I have used both of these virus protectors for some time. I have come with this conclusion. Nod32 in my opinion is a toy...I don't really feel my computer is well protected using this product. The company makes no record or written statistics on the size of it's virus database....that scares me. If it has a database of 75,000, then they should let it be known. When they don't mention any number at all, it tells me that the number is probably very low and that they are trying to keep it swept under the carpet and out of mind. It seems to me that they are almost relying too much on Heuristics. Don't get me wrong, Heuristics are good, but having a solid virus database is also important such as KAV...over 75,000, etc.
This is where DRWEB comes in. People complain that DRWEB has all of these "Fasle Positives"...well to tell you the truth I like the false positives. It tells me that DRWEB is alive and doing it's job...If it can pick up possible suspicious viruses, then think what it can do to a real one when it surfaces. When a virus protector just sits there quietly over the course of a year and never picks up a single virus or suspicious virus I tend to question if it is really on the lookout and doing it 's job. I am very happy with DRWEB and will use it for many years to come. I can't wait to see what new features they add in the future. If you havn't checked it out everybody, your missing out. Have a good day people.

Barney

Hi Barney

I'm sure DrWeb is a good AV. Although I haven't tried it, I've seen many good reports, including the Wilders review.

But I must say that your case against NOD32 isn't very compelling. It may be true that DrWeb is better (although I think that what is best calls a lot of personal preferences into the equation), but your posting hasn't really convinced me - with all due respect for your opinion.

The judgement in your post seems based on two notions: (1) since there are no published stats on the size of the signature database - then it must be small, and (2) that DrWeb's reported false positives are not a liability, but an asset.

In regard to (1), well it is just an assumption, isn't it? In regard to (2), I can see how someone who is comfortable with the OS and can properly research suspect files can live with (and even enjoy) confirming ambiguous warnings from an AV. But I sure know I wouldn't want my wife to be prompted to do something about a suspect file while I wasn't around to help her!

I do note that your experience with DrWeb seems to confirm that there are "false positives". You must agree that there might be some sensible users who do not enjoy confirming such things on behalf of their AV - they would prefer the AV take care of it.

I also note your use of the term "suspicious virus" - which is confusing. I would say that it is more appropriate to think of such an item as a suspicious file - maybe it's supposed to be there, maybe not. The "suspicious" part only applies until you know whether or not it is malware. There's no sense in citing the number of suspicious files found by an AV as evidence that it is better at catching malware. Wouldn't you consider a hunting dog less talented if it led a hunter to a pile of old shoes twice as often as it found rabbits, as compared to one that only found rabbits?

In the end, I decided that there are many subjective traits that make an AV better or worse than others. This is even apparent in your post. So I just decided to go with the AV that a lot of informed people (around here, anyway) are satisfied with.

Respectfully,
Optigrab :)

i know there are a lot of nod32 fans here but i gotta say i agree with barney. ive tried nod a few times and ive always ended up disappointed. its not fast (compared to drweb) and i have a private collection of viruses and trojans that ive collected over teh years. needless to say nod doesent find any of the trojans (yeahi know its an av not an at)

KAv is the king, no doubt about that, but id say drweb is a good number 2, especially when u consider how lightweight and fast it is. going from nod to drweb on my pc (2600+) feels like adding an extra ghz cpu power..

true, drweb generates a few false alarms. doesent bother me as long as it finds all the real malware and doesent slow down my comp

thats my opinion on the matter

The following probably can only be used to demonstrate how obsessive I can be :P

While I m unable to find a published total for NOD32 signature database (I really didn't look for more than a couple of minutes), it was fairly easy to do a quick count of new virii added to the database recently.

I just had the word processor count all the commas used within the Update Info on the Eset site:
http://www.nod32.com/support/info.htm

1254 new signatures added in the last 30 days - since Aug. 25 update (inclusive).
2509 since July 16 update (inclusive).
6774 since beginning of 2003.
Although my method isn't the best example of fact finding and may not be precise or accurate, I imagine the likeliest error here would be that ESET hasn't posted the details of every database update, in which case the actual cumulative would be higher.

Can't comment on the speed of DrWeb or its resource usage - I haven't trialed it, though it may be as good as Tahoma attests. These two characteristics are valid points of comparison. But it would be helpful to get some quantitative results. 8)

-{ Quote: " quoting: Barney link=board=24;threadid=14186;start=0#msg89648 date=1064410472]
Nod32 in my opinion is a toy...I don't really feel my computer is well protected using this product...Heuristics are good, but having a solid virus database is also important such as KAV...over 75,000, etc. " }-

NOD32 catches all the ITW stuff and then some. I use a KAV-based av as a second opinion as well. It hasn't caught anything NOD32 missed. It did give me a couple of fp's, though. That's why it's a backup.
-{ Quote: "

This is where DRWEB comes in. People complain that DRWEB has all of these "Fasle Positives"...well to tell you the truth I like the false positives. It tells me that DRWEB is alive and doing it's job..." }-

It tells you that it's doing it's job poorly. No wonder you never see Dr. Web on networks. The false positives would drive an admin nuts.

-{ Quote: "
If it can pick up possible suspicious viruses, then think what it can do to a real one when it surfaces.
" }-

How could you tell if it was "real" or not??
-{ Quote: "
When a virus protector just sits there quietly over the course of a year and never picks up a single virus or suspicious virus I tend to question if it is really on the lookout and doing it 's job." }-

I don't. I tend to believe that if it's configured properly, and has a reputation to CORRECTLY identify bugs, that it will do it's thing without me having to babysit it--one less thing I have to worry about. How on earth are constant fp's a good thing?

;)

Normally poor detections correspond with improper configurations, disabling or not enabling crucial Features mainly for the soul purpose in attempt to save every little bit of System Resources possible, or because user’s lack of kn0wledge of the Anti System.

{

Another-way of putting it, I have 3 Levels;

3) - Maximum
2) - Medium
1) - Low

If user choose first selection (Low) or second selection (Medium) and my Anti-Virus System failed to detect a threat, who or what’s at fault the Anti-System or the user for selecting all other-than the Maximum Level?

-

If user chooses not to use “Automatic Updating” and prefer to-do manual updates every week or two, or they have a Software Firewall blocking Outbounds and/or the Inbounds of the Updating process than who or what’s at fault for Anti-System not detecting the threats?

-

If user is using Outdated Application components who or what’s at fault for not detecting the threats?

}

As for my opinion about using Anti-System with lots of false positives, I wouldn’t enjoy that a whole lot. I wouldn’t recommend something like that which Alarms it’s customers of something which really isn’t nothing. Possibly deleting something that wasn’t nothing just because of false positives, I’d say something that unreliable I surely wouldn’t trust keeping my computer protected.

I’ve personally seen NOD32 in action numerous times on users Machines, I can say it’s as good as the user who uses it… ;)

I am quite a strong supporter of DrWeb myself (in secret ;) ). But even with that said, I do not feel your judgement of NOD32 is entirely warranted.

First, I do not believe the number of virii in a databse is a good indicator to how "solid an antivirus' database is." AVs with weak unpackers might count the same virus 2, 5, 10 times etc; labeling it as a different variant each time just because it was packed differently or with a different unpacker. And just because NOD32 does not reveal this information directly does not mean they are trying to hide anything. To me it really makes no difference (as far as detection rates go). Just like it would make no difference if an AV were to exaggerate how many virii they could detect. They could say they can detect 100000, but only detect 60000. The fact is that it STILL only detects 60000. So why use numbers when you can be assured that NOD32 is one of the best ITW AVs (http://www.virusbtn.com/vb100/archives/products.xml?eset.xml) ? The support center at NOD32s site also can provide some information if you are wondering if NOD32 detects a particular virus (http://www.nod32.com/support/support.htm) . Not to mention that the NOD32 forums here also make it easier to report a suspected threat or confirm with others if something is already detected.

Secondly you mention heuristics and false positives. Just because you are getting false positives does not mean that particular AV has "good" heuristics. If this were true then there wouldnt be so many developers trying to limit the number of false positives that their programs generate. Also, if you have an AV installed it should (for the most part) always be operational and running in the background. You should not need a false positive to prove that it is "paying attention." Also false positives are not an indicator that your AV has a greater chance of detecting new virii when the time comes. If an AVs heurestics are not designed to look for certain behaviors or commands that a new virus uses, it is just as likely to miss the virus, no matter how many false positives you were getting before ;) . That is why a combination of good heuristics with signatures are important. And that is what NOD32 offers as well.

To reitterate I am not saying that heuristics are not important (I obviously think so if I am using DrWeb). What I am saying is that it is a lil harder (than what you made it sound), to correlate the quality of heuristics with false positives.

Just my .02

People are free to have their own opinions, however a few thoughts....

If one decides that the advertised number of viruses covered correlate to the quality of an AV, one should first find out what that number consists of. Variants of the same malware counted separately? Whereas some other AVs might group several in a sort of generic defintion? Junk files and broken viruses that don't work at all and thus are no threat? Stuff that isn't malware at all? Viruses that perhaps were written and provided to an AV developer by the authors (and so get included in the count) but are still contained in the authors' collections and have never been in the wild and most likely never will be? The numbers game can be a bit of an AV industry sham IMO if one really looks at what those numbers really represent. Numbers alone don't mean that much about the actual quality of an AV in real world use.

