how many virus found in nod32 in On-demand comparative Test by Heuristics ?
if IBK disable the Heuristics from nod32 can this show huge sink detection rate ?
also KAV and BItfinder

I don't think any AV is detecting the "kitchen sink" so to speak ;-)

I think the original poster meant "decrease" in the detection rate.

Why would you want to disable heuristics? In any AV for that matter?
It gives you better protection, so why disable it?

-{ Quote: "Why would you want to disable heuristics? In any AV for that matter?
It gives you better protection, so why disable it?" }-Because we have different needs. For instance in Jotti's NOD detected 38 % from their own detectings by signature, so at least I'm curious to know how much NOD detected from their own detectings in Av-Comparatives 08-2005 test by signature.

Best regards,
Firefighter!

-{ Quote: "Because we have different needs.
Firefighter!" }-
You have needs for less protection? Sorry, I don't understand.
If your AV has heuristics detection, why would you disable it?
Bacause of your needs to be infected by the new crap that goes undetected every day due to the lack of heuristics?

-{ Quote: "You have needs for less protection? Sorry, I don't understand.
If your AV has heuristics detection, why would you disable it?
Bacause of your needs to be infected by the new crap that goes undetected every day due to the lack of heuristics?" }-Sorry that I couldn't follow your thoughts!

I wrote before in this thread: "For instance in Jotti's NOD detected 38 % from their own detectings by signature, so at least I'm CURIOUS TO KNOW how much NOD detected from their own detectings in Av-Comparatives 08-2005 test by signature." That's all.

I just can't see any correlation to the detectings/missings of new crap in here, sorry! ::)

Best regards,
Firefighter!

I'm sure if IBK tested with heuristics turned off the results would be different. My AV of choice Avast (doesn't have heuristics) would move up the ladder :)

But whats the point in doing so ? detection is detection, doesn't matter how its achieved, does it ?

Disabling the heuristics engine will lower NOD's detection rate noticeably, possibly due to the fact that the generic unpacker will not be used.....

Every antivirus has its own way of detecting a threat. NOD32 uses its advanced heurístics to detect variants etc. So what´s the objective of a test using only signatures? In the reallife whe don´t disable NOD´s AH.

-{ Quote: "I'm sure if IBK tested with heuristics turned off the results would be different. My AV of choice Avast (doesn't have heuristics) would move up the ladder :)

But whats the point in doing so ? detection is detection, doesn't matter how its achieved, does it ?" }-Maybe not, if you want clean infections too.

Best regards,
Firefighter!

What does cleaning infections have to do with signatures vs heuristics ??? I'd say more than 99% of today's malware are trojans, dowloaders, backdoors and spyware so there's nothing to clean in such files.

-{ Quote: "What does cleaning infections have to do with signatures vs heuristics ??? I'd say more than 99% of today's malware are trojans, dowloaders, backdoors and spyware so there's nothing to clean in such files." }-
Well said, that's one of the most clever answers I saw around here the last time ;D

-{ Quote: "What does cleaning infections have to do with signatures vs heuristics ??? I'd say more than 99% of today's malware are trojans, dowloaders, backdoors and spyware so there's nothing to clean in such files." }-It's comforting to know that, although there may be more than those < 1 % room to viruses and worms, when in Jotti's there were about 8 % of those. :) ;)

Best regards,
Firefighter!

Unfortunately the main question has got unanswered as many times before, when some of us don't like questions like this in the thread.

Best regards,
Firefighter!

There's no sense in disabling heuristics. It's like performing a crash test of a car without the dummy wearing a seat belt and all security systems deactivated.

-{ Quote: "It's comforting to know that, although there may be more than those < 1 % room to viruses and worms, when in Jotti's there were about 8 % of those. :) ;)
" }-

How do you know those 8% were actually functional samples working on win32 platform? Were they actually undetected by NOD32? Did you send them to a qualified analyst to tell whether they should be detected?

