Ewido Security Suite

Discussion in 'other anti-trojan software' started by c0ltran3, Jan 3, 2004.

Thread Status:
Not open for further replies.
  1. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    Does someone know Ewido Security Suite? I'm interested in its trojan scanner. www.ewido.de
     
  2. ntl

    ntl Guest

    See here ...

    http://www.rokop-security.de/board/index.php?showtopic=1180 (including a scan log).

    IMHO, it's quite promising. I uses a generic emulation and fuzzy high quality signatures (taken from the code section). Therefore, it shouldn't be easy to outfox this scanner.

    Problem: There are not enough signatures yet. A memory scanner is under development.

    Cheers, Nautilus
     
  3. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    i can confirm this, i'm currently testing it and the ewido guys have a lot to catch up...detected about 50% of trojans released in december(and i can't even say i have 'em all)...and before you ask, yes i submitted! otherwise it looks very promising, it will be a real contender when it's finished
     
  4. Andreas Haak

    Andreas Haak Guest

    Well they just recieved about 350 MB of solid packed RAR samples from me ;). So it would be just a question of time until they are "up to date" ;).

    And remember they are the first AT world wide providing a real powerfull unpacking engine based on real emulation :D :D :D.
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    That's a nice gesture, Andreas. Florian will be happ no doubt. Di you provide your archive to other AT companies as well, btw?

    Hold your horses :D This might be true as soon as there's a Final Release - in the meanwhile, several other AT companies are working rapidly on real emulation as well (but you surely are aware of that one ;) )

    regards.

    paul
     
  6. ntl

    ntl Guest

    a)
    " Di you provide your archive to other AT companies as well, btw?"

    Paul, I guess you have DCS in mind (among others). Maybe it would be a good idea if Seltsam would not only share samples but also receive samples from other vendors. Maybe it would be an even better idea if all small AT software producers would share their samples with each other.

    On the other hand, searching for trojans is an important part of the business. If you simply share all your samples with your competitors they may not have an incentive to search the trojan sites on their own. And then you are doing all the work for your competitors.

    Therefore, it must be ensured that each party benefits from a malware exchange, right?

    b)
    "This might be true as soon as there's a Final Release"

    The current release is the first final release. That's why I published scan results @ Rokop.

    Cheers Nautilus
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks for jumping in for Andreas, Nautilus ;)

    I don't have any specific company in mind - actually, all of them ;). As for exchanging malware databases/samples: I'm fully unaware how and if Andreas has contacts with other companies in this respect. IMO that's an issue between Andreas and other companies only.

    Well, you and I know that's not the way it works. Companies will be on a never ending search themselves, regardless wether they receive samples from third parties.

    IMHO that's far too straight forward a question. For example, I'll never see the day Eugene Kaspersky throwing in his malware database in exchange for a relatively minor database in exchange: if exchange is an issue, it should be at least a balanced one. And the only way to check out if the minor database offered is really worthwhile is getting it up front, without anything in exchange for starters. The "minor contributor" will have to take his changes wether or not the major party is willing to provide something in return, taking all sorts of consideration into account, one of them being the usefulness from the samples received.

    In that case, Ewido did let us down - they've promised us some licenses as soon as the Final would be released :rolleyes:

    regards,

    paul

    Cheers Nautilus



     
  8. ntl

    ntl Guest

    Hi Paul,

    a)
    ewido is still freeware. Therefore, you do not need a license. You will need a license for the upcoming modules.

    " 24.12.03 Release der finalen Freeware-Version   

    ewido networks beendet die vor knapp einem Monat begonnenen öffentlichen Betatests mit dem Release der finalen Freewareversion der ewido security suite. Die final Version steht ab sofort via Setup oder Online-Update aus der Software zum Download bereit."

    b)
    " For example, I'll never see the day Eugene Kaspersky throwing in his malware database in exchange for a relatively minor database in exchange: if exchange is an issue, it should be at least a balanced one."

    100% correct. That's exactly the problem. My point is that we should not expect Seltsam to share his comprehensive malware database which each and every competitor. He is not required to treat each competitor in an equal manner. An AT producer will only share his malware database if there is a good reason to do so.
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    So it's the freeware version - thanks. Actually, those üpcoming modules" are of major interest (I'm sure you d agree).So I will withold from any comment until the commercial version has been released.

    That's a rather personal interpretation from my whole comment - which stated something different ;)

    regards.

    paul
     
  10. ntl

    ntl Guest

    @Paul

    Sorry, for misinterpreting you. This was not my intent.
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    No offense taken, Nautilus ;)

    regards.

    paul
     
  12. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    if I use a2 free together with Ewido security Suite how much am I protected?
     
  13. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    IMHO: at this very moment not sufficient enough.

    regards.

    paul
     
  14. ntl

    ntl Guest

    Neither a2 nor ewido have a working mem scanner or a comprehensive signature database yet.That's why I agree to Paul.

    On the other hand, the signature databases of many AV/AT scanners have been cracked. A few are not encrypted at all. Moreover, weak signatures are frequently used. Therefore, it's not useless to install an on-demand backup scanner. In particular, when it comes for free and has an emulation ...
     
  15. c0ltran3

    c0ltran3 Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    172
    Thanks for your feedback
     
Thread Status:
Not open for further replies.