ZLOB detection(same file updated last 09-21-07)

Discussion in 'NOD32 version 2 Forum' started by hsobrevilla02, Oct 1, 2007.

Thread Status:
Not open for further replies.
  1. hsobrevilla02

    hsobrevilla02 Registered Member

    Sep 4, 2007
    "Please review the information posted in THIS THREAD regarding samples and how ESET handle them.




    good day to all!
    after reading this post of Mr.Blackspear, and after closing my thread, may I ask again, what will happen to sample "VIRUS" files submitted to eset if NOD32 signature has not detected it after almost 11 days?
    correct me if I am wrong or MAYBE i just misunderstood this quote

    "Hi Guys,

    Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.

    Some of the forum participants may recall the Rosenthal Utilities (RU) tests performed by CNET two years ago. All the 'simulated viruses' generated by the RU were benign (non-viral). 100% detection of the RU samples (achieved by some of the products) meant 100% False Alarm Rate. Detection of non-viral samples may lead to a couple of things: excellent results in some 'tests' combined with a false sense of security, a huge 'virus' signature database and 'dinosaur' update files.
    Exponential increase of the number of new malware samples may often lead to a 'path-of-least-resistance' approach: automatic addition of all sample signatures, regardless of their viral nature.

    Eset exchanges samples with several av vendors. Opposite statement is incorrect.

    Speed of update and reaction time is of essence. Eset is fully aware of that. Advanced Heuristics has been developed and implemented with that in mind. The only acceptable reaction time is equal to zero. NOD32 achieves that often, e.g. it detected the infamous Netsky.A and Bagle.A heuristically.

    Once again, I would like to thank you all: for both the samples and your patience :)

    Last edited by anton : June 17th, 2004 at 05:11 PM. "


    does it mean that (1)eset only adds signatures that they think is mass propagating or is (2)neglecting virus that is only affecting one or two(out of so many) users of nod32?

    if the answer is (1), I understand.maybe this is the company rule.
    if the answer is (2), maybe eset could fix it?

    I know that my original thread was closed by a moderator.
    I am sorry for that if I made a mistake in that thread(maybe that is the reason why my thread was closed)
    If this thread is also closed or deleted, I respect the moderator.
    I just feel so "PARANOID"(although I am just a user of the trial 30 days) that until now my sample file was not detected by nod32.

    any answers would be greatly appreciated

    thanks in advance...
  2. ASpace

    ASpace Guest

    Well , it is long to explain but I'll try .

    It has been written but you are ~new member and may have missed it. Most of the things I write you are already said here ;)

    ESET and most other companies have priorities :
    First they serve clients with real problems
    Second they server other things
    Third they "server" virus/malware collectors

    You don't have a problem , it seems you have just found this thing somewhere and decided to submit it . Ok , bravo , but you have something that is no risk to you . They haven't noticed it so wild or it poses less to no risk , or you have found it in a web-page which no average person will visit , or it is downloader (something that does nothing but drops malware , something real already detected by ESET) ... this makes the sample less important . Again , it was said numerour times ESET receive really a lot of samples each and every day and without priorities they can't analyse them so easy or add them . Image they add all (the garbage) that is sent ... our computer would have stopped working with so big database . I don't know how true it is but a official Panda Security report says that Panda Security have found times more malware in 2006 compared to all the previous 15 years totally , true or not => Cyber cribe is on the rise (known and proven) . They (AVs) can't detect/add or so all the malware . No human can make it . By the way , another option to keep the program light on resourses is to add a generic sig for some Zlobbies .

    So , the conclusion after all the words , is not to worry about such things . In case you find something , you just send it to them and don't worry further , they will do what it is necessary :thumb:
  3. hsobrevilla02

    hsobrevilla02 Registered Member

    Sep 4, 2007
    thank you very much for your answer.I appreciated it a lot.
    I will try to comprehend your explanation and this I will explain also to other persons whom which I recommend to use NOD32.
    I guess all I have to do is WAIT.....
    again thank you for the explanation

    Last edited: Oct 1, 2007
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.