Ewido Security Suite

Does someone know Ewido Security Suite? I'm interested in its trojan scanner. www.ewido.de

 

See here ...

http://www.rokop-security.de/board/index.php?showtopic=1180 (including a scan log).

IMHO, it's quite promising. I uses a generic emulation and fuzzy high quality signatures (taken from the code section). Therefore, it shouldn't be easy to outfox this scanner.

Problem: There are not enough signatures yet. A memory scanner is under development.

Cheers, Nautilus

 

i can confirm this, i'm currently testing it and the ewido guys have a lot to catch up...detected about 50% of trojans released in december(and i can't even say i have 'em all)...and before you ask, yes i submitted! otherwise it looks very promising, it will be a real contender when it's finished

 

Well they just recieved about 350 MB of solid packed RAR samples from me . So it would be just a question of time until they are "up to date" .

And remember they are the first AT world wide providing a real powerfull unpacking engine based on real emulation .

 

a)
" Di you provide your archive to other AT companies as well, btw?"

Paul, I guess you have DCS in mind (among others). Maybe it would be a good idea if Seltsam would not only share samples but also receive samples from other vendors. Maybe it would be an even better idea if all small AT software producers would share their samples with each other.

On the other hand, searching for trojans is an important part of the business. If you simply share all your samples with your competitors they may not have an incentive to search the trojan sites on their own. And then you are doing all the work for your competitors.

Therefore, it must be ensured that each party benefits from a malware exchange, right?

b)
"This might be true as soon as there's a Final Release"

The current release is the first final release. That's why I published scan results @ Rokop.

Cheers Nautilus

 

Hi Paul,

a)
ewido is still freeware. Therefore, you do not need a license. You will need a license for the upcoming modules.

" 24.12.03 Release der finalen Freeware-Version   

ewido networks beendet die vor knapp einem Monat begonnenen öffentlichen Betatests mit dem Release der finalen Freewareversion der ewido security suite. Die final Version steht ab sofort via Setup oder Online-Update aus der Software zum Download bereit."

b)
" For example, I'll never see the day Eugene Kaspersky throwing in his malware database in exchange for a relatively minor database in exchange: if exchange is an issue, it should be at least a balanced one."

100% correct. That's exactly the problem. My point is that we should not expect Seltsam to share his comprehensive malware database which each and every competitor. He is not required to treat each competitor in an equal manner. An AT producer will only share his malware database if there is a good reason to do so.

 

@Paul

Sorry, for misinterpreting you. This was not my intent.

 

if I use a2 free together with Ewido security Suite how much am I protected?

 

Neither a2 nor ewido have a working mem scanner or a comprehensive signature database yet.That's why I agree to Paul.

On the other hand, the signature databases of many AV/AT scanners have been cracked. A few are not encrypted at all. Moreover, weak signatures are frequently used. Therefore, it's not useless to install an on-demand backup scanner. In particular, when it comes for free and has an emulation ...

 

Thanks for your feedback