I am not an NOD user myself so hopefully I will not show too much bias ;)

But a recent thread at DSLR http://www.dslreports.com/forum/remark,8201352~root=security,1~mode=flat brought up some interesting questions (IMO). Yes, there is A LOT of snakeoil and unsupported opinions, but if one looks VERY deep, I think there are some legitimate questions that were posed. I know the test people ran in this thread are not what you might call 'professional' but the results are never the less rather disturbing. Yes, I am very aware of NOD32's record at VB and other major 'professional' tests, but it does quite poorly in most other tests. Of course the samples might come into question and there is always the argument that "NOD is a pure virus scanner," but still it makes one wonder. Especially if these same samples are detected by a few other respected AV scanners as legitimate virii. It would be nice to get some thoughts in from people here and possibly someone from Eset. I know they are busy people, and commenting on certain points made in the DSLR thread may be pointless. But I think when more and more people read that thread (without a respected source standing in for NOD), they will be inclined to believe the test results blindly and may not look as positively to NOD as they once did.

Finally, I would like to say that I have the utmost respect for Eset and their product NOD32, and hopefully there will be some "quality" discussion about this subject. The key word being "quality."

Hmmm maybe someone should test KAV against NOD32 with a dedicated troan scanner and wormguard :)

With malice towards none, I'd like to take a stab answering your question... ;)

I don't take nothing for granted.. I took those Virii and ran scans with NOD32, KAV Personal Pro, and NAV 2004...

My results were CONSISTANT...

NAV and KAV found them all... NOD32, nothing....

You can see for yourself what the virii was, by reading through the thread and looking at the names of the stuff found on that thread... Realize, though, that I was AMAZED I wasn't I wasn't bashed at DSL Reports by the NOD32 users, at least not yet... The truth is the truth, plain and simple..

Needless to say, I did not enjoy finding out that Vampirefo and others may have been right in the past.. In the past couple of months, in spite of the accomplishments NOD32 is capable of, I have seen NOD32 miss more stuff than find.. I am NOT a professional tester, so I am going to get bashed there...I expect it, so, I am prepared.. I am even asking for it, I guess.. Again, for me, the truth is the truth...

Plain and simple.. I am not saying NOD32 isn't effective... I just think that for my purposes, I didn't see the point in renewing my license... Anyone can say what they want, but when you have 3 AV's that found the same stuff, and one AV that didn't, are those tests rigged? Have the viruses been tampered with? I don't think so.....

No, I am NOT going to make up for NOD32's deficiencies by buying and relying on an AT.. An AT is simply for layered defense.. I expect my AV to find malware..I do have an AT too, (TH), so I can't say that I don't depend on one.. BUT... I find My AT is a good supplement, not a subsitute...

I hope this post doesn't seem mean spirited because it isn't meant to be... Again, the truth is the truth... NOD32 users wanted proof, they got it... and even then a lot of them have a hard time accepting it.. Sorry......

-{ Quote: "Again, the truth is the truth... NOD32 users wanted proof, they got it... and even then a lot of them have a hard time accepting it.. Sorry......
" }-

Hmmm...comments from ESET?

...keeping his bias (and money) for NOD,

dave

One more note.... bias is not a player here for me.. If NOD32 passed the little test at DSL Reports there would have been no argument.. The thread at DSL Reports started when a member asked if KAV and NOD32 are comparable... I didn't start it...

-{ Quote: "One more note.... bias is not a player here for me.. " }-

Not a problem Straight Shooter....I appreciate the information (personally). I've not previously seen the discussion at DSL (and am reading it now). I'm finding this discussion most informative....and looking forward to a rebuttal from Eset.

best regards,

dave

I'm still wondering if the fact that the tests noted in the BBR thread consist of zipped files has in part something to do with some of the tests results? Although it has been stated in the BBR thread that if an on demand scan doesn't catch it in a zip file, that means the AV can't detect it at all even when uncompressed, I question that statement given previous discussions here.

I recall discussions regarding just that issue: NOD not alerting on archived files of viruses, etc. that were covered in the db but instead alerting on the uncompressed files. NOD 2's archive scanning I understood to be improved over the earlier version, but is it?

While I don't claim NOD detects everything, still at a glance there are at least a few listed in the BBR tests I spotted that I suspect may be covered in NOD's current database and so should be detected unless it's a variant that simply isn't covered. But it's rather difficult to tell which ones used in the test might be covered by NOD due to the limited NOD db encyclopedia available and also potential differences in nomenclature.

For example, Stoned is listed in the NOD db as one of the oldest family of viruses, with but with no specific variants noted. So one can't tell at a glance if the same variants used in the test are also covered and NOD would indeed detect them if it wasn't in a zip file. (Yeah, that sounds lame, but detection in archived files has been an issue with NOD.)

So, my first question is, is NOD 2's archived file scanning so improved that it would alert upon scanning a zip if the virus is indeed detectable by NOD? Or is the detection of viruses in archived format still an issue?

My second question is, are the viruses etc used in the tests covered by NOD at all? It's a fair enough question IMO.

>So, my first question is, is NOD 2's archived file scanning so improved that it would alert upon scanning a zip if the virus is indeed detectable by NOD? Or is the detection of viruses in archived format still an issue?

Why is this important? A zipped file is HARMLESS! I could care less if NOD detects it while zipped. Why do you consider this an issue? Having said this, I have noticed a big improvement in NOD's ability to detect a virus in zipped form. That is ...as long as you use command line adv. heuristics to scan the file. Since IMON uses the adv. heuristics, I assume the improvement is seen there also. I do not use IMON so I can't speak to that.

-{ Quote: " quoting: Straight Shooter link=board=39;threadid=14902;start=0#msg93496 date=1066094309]
Again, the truth is the truth... " }-

Indeed, the Truth is the Truth. The people (and companies) I have admired most in life are those who could face the Truth about themselves no matter how much it hurt; most people (and companies) in fact cannot be honest with themselves. Most companies advertise themselves as "the best" at whatever, and most of us feel that we are always right in a particular argument, yet we all know that all companies cannot be "number 1" and I personally believe that even the smartest of us are wrong about half the time about everything, just look at all the opposing views there are about everything; how can anyone one of us be so arrogant as to actually think that we are the one person who is always right all the time, yet most of us do just that. (Heck, even someone as brilliant as Einstein was wrong about Quantum Mechanics.)

Acadia

Mele: Asking whether or not NOD can detect a virus in its database when zipped is a relevant question, since a) many users prefer early detection as many other AV's provide (even AVG as I recall) and b) tests are run by people who proclaim success or failure of an AV based on detection of archived files since major AV's provide that capacity.

And when such a test is apparently "failed" it's good for all to know if it is indeed a total failure of the AV in coverage for that malware or if it's a technical matter of not detecting malware in archives but the AV does detect some, most or all of the malware before the user can be infected.

For example, if NOD would detect all those viruses, etc. in the BBR tests if they were not archived, then the test would not be a completely valid test of bottom line virus detection but instead of the program's ability to "candle" archives. Even so, that would be a source of criticism, given other AV's performances, but not a total invalidation of the AV's protective abilities in regard to those specific specimens.

Thus the question of detection of archived malware is a matter that should be clarified IMO.

OK. I see your point, but why give credence to those tests done by the NOD haters in the first place? I don't buy a thing any of those persons said. They will go to any lengths to discredit NOD. Personally, the very reason I use NOD is because it is NOT like the "PACK". Eset thinks differently and I for one appreciate that ....I don't have a herd mentality.

(edited to correct spelling)

My 2 cents as for virus tests. I can say i have good xperience as a pro in virus testing. Gimme a virus scanner and i can perform a test where the results will be as you wish. I can bring them to the heaven or slash them with a hammer and my tests would be reliably replicable.
All I need to do for this is just carefull selection of test sapmles. Couple of intented viruses, couple of fp, misses and malware and voila... I can produce such a result as desired ... 8)

What is relieble virus testing?

1. You need to have well defined test set
2. You must know what do you want to test
3. If you are testing viruses, ALL the samples must be able to replicate. If they fail to, there are no viruses at all....
4. You have to specify how did you perform the test
5. You have to publish how did you compute the results
6. You have publish you result (tables, counts, per cents|

Above are just basics.... If something from the above is missing the test was just a fun and not real test ....

Plus if you want to boost some particular product, just include lot of copies of file which is not detected by the rest of the pack ...

I rest my case

Well as a customer I'd like to know and others who really are just trying to tell what AV would be best for them would be better served by having some generally agreed upon facts (as hard as those may be to come by, given the climate at times).

I've certainly nothing against KAV. At the time I was in the market for an AV I would have picked KAV if it weren't for the resource issues of 4.0 which was the current version at the time. On an old W98 PC, I was juggling resources as it was to keep performance and resources at an acceptable level and run all the programs I wanted to. Hence my choice of NOD.

