New detection methods for future version of nod32?

Discussion in 'ESET NOD32 Antivirus' started by ultragunnerdcl, Nov 16, 2007.

Thread Status:
Not open for further replies.
  1. ultragunnerdcl

    ultragunnerdcl Registered Member

    Joined:
    Oct 26, 2007
    Posts:
    103
    Location:
    Philippines
    According to the info by VIRUS INFO
    http://virusinfo.info/index.php?page=testseng

    Nod32 uses only two detection methods compared to Avira that uses three. & Esafe that uses another method.

    Any plans to incorporate this unused methods in future release of nod32?


    1) detection of suspicious file (detecting yet unknown malware by the method of informing the user about suspicious characteristics of a sample under analysis. Examples: "Suspicious file"; "VIPRE: Suspicious") Ex. Esafe

    2) detection of suspicious cryptor / packer (detecting yet unknown malware by the method of informing the user about the unknown / rare / suspicious packer / cryptor or about the fact of multiple packing / crypting. Example: "HEUR/Crypted"). Ex. Avira
     
  2. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Considering how long we waited for the newly released v3 this week, I for one am not going to concern myself with future releases. I might be in the Home by then. :D
     
  3. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    i think when our childrens grow up they will see it :)
     
  4. ultragunnerdcl

    ultragunnerdcl Registered Member

    Joined:
    Oct 26, 2007
    Posts:
    103
    Location:
    Philippines
    Hahhaha. That is good joke. But Really it would really help nod32 a lot if it is added, it can very useful as proven by avira & esafe.
     
  5. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    you post your thread on wrong section this forum is for only eav v3
     
  6. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    As for 1, NOD32 already includes a relatively advanced heuristics engine. As for 2, Eset's method is to try to strip off the packer and scan the underlying code instead of just reporting the packed file, which may or may not be malware (it's like reporting that a file is zipped because the antivirus product doesn't know how to unzip and scan the file inside).
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    AFAIK, ESET does some packer-based detection:
    - Win32/Packed.Themida
    - Win32/Pacex.Gen
     
  8. Klaus_1250

    Klaus_1250 Registered Member

    Joined:
    Jun 24, 2006
    Posts:
    45
    Problem with those kind of detection methods is that they also lead to false positives. While they might be usefull (and easily implemented) you'll still need the user to be capable of understanding wheter or not it is an FP or not.
     
Thread Status:
Not open for further replies.