Not speaking of Dr. Web specifically at all but just in general, the idea that a significant rate of false positives means an AV is working is not my view. To me it just means that the AV's alerts can't be trusted to a signficant degree if it's prone to false positives. I've always thought that an AV prone to false positives can be more dangerous than some viruses if it leads an undiscerning user to delete system files, for example, as a result of a fp. Again, I'm not speaking about Dr. Web since I haven't used it but know that it's generally considered a good AV. But I once briefly used another AV (not so well regarded) that was given to false positives and I concluded that it was something I simply couldn't trust and got it off my system.

So that's why these are not criteria that I would use or recommend another use to judge the effectiveness of an AV and the suspected "ineffectiveness" of other products.

My 2 cents and point of view regarding false possitives:

The Virus Bulletin not without good reason denies VB 100% award in tests to antivirus which produces false positive virus indentification. This happened to NOD32 only once, DrWeb scores suspicious files and FP on a regular basis.
Count numbers of VB 100% awarded to a NOD32 and DrWeb in a long time period. Which of the AV performs better againt known and defined set of the viruses which may occur in real life situation?

false positives can be verified or dismissed using a 2nd backup scanner.
in my case im running drweb, and i love the liberty and sense of freedom it gives me cos of its speed. if theres an alarm from drweb, or if i have downloaded a file that i think is suspicious, i let kav scan them.

works for me :)

As we've stated on our website: Dr.Web is a very fine antivirus - for those who do have far more knowledge than the common user/Average Joe.

We strongly recommend against this software for average common pc users - and that' still 98% of all users. Far too many times we've been contacted by those average users crying for help, since (due to the Dr.Web heuristics and false positives on O/S depending needed files), they actually deleted those sound files. Result: a havoced O/S.

Unless one knows exactly what's one's up to: keep away from Dr.Web. In case one knows: it's Dr.Web belongs to the better antiviruses to use for sure.

regards.

paul

-{ Quote: " quoting: tahoma link=board=24;threadid=14186;start=0#msg89806 date=1064490471]
false positives can be verified or dismissed using a 2nd backup scanner.
" }-
I use a different approach - i grab a debugger, disassembler and will dissect the nastie. Having 2 different AV is waste of money from my point of view. And in the case of 2 resident scanners you are askin' for troubles..

Hello Paul

Your comment on AV's such as DRWEB being not a good idea for most users is an excellent point. This is precisely why I recommended Nod32 to a friend of mine, despite her moving from a free AV to paying for Nod. It's ideal for her, as she is a novice and probably always will be, as the Net is far from being the most central point in her life - and that's as it should be. Many people out there will never take the time to learn the ins & outs of computers, the web, security etc simply because they live busy fulfilling lives, and have little time to learn everything to do with technical matters. I have patiently tried to teach her about different things but the simple fact is that by the time I get to play the teacher again it's been so long she's forgotten what I taught.
Like many people who get online she doesn't know much about the pitfalls and has the expectation that like any other appliance you should just be able to switch it on and expect it to work without having to learn much. Nod32 is great as I can set it for her and it just reliably does it's job in the background, without her having to remember to download the latest updates etc. It's already caught a couple of worms trying to sneak in - one of them our old 'friend' "Ha ha sexy fun" ::) For myself I remain very satisfied.

Morris

With regard to FP's - who here hasn't heard the story about the little boy who cried wolf?

FP's are dangerous to the uninformed - which as Paul pointed out is most people.

Also, how can scanning speed be brought into the equation if you need to (I'll assume on-demand scan):

1/Run an on demand scan
2/Get FP's
3/Run your "back-up" AV to double check
4/Investigate the whole situation and make an educated decision

I'd rather just stick to running the scan once and getting a real result that I'm satisfied with.

although drweb comes up with some false positives you must also admit that it's powerful heuristics sometimes catch unknown/new malware too.. and to me this is more valuable!
also count the fact that drweb is among the better trojan scanners among av's. something that nod 32 is not

-{ Quote: " quoting: mrtwolman link=board=24;threadid=14186;start=0#msg89791 date=1064484856]
My 2 cents and point of view regarding false possitives:

The Virus Bulletin not without good reason denies VB 100% award in tests to antivirus which produces false positive virus indentification. This happened to NOD32 only once, DrWeb scores suspicious files and FP on a regular basis.
Count numbers of VB 100% awarded to a NOD32 and DrWeb in a long time period. Which of the AV performs better againt known and defined set of the viruses which may occur in real life situation?
" }-

Unless anything has changed ,Im not sure whether the VB 100% awards , has any good reason at all for denying AVs that produce one false positive; and then give the 100% award to another AV that missed 299 "real" viruses.Id rather an AV that produced 1 false positive with no VB award than one that had a 100% VB award but failed to detect all those viruses.

http://www.nod32.com.au/nod32/awards/vb0207.htm
me

-{ Quote: " quoting: mrtwolman link=board=24;threadid=14186;start=0#msg90057 date=1064588062]
-{ Quote: " quoting: tahoma link=board=24;threadid=14186;start=0#msg89806 date=1064490471]
false positives can be verified or dismissed using a 2nd backup scanner.
" }-
I use a different approach - i grab a debugger, disassembler and will dissect the nastie. Having 2 different AV is waste of money from my point of view. And in the case of 2 resident scanners you are askin' for troubles..
" }-

Agreed, espically when using a 2nd backup scanner to "verify" totally defeats the purpose of using a antivirus with good heurtics.

For example, You use Drweb and NOD as a backup. You can replace the names with any 2 antiviruses, one with all aggressive heurtics , one wihout.

Drweb's excellent heurtistics picks up something as suspicious, say it's perhaps something totally new . You verify it with NOD, naturally it says no not having as aggressive heurtistics.

What have you learnt? The more aggressive scanner says something is up, the less aggressive one says nothing is wrong. This is exactly what you would expect if it's something real. Of course the former could be wrong too in which case it's a false alarm, but either way you havent learnt anything from doing a secondary scan.

If you are going to take the word of the secondary scanner over the primary one, to verify or dismiss threats, you might as well use the secondary scanner in the first place!


You might as well scan with NOD in the first place!

If you are not going to trust Drweb's heurtics, you might as well don't use it in the first place.

That's all just fine for addicts - the average Joe is quite a different story.

I've seen common users rely on Dr.Web blindly - and a system havoc as a result. Keep in mind if a common user has an antivirus installed (which is far too often not the case...) he will trust it - never heard of "back up antiviruses".

So you guys who know what you're talking about just go ahead - but I for one would recommend strongly against Dr.Web for the average user, if only to protect himself against the consequences of using software he does not know the implications from. Far too much harm has been done that way.

M

Here are some results comparing Dr Web and NOD (and KAV);

http://www.dslreports.com/forum/remark,8201352~root=security,1~mode=flat~start=40

Lively discussion going on as usual.




Added URL tags

-{ Quote: " quoting: Blackcat link=board=24;threadid=14186;start=15#msg93185 date=1065987154]
Here are some results comparing Dr Web and NOD (and KAV);

http://www.dslreports.com/forum/remark,8201352~root=security,1~mode=flat~start=40

Lively discussion going on as usual.
" }-

Hmm all I see is NOD versus KAV. No mention of Drweb.

It's me again, the one who started this topic some time ago. I spoke pretty strongly against NOD32 and I am back to give you my newest opinion on this antivirus. Nod32 in my opinion has come a long way these past few months and I am very impressed. I was so impressed that I took the plunge and bought another 1 year license. I believe this AV to have a lot of features and an excellent detection rate. Nod32 is right up there with DRWEB (still my favorate). I recommend these two AV's to everybody out there.

Barney

I just installed a C compiler and single-handedly made the ULTIMATE anti-virus utility. Better than NOD32. Better than Dr. Web. Better than KAV. Better than ALL of them.

Super-Duper-Pooper-Heuristics are the key.

You see, all it does is flag EVERY file with a Win32 executable header--and EVERY single interpreted-code file--as an "unknown virus". Bingo! The BEST anti-virus utility ever!

;D ;D ;D ;D ;D ;D ;D

Is Dr. Web really that much faster (when used as a real-time monitor) than NOD32?

I found that NOD32 uses about 3 times the memory that DRWEB does, but if you have lots of RAM this shouldn't be an issue at all. When it comes to the "Real time monitor", I found them to be about the same. Both have an unnoticable hit on system performance.

Barney

The only real annoyance I have with NOD32 is that whenever I launch a runtime-packed executable, my system has a "mini freeze" while NOD32 scans it. My mouse cursor actually freezes for a second. This didn't even happen with KAV (though KAV had some other, and phenomenally-aggravating, CPU-churning habits).

Does anyone else have that issue with NOD32? The way to test would be to launch a UPX-packed executable, then immediately begin moving the mouse cursor rapidly, and keep trying to move it until the program has been on screen for several seconds. Any lag in cursor movement means I'm not alone in experiencing this problem. (You can't just run a program and see if it happens; it has to be a runtime-packed program. You can use UPX (http://upx.sourceforge.net/) yourself to test. Just use the command line "upx -9 [EXE name]" to compress the file. The command line "upx -d [EXE name]" unpacks the file.)

If Doctor Web didn't have that problem, I'd consider switching to it.

Nameless, I have been using DRWEB for over two years now and have not had a single problem with it. It scans your hard drive almost as fast as NOD32 and can catch viruses very effectively. True, every so often you will get a false positive, but this is usually easy to spot if you are somewhat experienced. I would definately give it a try.
The only thing that bothers me is that everytime you make a settings change with the on access scanner, it requires a reboot. There is also a new antivirus out there that uses the same DRWEB engine. It is called Viruschaser. I tried it out and it seems to be pretty good. See ya later. :D

Barney

There has been some discusion on how many virus defs nod32 has in it's list. This isn't all but if you want an idea how many follow the links and it will show you the defs from version 1.133 to 1.624 all the individual virus's. Keep in mind this not all it detects. this is only back to v1.133


http://www.nod32.com/support/info.htm#CurVersion


http://www.nod32.com/support/infoarchive.htm

-{ Quote: " quoting: illukka link=board=24;threadid=14186;start=0#msg92309 date=1065610792]
although drweb comes up with some false positives you must also admit that it's powerful heuristics sometimes catch unknown/new malware too.. and to me this is more valuable!" }-

Agree!