And perhaps some of the samples in those tests aren't all that critical to be covered. Some do not appear to be the latest and the greatest so personally I'm not particularly concerned that I'll run into them and I suspect at least some may be detected by NOD but perhaps just not in the zipped format.

mrtwolman: oh yes, I've seen "cherry picking" of samples in tests before (as I mentioned at BBR) and there are some people I have no doubt would do that to prove their case. In this instance with that poster I've no real reason to suggest that, although why those specfic specimens were selected was not discussed.

-{ Quote: " quoting: Mele20 link=board=39;threadid=14902;start=0#msg93576 date=1066133276]
OK. I see your point, but why give credence to those tests done by the NOD haters in the first place? I don't buy a thing any of those persons said. They will go to any lengths to discredit NOD. Personally, the very reason I use NOD is because it is NOT like the "PACK". Eset thinks differently and I for one appreciate that ....I don't have a herd mentality.

" }-

Mele20, LOL.. I get a good laugh reading your posts sometimes.. I am not a NOD Hater.. I used to root for NOD ALL the time...
The files I tested the AV's with were all UNZIPPED, Openned with Power Archiver First.. So, this thing about zipped or not doesn't apply.. I am sorry, I would've answered sooner, but I had to go to sleep...LOL...

PS... I never said NOD32 was no good.. and I am not a NOD32 hater... But I'm not so sure now after the past couple of days...LOL

PS... Here is a thread that McAfee also found the viruses.. So, they are REAL ...LOL...

http://www.dslreports.com/forum/remark,8201352~root=security,1~mode=flat~start=200#end

I'm not an expert but I've been using both McAfee & Norton AV for a long time untill I recently switched to NOD32 simply because it finds lots of viruses both mcafee & norton don't.

A friend of mine who is using Norton recently sent me a file that was infected. He thougt I was joking when NOD32 found the virus but I told him to buy NOD32 instead because I've seen how often both norton & mcafee misses viruses that NOD32 finds.

The point is that no AV is perfect... One AV product will always miss some viruses that another will find, I bet you could do a test that would show that KAV misses viruses that NOD32 picks up aswell.

Sorry about my bad english.

The entire basis for this thread is being stretched to the limits of credibility.

To me "NOD32 in the real world" means this: every instance of an email virus on this computer was caught by NOD32 and disposed of without problems.

Every instance of my kids getting my computer into trouble was picked up by NOD and taken care of by me, afterwards, with no problem.

THAT'S "real world" - day-by-day single-home-user regular life Internet activity protection.

And that tells me that NOD is more than good enough for me. The only "test" I need to see here is my computer being protected daily. Pete

-{ Quote: " quoting: owziee link=board=39;threadid=14902;start=0#msg93611 date=1066143233]
I'm not an expert but I've been using both McAfee & Norton AV for a long time untill I recently switched to NOD32 simply because it finds lots of viruses both mcafee & norton don't.

A friend of mine who is using Norton recently sent me a file that was infected. He thougt I was joking when NOD32 found the virus but I told him to buy NOD32 instead because I've seen how often both norton & mcafee misses viruses that NOD32 finds.

The point is that no AV is perfect... One AV product will always miss some viruses that another will find, I bet you could do a test that would show that KAV misses viruses that NOD32 picks up aswell.

Sorry about my bad english.

" }-


I would question how up to date the definitions were for your friend that is using Norton?????

Well I haven't had time to check on these things to see if these test specimens are indeed something that are worth even discussing or if it's a case of intending to "shock and awe" people with with things they'll never encounter in ordinary use. If 8tunes is any indication of the threat level of the test set, one might have cause to suspect the rest.

I would have to say that if NAV, KAV, McAfee, and Dr. Web ALL detected them as viruses, thenit would be a puzzle as to why NOD32 isn't detecting them...

I think the best thing for ESET to do is "fess up" and admit.. Then add the definitions into their daily updates, rether than try to discredit All the DSL Reports users who are pointing this out... or try to say anything else..
:)

-{ Quote: " quoting: Straight Shooter link=board=39;threadid=14902;start=15#msg93638 date=1066157156]
I would have to say that if NAV, KAV, McAfee, and Dr. Web ALL detected them as viruses, thenit would be a puzzle as to why NOD32 isn't detecting them..." }-

Shooter, I don't bother going over to DSLR ;) - in principal the fact some AVs flag positive doesn't provide proof - at least not to me. Sig's latest post seems quite to the point.

Feel free to submit the (zipped) files to me; my addy is in my profile. You might even post some nasties names as well as screen shots ;)

-{ Quote: "I think the best thing for ESET to do is "fess up" and admit.. Then add the definitions into their daily updates" }-

Grin...hold your horses for a while. I for one would like to have proof we're talking about real hazards here; it's up to you to provide samples to make this possible. In case you feel inclined (and there's no reason in any way to doubt that) provide the samples to samples@eset.com as well ;)

-{ Quote: "rether than try to discredit All the DSL Reports users who are pointing this out... or try to say anything else.. :)" }-

I've been reading this thread carefully - and fail to see Eset discreting anyone. That said: what goes on over on DSLR is their business, and this board has nothing to do with it as goes for all sortalike boards having their own threads. If people want to discuss an issue regarding for example Eset/NOD32: this is the place to be - not DSLR or forum X,Y, or Z ;)

regards.

paul

I'm the one who started the thread over there at dslreports when I was questioning if KAV was the best resident scanner for me, or if I should go with NOD32 resident and KAV backup. It's been very interesting and so far I'm sold on KAV being the right one for me. Something I experienced on my own helped confirm it, though - NOD32 was late to add all those java exploits (like ByteVerify and Needy) that were infecting me. But I am open minded, and would like to see more tests.

BTW, how many virus signitures does NOD32 have in its database? Are they keeping this a secret? Don't tell me about advanced heuristics, because I'm still interested in the amount of sigs.

-{ Quote: " quoting: mvdu link=board=39;threadid=14902;start=15#msg93645 date=1066159969]
I'm the one who started the thread over there at dslreports when I was questioning if KAV was the best resident scanner for me, or if I should go with NOD32 resident and KAV backup." }-

Welcome! You might as well register, in order to avoid name spoofing ;)

-{ Quote: "It's been very interesting and so far I'm sold on KAV being the right one for me." }-

People might agree, others won't. In the end it's up to you (and anyone for that matter) to make his own decision ;)

-{ Quote: "Something I experienced on my own helped confirm it, though - NOD32 was late to add all those java exploits (like ByteVerify and Needy) that were infecting me." }-

A matter of opinion - making sure one installs the needed Windows patches in time surely makes sense as well.

-{ Quote: "But I am open minded, and would like to see more tests." }-

I for one do like an open mind ;)

-{ Quote: "BTW, how many virus signitures does NOD32 have in its database? Are they keeping this a secret? Don't tell me about advanced heuristics, because I'm still interested in the amount of sigs.
" }-

It's irrelevant actually: check for example the signatures from DrWeb (30,000+) and NAV (approx. 70,000+). The difference could worry you. In reality, it's a marketing ploy IMHO. Fingerprinting each and every variant surely does impress people - but does not imply DrWeb does 50% worse then NAV. Just an example, no more, no less ;)

regards.

paul

Thanks for the welcome - which is NOD closer to in signitures - Dr. Web or Norton? Can you at least answer that.

I really like the feel of NOD32 and do want to use it - I'm open-minded by nature but even more so where NOD32 is concerned.

I have to ask the gentleman who sent me the stuff if it's okay to send them to you ... I think it's only fair... but I don't see a problem... I'll let you know..or send them to you.. and ESET...

Some of these Threats have been out for WEEKS... I suggest ESET look over the posts from DSL Reports and match the names with their competitors databases.. I don't think I have the time for this.. I have been very busy lately...





Thanks

-{ Quote: " quoting: mvdu link=board=39;threadid=14902;start=15#msg93648 date=1066161775]
Thanks for the welcome - which is NOD closer to in signitures - Dr. Web or Norton? Can you at least answer that." }-

My pleasure ;). As for the signatures: I'm not part of the Eset staff, therefore I could only guess - and that's not in my nature. Although I've tried to point out it's of no relevance at all, in case you feel like it you can always ask this question by sending an email to support@eset.com

-{ Quote: "I really like the feel of NOD32 and do want to use it - I'm open-minded by nature but even more so where NOD32 is concerned. " }-

I applaud you for being open-minded: it's a virtue most of the people lack ::)

regards.

paul

-{ Quote: " quoting: Straight Shooter link=board=39;threadid=14902;start=15#msg93649 date=1066161864]
I have to ask the gentleman who sent me the stuff if it's okay to send them to you ... I think it's only fair... but I don't see a problem... I'll let you know..or send them to you.. and ESET..." }-

You'll have to ask permission??? I'm in the dark as of why - there's no law holding you back - but indeed: it's only fair...

-{ Quote: "Some of these Threats have been out for WEEKS... I suggest ESET look over the posts from DSL Reports and match the names with their competitors databases.." }-

No offense, but Eset has better things to do then crawling all sorts of forums and boards - and rightly so.

