Spycar results

Discussion in 'NOD32 version 2 Forum' started by wlr3, Jul 27, 2006.

Thread Status:
Not open for further replies.
  1. wlr3

    wlr3 Registered Member

    Joined:
    Nov 14, 2005
    Posts:
    6
    I'm currently evaluating NOD32 for a possible network install. I've been very impressed with the product so far.

    I attempted to use the Spycar testing tools, but NOD32 allows them all to execute... Is this a good thing or a bad thing?

    For those who don't know: http://www.spycar.org
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    NOD32 is not a behavior blocker so, for instance, it will not notify you if a benign application writes into the run registry key.
     
  3. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Well that depends .. Personally I've never heard of 'Spycar' and since it's just a test tool (out of hundreds) it really shouldn't be detected since it's not a real threat...

    If you want to test you can use EICAR
    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    or the BAT TEST FILE
    @echo off
    resident.bat

    Just copy the above code to a txt file and both of them should be detected ;)
     
  4. wlr3

    wlr3 Registered Member

    Joined:
    Nov 14, 2005
    Posts:
    6
    Well, my point in trying the more unknown testing tools was to see if the heuristics would allow such things as changing the default search page or adding entries to the hosts file. I must be on the wrong track here.

    I guess we still haven't reached a point in anti-* tools where one does it all. So I still need a behavior-based detection tool (such as Ad-Watch) in addition to the more "classic" virus scanners?

    I didn't bother with EICAR, that has been in every signature database since the 70's hehe.
     
  5. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Just for fun and try the tests at the Spycar site. I'm using SpywareTerminator (freeware) and most is detected!
     
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Nice one...I didn't know it. Thx Brian. ;)
     
Thread Status:
Not open for further replies.