Isn't it possible that folks who are too uninformed to deal with a false positive are pretty much the same folks who never use {or never even heard of} any AV other than NAV or McAfee??? {I think this is somewhat analogous to the reasons why my dear old Grandma Lily drove Fords all her life, & never went shopping for a Ferrari.}

How many 0-day viruses have you proponents of overly-strong, malfunctioning heuristics come across, where your heuristics actually saved you? I am not merely asking if your heuristics ever flagged a virus that had no signature; I want to specifically know when your heuristics have ever saved you after you actually ran some virus that had no signature. For example, did you get MyDoom in an email message, when it first hit and there were no signatures for it yet, and actually open the attachment--and had your heuristics save you?

For that matter, have you ever heard any report of any individual, anywhere, activating a malware and being saved by heuristics, where that person hadn't done something ill-advised?

-{ Quote: " quoting: nameless link=board=24;threadid=14186;start=15#msg131068 date=1076751060]For example, did you get MyDoom in an email message, when it first hit and there were no signatures for it yet, and actually open the attachment--and had your heuristics save you?
" }-

I am not a particularly strong supporter of "overly agressive heuristics" but I definitely feel it has its place in an AV. Though I see where you are coming from... the question you pose seems a little unfair. Why not say the same thing about signatures in the context of email scanning (your example). What value do they have in that situation if one has a properly configured email client... downloads no attachments, all emails in plain text, no preview option etc etc. By doing those things you would have probably avoided mydoom as well.

Please correct me if i am wrong, but the point I feel that you are trying to bring up is that, misdiagnosing false positives that are generated from "overly agressive heuristics" can be just as dangerous as having an infection from a virus/worm. Or that it will perhaps cause needless worry for the end user. There are obviously quite a few negatives. So I will not argue this point, as I think we are in agreement if that is what you meant. But if one is aware of the possible downfalls and uses heuristics "responsibly", why cant heuristics be seen as more of an "extra" feature to go along with good signatures. Of course detection rates and quality signatures I still feel have a higher priority.

-{ Quote: "For that matter, have you ever heard any report of any individual, anywhere, activating a malware and being saved by heuristics, where that person hadn't done something really stupid?" }-

Awww I was with you... until you mentioned "stupid" ;)

Edit: I would just also like to add that depending on the vendor and product, heuristic signatures can also be revised and updated to avoid false positives, it is up to the users to take some time and perhaps submit a suspicious file to the vendor before taking action on a heuristic detection. Just like how users should submit an infected file that isnt detected by a particular scanner. This in itself can prevent a number of heuristic related mishaps.

My point had to do with how I saw novice users being derided as incapable of handling false positives, when in truth, false positives should not be construed as a welcome problem to be solved by a capable specialist, but rather a malfunction of technology. And if someone is going to try to bolster the case for strong heuristics, based on the premise that "they're great; but they're not for novices", it is a failed argument, because if you're capable enough to dig into false positives, you should also be capable enough not to need heuristics in the first place--because you shouldn't be activating 0-day malware. And if you're going to stand by the need for heuristics even in light of that, then tell me of even a single case where they saved someone who hadn't done something ill-advised. (And BTW, I edited out the word "stupid".)

In other words, I agree that heuristics are good to have and use, but false positives are a very, very bad thing. The reason is that novices are not only the ones who can't figure out what is a false positive and what is not; they are the ones who need heuristics to work reliably in the first place, because they're more likely to have a misconfigured firewall, and more likely to open whatever the email god sends them.

People who brag about being able to dig into a heuristically-flagged malware to see if it is a false positive should not have needed it to be heuristically-flagged in the first place. So how does it make sense to say that malfunctioning heuristics are good, "because I'm smart"?

I am dreadfully in need of sleep, so this is probably more akin to babbling than anything else.

Sorry I misinterpreted your point. I do not however feel that heuristics (as a whole) are a malfunction of technology. But I think ive pretty much exhausted my opinion on where and how highly i view heuristics.

Despite how capable one may think they are about malware (whether they be a newbie or network admin), the truth is, a lot of us still prefer that we place our trust in the hands of people who deal with malware every day. If anyone, they would be the ones who are most aware of trends and similarities that might develop in malware. And they will probably adjust their heuristic signatures to match these needs as they see fit. So perhaps one might not be saved today from a heuristic detection, but no one can say for sure that someone wont be in the future. And I am sure there are people who have been saved by a heuristic detection but have just not made it known in a public forum.

Dont get me wrong, I do see your point. And that is why I added that small point about submitting suspicious files to your vendor before taking action, in my last post. But then again I dont think it is completely fair either to blame heuristics or say it is useless because of the actions of novices. Being a novice myself it takes awhile to learn certain aspects about computer and internet security. Very rarely is someone there to hold the hand of each and every new novice that make their way onto the internet. So it can not be expected that heuristic technology meets every(one/novice)s needs and then perform flawlessly in that regard.

Personally, I have tried to take into account many factors when choosing the security products I register with. And I try to choose products based upon my needs and what i feel are legitimate threats. I have actually recently renewed my 5 user license with DrWeb, and while the fee is partly for its updates, I like to think some of it is for support as well. So why not take advantage and submit a suspicious file to be sure :) The thing with DrWeb is that heuristically detected files are usually clearly marked as being "probable" (I think thats the word that is used, dont exactly remember).

-{ Quote: " quoting: rerun2 link=board=24;threadid=14186;start=30#msg131102 date=1076759172]
I do not however feel that heuristics (as a whole) are a malfunction of technology." }-

No, heuristic malware analysis is a technology. False positives are a malfunctioning of that technology.

-{ Quote: " quoting: nameless link=board=24;threadid=14186;start=30#msg131109 date=1076761001]
-{ Quote: " quoting: rerun2 link=board=24;threadid=14186;start=30#msg131102 date=1076759172]
I do not however feel that heuristics (as a whole) are a malfunction of technology." }-

No, heuristic malware analysis is a technology. False positives are a malfunctioning of that technology.
" }-
With all the respect I do not agree with the above statement. No doubt, heuristics is a technology. But false possitive are not malfunction of the technology. They are result of matter of facts. Maybe you never heard of Cohen's theorema. Back in 1983 Dr. Cohen proved that there is no way to distinguish with reliability of 100 per cent if some code is virus or not using automated system (like AV program).
False possitives are price you have to pay for change to detect some malware as an additional protection. Notify scanstrings are result of having the malware in the virus/trojan etc. collection of the vendor. This can be called passive aproach. Heuristics is contrary to the scanstrings pro-active aproach... Can detect some reasonable portion of the malware before if gets in the hands of vendor...

Regards....

Malfunction
Verb: To fail to function, or to function improperly

Proper
Adjective: Marked by suitability or rightness or appropriateness

If heuristics are functioning "properly", they won't give false positives. I am not saying that it should be expected for heuristics to function properly 100% of the time; I am simply saying that when they don't, they are functioning improperly. If an innocuous file is flagged as malware by heuristic analysis, that file was something that was not appropriate to flag. How can one argue that it is "appropriate" to flag harmless files?

Just because something cannot be made totally reliable does not mean that it always functions properly. Facial-scanning technology is not 100% reliable, but I think it's safe to say that if you were arrested at the airport because your face was flagged as belonging to a terrorist, you'd find that conclusion inappropriate. Maybe in the middle of your body-cavity search, you'd even think it was a "malfunction" of the facial-scanning technology.

It has been quite a while since I first started this thread, but I am back with more opinions these two antivirus programs.
I'm still a die hard DRWEB fan, but I am starting to see prloblems creeping up in their latest releases. DRWEB is rock solid in XP, but has become unstable in Win 2000. Every time I boot up, my system spontaneously reboots after I enter my Windows login password. The only way to get around this problem is to manually start Spidernt after windows has started. I still use DRWEB, but when my license is up, I may be going back to NOD32 as my on access scanner. I remember NOD32 as a fast, stable program, so this may be the one I go with. Hopefully DRWEB will fix their bugs soon, we'll have to wait and see.
What do you guys think? Is this a good move, or do you have a better antivirus solultion for me?


Barney

KAV v4.5 is still champ as far as I'm concerned, might not be as low on resources as others but for detection it is very hard to beat - very configurable, not the best interface but you just get used to it. I'm staying away from the newer KAV v5.0 for at least 6 months as it still appears to be in beta rather than release state if you ask me.

Fedorov.

An option that could be worth looking into is F-Prot. It seems that you are looking for something with strong heuristics and a light footprint. F-Prot is lighter that both DrW & NOD32 and also features comparable heuristics. It's other options are pretty barebones (ex. no dedicated email scanner) but I guess that keeps it light. Also F-Prot 4 is coming around the corner.

I bought F-prot a few years ago and was very impressed with it's light footprint. F-prot is also one of the fastest scanners I have ever seen. I may very well look into F-prot when version 4 comes out.
Kaspersky 4.5 is also very good. I don't think any virus gets unnoticed by KAV. It's one of my favorates.

