Searching today on twitter.com for tweets regarding computer security, I’ve found a twitter account, NANOantivirus associated with a new russian security software company, NANO Security.
To be honest, I never heard of this company before so I made a little research on Google.com for his product NANO AntiVirus and surprisingly enough the first search results on Google.com are dominated by links to sites talking about a fake antivirus with the same name, NANO AntiVirus. According to these sites, the NANO AntiVirus rogue software has the same behaviour as all the fake antiviruses, it displays false alerts and pop-up warnings about a false computer massive infection. Displaying a lot of fake scan results stating the computer is infected with a lot of malware that can not be removed unless the the software is registered, the fake NANO AntiVirus try to lead the user to purchase the software for a presumptive computer virus disinfection.
Caution! There is the fake antivirus!
Wednesday, 16 December 2009 12:52
Last year many antivirus vendors had reported about fake antivirus programs. Our analysts have detected the malware Trojan.Binary.Win32.FakeAlert.nano. This malware pretends to be antivirus program. Fake Nano Antivirus displays false positives via fake scan results in an attempt to trick the user into thinking he is infected, further motivating the user to purchase the software to remove the infections…
Curious by my nature and intrigued by all this story, I’ve downloaded the antivirus software though it is still in Beta stage, for testing it. At the moment there are several download sources, for example the official site www.nanoav.ru or Softpedia.com where the download has the authoritative Softpedia seal :
Softpedia guarantees that NANO AntiVirus 0.10.0.4 Beta is 100% CLEAN, which means it does not contain any form of malware, including spyware, viruses, trojans and backdoors.
The download size is about 38,9 MB and the actual version is 0.10.0.4 and the test was made on Microsoft Windows Professional SP3 32 bits. The installer verifies itself for integrity and immediately after finished the installation it goes for updates–after asking user to allow this.
The process associated to NANO Antivirus , nanosvc.exe shows in Task Manager that takes about 125 MB of RAM memory. The graphical user interface is very simple to use and intuitive, all of the features and informations can be accessed very simple :
NANO Antivirus has all the features of a respectable antivirus :
- It assures system real time protection against any type of malware as trojans, worms, viruses including their encrypted versions;
- Very fast scanning using an advanced technology ;
- Heuristhic analysis of new types of malware, not included yet in the virus signature database based on their behaviour;
- Automatic and highly customized scheduling of the update task from the official site or from a folder source (non-network) from your hard disk aswell. This updates can be previously downloaded from the official site via FTP;
- It has support for archived files, packed objects, NTFS streams, mail databases;
- Possiblity to scan files with a choosen extension e.g. : .exe, .ocx, .scr, .dll;
- The software let the user choose what actions must be taken with an infected file : quarantine it, delete, “try to cure the infected object”, just report it or change its extension in: .virus;
- The antivirus add two entries to the context menu (right-click) : “Scan by NANO Antivirus” and “Add to NANO Antivirus quarantine” giving to the user the possibility to scan individual files or folders;
- Customized scheduling of scanning task;
- Possibility of quick scan of the essential system objects, Boot sectors or Memory Scan;
- Password protected access to scan settings;
- Antivirus startup quick test;
- Capability to send to support quarantined or suspect files;
- Command line support;
- Windows 7 support;
Always I keep in my computer several infected files acquired from the Internet and from my infected customers for this exact purpose, to make my own tests on security software and to compare the results between different antiviruses, so I continue with “real life” tests on infected files. The results was compared with virustotal.com scan results.
Because this security tool is still in BETA stage, I can not say I’m dissapointed by the tests results, however this antivirus need improvements but it’s not the only one that is in needing of this and overall it performs resonable.
It detects a known trojan in its compressed form, but it’s not able to detect it in an encrypted form, but the encryption was made perhaps with a private unknown crypter. Other example with an infected executable, it detects nothing on the malware scanning and in opposition here is the virustotal.com scan where is detected by 27/ 43 (62.8%) from all antiviruses.
The conclusion is this antivirus is a very promising security tool and can be downloaded and used free of charge for testing purposes as the Beta testers but it’s still not in the position to be used as the main “defender” of your computer. The future will tell.
Keep safe !