Losing faith with NOD32 shocker!

You hit the mark with this statement. For those who feel they must surf the wild side the layered defense is critical. Using a security program with HIPS is a good idea. Besides choosing a good feature set of security software I would also suggest using Firefox or another alternative to IE as your main browser. Although Windows XP SP2 and IE v7 have more protection, enabling the use of ActiveX in IE can still be a risky venture.

In my privacy settings for ZASS I have the mobile code control enabled and I ONLY allow web based scripting, embedded objects, ActiveX, Java script, etc. for TRUSTED sites. It is a kind of a hassle to do this but I only need to configure the permissions one time for each site I frequently visit. Unless you are taking the huge risk of downloading files from questionable sites, or you are opening all your email file attachments on your system, or playing online games then I believe that being infected from web based mobile code is one of the greatest common threats.

 

How would you rate Spyware Terminator as a resident program? I'm using AVG anti-spyware free for on demand scanning, as well as Bitdefender AV free for on-demand.

By the way, how come this thread is being discussed here rather than in the NOD32 forums? The last time I started a thread in the NOD32 forum that criticized the program, they were a bit upset, to say the least.

 

I have not tested Spyware Terminator, as my resident protection in AVG includes the Ewido engine which I'm quite happy with (with trojan detection that almost matches KAV, who won't be happy? ).

But still, looking at the Spyware Terminator website, my impression of it is not so good. I wouldn't call it a top-level AS myself, but its not *too* bad either. I think it will do a decent enough job for normal people. BitDefender AV and AVG Anti-Spyware also also very good at what they do, keep doing regular scans with those and you should be safe.

As for why this thread is here, the NOD32 forum on Wilders is a support forum and not intended for comparison of NOD32 with other products, thats why.

 

No wonder the replies "sounded" like everyone's blood pressure was getting raised!


As far as Spyware Terminator goes, do you think it's a better than my previous Spybot's Teatimer? I did notice that Teatimer seemed to alert me more often as to registry changes (unless they were just fp's. For example it constantly was trying to block a IE toolbar CLSID which is listed on the Castle Cops site as a legit IE clsid). I also have Winpatrol Free running.

That site is very, very impressive! No wonder Kaspersky is getting rave reviews.

 

I used Spyware Terminator for awhile, but quit using it after some updated versions started using so many resources. I thought it's real-time shield and HIPS functions were impressive. It's on-demand scanning, however, leaves a lot to be desired. However, if you used it for real-time and used AVG or SAS for actual scanning, it would serve you well. Also, I personally don't think you can compare TeaTimer with ST. They function quite a bit differently. If I had to choose between the two, though, I would choose ST by far. There is also a lot of overlap with TT, ST & Winpatrol, as they all monitor many of the same things. Winpatrol, IMHO, is still the best at catching any startups or changes to hosts file. I would dump TeaTimer, as it is redundant if using ST or Winpatrol, and takes up unnecessary resources.

 

I thought I should trial KAV - just the AV, not the full suite.
However - it won't play with my firewall, which is Comodo.
Are there any good FREE firewalls out there which are compatible with KAV? Is the AOL AV, which I understand uses the Kaspersky engine, not compatible with Comodo too?
I don't want to buy a firewall just to trial KAV!
Recommendations gratefully received.http://www.cosgan.de/images/more/./bigs/a037.gif

 

If all you want is to trial KAV, why not simply use the Windows FW and save the annoyance of installing/uninstalling something else?

 

Eventually my brain kicked in and I did just that. I have to say thatI did not particularly care for KAV - although that may be because I'm not used to it after a good long time with NOD32.
Back to ESS for the time being!

 

Why get the trial version when online retailers such as Outpost and Staples are offering Kaspersky Internet Security for free after rebate ($70 - $70 rebate)?

 

rebates seem to be for the U.S only,

i know our country, UK-england is probably the most expensive in europe *lol* and wayyyy more expensive that america.

 

Yes - and I'm in Spain!
Even many "Trial Pay" offers don't apply here!

 

I am trailing AntiVir right now. My computer was acting odd, so I desided to checkup on my regular AV NOD32. So I did a online scan at Kaspersky.com, It didn't find anything. But I downloaded AntiVir and it found 2 copys of TR/Agent.BJG.

 

If you still have the samples, can you scan them at VirusTotal and see who else is detecting these?

 

nice work for AntiVir.

 

I sent the samples in a zip to ESET and Virus Total.

 

I have been preaching that for a year now.

 

I'm not surprised about your findings, I've experienced something similar before: https://www.wilderssecurity.com/showthread.php?t=166321

 

Hi I checked these out on BitDefenders AV list

1st one listed as Trojan.Feutel.AV
2nd wasn't listed by the name you gave the closest they had was Backdoor.Win32.Cyn.2.3

So, on the face of it my Av would have caught only 50% of what you experienced.

Once again proving that no one AV covers all!

 

Checking it on a signature list says *nothing*. Sometimes lots of malware are detected by different names by different vendors. The lab samples as indicated in vgrep, for example, may not accurately reflect whether your AV detects something or not. It is indeed true that no AV detects all, but you cannot determine anyone's detection rates by looking at some signature list.

@Carver: Eager to see the results!

 

Thanks Firecat:
Didn't know that! I naively thought that the matching name meant something!

 

keep us updated with the status of your submission (e.g. when NOD32 adds the sample)

 

I've run it on a replicator, so far it appears to be a sort of junk (a trojan simulator). I have passed it to our vlab for analysis asking for an official statement.

Edit:
The file has turned out to be a test for PDM, it's not a real trojan. That said, we will not detect it.

 

Are you talking about the file submitted by Carver?

 

To me...it looks like Marcos is talking about the file I submitted.

 

I was talking about a file detected by Avira as TR/Agent.BJG which I also found among the recent samples submitted. Hence I gather it's the file from Carver.