-{ Quote: "I don't think I have the time for this.. I have been very busy lately..." }-

No offense intended, but you have been (and still are!) spending lots of time on this, elsewhere and over here; you have been very busy lately indeed ;). Time to deliver, if I may say so ;)

regards.

paul

I honeslty don't hate NOD32 or I wouldn't have purchased a license. At the moment I am being protected by KAV and AVK. I'm not using McAfee either and I also own a license for it. I don't hate McAfee eitherThis has nothing to do with hate, only protection. I think these are all fair questions that deserve answers. The DSL members as here use many various brands of AV's. It has nothing to do with hating NOD32. I can't wait to feel confortable enough to go back to NOD32. I was one who made a switch many months ago to another AV due to alot of these treads and no answers..c

Joe,

Perhaps some(elsewhere and even here) do like to turn this into sort of a hate campaign - we don't. That kind of "spirit" does not belong to this board by principle ;)

As you might have noticed, we are open-minded concerning this issue; see my conversation with Shooter ;)

As pointed out earlier on: DSLR is just another board (as there are many) where NOD32 is being discussed; have a look at NG's like alt.comp.virus etc and notice the discussions do go on and on - everywhere, and about all antiviruses ;). No way Eset is going to crawl all boards/forums/Newsgroups - and provide replies as well. Time and energy can be used in a far better way.

Anyway: as stated before, this is the place to discuss NOD32 if anyone feels inclined to do so -and deliver the goods as well ;)

regards.

paul

-{ Quote: " quoting: Straight Shooter link=board=39;threadid=14902;start=15#msg93649 date=1066161864]
Some of these Threats have been out for WEEKS... I suggest ESET look over the posts from DSL Reports and match the names with their competitors databases.. I don't think I have the time for this.. I have been very busy lately...
Thanks

" }-

Shooter,

You don't "have the time" to send the samples? You had time to receive them and test them and post to BBR... ?!??

You're suggesting that Eset "fess up" and include samples of may be viruses to their defs, but don't "have the time" to send them the very same samples??

Surely not, Shooter! ;)

Hi again - I am happy to have registered. Do people here think NOD32 would be just as good a resident scanner as KAV for me, based on these things?:

- I have a P4 Windows XP Home with 512 MB RAM. Haven't noticed much slowness with KAV, but I'm sure NOD32 would help things be a bit faster.

- In the past, I've only been infected by Java exploits (I do have the patch so I'm not sure they could do anything.)

- I use Outlook sometimes, but not often. Usually go to the Comcast page to check.

- Price is somewhat of an issue, and I'm thinking I should have gotten KAV Lite since it's $19.95 instead of $49.95. Also, I'm paying for TrojanHunter and Norton Personal Firewall already. NOD32's renewal rates are decent, but will they get better?

- Love the feel of NOD32, but wonder if KAV can provide better protection overall.

I wanted to get the opinions of people here, and not opinions only at dslreports.

@mvdu

Welcome to the Forum Matt. Glad you signed up and look forward to your knowledge and experience.

Regards,
John

-{ Quote: " quoting: mvdu link=board=39;threadid=14902;start=15#msg93656 date=1066164332]
Hi again - I am happy to have registered." }-

Thanks for doing so ;)

-{ Quote: "Do people here think NOD32 would be just as good a resident scanner as KAV for me, based on these things?:

- I have a P4 Windows XP Home with 512 MB RAM. Haven't noticed much slowness with KAV, but I'm sure NOD32 would help things be a bit faster.

- In the past, I've only been infected by Java exploits (I do have the patch so I'm not sure they could do anything.)

- I use Outlook sometimes, but not often. Usually go to the Comcast page to check.

- Price is somewhat of an issue, and I'm thinking I should have gotten KAV Lite since it's $19.95 instead of $49.95. Also, I'm paying for TrojanHunter and Norton Personal Firewall already. NOD32's renewal rates are decent, but will they get better?" }-

Seems like you are going for layered defense, having TrojanHunter installed as well: that's my adagium! ;) Relying on one app taking care of all comes with at least one problem: in case some new malware comes around being able to kill that one app, one is in serious trouble...

As for NOD32 renewal licenses: I haven't the faintest idea. reasonable seems good enough for me though ;)

-{ Quote: "- Love the feel of NOD32, but wonder if KAV can provide better protection overall." }-

Since you've obviously chosen for layered defense, I wonder if this is an issue ;)

-{ Quote: "I wanted to get the opinions of people here, and not opinions only at dslreports." }-

Most probably others will join in - I for one am merely expressing my personal views :)

regards.

paul

Thanks to you both, John and Paul! I look forward to being a member.

Would you recommend I pay again for NOD32 since I do like layered protection?(so glad you agree, Paul - we have something big in common already.) :)

-{ Quote: " quoting: mvdu link=board=39;threadid=14902;start=15#msg93656 date=1066164332]- Love the feel of NOD32, but wonder if KAV can provide better protection overall.

I wanted to get the opinions of people here, and not opinions only at dslreports.

" }-

Well, I for one applaud you for registering and keeping an open mind.

I have a free license of NOD32 (thanks to this board), and after using it day in and day out for a while, have found it to be exactly what I want in an AV.

There are a few things I look for in an AV:

1. Does it catch the bugs that I am most likely to "accidentally" run across in day-to-day internet and computer usage? Particularly e-mail and attachment-borne viruses. And I want them caught consistently.

2. Does it "do it's thing" without constant "babysitting"? (IE: Def updates, scheduled scans, etc.)

3. Is it reasonably light on computer resources?

4. Are the updates timely?

NOD32 performs admirably in all respects.

KAV is very good at detecting lots of different malware in different states of "packaging", but it's heavier than NOD, and it's more prone to false positives than NOD. I use a KAV-based AV as a backup scanner.

I also use a dedicated anti-trojan in a layered defense.

As a side-note, KAV--on my box--has not caught anything NOD32 missed, to date. It did, however, cough up a couple of false alarms on files I knew were not examples of malware.

That's my take. YMMV, but regardless, be comfortable with whatever you choose. ;)

-{ Quote: " quoting: mvdu link=board=39;threadid=14902;start=30#msg93660 date=1066165549]
Thanks to you both, John and Paul! I look forward to being a member." }-

You're most welcome - we are glad having you as a registered member 8)

-{ Quote: "Would you recommend I pay again for NOD32 since I do like layered protection?" }-

My personal opinion: yes, I would. Drop me an email (addy is in my profile) in this context.

-{ Quote: "(so glad you agree, Paul - we have something big in common already.) :)
" }-

Seems like it, doesn't it? 8) - and a wise attitude it is, IMHO ;)

regards.

paul

-{ Quote: " quoting: Paul Wilders link=board=39;threadid=14902;start=15#msg93650 date=1066162345]
I applaud you for being open-minded: it's a virtue most of the people lack
" }-
Amen.

To mvdu: I've said this so many times in this forum that people here are probably tired of hearing it: NOD32 is an excellent antivirus, but it is not the only one.

Good luck,
Acadia

Greetings everyone,

I am also from DSLR and I too am trying to keep an open mind on NOD32.

I am interested in it for a variety of reasons but primarily because I was told it was quite light on resource usage.

I just formatted and reinstalled W98SE on my father's computer and even though it is almost six years old, it was running great - until I put NAV 2004 on it. NAV really bogs it down and also prolongs the boot up time considerably.

I would like to ask a specific question, if I may. My father is using my old computer and it is a Pentium 200 with 48 MB of RAM. From a resource standpoint, would NOD32 perform noticeably better on this computer?

I very much look forward to any and all replies as I try my best to look out for my old man!

NOD32 and NAV are, in my opinion, two of the several excellent antivirus. BUT, on an older system using WIN98, and I am speaking from personal experience, I would definitely give the nod to NOD (sorry about that). I would only use NAV on a new machine using either Win2000 or XP. NOD will still slow the system down a little, but nothing compared to what NAV will. Good luck.

Acadia

-{ Quote: " quoting: Michael0504 link=board=39;threadid=14902;start=30#msg93666 date=1066168146]
Greetings everyone,

I am also from DSLR and I too am trying to keep an open mind on NOD32." }-

Welcome, and an open mind is a virtue forever ;)

-{ Quote: "I am interested in it for a variety of reasons but primarily because I was told it was quite light on resource usage.

I just formatted and reinstalled W98SE on my father's computer and even though it is almost six years old, it was running great - until I put NAV 2004 on it. NAV really bogs it down and also prolongs the boot up time considerably." }-

No offense intended as for NAV - but this is a well known issue.

-{ Quote: "I would like to ask a specific question, if I may. My father is using my old computer and it is a Pentium 200 with 48 MB of RAM. From a resource standpoint, would NOD32 perform noticeably better on this computer?" }-

Very much so (although 48 MB isn't overload ;D )

-{ Quote: "I very much look forward to any and all replies as I try my best to look out for my old man!" }-

I for one applaud you for taking care of your father - that's not always the case. Give the trial version a try (better uninstall NAV first). In case you do have questions, please open a new thread ;)

regards.

paul

@mvdu


And I am not going to suggest to you a product for that layered defense. I do understand your criteria. :)
I am just proud of you for the way you post in forums and reason through your decisions.

