attacking other scanners, it's unknown what role the Ewido author has in this (if any), and I'm sure he's probably just as surprised and annoyed as everyone else is, so if I was you (as a user of Ewido) I wouldn't think any less of the Ewido program itself simply because one individual has made such outrageous claims, because the author probably/hopefully has nothing to do with it.

    Best regards,
    Wayne
     
  18. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    I'm pretty sure the software developer isn't involved. Anyway, I dropped them an email pointing to this thread in order to comment ;)

    regards.

    paul
     
  19. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    I just received a polite privmsg from Peter (from Ewido) explaining things in clearer detail and I'm happy to report that, as I suspected, "Moe"/"Kobra007" is not involved with the development of the Ewido program - he's just an overenthusiastic tester (which is soon to change due to his childish actions), so my message to Ewido users is don't let the behaviour of one person change your opinion of the Ewido program, as it was beyond the control of the author.

    Best regards,
    Wayne
     
  20. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Well, Peter just got another email about this in his inbox (see my post above). It's good to know all has been clarified ;).

    regards.

    paul
     
  21. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    As I just already wrote to Wayne and Magnus, I want to apologize for the outrageous and impudent behaviour of Kobra (Moe). Kobra isn't connected to ewido at all, he is just an alphatester. Altough he wasn't allowed to talk about this version in public and post test results, he unfortunately did in a very ridiculous way, sorry for that - it will have its consequences.
     
    Last edited: Jul 8, 2004
  22. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks anyway Fish ;)

    This is a flagrant abuse of trust indeed:

    As for:

    Knowing you gents, I wouldn't expect otherwise.

    Best of luck and succes,

    paul
     
  23. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    I agree Wayne.I didn't mean that he is part of Ewido team,nor that Ewido isn't good.Sorry if i left that impression.I don't know how good Ewido is(last test i had seen was by Andreas Clementi ,who as far as i know since then has submitted samples to Ewido to increase the detection rate) since i haven't been infected (thank God) yet,and i don't like playing with trojans ( i just have 300 zipped virii on a floppy) ,but i do like the interface very much.
    However,it is counterproductive for the software itself,having such "fans".I read a thread in the forum Wayne pointed out and it is indeed very unreliable as well as hard to beleive (TH 0o_O) . IMHO a survey in order to be credible ,must use a malware sample with some characteristics:

    1)Representative(i guess otherwise one can come up with some in the zoo samples that has submitted only to one AV vendor or use modified samples to prove another software is useless,while his isn't.)

    2)Wide (the less elements in the sample,the higher the probability the statistical error becomes significant)

    3)Present the criteria with wich the sample was selected and give in pubblic the sample names used and under what form the detection is considered failed (zipped,exe,packed,upon execution etc).

    4)Define the settings for each programme.

    5)Give detailed results for each product.

    The less points the test follows the less is credible ,at least for me.ANd certainly the presentation of "hey ,i scanned 400 trojans (later proved as Wayne said to be worms) and the results were these " isn't very serious,specially when there is a known tradition for the poster in supporting certain products with passion (like Extendia AVK,another example) and bashing others (TH being the latest example,indirectly,yet clearly).

    I trust much more someone neutral,who doesn't follow a crusade in favour of a product and does the same presentation as Kobra's. Last but not least,i wonder why posting as Moe here(i think as " Kobra" is banned,but couldn't he post as guest Kobra?) ,while obviously someone who goes around many security forums would see his post as Wayne did.

    My reaction wasn't against Ewido,but against this kind of presentation that IMHO is counterproductive for Ewido's interests (although it's not Ewido's fault clearly),because someone who doesn't follow this forum regularly ,can think that Kobra actually works for Ewido.
     
  24. Slovak

    Slovak Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    515
    Location:
    Medina, Ohio
    Personally I don't think the price for EWIDO Plus is a fair price, especially for those of us that have been using EWIDO since beta stages :eek:
     
  25. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Hyperion, well said. :)

    I actually meant the comment to Ewido users in general (it wasn't in regards to anything you said) -- so likewise I'm sorry if I left that impression. :)

    Cheers,
    Wayne
     
Thread Status:
Not open for further replies.