If you want to play - Part II

Printable View

March 25th, 2004, 02:03 PM
StevenPeterYevchak

If you want to play - Part II

Some of you might like to give this one a look:

EWIDO page: http://www.ewido.net/en/?section=support .

Been using it now for a little while and it seems to be quite good. Certainly simple enough. Fast. Author very responsive to questions and quick about fixing FP's. Not vulnerable to the recent "re-basing" threat (which a lot of the OTHER A/T's can't say, unfortunately).

If you haven't taken a look at this one yet - you probably should.

From the author:

"Quote:
Besides the very big PLUS that it's free, is there anything that sets your program apart, detection-wise, from any of the pay programs?

Many things Just some examples:
Very strong binary signatures with Fuzzy Logic
Powerful unpacking engine based on emulation
Crypted database (AES 128-Bit)
Intelligent Online-Update with integrity-check
Generic-Binder-Detection
Very user-friendly Interface
...

The upcoming pro-Version will also feature a Guard running on Ring 0, a real memory Scanner (can detect e.g. armadillo copymem, api hooking), Heuristics and so on...

Quote:
How well does it "clean up" after an infection - or does it just "quarantine" stuff?

Searches for autostart/running processes and finally removes the file (with backup)... If not possible after reboot.

Quote:
Are you using any "new" types of detection processes?

Again, many (even more than KAV!)... Fuzzy signatures against patching & signature detection, immune against rebasing/OEP modifaction etc.

Quote:
How about unpackers? More than one?

More than one! We use generic emulation... So we're able to unpack e.g. upx, aspack, fsg, neolite, pepack, stones pe crypter, pklite32, morphine etc. Immune against entrypoint/stub patching..." . Pete
March 25th, 2004, 05:08 PM
fink

Maybe I missed it but is there an English language section to their website? Is the program in English?
March 26th, 2004, 02:07 AM
StevenPeterYevchak

My apologies, fink. Link above will be fixed in a shake.

That page isn't very informative - but it IS in English. (So is the program when you get it from that d/l page there).

The page isn't finished really (one hopes he'll get to that shortly). Pete
March 26th, 2004, 09:46 AM
fink

Thanks :)

Looks interesting, may try it out over the weekend. I'm interested in checking it out vs Kaspersky which has always been my favorite scanner since it compares itself to KAV directly. The unpacking engine in particular is what I'd like to run through the ringer... of all the tests I've done over the years it's been viruses that have been assembled or compressed in unorthodox fashions that have given all of the scanners I've used the most difficulty.

Time to dig out my virus collection :D