-{ Quote: " quoting: Primrose link=board=39;threadid=14902;start=30#msg93669 date=1066168809]
@mvdu

...I am just proud of you for the way you post in forums and reason through your decisions.
" }-

Amen to that, John ;)

regards.

paul

-{ Quote: " quoting: Acadia link=board=39;threadid=14902;start=30#msg93667 date=1066168641] NOD will still slow the system down a little, but nothing compared to what NAV will. Good luck.

Acadia
" }-
Thank you very much for the prompt reply. That is exactly what I was hoping to hear. I am visiting my father this weekend as I promised him I would address this issue. Thanks very much for the feedback Acadia!

-{ Quote: " quoting: Paul Wilders link=board=39;threadid=14902;start=30#msg93668 date=1066168786]I for one applaud you for taking care of your father - that's not always the case. Give the trial version a try (better uninstall NAV first). In case you do have questions, please open a new thread ;)

regards.

paul
" }-
Thanks also for your reply Paul. I am feeling that NOD32 is the best way to go at this point. Instead of fooling around trying to completely uninstall NAV, I think I will just format and reinstall the OS again. My past experience with NAV tells me that it is not easy to (completely) remove all traces of it and as I just formatted, another fresh install won't take very long at all. I enjoy looking out for my father as he has been damn good to me.

I am inclined to just purchase the license for NOD instead of downloading the trial version as I will only be there Saturday and Sunday (he lives three hours away) and I have a feeling it is going to work out well.

I also believe in a layered approach to security and as a result, I will be putting BOClean back on his machine if all goes well. This will make me very happy as there is no way I could put BOClean on his machine now, the way it is performing with NAV.

Thanks again for your feedback.

I will definitely give the issue of buying NOD32 some thought. Thanks for your kind words, Primrose - I do strive to be fair and to make well thought-out decisions. I've made mistakes in the past, but we all do I guess. :)

Thanks again to you too, Paul - if I have more questions, I won't hesitate to e-mail you. I'll look around at the other topics, too - I'm sure there will be more stuff that interests me.

hmmm,
I don't use NOD or KAV but I should like to see this dispute cleared.
I've done too much reading on this issue now. ;D
Dolf

Well just because products x, y and z detect a real virus doesn't in itself mean that the virus in reality poses a likely threat to your PC. That is, while a virus may be real.....where is it? Just residing happily in those AV vendors' and VX'ers collections and in their sig defs databases? Is it something that had its day long ago and hasn't been seen in the wild in ages or might even no longer be entirely functional on today's systems? Or is is something on the prowl likely to wend its way to your PC?

In part I'd venture to wonder if it may be that a significant portion of some of these comparative databases may be a case of "mutually assured detection" against things ordinary users may not ever encounter. And perhaps might in fact have to go to VX sites to find because they won't run across them in the wild threatening and infecting pc's.

Perhaps Product X has it because Y has it because Z has it (or vice versa), not because it poses an imminent threat to users. And while impressing people with capacious databases and tests with these real viruses, as more people see this sort of thing of course there is a consequential demand for inclusion in other vendors' databases as has been amply illustrated in this case, without anyone establishing what level of threat these specimens really pose.

Now of course I know nothing, really. But one might bear in mind that the AV industry grew many years ago in part by hyping threats and scaring people into using their products when the need was much less great than it is now. And a self perpetuating industry was born in some ways, especially with relationships with virus creators and collectors who may not even release these things into the wild but exchange them amongst themselves and provide them to AV vendors.

Not that AV's aren't worthwhile and serve a purpose, but there's certainly an element of fomenting FUD (fear, uncertainty and doubt) in users and the industry benefits from it. Not entirely unlike those popups that other people see saying "YOUR PC IS INSECURE AND REVEALING PERSONAL INFORMATION ON THE INTERNET....click here to learn more and protect your PC."

Anyway, these articles are somewhat dated, but the source of the info makes them interesting:

Stop the antivirus vendor hype
By: John Leyden
Posted: 06/03/2001 at 13:57 GMT

A senior figure in the antivirus industry has spoken out against the misinformation and myths which surround computer viruses - many of which he said arise due to hype from vendors themselves.

David Perry, global director of education for Trend Micro, said the public harbour a number of common misconceptions about computer viruses, due in large part to overstated warnings about viruses from vendors and sensationalist reporting in the media....

,,,An example of this knowledge deficit, according to Perry, is that of the 30,000 to 50,000 computer viruses routinely quoted in figures from the antivirus industry, only 800 have ever infected anybody's computer and "only 200 are in circulation".

"The rest are 'zoo' viruses - which are emailed to antivirus companies by virus authors themselves and never make it into the wild," said Perry.

Full article here: http://www.theregister.co.uk/content/archive/17372.html

A 2000 press release:

Norman Data Defense Systems Warns Against Over-Reaction to Deluge of New Virus Warnings

FAIRFAX, Va., Dec. 6 /PRNewswire/ -- Norman Data Defense Systems warned today against over-reacting to the many virus alerts now circulating daily and counseled IT managers and computer users instead to update their virus control software packages to protect themselves effectively.

An extremely small percentage of viruses, about which users and IT managers receive alerts, are actually in the wild. Frivolous alerts that fail to describe a "clear and present danger," spread confusion in the marketplace and also may mean that when there is a serious virus alert, IT managers are less inclined to take action.

"System managers of large and busy corporate networks have a huge number of responsibilities and virus protection is only one of them," said Hank Dugan, President and Chief Executive Officer of Norman Data Defense Systems, the North American subsidiary of Norman ASA. "They need to know that if their AntiVirus supplier issues a virus alert it is something to be taken seriously and acted on immediately." "Both the Melissa and LoveBug incidents, which occurred earlier this year, are good examples of appropriate alerts. Inappropriate alerts that warn about viruses that are not yet in the wild, or that present only a very small possibility of infecting systems, waste time and resources and, after a while, encourage managers to ignore all alerts, with potentially disastrous results," added Dugan.

http://www.kumite.com/myths/opinion/thoughts/2000/graphic/ndd-1206.txt

Anyway, just something to consider.

(An aside, I don't understand why people are reporting ByteVerify as a current problem now when the MS patch to prevent the exploit was released last spring. Have I missed something?)

-{ Quote: " quoting: Paul Wilders link=board=39;threadid=14902;start=15#msg93652 date=1066162808]
You'll have to ask permission??? I'm in the dark as of why - there's no law holding you back - but indeed: it's only fair... .." }-

Well, I think it is fair...and I just emailed this person.. Oh, by the way, usually I DON'T HAVE THE Time, but it was a long holiday weekend and I returned to work today..LOL. I didn't know I had to explain myself too...LOL... :D

-{ Quote: " quoting: Paul Wilders link=board=39;threadid=14902;start=15#msg93652 date=1066162808]

No offense, but Eset has better things to do then crawling all sorts of forums and boards - and rightly so. .." }-

Sorry, Paul... ESET is in the AV business.. It would fall on THEIR hands if their is an observation out there that NOD32 misses out on detecting certain stuff 4 other Av's have not failed on...
-{ Quote: "" }-

-{ Quote: " quoting: Paul Wilders link=board=39;threadid=14902;start=15#msg93652 date=1066162808]

No offense intended, but you have been (and still are!) spending lots of time on this, elsewhere and over here; you have been very busy lately indeed ;). Time to deliver, if I may say so ;)" }-

Only because I had a long holiday weekend..LOL..

I don't work for ESET... They should go to DSL Reports, look at the threads, cross reference the viruses found and
see what the threats are, and then either explain to the users that they don't have to worry about them, or update their def's... It's their job, their product, not mine...I honestly don't care myself if they update their def's or not... It's their business... I think I deleted the stuff by accident.. I'm looking now.. If I find them, after I get permission, I will send them out..no kidding...

And Sig, maybe these are Zoo viruses, or whatever... but I know I would sleep better at night knowing my AV can find them.. That's seems more like a logical route to me...

-{ Quote: " quoting: Michael0504 link=board=39;threadid=14902;start=30#msg93666 date=1066168146]
I would like to ask a specific question, if I may. My father is using my old computer and it is a Pentium 200 with 48 MB of RAM. From a resource standpoint, would NOD32 perform noticeably better on this computer?

I very much look forward to any and all replies as I try my best to look out for my old man!
" }-Speaking from experience I currently have a P2 266 w/192 Meg of ram that runs NOD32v2 with no noticeable speed hit and when it only had 64 Meg a year or so ago it ran version 1 flawlessly as well.

