Ewido vs A-squared

Discussion in 'other anti-trojan software' started by JerryM, Jun 23, 2006.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Both Ewido and a-squared have introduced new versions. I have used Ewido for at least 2 years, and have tried a-squared. I am now trying out a-squared 2.0.

    I am not sure how the two now compare with the new changes. I am not competent to do any type of testing, except to see whether they run well on my systems. They do and the two do not conflict so far.

    Any considered opinions as to which is more effective, or has some feature that sets it apart from the other?

    I am not asking for opinions as to other applications, but just these two.

    Thanks,
    Jerry
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    in their previous versions, ewido did better in detecting malware. a-squared was second place tho and its still good.

    as for features, a-squared has a type of IDS and hijack free. i barely tested it, so i dont remember any other features.

    ewido has various tools like a viewers for current processes, network connections, startup entries, browser plugins, and LSPs. it also has a file shredder and a slim embedded version of xp-antispy.
     
  3. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Thanks for the reply. I think they are both good, but I do not understand all the features.

    Jerry
     
  4. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    at the moment I find my licence of a2 of bigger importance then my lifetime licence of Ewido. Why? because A2 works right of the box (just like Ewido) but for the more advanced users ... it's more fun to work with A2 .. their IDS is just working perfectly (at least with the few samples I have) with the possibility of creating rules .. (I read at their forum that this will extend even more .. so I have a lot of faith!

    the fact that they are number two recently (Andreas Clementi's test) means imho that they are serious about this all!
     
  5. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I am not arguing, but how did you determine that the IDS is working perfectly? I know that you used some samples that you have, but are there a lot of them, and how do you determine that it is the IDS and not signatures?

    Just looking for information.
    Thanks,
    Jerry
     
  6. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    no prbs.

    whenever I'm installing something I get a popup from a2 (service/driver = possibility of rootkit behaviour) so that's ok .. in conjunction with their signatures I presume it's even more ok ;)

    the way they define worm/trojanlike behaviour or whatever like behaviour .. I don't know, honestly I would like to know that but you'll have to ask them (Emsisoft) .. honestly, I don't think they will tell how it works .. I don't think any software producer would tell how their product works.

    what I do know is malware gets detected through their signatures (mostly ondemand) and whenever they try to phonehome (on access) .. if not detected: their IDS drops in .. for whatever reason lol that I do not know.

    sincerely.

    just my personal experience...
     
    Last edited: Jun 24, 2006
  7. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Infinity,

    Thanks for the reply. It makes sense to me.

    Primarily I rely on my AV, KAV6, to catch malware, but I am also convinced that one needs other security, including a good AT.
    Regards,
    Jerry
     
  8. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    kav6 .. kis6 .. nod32 in conjunction with AT is just fine!

    I have been using kis/kav6 for a few months and honestly it is one of the best suites I have ever had .. and to be honest = kav6 is imho a suite / combination of programs ... it is up to the end user if he wants an all in one application or not.

    But it is more then OK.

    take care,
     
  9. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I am finding that a-sq is freezing after a scan. I have to use the W Task Manager to get it to close. I suspect that in time and with help I could find the reason, but since I have a lifetime license for Ewido, it just isn't worth any trouble to find the problem.
    I will probably uninstall it today or in a day or so.

    Thanks for the replies.
    Jerry
     
  10. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    312
    Location:
    Nelson, New Zealand
    @JerryM: Did you try the build 2.0.0.386 we released today some hours ago? The bug you said should be already fixed in this version.

    Regards,

    Christian Mairoll
    a-squared Team - www.emsisoft.com
     
  11. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Hi Christian,

    I just returned home, and have not had a chance yet. I'll do it now.

    Thanks for the help, and I am encouraged by the prompt response.

    Regards,
    Jerry
     
  12. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I just downloaded the update, and ran a scan. It closed OK as it should. It appears that the problem is fixed.
    Thanks,
    Jerry
     
  13. emsisoft

    emsisoft Security Expert

    Joined:
    Mar 12, 2004
    Posts:
    312
    Location:
    Nelson, New Zealand
    That's great to hear! :)
     
  14. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    yeah...a-sq isn't what it is used to be ... by far it is reliable .. by far it is running actively .. with a good support .. doing a lot with the feedback they receive imho!

    /edit : and it would be unfair (imho) to compare the both products ... ... ... imho A2 isn't completely finished yet .. I'll wait a few months ... then I'll make the comparision .. but imho ... on access ... hard to beat A2 so again it is up to the end user .. just my two cents ..

    I'll state this in public:

    I hope, I truely hope that their Hijackfree will be linked to their IDS one day .. then we'll talk further lol ... realtime popups for the members that choosed to choose advanced install or whatever .. ahh well .. we'll see ... ...
     