Barney

-{ Quote: " I'm still a die hard DRWEB fan, but I am starting to see prloblems creeping up in their latest releases. DRWEB is rock solid in XP, but has become unstable in Win 2000. Every time I boot up, my system spontaneously reboots after I enter my Windows login password.Hopefully DRWEB will fix their bugs soon, we'll have to wait and see.Barney" }-
Have had no problems at all with Dr Web on my Win 2000 desktop, SP4, even with the recent version release.

IMO, some instabilities with Dr Web may be seen with 'older' OS installs. With a fresh install of an OS, I have found this AV to be very stable.

Maybe if you try a fresh format and then load on Dr Web, it may become more stable on your Win 2000 system?

DRW is very stable in my ancient WinME box -- & that's saying a lot. ;D

Dr. Web is very Good but NOD32 has better detection and is a Excellent Company, has a lot experince vs Dr. Web, Dr. Web would be low resource but NOD32 would be same with better quality product,

Well i've tried many antivirsus.I will give Dr.Web the thumbs up.It does it's job and uses very little resources .

I still like nod 32,but it's resource usage is too high for me.


If ya want the best to get those nasty pest get the doctor--Dr.Web that is ;D

-{ Quote: "Well i've tried many antivirsus.I will give Dr.Web the thumbs up.It does it's job and uses very little resources .

I still like nod 32,but it's resource usage is too high for me.


If ya want the best to get those nasty pest get the doctor--Dr.Web that is ;D" }-

The same on my computer, DrWeb is working great...I give it three thumbs up.

;D

-{ Quote: "The same on my computer, DrWeb is working great...I give it three thumbs up.

;D" }- Let me add, running great on my rather old Laptop. Im going to replace Panda with DrWeb on the desktop now that Panda Platinum is history and my free deal is running out. Panda is just a bit too pricy and also a bit heavy on resources. ;D

I just down loaded Dr. Web and who ever said it was light on resources is nuts. I don't even have the email scanner enabled (I thought it didn't have one..I don't want one and one reason I am trying it was because I thought it was a bare bones av like F-Prot). It is using 69MB memory on my XP Pro box! It is running TWO instances of SpiderNT.exe. Plus, it is VERY slow to do a full scan. It takes longer than KAV 4.5. It thinks Script Sentry is a virus but other than that it was accurate in the full scan I ran.

I found the latest NOD32 to be full of false positives. That is one reason I did not renew my license last month. NOD32 was a much better av when I got it two years ago than it is now. It is bloated now. Still, it is much lighter on resources than Dr. Web and a little faster scanning. F-Prot is the winner as far as low resources and extremely fast scanning.

-{ Quote: "It is using 69MB memory on my XP Pro box! " }-
I have never heard of anyone, reporting this usage with any AV, never mind Dr Web which is noted for its very light footprint. Have you updated the program since you installed it? There have been some bugs with the latest version but these have been corrected of late.
-{ Quote: "It is running TWO instances of SpiderNT.exe." }-
This is normal.
-{ Quote: " Plus, it is VERY slow to do a full scan. It takes longer than KAV 4.5." }-
Not on any of my systems with KAV 4.5 as a backup scanner.
-{ Quote: "NOD is much lighter on resources than Dr. Web and a little faster scanning. " }-
Again most people will not see this. NOD version 2 takes up more resources than Dr Web.

I have suggested in another thread what to try on your system to give a fair trial and appraisal of Dr Web. With all the previous AV's you have tried of late, the debris left over from these programs is conflicting with the normal operation of Dr Web. Further, it prefers to be the first AV installed on any system.

The extraordinary memory usage you report indicates that there must be a conflict somewhere. Again you cannot project this resource usage on all other potential systems. Your observations on Dr Web are not normal and are unique to your computer.

Blackcat, I did what you suggested, but rather than reinstalling windows, I ran a really excellent registry cleaner on my system. DRWEB starts up perfectly in Windows 2000. Well, looks like DRWEB is back to #1 on my list.
Mele20, that is very weird that DRWEB was using a lot of resources on your system. I have it running constantly and see almost no hit at all on my system. I don't know if you still have Nod32 on your system, but if you do, this could be what is causing the problem. Nod32 and DRWEB do not get along at all. I have tried several times to have both programs installed on the hard drive, but always ran into problems. Once you get DRWEB running smoothly, your antivirus search will be over.

Barney

-{ Quote: "I just down loaded Dr. Web and who ever said it was light on resources is nuts. I don't even have the email scanner enabled (I thought it didn't have one..I don't want one and one reason I am trying it was because I thought it was a bare bones av like F-Prot). It is using 69MB memory on my XP Pro box! It is running TWO instances of SpiderNT.exe. Plus, it is VERY slow to do a full scan. It takes longer than KAV 4.5. It thinks Script Sentry is a virus but other than that it was accurate in the full scan I ran.

I found the latest NOD32 to be full of false positives. That is one reason I did not renew my license last month. NOD32 was a much better av when I got it two years ago than it is now. It is bloated now. Still, it is much lighter on resources than Dr. Web and a little faster scanning. F-Prot is the winner as far as low resources and extremely fast scanning." }-

I think that there have to be something wrong in your PC concerning DrWeb's memory consumption. In my PC, look at the picture, where "drwebscd.exe" has the highest value of DrWeb processes.

Best regards,
Firefighter"

Perhaps, Mele you are experiencin' this (http://www.wilderssecurity.com/showthread.php?t=52669&highlight=drweb) .
Check spiderNT’s vitural memory usage, it should be low.


tECHNODROME

Yes, please see the thread Technodrome linked to above. Appearances can be deceiving and I've tried to explain the memory usage situation with Dr Web several times but never with pictures... :P
Look at the Virtual Memory column before running the scanner and after. You will see it doesn't change except for a few minor flucations in some processes which is perfectly normal. Again, Virtual Memory is the true indicator of memory usage so this is what one needs to be concerned with.
Further, it is the memory scan in Dr Web scanner that causes the memory usage column in task manager to go crazy. I'm not recommending it but if you you uncheck "memory scan" in the scanner settings you won't see this behavior.

Just booted up my desktop system;

1. Using Faber Toys dependencies, Dr Web is showing the two spidernt.exe processes. One is the AV-service using 1004KB and the second, concerned with the GUI agent application is using 1.58MB memory. This memory usage is for a custom install of Dr Web with just the SpiderGuard and the scanner installed. So no evidence of high memory usage here.

2. With Windows Task Manager, again there is no evidence of high usage, either under peak memory usage or with Virtual memory Size.

Therefore as Technodrome has pointed out, your extraordinary memory usage readings are an anomoly of the scanner. The true memory usage is given by your virtual memory figures.
-{ Quote: "I just down loaded Dr. Web and who ever said it was light on resources is nuts." }-
A little hasty in our conclusion of Dr Web as a low footprint AV?

and after running Dr Web scanner.....

-{ Quote: "Perhaps, Mele you are experiencin' this (http://www.wilderssecurity.com/showthread.php?t=52669&highlight=drweb) .
Check spiderNT’s vitural memory usage, it should be low.


tECHNODROME" }-


You hit the nail on the head. I had just completed a manual scan when I looked at task manager and saw all the memory usage. I have the column for virtual memory enabled in Task Manager but I didn't pay attention to it for Dr.Web. I have XP Pro Sp1a. I rebooted twice this morning and noticed the resource usage for Dr. Web was way down to 9MB.

All this is moot though. I just uninstalled it. It slows my computer too much. It is the only AV that has done that. KAV 4.5 had no effect on the computer with everything checked to be scanned in RT. You check Dr.Web to do that and there goes a very fast Dell Dimension 8300 at 3GHz with 1024RAM. Might as well be using my old W98SE box. :(

Plus, I cannot abide by an AV that has basically NO help file especially when I hear the email support is awful. I could handle bad email support but not no help file. Even if Dr.Web had not reduced my computer to crawl, I would not use it without a decent help file. It really slowed my boot time! Plus, who wants an AV that you have to reboot when you change something? I mean that is one reason for having XP so you don't need to reboot for weeks (unless you are making lots of changes in things like I have been doing recently).

Needless to say, I was not impressed. I'd take most AVs over Dr.Web. Because there was no help file, I clicked on something in Dr.Web trying to see what it did since I couldn't read about it in the help file and the computer shut down and I lost some work. I have no patience for software that doesn't provide a help file unless the software is free.

Guess what everybody. I am having slight problems with DRWEB again. For some weird reason, my computer is spontaneously rebooting just after I enter my login password. The only way I can successfully log into windows is to set Spidernt.exe to "manual", then start DRWEB after I've logged in. I may have to make the plunge and reinstall windows, but I don't want to do that unless I absolutely have to. I wasn't having this problem at all with Version 4.32a. I am running BOCLEAN, VCOOL, Process Guard, Admuncher and Looknstop. These programs have never caused problem in the past, so they are probably not culprit. If anybody has a solution, please let me know. Thanks.

Two short questions (no pun intended)
@Blackcat...
Could you show us the usage of ewidoguard.exe ;)
@Shorty...
Did you use firefox for at least half an hour, 3+ tabs? (that sends my firefox to 22M, virtual: 35M)

Hello everybody, I was just curious on which antivirus has better heuristics/detection rate: DRWEB or NOD32. I have used both and tend to lean toward DRWEB. It's amazing what this little 5MB program is capable of. It has caught malware that no other antivirus' are capable of. Give me some feedback on this. Thanks.

Barney

-{ Quote: "
@Shorty...
Did you use firefox for at least half an hour, 3+ tabs? (that sends my firefox to 22M, virtual: 35M)" }-

Not sure what the status was at the time of that screenshot -- other then it was minimized and that is why the memory usage column is so low. Also, for the next name change I wish to suggest FirePig! oink! :D
I like the program but it sure likes to eat.