Straight Shooter said: -{ Quote: "

I don't work for ESET... They should go to DSL Reports, look at the threads, cross reference the viruses found and
see what the threats are, and then either explain to the users that they don't have to worry about them, or update their def's... It's their job, their product, not mine...I honestly don't care myself if they update their def's or not... It's their business... I think I deleted the stuff by accident.. I'm looking now.. If I find them, after I get permission, I will send them out..no kidding...

And Sig, maybe these are Zoo viruses, or whatever... but I know I would sleep better at night knowing my AV can find them.. That's seems more like a logical route to me...
" }-

Well Shooter, I hope you can find them, because I was really looking forward to having them submitted to Eset--since a lot of us are licensed users of the product, and IMO we have an interest in making it (and others we own) better.

But hey--That's not my job. What was I thinking??

LOL.

mvdu, your gettin around dude!!
welcome.. ;)

-{ Quote: " quoting: MegaHertz link=board=39;threadid=14902;start=45#msg93721 date=1066179399]
Speaking from experience I currently have a P2 266 w/192 Meg of ram that runs NOD32v2 with no noticeable speed hit and when it only had 64 Meg a year or so ago it ran version 1 flawlessly as well.
" }-
Thanks for your input MegaHertz. I was so happy with the results of the format and reinstall and more importantly, my father was impressed as well. That was all shot to hell when I put NAV 2004 on it. I am really hoping NOD32 will be the answer to protect this "relic from the past". Thanks again for your feedback. I am getting more and more encouraged.

A lot of good points being brought up :)

I do agree that there are certain factors that can sometimes "blur" test results (for ex: false positives, zoo virii, trojans, backdoors, worms, exploits etc). And I am very well aware that one can manipulate a test to show a desired result. But IMO there is enough consistency from these various tests to at least be curious or wonder about how NOD32 really performs outside of the "VirusBtn arena" (if you will).

The argument for zoo virii is becoming more and more blurred as well IMO. In the DSLR thread a lot of people mention samples coming from usage of P2P, which today is becoming quite common place among most average computer users (despite the obvious risk). If someone were to share a zoo virus on the network and a few people download it. Would it now not constitute as an ITW virii... "When a virus is reported to us by two or more Reporters, it's a pretty good indication that the virus is out there, spreading, causing real problems to users. We consider such a virus to be 'In the Wild'." (I dont know, maybe "reporters" can be considered subjective too ::) ) And if what most people are saying about NOD32 not detecting many samples from P2P is that not another indicator?
(I did enjoy the reading that you presented sig, I hope you get some karma out of it!)

Quote from wildlist.org

To Paul: I agree completely that it is not the job of anyone from Eset to go around forums and acknowledge such arguments time and time again. But I fear there will be certain readers who will buy into what is being said without looking deeper into the situation. Both the thread here and at DSLR have been heavily read, and maybe it might present a good opportunity for Eset to clear things up and to relieve some user's concerns. If they do respond, I personally do not expect a technical reply or anything like that. But it would be nice to see how they view the "issue," or if they consider it a "problem," or if they plan on addressing it. I hope that is legitimate and not too much to ask.

-{ Quote: " quoting: JimIT link=board=39;threadid=14902;start=45#msg93723 date=1066180423]

Well Shooter, I hope you can find them, because I was really looking forward to having them submitted to Eset--since a lot of us are licensed users of the product, and IMO we have an interest in making it (and others we own) better.

But hey--That's not my job. What was I thinking??
LOL.
" }-

I'm not kidding... It's 10:00 pm where I am right now and I just got an emergency call that'll probably keep me busy until Midnight... I will
1. Wait for a response from the person that I am waiting for...
2. Look for the damn samples when I get back..LOL...

I feel your pain... , really, I understand.. but I also feel that ESET shouldn't have to wait.. They can do as I said above... Read through the threads, and get the virii.. They are readilly available...

I seriously will try to end the mystery within the next couple of hours...

-{ Quote: " quoting: Straight Shooter link=board=39;threadid=14902;start=45#msg93736 date=1066183421]I feel your pain... , really, I understand..
" }-

Don't worry. I'm sure we'll muddle through until you get permission and find the files.

-{ Quote: "
I seriously will try to end the mystery within the next couple of hours...
" }-

We'll all be excited to have the matter resolved, as I'm sure those threats pose a serious hazard to all NOD32 users, and I for one applaud you for your efforts.

::)

Heh, rerun, thanks but I think I just had way too much coffee today. ;)

I think I recall linking to the wild list site at BBR, so here's the current list and supplemental and it also lists the reporters. Some names or at least organizations will be recognized: http://www.wildlist.org/WildList/Real-Time.htm

What's interesting is how long some of these critters hang around. There are some oldies but goodies on the list. And really although we use "virus" to describe much of the stuff out there as a convenient tag(including malware aka trojans I believe), the vast majority of the Wild List "viruses" are not viruses but worms.

And of course the Wild List does not include trojans, IRC stuff, etc which can be found at least in some quantity in any viable AV on the market today. Since they are "out there."

Just for a different although more limited list and an interesting pie chart grraphic, heres Kaspersky's Top 20 List for September 2003:

http://www.viruslist.com/eng/index.html?tnews=1001&id=158302

I'd like to see KAV's top 100 if they had such a thing.

-{ Quote: " quoting: JimIT link=board=39;threadid=14902;start=45#msg93739 date=1066184299]
We'll all be excited to have the matter resolved, as I'm sure those threats pose a serious hazard to all NOD32 users, and I for one applaud you for your efforts.

::)
" }-

Fine... all I know is my computer doesn't have those "things" in my system.. Yours might... LOL...

If I find them, I'll send them.. Only because there are some NOD32 users out there who should get a fair shake and have their AV be able to detect them..

BTW, is this strategy a tactic with "some" NOD32 users? When someone brings up a critique on NOD32, true or not, attack them and discredit them.... to no end? Last I knew some religious cults and L. Ron Hubbard employed those tricks..LOL.. :P

JimIT: I rather doubt there's necessarily a serious threat if 8tunes is representative of the rest of test's threat level, prevalence and value.

Symantec doesn't appear to have a write up on it. Googling on the net garners mainly a number of VX sites one can download it from and write ups such as this:

A write up with a date of June 1990: http://agn-www.informatik.uni-hamburg.de/catalog/msdos/html/eight_tu.htm


Kaspersky's write up, under the category File viruses, DOS: http://www.viruslist.com/eng/viruslist.html?id=31

I found no chat board posts saying "hey, I've got 8tunes, how do I get rid of it" as one might find with prevalent viruses, spyware or even warts.

After a few pages I wound up looking at Looney Tunes and wondered if perhaps Motumbo is having a real good laugh at pleas that ESET include this "dangerous" and apparently at least 13 year old MS DOS virus in its database..... ;)

I wouldn’t be surprise if ESET team already posses this samples. They simple don’t include them cause they don’t see them as a real threat. I for one do agree.

Some AVs companies will add anything and detect anything and some won’t. Some AVs will identify virus sources (in *.txt formats) as infected, some won’t. I’ve seen many viruses detect by Avs that simple DON’T and CAN’T infect you at all. There are many Av companies out there and obviously we see different results and views on these issues.

The battle between Avs is never ending story. Improvements, detection, features, performance are some of characteristics and issues of this battle. Common goal is to provide end user with best possible protection. As an end user you should relax, knowing that there is someone out there looking out for you.

These tests (such as dslr tests) prove nothing. There are and they will be viruses not detected by some AV (if not all). You simple CAN’T relay on these tests. If you do, you will keep changing Avs like socks.

What AV is ideal for you?
The one that works for you.

What AV is the best?
None.
People who think that they use the best AV will be bulletproof are most likely to get infected. Why? Because if specific AV scanner identified some file as clean, it’s most likely user will believe that there is no danger of running it. Wrong. Use common sense.

The guy who ran this test (hardly a test) selected viruses that NOD32 will miss. NOD32 got all ZEROs. I am sure that he has viruses that are detected by NOD32 but he wanted to trash NOD32. I am amazed to see a large number of people consider this as a real test.

It would take 4 minutes of my time to do the same thing to KAV or NAV or DrWeb. But this isn’t my motto. It’s not ethical. Or is it...


tECHNODROME

-{ Quote: " quoting: Straight Shooter link=board=39;threadid=14902;start=45#msg93744 date=1066187663]
BTW, is this strategy a tactic with "some" NOD32 users? When someone brings up a critique on NOD32, true or not, attack them and discredit them.... to no end? Last I knew some religious cults and L. Ron Hubbard employed those tricks..LOL.. :P" }-

I wouldn't know. I hope you took my remarks in the manner in which I intended them. ;)

I find it unfortunate that when someone contributes to a critique on NOD32--true or not--in the Official NOD32 Support Forum--after several days of the critique gathering steam elsewhere, and several days of extensive "testing" on samples done elsewhere, that those very same supposedly damning samples are suddenly nowhere to be found, or require "permission" to be sent to the very place they need to go.

At face value, it could be construed that the interest lies mainly in trashing NOD32, not in finding an answer to why the samples aren't detected.

