If you want to play - Part II

[StevenPeterYevchak]

Some of you might like to give this one a look:

EWIDO page: http://www.ewido.net/en/?section=support .

Been using it now for a little while and it seems to be quite good. Certainly simple enough. Fast. Author very responsive to questions and quick about fixing FP's. Not vulnerable to the recent "re-basing" threat (which a lot of the OTHER A/T's can't say, unfortunately).

If you haven't taken a look at this one yet - you probably should.

From the author:

"Quote:
Besides the very big PLUS that it's free, is there anything that sets your program apart, detection-wise, from any of the pay programs?

Many things Just some examples:
Very strong binary signatures with Fuzzy Logic
Powerful unpacking engine based on emulation
Crypted database (AES 128-Bit)
Intelligent Online-Update with integrity-check
Generic-Binder-Detection
Very user-friendly Interface
...

The upcoming pro-Version will also feature a Guard running on Ring 0, a real memory Scanner (can detect e.g. armadillo copymem, api hooking), Heuristics and so on...

Quote:
How well does it "clean up" after an infection - or does it just "quarantine" stuff?

Searches for autostart/running processes and finally removes the file (with backup)... If not possible after reboot.

Quote:
Are you using any "new" types of detection processes?

Again, many (even more than KAV!)... Fuzzy signatures against patching & signature detection, immune against rebasing/OEP modifaction etc.

Quote:
How about unpackers? More than one?

More than one! We use generic emulation... So we're able to unpack e.g. upx, aspack, fsg, neolite, pepack, stones pe crypter, pklite32, morphine etc. Immune against entrypoint/stub patching..." . Pete