-{ Quote: "There's no sense in disabling heuristics. It's like performing a crash test of a car without the dummy wearing a seat belt and all security systems deactivated." }-There's no sense to argue about to disable heuristics or not. If someone wants to get answers to his/her questions, whats wrong in it? >:(

The second argument you wrote in the post after this quoted one, has no sense, because NOD has always been quite strong againgst worms/viruses, so it detected much more than those < 1 %, 8 % isn't so much wrong in this. Let's forget the hostile attitude at least just now, when it's Xmas becoming ahead and let's joy the holy day of peace! :)

Btw, Merry Xmas to you all! :-*

Best regards,
Firefighter!

What's the use of an AV when you disable heuristics ? All AV out there are detecting the ITW viri, for the rest of all the malware out there to be detected you need heuristics. Disabling heuristics is as if I were to open the front door during nights and hit the sack, believing nobody has the guts to come in because I have a door... Or do you mean if NOD32 is capable of detecting viri without heuristics, just by definitions ?

To check how effective NOD's signatures or Heuristics are, I think :)

-{ Quote: "Unfortunately the main question has got unanswered as many times before, when some of us don't like questions like this in the thread.

Best regards,
Firefighter!" }-

So what kind of answer are you looking here? Disable one of the strongest NOD32 points and then test it? Lets test McLaren but with Toyota Camry engine.Why? :)

Developers spent so much time to produce the state of art heuristics and you want test NOD32 without it. WTF.? So what’s next disable the variant, generic, packers, and spyware and virus detection?

Or maybe You want to see how powerful AH is? No problem its there at IBK’s web site.

The original question is pointless and has nothing to do with the detection rate.



tD

OK, let's play again. The answer to that question, I can only guess, I think that NOD w AH detected about 8 % of their all detectings by heuristics in the Total without DOS & OtherOS category in the Av-Comparatives 08-2005 test. Why that's so difficult to give answers to a simple question like this? :-X We just can't have the right to not answer questions like this.

Best regards,
Firefighter!

-{ Quote: "OK, let's play again. The answer to that question, I can only guess, I think that NOD w AH detected about 8 % of their all detectings by heuristics in the Total without DOS & OtherOS category in the Av-Comparatives 08-2005 test. Why that's so difficult to give answers to a simple question like this? :-X We just can't have the right to not answer questions like this.

Best regards,
Firefighter!" }-

That’s for the AH detection. What about Classic Heuristics? As far as I know it’s still in use for viruses and I mean REAL viruses (AH targets other Malware). VirusP have NOD32 logs, so you can see it for your self and do the math. ;D


tD

-{ Quote: "That’s for the AH detection. What about Classic Heuristics? As far as I know it’s still in use for viruses and I mean REAL viruses (AH targets other Malware). VirusP have NOD32 logs, so you can see it for your self and do the math. ;D


tD" }-I'll count those classic heuristics within to that AH category too because I'm using always these both. This 8 % was based on what NOD did against my quite old randomly picked samples collection plus what NOD did in Jotti's against those new nasty ones. So, just an assumption. :) So the rest 92 % were detected by signature.

Best regards,
Firefighter!

-{ Quote: "so at least I'm curious to know how much NOD detected from their own detectings in Av-Comparatives 08-2005 test by signature.
" }-Silly question, and i didn't expect it from you:o

-{ Quote: "Silly question, and i didn't expect it from you:o" }-Maybe this is silly to you, but who cares? This may be silly to you too that how many elks there are in the Southern Finland forests in a 100 square km, but they will kill tens of people every year in Finnish highways. ::) I can't just criticize somebody, what he/she is thinking about when he/she is making a question! I think the web is a free world. :)

Btw, Maybe I just wanted to know how close my own sample collection is against those heuristics detectings compared to that what Av-Comparatives used! Is that just silly?

Best regards,
Firefighter!

-{ Quote: "I think the web is a free world. :)
" }-
Is correct.:)

And that's exact the reason why i give MY point of view;)

the problem is
if nod32 found alot of virus be Heuristic that mean nod32 not sure 100% if this file is true virus
so you send this file to ESET and wait more than week to add it ,
for example
your friend send to you a file , you scan it by nod32 and alarm you there is (probably unknown NewHeur_PE ) so you will not use it only after you sure there is no virus or the alarm was FP
so you send the file to ESET and wait more than week to add it
but what if the file is imprtont and you need the answer today ?
will you wait for a week or more !!!
the problem also they will not reply your email , nobody will till you there is virus or not

on the other hand
kav
if your friend send to you a file and kav give alarm there is a new unknown virus so you send it to KAV company
after 2 hour the will reply your email with the answer !!!
if there is virus you will delet the file
if there is no virus i will use the file !!!
simple!!!
just in few a hours i have the answer!!

the problem is not all virus found Heuristics is virus
there is FB
so we need to know before we delet any file is this a virus or just FB ?
to know the answer you need to send the file to ESET and you dont know will happen after !!