But that's just my opinion. No offense intended. :-\

Well, I did find them.. I made a back up of "My Documents" and luckilly I had them saved there...

Now, I am waiting for permission.. I said before, I don't want to break a trust.. Assuming you understand that, I'l wait...

Now I'm a Nod basher...Maybe pretty soon I'll get "banned" too...LOL..

Besides, the samples are around.. They were detected by NAV, McAFee, KAV and Dr. Web... 8)

But, like I said, I promise to send them out if it's okay...
Otherwise, label me a Nod basher and ban me... LOL..

Taken offline for Admin review. Please stay on-topic and refrain from personal attacks.

TIA,

Pieter

-{ Quote: " quoting: Technodrome link=board=39;threadid=14902;start=45#msg93750 date=1066191697]
I wouldn’t be surprise if ESET team already posses this samples. They simple don’t include them cause they don’t see them as a real threat. I for one do agree.

Some AVs companies will add anything and detect anything and some won’t. Some AVs will identify virus sources (in *.txt formats) as infected, some won’t. I’ve seen many viruses detect by Avs that simple DON’T and CAN’T infect you at all. There are many Av companies out there and obviously we see different results and views on these issues.

The battle between Avs is never ending story. Improvements, detection, features, performance are some of characteristics and issues of this battle. Common goal is to provide end user with best possible protection. As an end user you should relax, knowing that there is someone out there looking out for you.

These tests (such as dslr tests) prove nothing. There are and they will be viruses not detected by some AV (if not all). You simple CAN’T relay on these tests. If you do, you will keep changing Avs like socks.

What AV is ideal for you?
The one that works for you.

What AV is the best?
None.
People who think that they use the best AV will be bulletproof are most likely to get infected. Why? Because if specific AV scanner identified some file as clean, it’s most likely user will believe that there is no danger of running it. Wrong. Use common sense.

The guy who ran this test (hardly a test) selected viruses that NOD32 will miss. NOD32 got all ZEROs. I am sure that he has viruses that are detected by NOD32 but he wanted to trash NOD32. I am amazed to see a large number of people consider this as a real test.

It would take 4 minutes of my time to do the same thing to KAV or NAV or DrWeb. But this isn’t my motto. It’s not ethical. Or is it...


tECHNODROME

" }-

Very, and i say , VERY good points here Tech.
Fully agree with you.

-{ Quote: " quoting: Technodrome link=board=39;threadid=14902;start=45#msg93750 date=1066191697]
It would take 4 minutes of my time to do the same thing to KAV or NAV or DrWeb. But this isn’t my motto. It’s not ethical. Or is it...
" }-

Im not sure whether it would be considered ethical either ;) , but if these samples were NOT detected by the 3 AVs you mentioned, AND detected by NOD32 as legitimate ITW virii, it sure would be interesting to see. Thanks again everyone.

-{ Quote: " quoting: rerun2 link=board=39;threadid=14902;start=60#msg93814 date=1066225860]
Im not sure whether it would be considered ethical either ;) , but if these samples were NOT detected by the 3 AVs you mentioned, AND detected by NOD32 as legitimate ITW virii, it sure would be interesting to see. Thanks again everyone.
" }-

Yes it can be done. No, it wouldn’t be ethical. ;) The point is this kind of test is easy to produce. Only author of test is aware of virii selection and his/her goal.

I sent many virii sample to x and y av companies. They'd thank me for submission or let me know that they are aware of those samples but since they are not a real thread they won't add them.


tECHNODROME

Shooter,

-{ Quote: "Fine... all I know is my computer doesn't have those "things" in my system.. Yours might... LOL..." }-

As stated before: just hold your horses - until now, we can't verify your statements, can we? ;)

-{ Quote: "If I find them, I'll send them.. Only because there are some NOD32 users out there who should get a fair shake and have their AV be able to detect them.." }-

Nice try ;) Just like TD stated, it's quite easy to hassle away - and come up with things no antivirus will detect. Proof of the pudding please: deliver the goods ;)

-{ Quote: "BTW, is this strategy a tactic with "some" NOD32 users? When someone brings up a critique on NOD32, true or not, attack them and discredit them.... to no end?" }-

As far as I noticed, no one has been attacked, been discredited - people merely asked you to deliver the goods. Once more: those samples are yours, and no one is holding you back to deliver. Until now, you didn't - [i]a trust issue[i] as you call it. I fail to see any logic in this ::).

Please don't point Eset (or whatever antivirus company for that matter) to DSLR. It's plain and simple: you've got the goods, no law is holding you back to deliver, thus do so. That way we can have a good look at them.

In case you prefer not to do so, I for one rest my case as for your contribution is concerned. No comment needed...

regards.

paul

What about all the undiscovered itw viruses floating around the net... aren't those the most dangerous ones? NOD32 with it's extremely powerfull heuristics scanning engine would make most other av's look pretty unsafe if you could collect all those viruses and scan them :)

Personally I feel much safer using NOD32 than with any other AV.

Would it be considered very unethical and against free speech if i'd requets admin to close this thread ? The discussions is very off topic ....

I would prefer it remain open until we either get the samples or not get the samples......still awaiting those results from SS.

I second that. I realize I am very new to this forum (and site) but as long as there are no personal attacks, I welcome everyone's opinions, both positive and negative. I see no better way to make a decision on something than to get as much quality feedback as possible. I am enjoying this thread and the one at DSLR and I hope the intelligent discussion can continue as I am learning more and more with each new post.

Closing a topic at this point is like turning off the TV 5 mins before the end of a real good movie .

-{ Quote: "Closing a topic at this point is like turning off the TV 5 mins before the end of a real good movie" }-

There's no reason to close this thread at this point. We should be able to continue as long as people focus their posts on NOD32 and its effectiveness in the real world (i.e. the thread's topic) and not on the other people posting here.

Well it has been awfully quiet today in this forum and dslr.........haven't seen SS post anywhere when normally he's posting "several" times per day. SS.....are you going to post the files or not???


Edited for spelling error.

Can anyone supply the name and contact information of anyone who has gotten infected with a virus and had NOD32 installed and updated?

I have been using NOD32 for several years now and it has kept my computers from being infected a large number of times over that period. I have some of the same e-mail addresses from 1996 that have been posted on a number of web sites so I get a fair amount of stuff sent my way. So far NOD has been very effective for me. I consider that "real world" protection.

I'm still around... ;D

I did have to work today... LOL....

Did not get permission yet... I am waiting just like everyone else...

If I don't get it, you folks might as well ask someone else who has them... I don't want to break a trust... You can argue all you want, but that's how it is... Other folks DO have them.. Check them up on DSL Reports..


I sincerely am not trying to be difficult... I just don't want to break a trust...


PS Trojan Hunter ALSO detected some of them too...
Jim

-{ Quote: " quoting: QSection link=board=39;threadid=14902;start=60#msg93893 date=1066251428]
Can anyone supply the name and contact information of anyone who has gotten infected with a virus and had NOD32 installed and updated?
" }-

http://www.wilderssecurity.com/showthread.php?t=14988

Sorry wrong thread try this one. http://www.wilderssecurity.com/showthread.php?t=14961

Hello,
I think that NOD32 have an excellent heuristic scanner able to detect 70 % aprox of the in-the-wild viruses without requering "updates".
I probe it with many macro and P2P worms and detect many of those without any update.
Only NOD32, McAfee and Dr.Web have a good heuristic for unknown p2p worms, because NAV and KAV have P2P heuristic, but isn't good.
I think that KAV detect more viruses than NOD with bases, but think the following:
KAV use bases, and heuristic as complement.
NOD use heuristic, and bases as complement.
PS: I think that the most important in a AV software isn't daily updates, is the heuristic.
Best Regards.

Sir, I think I represent a sizable amount of folks who would probably bet on signatures... Signatures are definate... They however, need to be released asap, otherwise they won't be of any use to many folks when there is a virus outbreak...

But I would probably say, 80% - 85 dependence on timely signatures, with 10 - 15% dependence on Heuristics, is probably a safer route... Signatures with good strong unpackers also help with in most cases having a need for multiple definitions for virus variants.. That's the real world to me....

Nod32 would be fine,A fast acting, always updated AV as primary protection, with heuristics secondary is a good idea... for me... Can you imagine what would happen if a heuristic Av was ever created that could detect 99 % of all NEW threats? A lot of them would go out of business...

Here are screenshots I pulled off of DSLR forum about viruses and other such things that they say NOD32 didn't detect. The person who posted these screenshots was Motumbo at DSLR. I am currently testing his findings and I will post my results here. So here goes with the first of seven screenshots.

So here goes the second of seven screenshots.

So here goes the third of seven screenshots.

Here goes the fourth of seven screenshots.

here goes the fifth of seven screenshots.

Here goes the sixth of seven screenshots.

Here goes seven of seven screenshots.

I just sent the samples to ESET.. I got my permission.. PS.. I forgot, but they were ALREADY sent 3 weeks ago LOL...

