Jump to content
ChrisBP

SAS and Rustock.C

Recommended Posts

Can SAS detect Rustock.C, if not, are there plans to enable this detection and if so, when?

Cheers,

C

Share this post


Link to post
Share on other sites
Can SAS detect Rustock.C, if not, are there plans to enable this detection and if so, when?

Cheers,

C

It should detect it - do you have a case where it does not?

Share this post


Link to post
Share on other sites

From looking at the Wilders forum, it would appear that Kaspersky and Dr.Web are the only scanners to detect it. I dont know that SAS does not - but had ben told that it did not by a Wilders member. can a representative of SAS state if SAS does in fact detect and remove it to clear up the issue?

Cheers.

C

Share this post


Link to post
Share on other sites
From looking at the Wilders forum, it would appear that Kaspersky and Dr.Web are the only scanners to detect it. I dont know that SAS does not - but had ben told that it did not by a Wilders member. can a representative of SAS state if SAS does in fact detect and remove it to clear up the issue?

Cheers.

C

Chris - we detect over a million threats - if you have something that we don't detect, please let us know - if you have an infected system that is not being cleaned we can run a diagnostic.

As far as "Rustock.C" - there is no clear classification between vendors - we may detect and remove what one company calls "Rustock.C" where we classify it as a different threat.

Remember - Wilder's members don't have access to our database, so them making a statement about what we actually detect without having performed actual testing should be taken with a "grain of salt" so to speak as they are not the experts in our software.

Again, if you have something that is not detected or removed, we are more than happy to assist!

Share this post


Link to post
Share on other sites

Whilst I agree that viruses / trojans etc are called different names by various vendors etc, Rustock.C is only known as that OR Win32.Ntldrbot as far as Im aware - everyone knows about this nastie. It shouldnt be hard for you to say if SAS detects it or not.

Share this post


Link to post
Share on other sites
Whilst I agree that viruses / trojans etc are called different names by various vendors etc, Rustock.C is only known as that OR Win32.Ntldrbot as far as Im aware - everyone knows about this nastie. It shouldnt be hard for you to say if SAS detects it or not.

Again, do you have a test set where we don't detect it? We detect many variants of Rustock, including Rustock.C variants we have in our labs and in the wild.

We are certainly aware of this threat and many others that the other vendors don't even see, let alone detect. Did you ask the Wilder's members about those? :)

Share this post


Link to post
Share on other sites

Thank you, so SAS does detect Rustock.C. I was not aware there were variations of that specific version.

Share this post


Link to post
Share on other sites
Thank you, so SAS does detect Rustock.C. I was not aware there were variations of that specific version.

Every vendor classifies things there own way, there is no way to know if "Rustock.C" is the same across vendors.

Share this post


Link to post
Share on other sites

Hi, I posted a comment in a Wilders thread saying you said SAS did detect Rustock.C and the reply from one of their members is thst having tested it five minutes ago with your latest signatures is that SAS does not detect Rustock.C. The member in question suggests I point you to the comment and to him as I believe he has the malware samples.

http://www.wilderssecurity.com/showthre ... ost1258326

Share this post


Link to post
Share on other sites
Hi, I posted a comment in a Wilders thread saying you said SAS did detect Rustock.C and the reply from one of their members is thst having tested it five minutes ago with your latest signatures is that SAS does not detect Rustock.C. The member in question suggests I point you to the comment and to him as I believe he has the malware samples.

http://www.wilderssecurity.com/showthre ... ost1258326

We'll take a look!

Share this post


Link to post
Share on other sites

So we are all clear here - if there are samples that any user has, that we do not detect, please have them submit them to samples AT superantispyware.com and they will be analyzed and processed.

Share this post


Link to post
Share on other sites

ChrisBP;

You seem to have an agenda. Your question has been answered several times. You are free to believe an expert who has a background in the development of an antispyware product used by millions of users OR whom ever you wish :) Take up the offer to submit a complete sample. :roll:

Share this post


Link to post
Share on other sites
It would appear that you are wrong and that SAS does not detect it after all.

See:

http://www.wilderssecurity.com/showthread.php?t=211664

http://www.wilderssecurity.com/showthre ... 86&page=11

ChrisBP - as Pandato indicated, you obviously have a hidden agenda - actually it's not so hidden, it's quite obvious. We are not going to simply chase a sample or infection because people are posting in a forum about it - we receive 10's of thousands of samples per week and process zero-day threats to ensure users are protected. No product can catch everything on a given day - I notice you are not hounding other products/companies regarding their removal of what some call "Rustock.C" - you are focusing on SUPERAntiSpyware.

Are you infected with this? Likely not. Why don't you just come clean about your intention here.

Have you done the testing yourself? What is your expertise in the security industry?

Share this post


Link to post
Share on other sites

I have no hidden agenda. I asked a simple question and got a vague answer. The reason Im asking is that I have a license for SAS. I usually use F-Secure with SAS, but understand F-Secure does not detect the Rustock.C referred to by Dr.Web or Kaspersky. I wanted to know if SAS detected this as if not, I would install KAV - which I have a license for.

