<OS Windows 2003 Server>
Awarded Products:

AhnLab V3Net SE SP2
CAV Vet Anti-Virus 10.59.2
Eset NOD32 1.529
CAT T QuickHeal X Gen 7.0
FRISK F-Prot Antivirus 3.14b
DialogueScience Dr.Web 4.30
F-Secure Anti-Virus for Servers 5.41
Grisoft AVG Anti-Virus System 6.0.524 321
NAI McAfee VirusScan 7.10 4.2.60 4296
Kaspersky KAV 4.5.0.58
MicroWorld Software eScan 10,1,0,2
SOFTWIN BitDefender Standard Edition 7.1
Sophos Anti-Virus 3.74
VirusBuster 4.4 Build 2
Symantec SAV Corporate Edition 8.1.0.25
Trend Micro ServerProtect 5.56 Build (1007)


DrWeb, SAV (Symantec) and NOD32 scored 100% in all categories.


tECHNODROME

these results are not published on the website ::)
how could u find it? ???

,inacross - Check the following URL. :)

http://www.google.ca/search?q=Bulletin+for+Anti-virus+awards&ie=UTF-8&oe=UTF-8&hl=en&btnG=Google+Search&meta=

Who Failed?

Hello Technodrome

The url is a google hit list. Where on the list is your reference?

I got my sources. :D ;)



tECHNODROME

-{ Quote: " quoting: Straight Shooter link=board=24;threadid=15618;start=0#msg97289 date=1067552724]
Who Failed?

" }-
Alvil Awast 4.1.29
Ca e Trust Antivirus 7.0.139 - false possitive issue
GDATA Antivirus Kit 12.0.5 - false possitive issue
Norman Virus Control 5.60.13
NWI Virus Chaser 5.0

-{ Quote: " quoting: Technodrome link=board=24;threadid=15618;start=0#msg97402 date=1067600866]
I got my sources. :D ;)
" }-
Only hint i need to guess on the source, does it start with http or https? ;)

-{ Quote: " quoting: mrtwolman link=board=24;threadid=15618;start=0#msg97426 date=1067610351]
-{ Quote: " quoting: Straight Shooter link=board=24;threadid=15618;start=0#msg97289 date=1067552724]
Who Failed?

" }-
Alvil Awast 4.1.29
Ca e Trust Antivirus 7.0.139 - false possitive issue
GDATA Antivirus Kit 12.0.5 - false possitive issue
Norman Virus Control 5.60.13
NWI Virus Chaser 5.0

" }-

CA eTrust using InoculateIT or Vet engine ? ???

To Minacross from Firefighter!

If u looked at the Technodrome list u can see that Vet passed. Don't worry, I'll bet that Inoculate engine missed less than Vet engine! One or some false positives doesn't mean so much when the real detecting rate is one of the very best!

In my mind the 100% VB Award has lost it's purpose, when the real detecting rate has nothing to do with the Award.

If you can wait some days or so the VirusP test is published, because the tests have been done some days ago.


"The truth is out there, but it hurts!"

Best regards,
Firefighter!l

> In my mind the 100% VB Award has lost it's purpose, when the real detecting rate has nothing to do with the Award.

That's in your mind Firefighter ... but it's obvious that you live in a fantasy world of your own creation.

Name one test that, in your "expert" opinion, is conducted with the same bulletproof methodology to the same exacting standards with the same degree of professionalism as the VB100 ... and this time try to come up with something valid ... to date, all your quoted facts and figures have been from tests by VXers and low-credibility wannabes using "virus" samples of doubtful provenance.

Have you ever wondered why no reputable antivirus expert ... not even those employed by vendors who don't win the VB100 Award ... agrees with either your "findings" or your view of Virus Bulletin ?

"The truth is in there ... if you can understand it!"

To Rodzilla from Firefighter!

Thank's for telling me about my fantasy world.

After that u said of course I'll choose Hauri and not maybe KAV because Hauri has won the VB award in Windows XP june 2003. Look at the link:

http://www.wilderssecurity.com/showthread.php?t=9829;start=60

It doesn't mean anything that KAV missed only ONE SAMPLE W32/Etap but found ALL those other 28 SAMPLES that W32/Etap and all other samples too but made unfortunately one false positive.

Hauri missed totally 11 368 samples but made no false positive, so of course it was better.

I mentioned that VirusP 11-2003 test in this case only because looking at those two tests, VB and VirusP, you can see which is better, VET or Inoculate engine!


"Truth is out there, but it hurts!"

Best regards,
Firefighter!

To Rodzilla from Firefighter!

U said. "Have you ever wondered why NO reputable antivirus expert ... not even those employed by vendors who don't win the VB100 Award ... agrees with either your "findings" or your view of Virus Bulletin?"

Look at this CA site:

http://www.my-etrust.com/products/Antivirus.cfm

About ICSA Certification:

"Several independent third parties test and certify antivirus software. THE MOST WIDELY RECOGNIZED ORGANIZATION is the International Computer Security Association (ICSA). To be certified by the ICSA, the software must detect 100% of viruses "in the wild" (in general distribution), and AT LEAST 90% of the more than 6000 test viruses. All versions of eTrust EZ Antivirus are ICSA-certified. The test results are available on the web at www.icsa.net"

When my opinion is that VB isn't the best av-tester, after this above I'm not alone!

PS. Have u seen many personal insults I have written?


"The truth is out there, but it hurts!"

Best regards,
Firefighter!

-{ Quote: " quoting: Firefighter link=board=24;threadid=15618;start=0#msg97682 date=1067675320]
I mentioned that VirusP 11-2003 test in this case only because looking at those two tests, VB and VirusP, you can see which is better, VET or Inoculate engine!

