LeakTests in bases

Discussion in 'NOD32 version 2 Forum' started by Owner, Aug 19, 2007.

Thread Status:
Not open for further replies.
  1. Owner

    Owner Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    24
    Location:
    Moscow
    Eset added leak tests in their base.

    __http://www.eset.eu/podpora/aktualizacia-2469?lng=en

    __http://www.eset.eu/podpora/aktualizacia-2470?lng=en

    Hm.. why? ;)
     
  2. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Yes, it is strange. I thought they only liked to add TRULY malicious stuff.
     
  3. PcBorg

    PcBorg Registered Member

    Joined:
    Feb 18, 2007
    Posts:
    28
    thats interesting... maybe its so ESS seems to pass those tests? Havent checked the bases by the way... peace
     
  4. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Interesting naming of malware perhaps. But doubt you or the Owner are correct. I absolutely do not believe it's an attempt to cheat.
     
  5. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Nope, common named firewall tests,

    Win32/Leaktest.AWFT, Win32/Leaktest.CopyCat (2), Win32/Leaktest.Ghost (2), Win32/Leaktest.PCAudit (3), Win32/Leaktest.Thermite, Win32/Leaktest.WallBreaker (2), Win32/Leaktest.Yalta
     
  6. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Just a guess, but perhaps it could be a basis for heuristic detections of malware using the same techniques that leak tests are using.
     
  7. ASpace

    ASpace Guest

    They are detected as potentially unwanted programs

    From NOD32 v2 's Help file:
     
  8. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Doh, Thanks HiTech, didn't think of that.
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's right.
     
  10. ugly

    ugly Registered Member

    Joined:
    Mar 21, 2005
    Posts:
    276
    Location:
    Romania
    This is what matousec said about that :

    " The sad and funny thing in once is that lots of them mark leak-testing software as viruses or malware. The better engines mark leak-testing software only as potentially unwanted software, which is much better, but still it seems that these products worry about leak-tests. Why? To perform our tests against these products we had to switch antivirus engines of such products off to get real results of their anti-leak protection. Such behaviour can be also marked as cheating on leak-tests."
     
  11. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Almost sounds like they have quoted from the NOD32 help file :)

    Cheers :)
     
  12. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    If that's the case, then I'd suggest ESET come up with a better naming convention for them, Avira's SPR/xxx or Kaspersky's not-a-virus:xxx for instance. Simply by looking at the names, there's no way of telling whether NOD32 is trying to mark them as PUPs or malicious trojans, and the suspicion of ESET trying to cheat their way through in leaktests will weigh heavily indeed.
     
  13. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Read Marcos' (post 9) response to my guess.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    PUA's are called applications. Read my post, it's not just detection of the leak tests, it's a generic detection for malware that exploits the same "holes" as the tests do.
     
  15. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I've already read it. All I'm saying is that for people who haven't, the suspicion will be there, since it's not obvious at all that NOD32 is flagging them as PUAs.
     
  16. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    I have to concur, my initial reaction was WTH, then I thought about it and realized the generic/heuristic detection idea. A different naming scheme might avoid accusations.
     
  17. alant

    alant Registered Member

    Joined:
    Aug 1, 2007
    Posts:
    26
    I recently installed McAfee security Center and it flagged Demo-leak test that I had previously installed as "potentially unwanted programs" (also got the message: "McAfee attempted to disable the program but some parts could not be removed"). I tried to remove them with McAfee and it said they cannot be completely removed. I thought I'd just uninstall them myself and be done with it. I can't find them in Programs or Add/Remove programs. The exec files are in a download folder I have. Would deleting the files take care of the problem? Or are they really deeply embedded somewhere?

    On another note, FindKeyXP caused the same message. Should I somehow allow McAfee to ignore these?
    Thanks, Alan
     
Thread Status:
Not open for further replies.