BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Behavior Blocker vs Rootkits and MBR Killer
   
BullGuard Antivirus Forum > BullGuard zone > BullGuard Trial users > Behavior Blocker vs Rootkits and MBR Killer  
Forum Quick Jump
 
New Topic Post reply to : Behavior Blocker vs Rootkits and MBR Killer Printable version of : Behavior Blocker vs Rootkits and MBR Killer
[ << Previous Thread | Next Thread >> ]

habakuck
New Member


Date Joined Nov 2010
Total Posts : 6
 
   Posted 11/5/2010 1:43 AM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
Hi @ all.

I am trying Bullguard 10 at the moment. Very good product so far. Well done!
(But you should fix the missing rootkit scan for x64 systems... ;) )

I tested the Suite against real world, zero day malware. It did a good job so far! Again well done.

But when it comes to really nasty malware your Behavior Blocker (NovaShield) fails!

Nearly all TDSS, Sinowal or MBR Killer samples went directly through the Bullguard protection.

Are you able to enhance the protection which is given by the behavior guard against those threats?
Note: I am not talking about the signature protection.

best regards

Habakuck
Back to Top
 

habakuck
New Member


Date Joined Nov 2010
Total Posts : 6
 
   Posted 11/7/2010 3:48 PM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
No answer from the support? sad
Back to Top
 

anniesboy
Junior Member


Date Joined Feb 2010
Total Posts : 66
 
   Posted 11/7/2010 5:18 PM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
Have a look at post Bullguard10 in Bullguard customers section
Back to Top
 

habakuck
New Member


Date Joined Nov 2010
Total Posts : 6
 
   Posted 11/8/2010 7:16 PM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
I am aware of that thread. But my initial question was about the behavior guard.

And i would like to get an answer from the support.
I really think about buying your software cause i really like it's gaming mode.
But if i do not get an answer here i am not sure if it is advisable to spend money here...
Back to Top
 

Alin Vlad
Trusted Member




Date Joined Sep 2007
Total Posts : 393
 
   Posted 11/9/2010 8:55 PM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
Hi Habakuck,


First off all, sorry for the delayed answer. While 100% security is the goal, no one is ever 100% safe from viruses with any anti-virus product. Unfortunately, people continue to create new viruses that are very sophisticated and often hard to destroy. But with version 10, we’ve taken BullGuard to the next level, introducing technology that positions BullGuard in top. Our Behavioural Detection engine enables us to counter what in the industry is known as Zero-day Attacks, and identifies viruses long before traditional virus detection, based on the behavior of the virus.

We are improving the detection and the removal modules of our product each day, releasing core updates, not only virus definitions.

The new security enhancement features have already proved themselves in several independent virus tests. BullGuard scored detection rates of 100% for both known and unknown viruses, proving that our newly implemented technology combining the Behavioral Detection and the traditional SBD-engine technology, gives our users the highest protection against any form of threat from the internet. En example from these tests is one made by the renowned av-test.org. You can read all about the test here: finance.yahoo.com/news/BullGuard-is-the-Best-in-prnews-4097021372.html


Alin Vlad
Senior Support Technician
support@bullguard.com
www.bullguard.com

Download Free Trial version of BullGuard

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

habakuck
New Member


Date Joined Nov 2010
Total Posts : 6
 
   Posted 11/9/2010 9:36 PM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
Thank you for your answer!

Don't get me wrong: I think the protection Bullguard offers it quit good.

But not good enough if it comes to MBR and Kernel Rootkits. You desperatly need to improve the behavioral detection at that side!!

And my question was: Are you able to do that or is the NovaShield core of your Behavior Guard just not able to provide such low level protection?
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 11/10/2010 7:34 AM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
habakuck ->
 
 
A note from one (me) there are dealing with mbr/kernel rootkits almost every day.

 
"MBR rootkit use IRP hooks to filter out every attempt to read and write the MBR. Disk.sys Windows driver, disk class driver used for managing disk devices, was hooked and the original Windows functions pointed by the driver and used to handle disk packet requests were replaced by the rootkit ones. Of course every reference to the original address was overwritten by the rootkit, so that it was more difficult for a security product to discover the original function address and restore the legal function.
The new version of MBR rootkit is smarter enough to give researchers some bad days, due to improved hooking techniques.
It doesn't hook anymore disk.sys driver, it goes deeper. It checks which is the lower device to which the device \Device\Harddisk0\DR0 - belonging to disk.sys driver - is attached to.
MBR rootkit and many other ones are all real in the wild attacks that are showing the difficulties of security industry to fight against these threats."
 
That´s why we need special diagnose and fix tools to deal with them, what I mean is, if BG and other AV companies really could fix them, then it would in many cases be very damaging such as eliminating your internet connection completely or removing legitimate files that are required for your computer to run.
 
 
 


Please read:  Forum Rules
Click here:   Before-posting-a-log
 
 

 

Back to Top
 

habakuck
New Member


Date Joined Nov 2010
Total Posts : 6
 
   Posted 11/10/2010 10:43 AM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
Thanks for your reply.

I am not talking about the removal of those stuff! I am a malware removal helper so i know exactly what you mean. I was talking about the ability to BLOCK those threats bevor they install using the behavior blocker! A couple of Behavior Blockers are able to successfully block the installation of MBR and Kernel rootkits and my simple question was: Is the NovaShield core of your Behavior Blocker able to block those threats or not?

If it is able to do so i would chary ask you to work on the ruleset to block the threats a bit better. Cause at the moment your behavior blocker is doing bad if it comes to nasty rootkits.
(Everything else, simple malware, keyloggers and so on, is blocked successfully!)

Btw.: Do you update the ruleset for the Behavior Blocker or is NovaShield responsible for that?

Post Edited (habakuck) : 10-11-2010 07:44:43 GMT

Back to Top
 

Alin Vlad
Trusted Member




Date Joined Sep 2007
Total Posts : 393
 
   Posted 11/15/2010 10:27 AM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
habakuck said...
Do you update the ruleset for the Behavior Blocker or is NovaShield responsible for that?


I'm afraid that we can't reveal the mechanisms behind this. This is an internal rule: we can't divulge internal work procedures or technologies because we are in an open market and we have competitors.

What can i tell is that we are improving the product each day, including the behavioral engine.


Alin Vlad
Senior Support Technician
support@bullguard.com
www.bullguard.com

Download Free Trial version of BullGuard

You have a BullGuard related problem? Post your question on these forums, contact Support or contact me on Twitter!

Back to Top
 

habakuck
New Member


Date Joined Nov 2010
Total Posts : 6
 
   Posted 11/15/2010 10:54 AM (GMT +3)    Quote: Behavior Blocker vs Rootkits and MBR KillerAlert an admin about: Behavior Blocker vs Rootkits and MBR Killer
O.k. i understand that!

Thank you for your answers! I really like Bullguard so far. I will buy a licence.

See you.

best regards

Habakuck
Back to Top
 
New Topic Post reply to : Behavior Blocker vs Rootkits and MBR Killer Printable version of : Behavior Blocker vs Rootkits and MBR Killer
 
Forum Information
Currently it is Thursday, October 02, 2014 5:31 AM (GMT +3)
There are a total of 60,629 posts in 13,327 threads.
In the last 3 days there were 1 new threads and 2 reply posts. View Active Threads
Who's Online
This forum has 36455 registered members. Please welcome our newest member, empatbelass.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Bullguard antivirus offline (2)10/2/2014 2:07:56 AM (Sabuz Ahmed)