I have removed a number of off-topic posts including those by myself in order for those that wish to discuss the thread topic further without the side distraction my initial posts appeared to have caused.

As a side note....I am not a Nod32 user and the posts by myself directed toward who they were directed to had nothing to do with Nod32 per say and should not have been construed as supressing any trade secrets and there definetly was nothing defensive of Nod in my replies given I am not a Nod user.

I erred in the initial handling of this matter and ask that we simply continue with the thread topic.

Regards,
Bubba

for 12V.

NOD32 warns you about unknown threat, but the possibility that KAV will warn you about unknown threat is almost zero. So you WON't SEND THAT FILE TO KAV AND YOU WONT GET ANSWER AND YOU WILL BE INFECTED!!!!

-{ Quote: "for 12V.

but the possibility that KAV will warn you about unknown threat is almost zero." }-
Thats true fosius, because most likely it will already be in the signatures.;)

-{ Quote: "Thats true fosius, because most likely it will already be in the signatures.;)" }-

Or just no warning at all with heuristics.;)

http://www.wilderssecurity.com/showthread.php?t=112902

I may be missing something but to tell the truth as long as an AV works(that is detects what its meant to detect not keep users amused in discussion forums!)I'm not bothered what method it uses to detect nasties.Heuristics or Signatures(or black magic) does the method really matter.
I know someone is going to answer:-heuristics are better cos they catch zero day threats and somebody else will say signatures are better cos they're more targetted and give less false +vs(might be true ,I dont know) but in the end does detection method really matter to the end user?

-{ Quote: "I may be missing something but to tell the truth as long as an AV works(that is detects what its meant to detect not keep users amused in discussion forums!)I'm not bothered what method it uses to detect nasties.Heuristics or Signatures(or black magic) does the method really matter.
I know someone is going to answer:-heuristics are better cos they catch zero day threats and somebody else will say signatures are better cos they're more targetted and give less false +vs(might be true ,I dont know) but in the end does detection method really matter to the end user?" }-
I personally think you're correct on this.:)

-{ Quote: "Or just no warning at all with heuristics.;)

http://www.wilderssecurity.com/showthread.php?t=112902" }-
Not tru..iz fake..Kapsperky iz best with ewrithyng, it can ewen mow lawn & take garbage out........;D

-{ Quote: "Not tru..iz fake..Kapsperky iz best with ewrithyng, it can ewen mow lawn & take garbage out........;D" }-

:) :) :)

-{ Quote: "Not tru..iz fake..Kapsperky iz best with ewrithyng, it can ewen mow lawn & take garbage out........;D" }-Oh no! Many people will want to run separate programs for those functions. Sounds like it's becoming bloatware. ;) ;D

Who really cares, for as long as it's taking the garbage out instead of me :P;D

-{ Quote: "Not tru..iz fake..Kapsperky iz best with ewrithyng, it can ewen mow lawn & take garbage out........;D" }-At last Electrolux has met the winner in the vacuum cleaner market. I'm gonna buy one of these to my wife as a late Xmas present, it's even cheaper than that 300..400 € for an Electrolux. ;D

Best regards,
Firefighter!

Try Vorwerk ;D

-{ Quote: "At last Electrolux has met the winner in the vacuum cleaner market. I'm gonna buy one of these to my wife as a late Xmas present, it's even cheaper than that 300..400 € for an Electrolux. ;D

Best regards,
Firefighter!" }-
Don is talking about the special Moderator version of KAV. He's spending so much time on the forum, that Grnic and Graf made him this version to keep him from suffocating in acumulated dust etc ;D

*SSK ducks and dives for cover :lurking: *