Anyone else noticed slowness with the doc when set to scan files that are created/ written AND accessed in realtime? Especially when viewing files via explorer with lots of "packed" .exe's. "Smart" scanning on the other hand doesnt produce this negetive results, however i do not feel comfortable with "smart scanning"

Thanks for any input

Sure. I saw that. I don't understand all this praise of Dr.Web. I thought it was the worst av I have tried and I have tried the vast majority. It brought my computer to a halt when I set it to scan all files in real time. No other AV has ever managed to do that! NOD32 slows this box with the current version if the HTTP scanner is used but KAV 4.5 doesn't slow it at all with everything set to max. Dr. Web is a very poor av unless you use smart scan which I would never do.

-{ Quote: "Anyone else noticed slowness with the doc when set to scan files that are created/ written AND accessed in realtime? Especially when viewing files via explorer with lots of "packed" .exe's. "Smart" scanning on the other hand doesnt produce this negetive results, however i do not feel comfortable with "smart scanning"

Thanks for any input" }-
Yes, there is significant slow down when SpiDer is set to scan on "run and open" and"create and write" You can improve SpiDer Guard performance (at the expense of using more memory) by increasing the "recent files" list to 1000. Right-click SpiDer Guard>> Control>>Options
Recent file list -- default setting is 100. I suggest you try between 500 and 1000. I've only played with it a tiny bit and it does help, but I didn't see miracles. :P
Personally, I prefer "smart" mode and I feel that I'm quite safe as long as full scans are regularly conducted. Would welcome disscussion or reasoning to the contrary, though.

-{ Quote: " NOD32 slows this box with the current version if the HTTP scanner is used but KAV 4.5 doesn't slow it at all with everything set to max. Dr. Web is a very poor av unless you use smart scan which I would never do." }-

No detectable slowdown here using the NOD HTTP scanner on a 2.8GhZ/1024 machine and cable connection.

As with any AV the results may be different for a specific platform, applications loaded, type of connection, etc..

Maybe u guys are running an app that make Dr Web slow down...
SpySweeper does that to Kav sometimes... to the point of a hang-up!

*Certain* folks have tried just about every major AV, including my beloved green spider DRW, & have had plenty bad schtuff to say about all of them. Doesn't bother me. Those folks seem to keep things rather spiced up -- like whipped cream on one's raw oysters, wot?

Still, I sometimes wonder -- since *certain* folks have found nothing good to say about ANY AV they have ever written about -- what in the world AV do they actually use? ;D

Very wise words indeed and I wish I siad that.........

Greetings,

Putin

I don't know if that comment was intended for me or not. But I have say I'm glad that I'm not using F-Prot which is the one I have liked best. If I was, I would have a major mess on my hands since it is flagging all java files as being viruses and deleting them without warning.
http://www.dslreports.com/forum/remark,11881163~mode=flat

I'm beginning to think safe hex and no av is the best way to go. ;)

-{ Quote: "*Certain* folks have tried just about every major AV, including my beloved green spider DRW, & have had plenty bad schtuff to say about all of them. Doesn't bother me. Those folks seem to keep things rather spiced up -- like whipped cream on one's raw oysters, wot?

Still, I sometimes wonder -- since *certain* folks have found nothing good to say about ANY AV they have ever written about -- what in the world AV do they actually use? ;D" }-

Amen to that statement :D
Cheers :)

-{ Quote: "Yes, there is significant slow down when SpiDer is set to scan on "run and open" and"create and write" You can improve SpiDer Guard performance (at the expense of using more memory) by increasing the "recent files" list to 1000. Right-click SpiDer Guard>> Control>>Options
Recent file list -- default setting is 100. I suggest you try between 500 and 1000. I've only played with it a tiny bit and it does help, but I didn't see miracles. :P
Personally, I prefer "smart" mode and I feel that I'm quite safe as long as full scans are regularly conducted. Would welcome disscussion or reasoning to the contrary, though." }-

Makes no difference to the speed unfortunatly :( . Guess ill go back to NOD32.
About "smart" scanning. I would prefer the virus never to touch my pc, opposed to deleting it after its been on the system... just me though.
Thanks for the suggestion though :)

bellgamin, although in a way i agree with you, however people find fualts with everything... nothing on earth is perfect! (except me of course...), therfore people settle with a certain product (then way they find best).

-{ Quote: "Dr Web is a very poor av unless you use smart scan which I would never do." }-
This is the old chestnut, that in some circumstances, executables may not be checked when SpiderGuard is in smart mode.

Because of the performance hit, most people have to run Spiderguard in this mode. However, several other AV's, including NAV, RAV, AVK and F-Secure for example, bring most systems to their knees if ALL files are selected in the RTM.

Generally, "smart mode" is recommended on a clean PC after you have run the on-demand scanner and scanned the whole hard disk(s) of your computer. After this check, "smart mode" is really a good selection as it is quick and reliable. In fact, "SM" is a combination of "Run and open" and "Create and write" but it does not check files on local disks.

As far as my personal settings are concerned, I use only the SM, and I launch occasionally the Dr.Web scanner - just to check the memory and processes running in memory.

Checking "Run and open" & "Create and write" is probably the best protective solution but this will lead to a considerable slowdown of your PC.

However, only a little extra care and safe-hex is needed when using Dr Web in smart mode;

1. Carry out regular scans using the on-demand scanner.

2. Right-click and scan on each new file that has been downloaded or about to be installed on your system.

These extra precautions, which should be used with all AV's, will ensure SpiderGuard even in smart mode will offer an excellent balance between protection and performance for most systems.

-{ Quote: "
However, only a little extra care and safe-hex is needed when using Dr Web in smart mode;

1. Carry out regular scans using the on-demand scanner.

2. Right-click and scan on each new file that has been downloaded or about to be installed on your system.
" }-
Agree 100%
Should be in DrWeb's skimpy Help File ;)

-{ Quote: "... DrWeb's skimpy Help File" }-
Skimpy?!! Non-existent is closer to the reality. ;D

For me, DRW's *Help File* is Wilder's. I am very grateful to ALL of you.

I second that. If you want DRWEB advice, this is the place to come. It's the place to come for any antivirus advice for that matter. I wonder if DRWEB ever has any intention of changing their interface. It does an excellent job, but a new look would be a nice change. I remember the change from Nod V.1 to Nod V.2.....that was a huge interface change. I think it would be cool as hell if the user had the option to select the old style pulsating heart on AMON.

Barney

Is that what that repulsive glob was supposed to be? A heart? ::) It looked more like an alien monster. I hated that thing. I would have gotten NOD32 long before I actually did if it hadn't had that ugly, malignant thing that I was forced to look at. :P

My wife still uses NOD32 v1 on her laptop. That pulsing "thing" is still cool. ;D


tECHNODROME

Is it still possible to use current signature files with version 1. I thought that it was no longer possible to update version1.

Barney

NOD has a new and improved support page that will answer a lot of your questions.
As a user of both versions, I prefer the latest 2.12.3 version.
You may know that an upgrade to the latest version is included in your license at no charge.
NOD32 (http://www.nod32.com/support/faq.htm)

-{ Quote: "Is it still possible to use current signature files with version 1. I thought that it was no longer possible to update version1.

Barney" }-

Yes. Both versions use the same virus signature files.


tECNODROME

-{ Quote: "My wife still uses NOD32 v1 on her laptop. That pulsing "thing" is still cool. ;D


tECHNODROME" }-

That doesn't look so bad! Mine never had NOD written on it and it was darker bloodred not a vivid scarlet red like yours. That may be explained by the fact I was using NOD32 version 1 on my older 98SE box with an ATI video card. The colors of everything on that box are totally different from the colors with my new XP box with nVidia and digital vibrance enabled. Yours doesn't look hideous like mine did.

I'm curious as to why anyone is still using version one. I was wondering why there is still activity in the version one forum. Isn't that version way too old now?

I have an opinion on both Nod32 and DRWEB. Most people say that DRWEB is a slow on demand scanner. I never did any accurate tests, but from what I see, DRWEB is a very fast and thorough scanner. I say it is definately right up there if not a little faster that NOD32. Does anybody else agree with this?

Barney

-{ Quote: "I have an opinion on both Nod32 and DRWEB. Most people say that DRWEB is a slow on demand scanner. I never did any accurate tests, but from what I see, DRWEB is a very fast and thorough scanner. I say it is definately right up there if not a little faster that NOD32. Does anybody else agree with this?

Barney" }-

Glad to read something else about NOD32. I agree with you completely. I am running Dr.Web for about a month now and I'm amazed about the speed, updates, malware catches etc. I have been using Nod32 for quite some time and never regretted switching to Dr. Web.
I find Nod32 a hard program to configure and it didn't handle infected mailattachments properly, received through the Eicar Mailtest, as Dr. Web detected them all and dealt with them properly!!!!!
I still believe that an infection should be dealt with by the AV program and it should not be left to decide what to do with it and scan your whole system or whatever, in order to get rid of the infections. That's the problem with eTrust as well at the moment.
But this is all a personal idea and feel very comfortable with the very fast and effective Dr. Web. But I have it configured with the smart scan option and if you configure it scanning all files, it surely slows down, but I'm comfortable with the smart scan option!!!!!!

Cheers...... ;) Putin

I also run DRWEB with the Smart Scan option. Is it possible to run Spidernt on run/open - create/write mode with out a slowdown in system speed. What kind of system requirements does it actually take to use this more thorough scanning mode. I remember that I tried it once in the past, and I did notice a slowdown. To me it was about equivalent to the speed of Kaspersky on a bad day. I really hope they get this resolved, because it would be nice to use this feature.