    Last edited: Jun 28, 2006
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Btw, I´ve read that Ewido is considered to be more of an Anti Trojan tool than antispyware, is this true, I mean why did they change there name? And I would also like to have more details about the IDS in A-Squared, which "entry points" does it cover?
     
  16. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    You can take a look of this thread:

    https://www.wilderssecurity.com/showthread.php?t=135963

    According to vinzenz@ewido, the name change is to avoid people's perception that ewido is an antivirus.

    And it is also a business decision. As can be seen from this thread,

    https://www.wilderssecurity.com/showthread.php?t=139153

    Ewido will be integrated later into AVG AntiVirus to make it a suite. See the logo below. Anti-Virus + Anti-Spyware sounds better than Anti-Virus + Anti-Malware.

    http://www.grisoft.com/images/promo/side-ewido-plus-avg.-en.gif
     
  17. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Probably a commercial decision, spyware is the biggest problem surfers face and they require protection from that. People expect their AV to be able to deal with trojans and too many were confusing ewido with an AV. Actually, much spyware is downloaded by trojans in any case, but a change of name, and an increase in coverage to include less serious things, was felt likely to make the product appeal to more users. When people run a scanner they like it to find things, even if it's only a tracking cookie or unimportant adware; if the scanner only finds dangerous trojans they will feel disappointed because their scans will usually come back clean!
    I don't suppose anyone will tell you that, I think it's a trade secret! Zone Alarm's Operating System FW and KAV 6's Activity Control look for suspicious/dangerous behaviour, but they don't tell you what behaviour. Similarly A2's Guard looks for 'malware-like' behaviour - whatever that may mean!
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    OK thanks for the info, but is it true that Ewido really isn´t that good in detecting spyware? I mean the name change would not make any sense then.

    Well, that´s not true, if I´m correct, you can read against which "dangerous behavior" ZA Pro is protecting you in the manual. And besides, a lot of tools (like CounterSpy, SSM, KAV and Neoava Guard) will show you exactly which "entry points" they are guarding, and they even give you a chance to turn it off.
     
  19. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    No you can't! The manual will say things like:-
    But it does not give details as to what all these suspicious actions it is looking for actually are!

    Similarly for the 'dagerous behaviour' KAV is monitoring.

    CounterSpy et al, does tell you what startup locations, Reg Keys, folders etc it is monitoring, but it is just polling them for changes - it is not monitoring for 'behaviour' as such, so it is much less sophisticated than A2, ZA, KAV etc. With the latter you can prevent things before they happen, not just look for changes after they have happened, which may be too late.
    Where did you get the idea ewido isn't good in detecting spyware? Not from here presumably:-

    http://spywarewarrior.com/viewtopic...&start=0&sid=6ccd8bee78d3977d590a9f10c788ef39

    Nor any reliable test I've seen. Though it is possible that CounterSpy etc will do a more thorough job in picking up more of the less important 'traces' in the Registry etc - but that is just clearing some of the mess left after infection.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    About the ZA Pro manual, it´s on page 285.

    I think from on of the threads over here at Wilders. So you´re saying it´s BS?
     
  21. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I have the latest manual for the ZA 6.5 series but it only goes up to page 278. The manual for ZA 6.1 does go up to page 302, but page 285 is entirely blank. Earlier versions did not have the OS FW. So can you provide a link to the manual you are referring to?
    I can't comment on threads I've not seen, I would prefer to rely on the test results I've noted together with actual results I've observed when ewido has been used to clean infected machines.

    Edit - I've just found what you are referring to on page 285 of the manual for ZA 6.0, available here:-

    http://www.zonelabs.com/store/content/support/za/znalmMain.jsp

    Which does give a table of some Suspicious behaviour, this corresponds with 252-254 of the most recent manual. Yes, you are right, it does give details of the things being looked for. I don't think such details are available for A2 though.
     
    Last edited: Jul 15, 2006
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    OK so Ewido is actually one of the better AS tools according to you, good to know. And btw, my bad, it´s on page 267 till 270 (Suspicious and Dangerous behaviour) it´s the 6.1 manual. And like I said before, it´s nothing new that apps will give you exact info about what they are exactly monitoring so that´s why IMO A² should not be so vague, it has nothing to do with "trade secrets" AFAIK.
     
  23. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I was just doing my edit above as you were posting!

    I certainly couldn't be bothered to find examples of ewido cleaning hosed machines, you could easily do that, but I'll just point to one which was recent:-

    https://www.wilderssecurity.com/showthread.php?t=138656

    That should have been a difficult one, but the customer seemed satisfied with the result.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    I just saw on their website that A² does give some info about the HIPS part, but if it can only block the things mentioned, it does not look that powerful to me. :rolleyes:

     
    Last edited: Jul 26, 2006
  25. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    look for another antitrojan with the same behavioural techniques .. in realtime ..
     
Thread Status:
Not open for further replies.