Eventually, I was told here that SAS did detect Rustock.C - however, a member on Wilders said it did not and has proved this - you have discussed this with him and asked that he send you the samples in question.

I have no agenda other than wanting to know if a product I have paid for protects me from a particular nastie. All I have had is a reply saying "it should" - and then when asked again a confirmation that it does - only to find out later that it does not.

I find it strange that you treat your customers like this - telling me I have a hidden agenda - just because I ask a question. it is you who has been vague and inaccurate (by which I mean saying SAS detects Rustock.C when it does not)

If you want to give me a refund on my SAS license I will be more than happy as Im sick of your attitude.

Share this post


Link to post
Share on other sites
.I find it strange that you treat your customers like this - telling me I have a hidden agenda - just because I ask a question. it is you who has been vague and inaccurate (by which I mean saying SAS detects Rustock.C when it does not)

Well, you have asked the question several times. How many answers do you need? Can't you read? As stated, if you have a sample that SAS does not detect, please send it to them. And everyone else is happy with SAS' support. Maybe there's something with you? Been thinking of that?

If you want to give me a refund on my SAS license I will be more than happy as Im sick of your attitude.

I hope they wont with your attitude.

Share this post


Link to post
Share on other sites

I need just one answer - yes or no - had to ask several times in order to get that and when I did it was wrong.

Anyhow, I have uninstalled SAS and wont be installing it again.

Bye

Share this post


Link to post
Share on other sites

I can confirm that SAS can't detect a variant of Rustok, but what's the problem? No anti-spyware can detect all threats. Instead of complaining you should send samples to the SAS staff like I did and they will include detection for that threat quickly.

Share this post


Link to post
Share on other sites
I need just one answer - yes or no - had to ask several times in order to get that and when I did it was wrong.

Anyhow, I have uninstalled SAS and wont be installing it again.

Bye

In a situation like the one in this thread, a simple 'yes' or 'no' often doesn't cover all the aspects of an issue. Pushing for a conclusive answer, like you did, gives the impression that there might be a hidden agenda.

Not being protected by SAS is your loss!

Share this post


Link to post
Share on other sites
I need just one answer - yes or no - had to ask several times in order to get that and when I did it was wrong.

Anyhow, I have uninstalled SAS and wont be installing it again.

Bye

ChrisBP - there is not a "yes" or "no" answer in the world of anti-spyware and threats. If you have a variant we don't remove, send it to us, or have us run a diagnostic to remove it.

You are being elusive as to the reason for your questioning and you are not accepting our answers, and we are the experts in this field.

We don't lie, nor post false claims, so we would not just say "yes" and leave it at that - are you verifying others claims?

Share this post


Link to post
Share on other sites
I need just one answer - yes or no - had to ask several times in order to get that and when I did it was wrong.

Anyhow, I have uninstalled SAS and wont be installing it again.

Bye

It can't be yes or no. Yes, it detect lot of variants; no, there are some variants that not detect already.

Share this post


Link to post
Share on other sites

Look, I dont pretend to be a security expert, however, I read a couple of threads on Wilders and some posts by people who are experts. I asked the question there - does SAS detect Rustock.C - and the answer I was given from a well respected menber was that it did not. This member has proven that SAS does not detect the versions of Rustock.C that are referred to by Dr. Web or Kaspersky. I appreciate that there may be variants of Rustock.C. I just wanted to know if SAS would have protected me from the variants being mentioned on Wliders / bt Kaspersky and Dr.Web - as if not, I would need to install KAV instead of F-Secure.

Share this post


Link to post
Share on other sites
Look, I dont pretend to be a security expert, however, I read a couple of threads on Wilders and some posts by people who are experts. I asked the question there - does SAS detect Rustock.C - and the answer I was given from a well respected menber was that it did not. This member has proven that SAS does not detect the versions of Rustock.C that are referred to by Dr. Web or Kaspersky. I appreciate that there may be variants of Rustock.C. I just wanted to know if SAS would have protected me from the variants being mentioned on Wliders / bt Kaspersky and Dr.Web - as if not, I would need to install KAV instead of F-Secure.

Again, a developer told that SAS detect a lot of variantsss of Rustock.C. Maybe there more variants that SAS not detect yet. So the people of Wilders forum maybe have a variant that SAS dont detect. AGAIN< if you have a sample you can send it to SAS. What part you dont understand? There is NOT a perfect antivirus or spyware program that detect 100% if viruses. So don't continue asking the same thing again.

Share this post


Link to post
Share on other sites

Who do you think you are? I NEVER said I had any samples. Read the thread and the Wilders thread before you make yourelf look even more ignorant.

Share this post


Link to post
Share on other sites

ChrisBP:

PLEASE Maintain a civil tone or your posts will be edited or will be removed. This is what is required of all who post, you may disagree with responses but this is not the place for hostility nor for meaningless "yes it can" "No it can't" "yes it can. etc etc etc. That's childish :lol:

As far as your reliance on self appointed forum experts, all are entitled to their own opinions. It is up to you whose credentials you believe :roll:

Again, you seem to harbor an agenda as has been pointed out by others on the forum that have no official status with SAS. You have been given excellent advice by several posters, I suggest you read them in the spirit in which they were written. :) Thanks for understanding.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...