Barney

-{ Quote: "What kind of system requirements does it actually take to use this more thorough scanning mode. " }-
Any system that does not run on NT platform. ;) ;)
-{ Quote: "
I really hope they get this resolved, because it would be nice to use this feature." }-

It probably takes more then just one small patch to fix this. This is a known problem for years now. I'd guess they need to rewrite spiderNT code from scratch.

On side note:Smart mode combine with regular on demand scans will protect you just fine.


tECHNODROME

Does anybody know whether DRWEB is in the process of coming out with a completely new and improved version of DRWEB? Don't get me wrong, DRWEB is working good, but there is always room for improvement...especially the slowdown when the scan setting are changed in Spidernt.

Barney

Comparing NOD32 and Dr Web and only come up with a little faster Dr Web is not cool. NOD32 detects much more than the doctor. And that is a fact. Have a look at Av-compartives. And watch out for their new results which should come out in less than ten days from now. If all's well!

How accurate are the tests on AV-Comparatives? Are they anything like virusbtn.com. I feel virusbtn.com's scores are over rated. I don't feel one false positive should completely disqualify an antivirus program even though they earned a 99.999999999999999999999999999999 percent detection rate.

Barney

Looking at what they do and how they do it I think they are far more credible than the ons you mention plus a few others. The Greek av-site for instance rates strange too. And there all kinds of things are counted in which have no meaning. So NOD32 is somewhere around 20 there. VirusBTN is a nice gimmick for an overall view. If you look at how AV-compartives results look you must agree with me that it looks impressive.

-{ Quote: "How accurate are the tests on AV-Comparatives? Are they anything like virusbtn.com. I feel virusbtn.com's scores are over rated. I don't feel one false positive should completely disqualify an antivirus program even though they earned a 99.999999999999999999999999999999 percent detection rate.

Barney" }-

While I respect your opinion, one only needs to look at the very recent issues with fp's that both KAV and F-PROT have dealt with to know that fp's can indeed be a very big deal.

-{ Quote: " NOD32 detects much more than the doctor. And that is a fact. Have a look at Av-compartives. And watch out for their new results which should come out in less than ten days from now. If all's well!" }-
I don't deny the results in AV-Comparatives testings 08-2004, but "much more" is a bit over reacting, 88.12 % with NOD vs. 87.38 % with DrWeb in Total without DOS & OtherOS malware is in my mind inside the error marginal.

What I really know in my own experience against my 3014 infected samples,

1243 Trojan like malware

85.4 % -- DrWeb & NOD32 with AH

-------------------------------

526 Script like malware

93.5 % -- DrWeb

82.1 % -- NOD32 with AH

-------------------------------

1060 VIRUSES as a whole

92.4 % -- DrWeb

83.0 % -- NOD32 with AH

-------------------------------

185 riskware

41.1 % -- DrWeb

49.7 % -- NOD32 with AH

and not submitted any sample to any av-vendor, let's look at the situation again after some months.


Best regards,
Firefighter!

Hi Firefighter,

Looks like to me both DRWEB and NOD32 provide good everday protection. I am not sure about your samples as all being current stuff out there that someone might encounter? I use three different AV on four machines. We have NOD32 on a game machine used by a bunch of teens. NOD stops a lot of infections they come across looking at the gaming platforms walk throughs and cheat sites amoung other things teens do.:) Looking at your results they probably have about a 20% chance of getting infected by a current virus, etc. if they use NOD32. However, to date that hasn't happened?

Seeing your post on another forum that DRWEB was very low in resource usage I did try DRWEB for a short test. It did seem to slow things down a bit compared to NOD so I put NOD back on that gaming machine. That may have been my fault as I may not have set up DRWEB for the best performance.

I guess in the end I just have to take all of these test results with a grain of salt and based upon my day to day experence using the different AVs.

-{ Quote: " I guess in the end I just have to take all of these test results with a grain of salt and based upon my day to day experence using the different AVs." }-In my mind excellent point of view. But don't forget a backup av-scanner, even that you are using KAV as your resident scanner for instance.

Best regards,
Firefighter!

-{ Quote: "In my mind excellent point of view. But don't forget a backup av-scanner, even that you are using KAV as your resident scanner for instance.

Best regards,
Firefiighter!" }-

Hi Firefiighter,

Good advice! On that game machine we also have BOClean running and in addition run eScan about once a week to double check.

Take care,

-

-{ Quote: " Hi Firefighter,
Good advice! On that game machine we also have BOClean running and in addition run eScan about once a week to double check. Take care, -" }-
Very good backup that eScan to every av:s except KAV ones and a free one.

Today findings with eScan Free from one PC of a friend of mine, who has used Avast 4.5 Home and the former versions of it a couple of months now also by using Norman VC's firewall updated and/or configured what so ever! Of course the Win98 SE was also unupdated. After all, very common PC user.

TrojanDownloader.Win32.Wintrim.cd
TrojanDownloader.Win32.Lookme.g
TrojanDownloader.Win32.Wintrim.bw
TrojanDownloader.Win32.Agent.br
TrojanDownloader.Win32.Agent.bt
TrojanDownloader.Win32.Agent.ex

Avast is still quite good against trojans but even it has their limits. I have not yet these nasties in my collection but maybe tomorrow, when I'm gonna clean that baby.

That guy hasn't even any SpyBot or Ad-Aware, 560 findings more with Ad-Aware.

Best regards,
Firefighter!

Does anybody know any other good websites that show antivirus detection results for both DRWEB and NOD32. I want to see some good comparisons on both of these.

Barney

Don't forget to submit samples to company that missed them :)

-{ Quote: "Does anybody know any other good websites that show antivirus detection results for both DRWEB and NOD32. I want to see some good comparisons on both of these.

Barney" }-

from www.virus.gr, their latest test from August:


1. Kaspersky Personal Pro version 4.5.0.58 - 99.09%

2. F-Secure 2004 version 4.71.5 - 98.77%

3. Extendia AVK Pro version 11.0.4 - 98.68%

4. AVK version 14.0.7 - 98.50%

5. Kaspersky Personal version 5.0.149 - 97.88%

6. eScan 2003 Virus Control version 2.6.484.8 - 96.75%

7. McAfee version 8.0.41 - 93.59%

8. Norton version 2004 Professional - 93.38%

9. RAV version 8.6.105 - 93.14%

10. F-Prot version 3.15 - 91.85%

11. Command version 4.90 - 91.41%

12. Panda Titanium version 3.02.00 - 91.38%

13. Norton Corporate version 9.0.0.338 - 90.29%

14. Panda Platinum version 7.05.04 - 89.97%

15. MKS_VIR 2004 version 2.0 - 89.45%

16. Virus Chaser version 5.0 - 89.07%

17. BitDefender version 7.2 - 88.52%

18. BullGuard version 4.5 - 87.26%

19. Dr. Web version 4.31b - 85.35%

20. PC-Cillin 2004 version 11.00.1253 - 84.80%

21. Nod32 version 2.0.0.9 database 1.840 - 82.68%

22. Sophos Sweep version 3.84 - 81.31%

23. Avast version 4.1.418 - 80.55%

24. AntiVir version 6.27.00.01 - 79.57%

25. Vexira version 2.14.00.01 - 79.50%

26. AVG version 7.0.262 - 72.50%

27. Norman version 5.70.14 - 67.72%

28. UNA version 1.83 - 62.85%

29. Solo 2.5 version 2.6.3 - 61.08%

30. ZoneAlarm with VET Antivirus version 5.0.590.015 - 60.82%

31. Fire version 2.7 - 60.52%

32. E-Trust version 6.2.0.28 - 58.48%

33. V-Buster Pro - 57.61%

34. Protector Plus version 7.2.F04 - 51.28%

35. VirScan Plus version 14.091 - 48.36%

36. ClamWin version 0.35 - 48.08%

37. ViRobot Expert version 4.0 - 45.68%

38. MR2S version 1.47 - 44.36%

39. V3Pro 2002 Deluxe version SP2 - 42.33%

40. RHBVS version 4.13.656 - 41.99%

41. Digital Patrol version 5.00.08 - 38.52%

42. Quick Heal version 7.01 - 30.13%

43. Wave version 2.0 - 22.07%

44. TDS version 3.2.0 - 16.67%

45. PestPatrol version 4.4.3.24 - 15.34%

46. A Squared 2 - 15.05%

47. AntiTrojan Shield version 1.4.0.9 - 11.82%

48. PC Door Guard version 3.0.0.14- 11.77%

49. Trojan Hunter version 3.9.807 - 6.76%

50. The Cleaner version 4.1.42.52 - 6.34%

Go to that site and have a deep insight in how the tests are performed and what all the results are. The site has a strange way of testing :)

The Heuristics on DRWEB are very sensitive indeed. When I go to ebay, every time a new web page loads, I get a script virus detection. Has anybody else experienced this with DRWEB? Has anybody ever experienced this with NOD32 also?

Barney

NOD32 shouted but once when I went to www.bugmenot.com

-{ Quote: "
Today findings,
TrojanDownloader.Win32.Wintrim.cd
TrojanDownloader.Win32.Lookme.g
TrojanDownloader.Win32.Wintrim.bw
TrojanDownloader.Win32.Agent.br
TrojanDownloader.Win32.Agent.bt
TrojanDownloader.Win32.Agent.ex " }- First thumbs up to these!

Best regards,
Firefighter!