SS,

Did you personally send them to ESET 3 weeks ago or do you know someone who did?

Someone I know said to me they were sent a while ago, about 3 weeks ago.. I checked with Symantec's Virus Encyclopedia and the majority of the stuff seems at least about 3-4 weeks ago...and the integrity of the people I "spoke" is not to be questioned.. When you consider that KAV, McAfee, NAV and Dr.Web detected this stuff, it makes the whole issue VERY believable.. Besides, I can understand send virus samples that are newfangled, modified, or unique in some ways, to SARC or ESET or whatever, but when folks send old news that's acknowdged by at least the major AV companies, to ESET, at least to me, the burden falls on ESET as to why?

To be honest with you, I personally don't care that NOD32 doesn't detect this stuff... I originally posted a reply to Rerun2... and this grew into a 6+ page thread LOL... I'm all set in my AV needs...

Hello,
I've JS.Germinal and JS.Funtime and NOD32 detect it perfectly, please rename it with the extension .js and NOD will detect it.
PS: I probe it with the option scan all files and NOD not detect it, only detect if you rename as .js ;)

@ radicalb21

Hi Mark..it is time to update your Nod to Current Version: 1.535 (20031016)

http://www.nod32.com/support/info.htm

Then run it again. ;)

Have you looked at NOD32 Antivirus System version 2.0 ?

Be Well,
John

Hi John

1.535 is virus signatures database version not program version. NOD32 program version 1 and 2 share the same virus signatures database. ;)


tECHNODROME

OK..thanks...I am learning :) So assume since this thread is in the Nod version 2 section that is what everyone is running.

No problem John.

It’s kind of confusing. I think they should change UPDATE title to Current Virus Signatures Database Version. ;)


tECHNODROME

-{ Quote: " quoting: sir_carew link=board=39;threadid=14902;start=75#msg94056 date=1066316592]
Hello,
I've JS.Germinal and JS.Funtime and NOD32 detect it perfectly, please rename it with the extension .js and NOD will detect it.
PS: I probe it with the option scan all files and NOD not detect it, only detect if you rename as .js ;)
" }-

Seems like the problem is that the files are zipped. I may be wrong though.

-{ Quote: " quoting: sir_carew link=board=39;threadid=14902;start=75#msg93983 date=1066280192]
NOD use heuristic, and bases as complement.
" }-
Wrong assumption. Real order while scanning a file is:
1. scanstring
2. dedicated scanning algo
3. heur engine

Hello. I have been reading this thread and also the one at DSLR. It is very interesting reading. I was just over at DSLR to see if anything new has popped up. The latest NOD32 tests from Motumbo........

http://www.dslreports.com/forum/remark,8201352~root=security,1~mode=flat~start=220#end

Being that I'm not a security expert, what does Motumbo's latest test signify? I take it from StraitShoot's comments below the test results, it's not good?

-{ Quote: " quoting: Graystoke link=board=39;threadid=14902;start=90#msg94129 date=1066340762]
Hello. I have been reading this thread and also the one at DSLR. It is very interesting reading. I was just over at DSLR to see if anything new has popped up. The latest NOD32 tests from Motumbo........

http://www.dslreports.com/forum/remark,8201352~root=security,1~mode=flat~start=220#end

Being that I'm not a security expert, what does Motumbo's latest test signify? I take it from StraitShoot's comments below the test results, it's not good?

" }-

Pretty simple...LOL..THE FOLLOWING IS MY OPINION...

NOD32 is trying to sweep stuff under the rug.... LOL... There was this malware that 4 others AV's would detect and NOD32 wouldn't... After being bombarded from this site and from DSL Reports, (coincidentially, I submitted these samples to ESET a couple of hours ago), ESET decided to include them in today's update... That's funny... ;D

Read FF Again's comments at DSL Reports and you'll get it....

Peace.
Jim

-{ Quote: " quoting: Graystoke link=board=39;threadid=14902;start=90#msg94129 date=1066340762]
Hello. I have been reading this thread and also the one at DSLR. It is very interesting reading. I was just over at DSLR to see if anything new has popped up. The latest NOD32 tests from Motumbo........
Being that I'm not a security expert, what does Motumbo's latest test signify? I take it from StraitShoot's comments below the test results, it's not good?

" }-

Well, what it signifies is that all NOD32 users are now protected against a few pieces of malware that the average user is probably not going to see, and--unless something changed very recently--are not even listed on the supplement to the WildList, not to mention the WildList itself.

Which means you had a very low percentage chance of ever getting one of them.

I'll give you a personal example: In the last year where I work, our AV--NAV--has caught 11 different pieces of malware.

On over 200 computers.

With over 500 different users.

Running 16 hours a day.

6 days a week.

How many non-WildList badguys?--ZERO!.

I don't fault NOD32 for including them in today's updates, but apparently NAV has been detecting some of them for a while. If they're so prevalent, and NAV ID's them--why aren't they in my logs? I checked again today--they ain't there! :)

I recall that Rodzilla mentioned in a long previous thread that in a 1-2 month period, something like over 3 million pieces of malware were intercepted in a particular area of the Internet. Out of the 3 million pieces--ZERO were non-ITW viruses.

I hope their inclusion today makes you feel a little bit safer. I know I'm relieved! ;D

(thanks for the correction, Sig!) :)

-{ Quote: "I hope their inclusion today makes you feel a little bit safer. I know I'm relieved!" }-


Much more safer. ;) :)


Hi JimIT. Thanks for the information. Trying to keep up with everything in both threads in both forums is beginning to make my head spin a little. :)

JimIT, I think you meant "zero were non-ITW viruses"? ;)

-{ Quote: " quoting: sig link=board=39;threadid=14902;start=90#msg94147 date=1066347841]
JimIT, I think you meant "zero were non-ITW viruses"? ;)
" }-

Prefab - nicely done. At last, someone understands...

-{ Quote: " quoting: JimIT link=board=39;threadid=14902;start=90#msg94138 date=1066343175]
Which means you had a very low percentage chance of ever getting one of them.

I'll give you a personal example: In the last year where I work, our AV--NAV--has caught 11 different pieces of malware.

On over 200 computers.

With over 500 different users.

Running 16 hours a day.

6 days a week.

How many non-WildList badguys?--ZERO!.

I recall that Rodzilla mentioned in a long previous thread that in a 1-2 month period, something like over 3 million pieces of malware were intercepted in a particular area of the Internet. Out of the 3 million pieces--ZERO were non-ITW viruses.
" }-

Depending where you work they might have much more restrictive security policies in place, and maybe that is why people did not run into as many threats?

What I dont understand is why you say "all NOD32 users are now protected against a few pieces of malware that the average user is probably not going to see, and--unless something changed very recently--are not even listed on the supplement to the WildList, not to mention the WildList itself."

I personally hope I will never get infected by 10,000 different ITW virii a day, and hopefully not even 1000, or even 100, or even 10 etc. So is it also pointless to add these detections because I never came across such virii? Isnt prevention one of the main goals of even owning an AV? Who is to say that you will run into an ITW virii that is listed on the wildlist site, and who is to say that you will run into an ITW virii that isnt listed on the wildlist site, but is considered ITW by wildlists' definition? Granted, most people will probably have a greater chance of running across ITW virii listed on the wildlist site but I do not feel that it makes adding detections to other dangerous ITW virii any less significant. Virii spread so fast these days, you never know which one will turn out to be the next sobig or klez.

With that said... No AV is perfect blah blah blah ;)

Here are screenshots I pulled off of DSLR forum about viruses and other such things that they say NOD32 didn't detect. The person who posted these screenshots was Motumbo at DSLR. I am currently testing his findings and I will post my results here. So here goes with the first of two screenshots.

Here are screenshots I pulled off of DSLR forum about viruses and other such things that they say NOD32 didn't detect. The person who posted these screenshots was Motumbo at DSLR. I am currently testing his findings and I will post my results here. So here goes with the two of two screenshots.

That thread is now locked and it is about time to put this one out of its misery.

radicalb21
What are your test supose to prove?

Well I've seen a lot of tests, but none of the "experts" has provided any info regarding the bugs tested, their frequency ITW and whether they're likely threats to ordinary users.

That's perhaps the most valuable info that could be provided to users, but those who know and/or post their test results do not provide that information. Why not? Surely if the tests are significant that info should be provided to assist users' understanding.

Sig,
If you took a minute from posting and did any leg work you could find write ups on some of the files.

Hint, McAfee site.

Yes, as I did for 8tunes. ;) I can well understand why Motumbo would not want to describe the threat level for that and justify using it in his test.

But you're an expert, no doubt recognizing them by name alone as some others have, why not enlighten the audience and give us all the benefit of your expertise?

Here is one, why you all can't do any leg work is beyond me.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100215

Closing thoughts everyone?

If we're done, we'll close this down in a few hours or so.

