Mostly called HT in simple words. Look at this technology
Click here to see Processor Types by Intel
Sunday, December 20, 2009
Thursday, December 10, 2009
Eset NOD32 Tricks
NOD32 provides well balanced, state-of-the-art protection against threats endangering your PC and enterprise systems running various platforms from Microsoft Windows through a number of UNIX/Linux, Novell, MS DOS operating systems to Microsoft Exchange Server, Lotus Domino and other mail servers.
The thing i like most about Nod32 is it's Heuristic base Powerful Scanning which some time detects zero day malwares. They dont heavily belive on Signature base detected which was usually used in past.
Now a question rises that what is Heuristic and signature base detection
1)-Signature Based Scan:
Traditionally, AV solutions have relied strongly on signature-based scanning, also referred to as scan string-based technologies. In signature based scanning antivirus program searches within given files for the presence of certain strings (also only in certain regions). If these predefined strings are found,then anti virus report A Threat detected.
According to Mcafee Lab, approximately 250 virus are released every day, so it's very difficult to catch all those viruses every day. So a new Heuristic based detected is used to detect unknown threats as explained below. Run-time packing is a technique malware writers employ to defeat signature-based detection of a know malwares. To solve this problem the AV ist unpack the file and then scan it.
2)-Heuristic Based Scan:
Heuristic (hyu-ˈris-tik) is an adjective for methods that help in problem solving. The first heuristic engines were introduced to detect DOS viruses in 1989.
A heuristic scan is used to detect new, unknown viruses in your system that have not yet been identified. Only some anti viruses can do this type of scan, the majority are only able to detect known viruses.
In this scanning, antivirus program searches instructions or commands within a file that are not found in typical good application programs. Lets take an example if a file's binary code contain an instruction of "Dont show hidden files ". As a result, a heuristic engine is able to detect potentially malicious files and report them as a virus and a variant in case of Nod32.
ThreatSense® Technology:-
In this technology, heuristic approach is also used but also when a certain files does specious activity in computer, Av program does not perform any action and keep eye on that file. Next, when you update your anti-virus these files are send to security experts of antivirus that you are using. Some time you have to submit that files manually by selecting those specious files and then clicking "Submit". Malware analysts analyze the file, if it is a virus then they make it's signatures. By this a virus is caught with in 3-4 days and less damage is done.
Ativirus Using these Technique:-
Eset Nod32 ( I think all versions)
Bitdefender 10
Norton Antivirus 2009
Installation :
During installation dont forget to enable this option!
Updates:-
Updates of Nod32 is very small in size. But first time when you update your Nod32 after installation, it takes little bit of time to update it's virus database but after that jsut 45 KB to 100 KB updates are downloaded on daily bases. Look at the update size soooooooo small
Update files:
The updates of nod32 are stored in"C:\Program Files\ESET\ESET NOD32 Antivirus\" with the extension of DAT. Take a look at the image.
Save these files to some other location and every time after installing nod32, instead of updating it for a long period of time just copy these files to the Installation Folder and then reboot. Reboot is necessary to take effect.
Programming of NOD32:-
Root Directory: C:\Program Files\ESET\ESET NOD32 Antivirus\
Deep Scan: Yes
File: callmsi.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: ecls.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: ecmd.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: egui.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: eguiAmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eguiEmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eguiEpfw.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eguiScan.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eguiUpdate.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: EHttpSrv.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Free Pascal v1.06
Matches: 7
File: ekrn.exe
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ 8
Matches: 6
File: ekrnAmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: ekrnEmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: ekrnMailPlugins.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: ekrnScan.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: ekrnUpdate.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eplgHooks.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eplgOE.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eplgOutlook.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: eplgOutlookEmon.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: http_dll.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: mfc80.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: mfc80u.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: shellExt.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: No match found.
Matches: 0
File: updater.dll
Path: C:\Program Files\ESET\ESET NOD32 Antivirus
Signature: Microsoft Visual C++ v6.0
Matches: 18
But ESET says NOD32 is mostly programmed in Assembly languages but Analysis tools shows the above result.
But one thing I will must say that it has very fast scanning speed and occupy very less CPU resources.
Submit Samples:
NOd32 has also a feature to submit specious files for analysis manually. If you find any file specious in your PC just do this. Most of the peoples (malware writers) dont like this. LOL
Just right click on the file and click submit. That's it. Click image to see clearly.
ESET SysInspector :-
ESET SysInspector is a free, state of the art diagnostic tool for Windows system.t peers into your operating system and captures details such as running processes, registry content, startup items and network connections. Once a snapshot of the system is made, ESET sysInspector applies heuristics to assign a risk level for each object logged. ESET SysInspector is a convenient utility for the tool box of every IT expert and first responder.First SysInspector was produced as a individual product but latter on it was integrated into NOD32 4.xx version. It a very nice and free product. SysInspector product manager was 'Zdeno Hlinka' and he is also a developer.
Images of SysInspector:-
http://i49.tinypic.com/5yceah.jpg
Size: 2.4 MB
License: Freeware
Download SysInspector
eset NOD32 is a true malware fighting product:
Thursday, December 3, 2009
Riskiest domains Accroding to Mcafee
Red means danger. And orange offers plenty of risk, tooYou may want to think twice if you hit a site with a .cm extension. That belongs to Cameroon, pegged by McAfee as the world's riskiest domain.
McAfee's third annual "Mapping the Mal Web" report, released Wednesday, looks at riskiest and safest domains across the globe. The small nation on the west coast of Africa reached the top spot this year with 36.7 percent of its sites posing a security risk. Because .cm is often a typo for .com, McAfee said, cybercrooks like to use that domain to set up typo-squatted sites to hit you with malware.
The generic and widely used .com domain itself isn't much safer, according to McAfee, jumping from ninth last year to second this year in riskiness, with 32.2 percent of its sites potentially hazardous to your PC's health.
"This report underscores how quickly Cybercriminals change tactics to lure in the most victims and avoid being caught. Last year, Hong Kong was the riskiest domain and this year it is dramatically safer," Mike Gallagher, chief technology officer for McAfee Labs, said in a statement. "Cybercriminals target regions where registering sites is cheap and convenient, and pose the least risk of being caught."
Overall, looking at 27 million Web sites and 104 top-level domains, McAfee found that 1.5 million sites, or 5.8 percent, were risky. That's up from 4.1 percent from the past two years, although the comparison is not direct since McAfee said it changed its rating methodology since then.
McAfee noted that cybercriminals who create domains to scam people prefer registrars with very less prices, volume discounts, and hefty refund policies. Crooks also like registrars with a "no questions asked" policy and that act slowly or not at all when informed of malicious domains.
Subscribe to:
Posts (Atom)