-{ Quote: "Today findings,
TrojanDownloader.Win32.Wintrim.cd
TrojanDownloader.Win32.Lookme.g
TrojanDownloader.Win32.Wintrim.bw
TrojanDownloader.Win32.Agent.br
TrojanDownloader.Win32.Agent.bt
TrojanDownloader.Win32.Agent.ex " }-The second thumbs up to these. Unfortunately missed the rest samples.

Btw, a bit unsatisfied to McAfee VSE 8.0i, missed both of them.

Best regards,
Firefighter!

Wow Firefighter, it looks like NOD32 found a virus that DRWEB didn't on that test. Do you know of any tests that show where DRWEB found viruses that many other antivirus programs missed? If you do, tell me where to look. I would be interrested in reading about that.

barney

-{ Quote: "Wow Firefighter, it looks like NOD32 found a virus that DRWEB didn't on that test. Do you know of any tests that show where DRWEB found viruses that many other antivirus programs missed? If you do, tell me where to look. I would be interrested in reading about that.
barney" }-Actually I have 166 infected samples that were detected by NOD32 2.12.3 with AH upd 1.935, but not by DrWeb 4.32b, because I scanned with NOD those samples that DrWeb left behind.

97 -- Trojan like malware

_8 -- Script like malware

36 -- Viruses

25 -- Riskware

Unfortunately NOD isn't able to move or delete infected archives, so I couldn't scan those samples that NOD left behind. I know only that there are 323 infected samples that were detected by DrWeb but not NOD.

PS. Just checked those numbers of samples that were missed by NOD but detected by DrWeb.

98 -- Trojan like malware

70 -- Script like malware

141 - Viruses

14 -- Riskware

After all, not so worried about situations when some av detected some tens of infected samples that some other av missed. Even with my a bit over 3k of infected samples, there are hundreds of samples that were detected by one av but missed by an other av.

Best regards,
Firefighter!

-{ Quote: "Wow Firefighter, it looks like NOD32 found a virus that DRWEB didn't on that test. Do you know of any tests that show where DRWEB found viruses that many other antivirus programs missed? If you do, tell me where to look. I would be interrested in reading about that.barney" }- Take a look at my last scan, there you will see that any av isn't perfect, even McAfee has big difficulties against TrojanDownloaders.

Best regards,
Firefighter!

Those are pretty interesting results Firefighter. DRWEB and NOD32 are pretty much neck and neck for most of the tests. But over all, DRWEB still takes the lead baby!!!! DRWEB and KAV together make the best combination on a system in my opinion.

Barney

Just added NOD32 2.12.3 upd 1.935 scanning results to my scanning table above by using Advanced Heuristics only, without signatures. Interesting results with trojan like malware and worms. I made this scan 5 weeks ago too (upd 1.904), when I had 13 trojan like malware less and 3 worms less, otherwise the same testbed with these malware.

On 23:th October NOD scored without signatures but with AH 52 trojan like malware LESS and 29 worms LESS. How is it possible, when the scanning engine was the same?

Btw, I separeted those backdoors and trojans to different categories in my table just now.

Best regards,
Firefighter!

First of all, a REALLY REALLY BIG THANK YOU to FireFighter for his time and continued efforts to use his abilities with statistics to actually HELP us understand and use performance data!!!! Again, hats off....

I run DrWeb as my primary realtime AV product; I use F-Prot and Extendia as on-demand scanners for second opionions as needed. These three products give me the "opionions" of four different AV engines; so far, ALL of my system are virus free. And THAT is, after all, the name of the game....

KDCDQ, Security Freak

What is the big deal about DRWEB. I used it once and was totally disappointed with it. I am now using NOD32 and find it to be the best antivirus out there. DRWEB;s detection rate just don't compare to NOD32. Nod32 also has better heuristics in my opinion. I do admit that DRWEB is a very low resource scanner. I was able to use my system with no noticable slowdown. It is almost as light as NOD32.

Some people seem to only look at the cpu usage of the program in question. dr Web scores not as good as NOD32 in almost every test, but still people are hailing Dr Web. Well: their party ;)

Gents,

this is not a contest - a comparison coming with user experiences comes closer. No need for 'AV X is far better then AV Y'.

regards.

paul

-{ Quote: "Dr Web's detection rate just don't compare to NOD32. " }-
This depends upon the category of malware you look at ;)
-{ Quote: "Dr Web scores not as good as NOD32 in almost every test, but still people are hailing Dr Web." }-
Again, too much of a generalisation here, particularly if you look at a range of different AV-testing sites. I would be interested in 'all' the tests you refer to.

Further, take into account that viruses are no longer the present, main malware threat.

I have used Dr Web and NOD for a number of years and they will both give you excellent protection.

-{ Quote: "Some people seem to only look at the cpu usage of the program in question." }-
If one ignores cpu usage, then KAV is what I would use. It's heavy on cpu but superb on protecting against all categories of malware.

-{ Quote: "dr Web scores not as good as NOD32 in almost every test" }-
Almost every person in the world dislikes this sort of generalization.:D

That's ok by me, dear Bellgamin :)

But as I have noticed, the new KAV 5 personal is not so cpu hungry anymore. And it scans a lot faster too. So I have switched from NOD32 to this one. And with the help of Ewido and CounterSpy I must be pretty secure now, I hope ;)

-{ Quote: "Some people seem to only look at the cpu usage of the program in question. dr Web scores not as good as NOD32 in almost every test, but still people are hailing Dr Web. Well: their party ;)" }-I have to admit that I had too small quantity of the most common nasties, but now I had added some TrojanDownloader, TrojanDropper, TrojanSpy and Exploit samples. Avast will be in my table as soon as possible.

All these scanners tested here are very good overall, just some are better than the other.

Best regards,
Firefighter!

Just added Avast 4.5 Home to my test table. Not so bad test results either with Avast.

Best regards,
Firefighter!

I have never heard of either of these antivirus's. Are they any good? I have used Norton for years. Does Nod32 or Drweb compare to Norton? Which one is the best?

-{ Quote: "I have never heard of either of these antivirus's. Are they any good? I have used Norton for years. Does Nod32 or Drweb compare to Norton? Which one is the best?" }-Hi Smurf, this sort of question can lead to a flame war. It is no different than asking which car is better when comparing two rival family size sedans. Saying one is better than the other is relative to what your purpose for it is. One car may get to the line first today, and the other might get there first tomorrow, both have a function of getting from A to B, some come with more features than others, others use less resources etc etc, and we all have our own preferences as to what we like. Yes there are some major differences between some products, but on a whole there is a majority of fine software available that performs very well. As such, you are better of taking a look at a few websites such as:

http://www.virusbtn.com/vb100/about/index.xml

and

http://www.av-comparatives.org/

And then from there I would download and try a few to see what you like.

On an overall general security approach I would suggest that you may want to take a look here (http://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25) for further discussion on security and how to make your system that much stronger and here (http://www.wilderssecurity.com/showthread.php?t=43117) for more.

Hope this helps…

Cheers ;D

Avast Home in on par with NOD32. Avast is a tad slower, with less bells and whistles. To me, it's silly to pay for NOD32 when you can get Avast Home for FREE.

Norton will slow down your system more than NOD32. And Norton's LiveUpdate can go bad, leaving you with outdated AV definition file. If you want excellent all around detection with moderate load on your PC, then give McAfee a try. NOD32 is very light, which can be an advantage if you have a sub 1000MHz PC. Those with +2.0GHz PCs should give Avast Home a try. Ya can't beat the price of admission!

1GHz CPU,512MB RAM and NT based OS (2000/XP) and avast! should work very good. Win9x couses all the slowdown problems. At least thats what i saw when i recommended it to my cousin (he has a Win9x machine and 256MB RAM).

Anyway i also noticed similar results on Jotti as Firefighter posted above.
NOD32 and DrWeb seem to be on par,but DrWeb appears to have a strong generic detection (Win32/Agobot.gen for example) where NOD32 doesn't have such signatures. Many of them are indeed detected by AH but thats not the same IMO.

-{ Quote: "Avast Home in on par with NOD32. Avast is a tad slower, with less bells and whistles. To me, it's silly to pay for NOD32 when you can get Avast Home for FREE.

I am sorry to say but in my opionion AVAST is NOT as good as NOD32.

Its a good program for free but these are the below reasons for my comments.

1) Avast does NOT have heuristics on its on access scanner. It has so called 'heuristics' for e mail scanner but really these just alert for any .exe .pif .scr file that come through. It does not analyse the actual file like Norman sandbox or Nod32

2) Avast are quick to update (as are AVG and Anivir) on fast virus outbreaks but I have sent them many many samples and they are still yet to be added. Kav normaklly add the same or next day. Nod32 normally add quickly to.

Its a personal opinion but Nod32 (with its 'advanced heuristics' is well up in the league of Mcaffee, Bitdefender, Dr Web, KAV etc. (would not detect as much as KAV but stronger in heursitics)

Nod32 did recognise Zafi D, Sober I and baggle varients with advanced heuristics! I have scanned many new viruses with Avast and normally has no detection unill VPS is updated.

I still think Avast home is a good program and really has a fanastic auto updater and a great forum and have used it myself for a year but Nod 32 is a better product.

Just my 2 pence worth.

Kind Regards

Jlo


(Windows XP, SP2, Windows Firewall, Spybot and Escan (Kav based)

Em Internet Mail heuristics in avast! are a bit more advanced than just warning for every and each exe,com or pif file. As far as i know avast! is the ONLY scanner that checks entire mail structure,not just attachement.
So if there are dual extensions,whitespace sequences,remote links,remote iFrames,specific thresshold of outbound messages and so on,that fall into specific criteria,you will get warning.
Sometimes even decompiler heuristics fail to detect new stuff.
But again there needs to be some user intervention to approve the mail.
I also agree that NOD32 is better than avast!,but not in all areas.