Here is another one, get the point, do some leg work.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=98906

From McAfee's site linked to above:

Name: VBS/Asnar
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 3/18/2003
Date Added: 3/31/2003

Name: W32/Tetris.worm
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 10/25/2000
Date Added: 11/28/2000

"We found no records matching the following criteria:
Virus name containing "Win32.HLLW.Remat".
Please try narrowing your search by using fewer characters."

Ditto for Radex. Perhaps it's a nomenclature thing. That can be a problem and/or confusing. A problem I ran into when looking for some others previously.

For Spth, it appears to be a family:

Name: JS/Spth
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 1/16/2003
Date Added: 1/16/2003
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99968

-{ Quote: " quoting: rerun2 link=board=39;threadid=14902;start=90#msg94159 date=1066351369]
Depending where you work they might have much more restrictive security policies in place, and maybe that is why people did not run into as many threats?" }-

Hi Rerun,

The answer to that is: No. All users have the same access to internet content as you or I--except we block some specific sites at our routers. Attachments aren't blocked, for example, because to do so would restrict functionality too much for our users. (More stress for me, though!) :)
-{ Quote: "

What I dont understand is why you say "all NOD32 users are now protected against a few pieces of malware that the average user is probably not going to see, and--unless something changed very recently--are not even listed on the supplement to the WildList, not to mention the WildList itself."
" }-

www.wildlist.org

Check this site out. It will give you some eye-opening information on what malware are the biggest threats to you as a computer user.
-{ Quote: "

I personally hope I will never get infected by 10,000 different ITW virii a day, and hopefully not even 1000, or even 100, or even 10 etc. So is it also pointless to add these detections because I never came across such virii?" }-

No, it's not pointless. It's just not very likely that you're going to see them in day-to-day computer use.
-{ Quote: "

Granted, most people will probably have a greater chance of running across ITW virii listed on the wildlist site but I do not feel that it makes adding detections to other dangerous ITW virii any less significant. Virii spread so fast these days, you never know which one will turn out to be the next sobig or klez." }-

Very true! But I'm sure that you'll agree that it's more important for your AV to be able to detect, oh, Swen, or CIH for example, than a virus that installs Tetris or a bunch of German folk tunes on your computer...;)
-{ Quote: "

With that said... No AV is perfect blah blah blah ;)
" }-

You're right about that! Be comfortable with whatever you use. ;)

@sig


Radex is out there ;) here is version .h

http://forum.gladiator-antivirus.com/index.php?showtopic=7455&st=0&#entry29884
(http://forum.gladiator-antivirus.com/index.php?showtopic=7455&st=0&#entry29884)

Stoned, I previously noted, is in NOD's db, but it is a family of viruses with many variants. Again, courtesy of McAfee:

Name: Stoned
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 2/1/1988
Date Added: 2/15/1988
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1169

Only Bolzano I found in McAfee's DB:
Name: W32/BOLZANO.L
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 9/16/1999
Date Added: 9/20/1999
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=10363

: JS/Germinal
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 7/14/2001
Date Added: 10/2/2001
http://us.mcafee.com/virusInfo/default.asp?id=alphar

We found no records matching the following criteria:
Virus name containing "Winsurf".

Name: W32/Idele
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 1/10/2001
Date Added: 1/18/2001
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=98977

We found no records matching the following criteria:
Virus name containing "Zhymn".

Name: Cannabis
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 10/1/1991
Date Added: 10/15/1991

For Zombie:
Name: Zombie.747
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 7/1/1993
Date Added: 7/15/1993
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=1435

We found no records matching the following criteria:
Virus name containing "Renegy".

We found no records matching the following criteria:
Virus name containing "Funtime".

For "Trivial":
Name: Mini-45
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 4/1/1991
Date Added: 4/15/1991
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=792

Thanks, Primrose, but I can't seem to pull up the site right now. I'll check on it later. :)

Problem with the differences in nomenclature between AV's is one can't always tell if one's found the right description for the target bug. Some sites like Symantec's cross reference but even then may not have the exact name referenced so it can be difficult to tell.

@sig

Well actually he has a typo....it is called randex... ;)

;D

McAfee has a bunch of Randex, all low threat assessment.
(Link won't work for search results.)

There may be still some real doozies in the test in terms of likely threat, but so far my "random sample" hasn't seemed to find them, at least according to McAfee which appears to categorize the ones I found as "low threat." So people can make up their own minds in how concerned they should be or what they want to use.

Oh my goodness...going to have need of Symantec.. ;D


http://www.symantec.com/avcenter/venc/data/w32.randex.h.html

:o :o

Counting down... ;)

Keep those comments coming.

LOL
Symantec's threat assessment: Low. Which in their terms means:

Wild:
Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low

Well, LWM, I think we may have detected a definite trend among the test samples. But for further brevity's sake, I won't ask FireFighter to provide us with a statistical analysis. ;)

...and we have not heard back from radicalb21 on his findings yet.

-{ Quote: " quoting: QSection link=board=39;threadid=14902;start=120#msg94203 date=1066365841]
...and we have not heard back from radicalb21 on his findings yet.
" }-

;D ;D

Maybe he is applying to be a spy and missed all five questions...it is not the 28th of October yet..but as you know..if you snooze you loose... 8)

Sorry it took me awhile to get back to you as I worked all day today and part of this evening. Detection was added as of today 1.535 version definitions. The pictures I posted today were sent to eset via samples email address and to two eset techs. As soon as I have more i will post it in this forum specifically this thread.

It doesn't matter if they are rated low or not, they are ITW and Nod missed them.

ITW apparently to you means simply existng and available, even if one has to go to a VX site to find them or get them from a collector, like a 13 yr old MS DOS virus, because one won't encounter them any other way. But that's not the industry's definition.

ITW to AV researchers and professionals (including Eugene Kaspersky no doubt since he's a Wild List reporter) means that a virus is actually spreading ITW.

From The Wild List site:

"As far as where is 'out there', we like the definition given by Paul Ducklin of Sophos, PLC in his paper 'Counting Viruses':

For a virus to be considered In the Wild, it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users.
This means viruses which merely exist but are not spreading are not considered 'In the Wild'."

Kaspersky may have these critters in his database and KAV detects 8tunes, but would Kaspersky himself argue that it's ITW?

I wonder what Eset thinks of this thread? I'm just curious why they haven't defended their product? c

Maybe they're hoping the "NOD Bashers" will go away quietly...LOL...
;D
They oughta know better... :o

Seriously, though, how can you defend a product that missed samples that 4 Other AV's detected (not counting TrojanHunter!)...
::)

Quit easy. Lemme take a look on the samples. Some of them may be broken, unable to replicate and thus no viruses. cos viruses do replicate. It is a conditio sine qua non for any virus.
for testing images of boot viruses they should have some defined extension as images etc ...
and more over, how can you get infected by files stored in archive as long as the resident will intercept them ?

-{ Quote: " quoting: Straight Shooter link=board=39;threadid=14902;start=120#msg94267 date=1066401532]...Seriously, though, how can you defend a product that missed samples that 4 Other AV's detected (not counting TrojanHunter!)..." }-

This is unverified by un-biased third-party testing.

-{ Quote: " quoting: QSection link=board=39;threadid=14902;start=60#msg93893 date=1066251428]
Can anyone supply the name and contact information of anyone who has gotten infected with a virus and had NOD32 installed and updated?
" }-
-{ Quote: " quoting: jjj link=board=39;threadid=14902;start=75#msg93967 date=1066272641]
Sorry wrong thread try this one. http://www.wilderssecurity.com/showthread.php?t=14961
" }-

Hello jjj
This information is being verified. To date we have had no one respond in the affirmative as to an infection whilst using NOD32 v2 with the latest updates and having done a thorough system scan.

Best wishes

-{ Quote: " quoting: Straight Shooter link=board=39;threadid=14902;start=120#msg94267 date=1066401532]

Seriously, though, how can you defend a product that missed samples that 4 Other AV's detected (not counting TrojanHunter!)...
::)

" }-

I know from experience, using NOD for several years, that it has never missed a virus on my machines.

Plus IMON kept one of my grown kids from getting Swen when it first came out. Had he been using one of the other AVs like KAV he would have been infected.

I haven't seen were anyone was infected with one of those samples you have??

So from a real world perspective I feel very comfortable using NOD.

It was a Joe Job. Join the dots on DSLR and you can see the whole plan come together. The Joe Jobbers made sure the other anti-virus companys had sigs for all the viruses and trojans but they hid them from ESET until after they made their move on NOD32.

Well, there are a lot of interesting things in this thread.

Some people will read this thread and say, "Ah ha, there's the proof that there are virii that NOD misses!" True enough. It didn't detect these samples before, but now it does after adding signatures for them.

Other people will read it and say "It's of little concern because they are Low risk virii that aren't on the ITW list, so you have to get them either at virus sites or by 'searching for cracks on kazaa'."

Those people convinced of either one of the views above are not likely to be swayed to the other. Those people that are in the middle can see both sides and agree they both have points, then they will make up their own minds about whether they'll use NOD32 for their AV protection.

Thank you everyone for your participation.