Discussion in 'WormGuard' started by NormanS, Feb 28, 2004.
Insofar as worm-handling capability goes, how does WormGuard differ from NOD32?
Hello NormanS, welcome,
WG is special for worms and scripts, enabling you to have it block more kinds of files and extensions to your choice, while in blocked files you can look into the source of it in the save mode, deciding what you want to do with the file. It sits all in te background without using any resources till you're about to touch something suspicious for which it jumps up immediately. So the suspicious file is not detected because of a scan, there are no updates necessary either because of several detection techniques build in.
TDS detects lots of worms as well but you miss the safe source viewing.
Thanks for your reply; it raises the first of the three questions that follow:
What criteria does a user apply to add/modify/delete file types and/or extensions?
What is your estimate of the percentage of worms that can be correctly detected by Worm Guard?
What is your estimate of the percentage of worms that can be correctly detected by TDS-3 + NOD32?
NOTE: NOD32 uses a heuristic approach, as, I guess, does Worm Guard. See http://www.freshnews.com/cgibin/jsj_news/viewnews.cgi?action=one&article_ID=16504&cat=2
The experience you gain with reading everywhere in forums and serious security related articles everywhere.
In some threads you have seen the little tests i wrote to see what can happen.
If you use a simple notepad save as vbs or other executable, WG will look different at it then a txt file; use a suspicious text with infect and virus and post to... in a file filled with macros then WG most probably jumps up enabling you to check what's happening there -- i know this from own experience recently with a large spreadsheet full codes and formulas and somewhere in a cell a text with those words in it; i like WG to warn for that so i can have another check, never know if somebody sent me a file with unexpected nasties in it, at least i'm warned, the places indicated so i can check and decide to open it or not and delete or warn the sender if necessary.
I don't know about percentages and numbers, that's for the developers to know.
Mind you: WG is able to detect scripts too, and you can add several to the list you like to be detected, also malicious screensavers for example.
TDS will detect trojans, worms, and lots of other things.
TDS and WG both have an exec protection, meaning they are able to detect malware before it can run and block it from installing where possible, so your system doesn't need to be infected before it can be detected.
NOD32 in the first place is marketing itself as an antivirus in the first place covering lots of in the wild worms and trojans, TDS is a specialist in anti-trojans and WG anti-worms and scripts. Each has a main goal and covering alongside several other threats.
Time ago i pressed a file i thought was safe but it was not; at the moment i don't remember if it was TDS exec protection or WG blocking it from executing, sent it to the TDS lab and indeed it was a nasty downloader trojan i got from very reliable source who also was not aware of it before my warning. A downloader should be more spyware i always thought, but there are downloader trojans i know by now, so yes, it was such a thing and detected and stopped.
TDS+Port Explorer show you all connections and which application is responsible for it, NOD32 (for example) beside it for the viruses and email scanning, Process Guard to protect all your processes for anything not allowed, including infections by trojans for example, together with WG to jump up to avoid possible dangers by worms or scripts, what more would you like to hammer your system tight?
CryptoSuite to encrypt al valuable stuff you like to keep private.
RegProtection to protect the registry from modifications, AutoStartViewer to watch your autostarts, etc.....
Hope this gives some insights in the combination of tools.
For specifications about NOD32 there is a whole dedicated forum here to help you with those questions!
To speak very frankly, I don't believe that Wormguard is a good product. I had Wormguard, TDS, Nod32, Kerio all set-up, and got 2 worms that I am still trying to remove. worm.wlechia and Win32/Nachi.B worm I can't get rid of them.
Take a look at this link,
Hope it helps.
John, didn't WG warn you for them when you intended to run them? And didn't TDS exec protection stop them from running when you intended to run them anyway?
Is your Windows fully updated and patched with the last security critical files?
Welchia as well as Nachi are covered and databased in NOD32 timely. Although off-topic in this forum, one shouldn't encounter any problems in regard to NOD32. Feel free to continue this aspect over on the NOD32 v2 forum.
Well, I did a reinstall, and all seems well. Was FINALLY able to patch to WIN 2K SP4 -- though it was not at all easy to do. That svchost problem would happen within minutes.
I did not try to run those files, so both WG and TDS did nothing. I found them through a routine scan. So my criticism is due to my ignorance. Sorry about that. I am still learning about these products!
By the way, TDS HAS been great. I praised it in another forum. I just didn't understand how WG works, so I critised prematurely. That's all. Sorry. I've just been having too many problems with Windows 2000. So much so that I almost wish I did not upgrade from Windows 98.
@Snowbound -- Thank you!
NOD has the best heuristic for detect Win32 worms.
Theres really no practical benefit in using WormGuard and TDS in addition to NOD32.
wizardavc, It appears you really still don't understand the software; reading your messages till now your only contribution to the whol eWilders forum has been bashing DiamondCS software, haven't you?
We're still looking for promotions for your own finished products which by the looks of your comments must be world renewing in the field of anti-trojan/anti-worm/anti-virus/anti-pests/anti-spyware/anti-adware/anti-hijacking/anti-everything and very user friendly.
As both a developer and somebody who is actually very familiar with all three programs, I can tell you that your statement is very incorrect. All three programs have unique qualities that none of the others have, and while there is some overlap with each program the overlap is actually very minimal, and that overlap actually helps to ensure that there are no 'holes' left open in your defence.
Separate names with a comma.