I also talked to one of Alwil programmers and he said its better to not impliment heuristic than implimenting crappy ones,that generate lots of false positives and are not effective on real malware.
And i agree with him.

Oh and about submitted samples. They will add them eventually.
They appear to have a priority list of submitted samples,so they first add more important stuff and later those that are not so common.
I submitted them loads of malware and they usually added them very fast since the malware was picked from school computers.
Kaspersky adds them asap because they HAVE TO generate definition updates frequently (1 or 3 hour frequency :P ) ;)

Hi Rejzor,

Thanks for your reply.

I completly agree with you with the fact that avast e mail Heuristics is a little more complicated than I described so I stand corrected :)

I have e mailed on the Avast forum's about the samples and agree with you that stuff that is floating around in the wild is added quickly and most stuff I have sent in are samples from websites. (Though I still feel that if these samples are availble from just googling and are available for the public to download then should not these be detected quickly as well).

I am guessting that if they receive the same sample from a few different people it gets added quickly.

Rejzor I do think Avast is very good program and adequate for the average user but as you said Nod32 is better does provide better detection but then it not free ;D

Cheers

Jlo

Rejzor,

I forgot to say the one major plus point as well for Avast is the forum. You can post a message and normally get a reply back in moments plus some of the programers of Avast hang out on the forum as well.

I think the level of support with Avast is much better than some of the big AV players.

Kind Regards

Jlo

Sorry I am getting of topic. Proabally should have started new thread ;D

Yup,i agree. NOD32 is better,especially in detection of new stuff (manly by AH).
For overall detection of older (known stuff) they are somehow pretty similar,maybe NOD32 a bit ahead.

-{ Quote: "

I also talked to one of Alwil programmers and he said its better to not impliment heuristic than implimenting crappy ones,that generate lots of false positives and are not effective on real malware.
" }-

No offense but this represents the inferior capability of the developers of the products, when one can do with success but others not.

In my mind, Avast Home (or even its Pro version) is no where to near NOD32 and the best thing about Avast Home just because of it FREE. NOD32 uses less resources than Avast, NOD32 faster than Avast but NOD32 can do lot of better job by detect much more nasty stuff than Avast, why?

NOD32 is the best antivirus scanner in the world, this is not opinions but about the fact, the fact that many people can't accept.

-{ Quote: " NOD32 is the best antivirus scanner in the world, this is not opinions but about the fact, the fact that many people can't accept." }-
This is just your opinion. Many people, particularly on this forum, will agree. However, many will disagree.

Whatever offers good protection, suits you and your system is the best Antivirus.

-{ Quote: "NOD32 is the best antivirus scanner in the world, this is not opinions but about the fact, the fact that many people can't accept." }-Please refer to post number 115.

Cheers

Blackspear.

I just bought dr. web a few days ago. I have tried so many different antivirus' in the past and I must say that this is the best one I have ever used. It is fast, quick, and doesn't bog me down. I can surf a nnd play games without even aware of its presence. By far the best I have used yet. Maybe one day I will get the opportunity to try out nod 32. I know a lot of people in this forum really look highly towards that program.

I switched from NOD32 to DrWeb and DrWeb leaves my system just as responsive. Hopefully it won’t have as many problems removing trojans from my system as NOD32 did the only time I became infected and actually needed it.

I ve been trialing Dr.Web for a couple of days and must admit that I am very impressed.I do like it a lot,so far this Av has proved the best concerning everything.(resource usage,update frequency,symplicity,and its engine including its virus and tojan database)Cheers

Comparing both DrWEB and Nod32, I would have to say that I have been much happier with drweb. I find that the virus removal is much simpler and more effective. In the past when I was using Nod32, after receiving a virus alert, I would often have a very difficult time removing the virus. I would constantly hit "delete" and the stinkin virus would remain. Drweb on the other hand was much more "to the point". When I clicked "delete", the virus would be GONE!!!. DRWEB is by far the easiest and lightest antivirus out there. Period!!!

doctor44

I completely agree about DrWeb. It runs very light and is very easy to operate. I have used the good Doctor for 2 years now without a hitch. The combo of Ewido Plus and DrWeb has so far been rock solid and very secure on my computer. 8)

Hey everybody, I heard that DRWEB has a beta version of a malware signiture database designed to target spyware, malware, etc. Does anybody know whether DRWEB outperforms Nod32 using these new signitures. I know Nod32 is definately good in this area of detection.

-{ Quote: "Hey everybody, I heard that DRWEB has a beta version of a malware signiture database designed to target spyware, malware, etc. Does anybody know whether DRWEB outperforms Nod32 using these new signitures. I know Nod32 is definately good in this area of detection." }-
I think this would very difficult to verify, because all the AV's only add selected spyware/adware to there signatures, a program like Spy Sweeper has 75753 signatures, which probably rivals Nod's total amount of virus, worm, trojan etc signatures.

However i can tell you that DrWeb with the beta-sigs has around 3000 (2935 as of today to be exact ;) ) more files. :)

i signed up for the drweb beta risky/nasty bases too. of course my pc is clean so it didnt find anything (well except mirc - now excluded)

do anyone know anything about the drwebs future plans? i love the minimalistic approach, but it doesent seem like theres been much development since 2000 or so

-{ Quote: "Hey everybody, I heard that DRWEB has a beta version of a malware signiture database designed to target spyware, malware, etc. Does anybody know whether DRWEB outperforms Nod32 using these new signitures. I know Nod32 is definately good in this area of detection." }-


Maybe I missed it, but does anyone know if FireFighter includes the beta sigs in his scans?

I am not sure whether he included these additional bases in his past tests with Dr Web, but I know that he no longer has this AV installed on his computer.

However, since these beta bases are for adware/spyware, http://info.drweb.com/show/2583 I doubt whether they would have made much difference to his overall results with Dr Web.

-{ Quote: "I am not sure whether he included these additional bases in his past tests with Dr Web, but I know that he no longer has this AV installed on his computer.

However, since these beta bases are for adware/spyware, http://info.drweb.com/show/2583 I doubt whether they would have made much difference to his overall results with Dr Web." }-

Adware/Spyware/Riskware, and theres about 3,500+ definitions in those added to the list, and i'd bet they would make a fairly big difference.

-{ Quote: "Adware/Spyware/Riskware, and theres about 3,500+ definitions in those added to the list, and i'd bet they would make a fairly big difference." }-
Maybe to his individual category detection lists, such as Trojans Spies/BackDoors, Adware, Keyloggers but probably not that much in the overall detection rate of Dr Web with his test-bed.

For example, in one of his last tests he has only 283 Riskware/Adware samples out of a total of 3649 samples. So I would expect the "increased" detection in this small Riskware class not to make much of an impression in the total detection rate.

But obviously these additional bases will be a great help in Dr Web's total malware protection abilities.

-{ Quote: "Maybe I missed it, but does anyone know if FireFighter includes the beta sigs in his scans?" }-The last time I tested DrWeb, it has that beta spyware module, but it has gone a couple of weeks of that test and the "AdWare" category doesn't exists then yet.

Best regards,
Firefighter!

I notice that DRWEB has a new version out? Is this better than the newest version on NOD32? I always assumed that NOD32 was always a little bit better than DRWEB.

-{ Quote: "I notice that DRWEB has a new version out? Is this better than the newest version on NOD32? I always assumed that NOD32 was always a little bit better than DRWEB." }-
The Doctor is going through a few growing pains but their tech folks are ironing them out. The next round of AV comparative tests will be interesting to see late this month. This forum link gives a little info on DrWEBs new release. Page 2 gives a bit of info Firefighter posted on the improved heuristics and databases near post 46 or 47. Check out: http://www.wilderssecurity.com/showthread.php?t=99475

All in all I am pretty happy with this release of DrWEB. I have NOD32 on my work laptop and I would place these two pretty close right now..cheers

-{ Quote: "The Doctor is going through a few growing pains but their tech folks are ironing them out. The next round of AV comparative tests will be interesting to see late this month. " }-Unfortunately the next Av-Comparatives test just can't test the new 4.33 version of DrWeb, because they have to "freeze" signatures up to 3 months, but the release of the new DrWeb 4.33 was about 5 weeks ago.

Best regards,
Firefighter!

-{ Quote: "Unfortunately the next Av-Comparatives test just can't test the new 4.33 version of DrWeb, because they have to "freeze" signatures up to 3 months, but the release of the new DrWeb 4.33 was about 5 weeks ago.

Best regards,
Firefighter!" }-

I forgot about that time frame, it would of been quite an interesting horse race this time with this new version...:o :D

-{ Quote: "Unfortunately the next Av-Comparatives test just can't test the new 4.33 version of DrWeb, because they have to "freeze" signatures up to 3 months, but the release of the new DrWeb 4.33 was about 5 weeks ago.

Best regards,
Firefighter!" }-
Of course they can use 4.33, it's just a matter of saving the signatures and replace them when testing.:)

-{ Quote: "Of course they can use 4.33, it's just a matter of saving the signatures and replace them when testing.:)" }-I'm not sure if they can use the old ones anymore, when the new DrWeb has reorganized all their signatures in the new 4.33 version, the number of signatures were decreased a bit but they covered the same nasties. Maybe IBK can answer, if he is testing DrWeb 4.33 too?

Best regards,
Firefighter!