NOD32 vs. running rootkits

Discussion in 'NOD32 version 2 Forum' started by fosius, May 30, 2006.

Thread Status:
Not open for further replies.
  1. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Hi,
    I have read this article http://www.eset.com/company/article.php?contentID=1401.

    According to this:
    So current version of NOD32 is able to detect even running rootkits?
     
  2. ASpace

    ASpace Guest

  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    well, let's wait for an official answer from ESET stuff. ;)
    I'm not so sure what is that statement reffering to...
     
  4. ASpace

    ASpace Guest


    Well , not necessary because the OP asks :
    So current version of NOD32 is able to detect even running rootkits?

    And this is well known - the answer is yes
    The answer is well shown in the article . Please, read carefully Andrew's words

    http://www.eset.com/company/article.php?contentID=1401
    :D
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's not 100% right, but something is brewing.
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I think you mean rootkits _trying_ to install, AH + defs works for those because I've never heard anything about NOD being able to detect and/or remove running rootkits.
     
  7. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Could it be V3? ;)
     
  8. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    NOD32 is always on the front of the AV technology... :D
     
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Hope so.... :D
     
  10. ASpace

    ASpace Guest


    Andrew:
    We had to re-write significantly part of the engine. It wasn’t that we couldn’t detect these, but once they were installed, they were very difficult to detect. We had to develop a method that the root was installed on the system, that we would be able to see it. Traditionally, what we and other anti-virus companies does is hope that you’re on installed on the system and once someone tries to install a root kit, you can’t defend, because you can see the files at that point. But once the things are actually installed and in memory and running, then it can be very difficult. We actually updated the product there to deal with there.
     
  11. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Which means they updated the engine to detect them heuristically before getting installed.
    And that is a known fact - The other one where they detect running rootkits.. I've never heard of it.
     
  12. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Neither I...
     
  13. ASpace

    ASpace Guest


    No problem :)
     
  14. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    ? :D

    I read that, but since they didn't told nothing about that on the updates...
     
  15. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    It's still about detecting them before installed. It's nothing like Blacklight or RootkitRevealer.

    Don't get your hopes up, but if something is 'brewing', I'm sure it means detection of running rootkits...
    (Only guessing of course).
     
  16. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Yep ;)
     
  17. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    I don't know Blacklight, but RootkitRevealer is not so good. I know better solution.
     
Thread Status:
Not open for further replies.