no script checking??, false alarm?! and NO SELF PROTECTION! :(

Discussion in 'NOD32 version 2 Forum' started by iNsuRRecTioN, Sep 5, 2003.

Thread Status:
Not open for further replies.
  1. newnoduser

    newnoduser Guest


    Actually that file Insurrection enclosed does indeed contain the eicar test file. I loaded my old anti virus program (which I will not name) and I clicked on the file he attached and it caught the eicar right away and quarantined it.

    Does this mean that for those of us who use Nod32 would have been infected if this was a real virus? I am confused.
    Is this a real problem?
     
  2. Morgoth

    Morgoth Guest

    Same here - I have Win2000 + SP4 + latest updates.

    BTW, I'm running on administrator level, but that has nothing to do with the problem since other services such as my anti-Trojan kernel or firewall kernel CANNOT be shut down this way, even as an administrator. Only the nod32krn service can be terminated via the task manager (but it can be restarted using the SERVICES manager).

    There is no explanation to this, for even those who designed the software would not be able to provide any, so I'm not expecting anyone to be able to shed light on this complete mystery. I just wanted to let everyone know that this issue is far from being an isolated case. :'(
     
  3. Buddel

    Buddel Guest

    So can I (Windows ME): http://www.wilderssecurity.com/showthread.php?t=17122
     
  4. nostril_hair

    nostril_hair Guest

    If you're running as an Admin, I don't see why process killing would be a valid concern of yours. Any malicious code could open up a command prompt and use "net stop" to disable Nod32. I don't know of any program that can protect itself from Service Manager.

    Another reason to use a sandbox..
     
  5. Tablet

    Tablet Registered Member

    Joined:
    May 20, 2003
    Posts:
    2
    Fortunately KAV and Sygate are the two I am aware of. If you try to net stop them, you get an error message that the process can't be terminated (access denied). So it is possible, though I agree with the point that if a malicious code is already running, this is more of a second/third level defense. Definitely it makes job for virus writers harder, because it's not enough for them to just create a trojandropper with ability to terminate AVs and FWs and then download a known file.
     
  6. Buddel

    Buddel Guest

    Wouldn't it be great if this were possible for NOD32, too? ;)
     
  7. Access Denied

    Access Denied Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    927
    Location:
    Computer Chair
    Process Guard by DCS. I use it for this and other things as well.
     
  8. Buddel

    Buddel Guest

    This means that my old computer would have to cope with yet another app just to make sure that the NOD processes are not terminated by malware. Wouldn't it be easier if NOD32 itself took care of its running processes?

    Anyway, I'm convinced that Eset will soon make it really difficult for script kiddies to terminate NOD32. ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.