" }-

Firefighter!,

what is VirusP? is it this site: http://users.forthnet.gr/ath/antwnhspetrakhs/index2.html? ::)

regards,
Mina

Veritas Non Visum

> Thank's for telling me about my fantasy world.

You're welcome. I hope it encourages you take a closer look at yourself.

> After that u said of course I'll choose Hauri and not maybe KAV because Hauri has won the VB award in Windows XP june 2003. Look at the link:

Now you're just being silly.

To Minacross from Firefighter!

There is allways Google search u can use with!


Best regards,
Firefighter!

Ymmärtää totuus kanssa aivot ei jalka sisäinen suu.

> U said. "Have you ever wondered why NO reputable antivirus expert ... not even those employed by vendors who don't win the VB100 Award ... agrees with either your "findings" or your view of Virus Bulletin?"

> Look at this CA site:

Where does Computer Associates say "the 100% VB Award has lost it's purpose, when the real detecting rate has nothing to do with the Award." ?

I must have missed that bit.

> When my opinion is that VB isn't the best av-tester, after this above I'm not alone!

I recall someone ... it may even have been you ... saying that Eset quotes Virus Bulletin because it's the only test in which NOD32 excels. Should you not consider "All versions of eTrust EZ Antivirus are ICSA-certified." in the same light ?

Your anti-NOD32 arguments are, and always have been, sheer puffery anyway. In addition to holding the world record in VB100 awards, NOD32 is also ISCA-certified ... and NOD32 is the first (and to date, the only) antivirus program in the world with Checkmark certification for Windows 2003 Server.

> PS. Have u seen many personal insults I have written?

I hope you don't think I'm being personally insulting. I'm merely doing exactly as you do ... ie: pointing out facts and asking questions.

To Rodzilla from Firefighter!

I'm not gonna to join with that NOD debat because I think it is OT just now!

When I showed some links of different av-tests, my only purpose was to make wider the viewpoint of different av:s capability to detect malwares so that someone can evaluate their choices, no more or less. When someone says that VB isn't the nr. 1 tester found in the web, is there something bad in it?


"The Truth is out there, but it hurts!"

Best regards,
Firefighter!

To QSection from Firefighter!

I appreciate your finnish spelling but can you say that in english too that everyone can see what you said!


Best regards,
Firefighter!

To Rodzilla from Firefighter!

Am I wrong when I think that I am a sort of pain in someones a....?

I would recommed Asacol suppositories, they will cure some pains in that section!


Best regards,
Firefighter!

Guys, would you mind stop this >:(

> When someone says that VB isn't the nr. 1 tester found in the web, is there something bad in it?

Firefighter, you go out of your way to seek out shonky tests in which NOD32 performed badly ... then you tout those tests as Gospel Truths and blindly refuse to accept that they have little or no standing in the antivirus industry.

You once said "Unfortunately av-test.org and VirusP are almost only testers that have enough wide virusbase to get all programs collapse. If we leave those two testers completely outside, what we have left? I think it is only VirusBulletin with those so called in the Wild viruses, which are far away from that wideness that those two have in their tests." ... but now you've changed your tune and say ICSA is the #1 antivirus tester because CA says so ?

Well .......... so what ? NOD32 HAS ICSA CERTIFICATION !!!

Granted, NOD32 doesn't do well in av-test.org and VirusP tests ... but even if NOD32 was rated #1 in those tests, I would not pay them any attention BECAUSE THEY HAVE NO CREDIBILITY!

The way you babble on, one would think that Virus Bulletin was the only tester in the world to ever rate NOD32 highly ... but that's nowhere near the truth. You can tout all the shonky tests you wish, but the fact is, the three awards with the highest credibility in the antivirus industry are Virus Bulletin, ICSA, and Checkmark ... and no matter which way you shuffle them, NOD32 IS CERTIFIED BY ALL THREE!

you do not get the point rod.. vb, icsa etc are well known and undisputed authorities in this field, but they have nothing to do with how efficient an av program is stopping malware in HOME USERS PC'S... THESE ARE ALL DESIGNED FOR THE CORPORATE WORLD. in a perfect world itw virii would be the only thing corporate admins ought to be worried about... and i understand perfectly why vb puts so much meaning to false positives, it's a lot of work for an admin if suddenly there is 1000 workstations reported infected and it turns out to be a false positive... could be very well that a change of av proggie is in order..
but why is it inportant for av companies to do well in vb? it's because the really influential people in the business, the security people of LARGE companies subscribe it and read it... they buy the software.. and a hundred thousand licenses sold makes a difference.. the corporate money is the important money in this business. vb statistics are important to them coz with 100000 workstations in corporate networks in the wild viruses are the most common threat, and with these amounts of pc's there is room for a statistical approach

the wildlist viruses are just a small caption of the malware ready to infect a home user, yet it's what vb icsa and checkmark are all about..
so what i'm saying is that these tests mentioned by ff represent more the true situation a general home users faces, with trojans and stuff in the testsets, that's why they're valuable, there doesn't even have to be a hint of scientific research in them ...

@ilukka

i completely agree with you

By the way, rodzilla should be less agressive with anyone who says "NOD32 is not the best"

To Rodzilla from Firefighter!

People don't hate the one so much who hurts somebody or not the evil itself than the one who mentioned that by name!

In my mind NOD is going to the right way just now despite of that you denied all the other tests than VB, which we have seen in the web. It has quite good unpacker engine nowadays, the updates are very wide just now and it has hired one famous developer against trojans recently. So why you took that NOD issue to this discussion when I said something about CA Vet and Inoculate engines?


Best regards,
Firefighter!

-{ Quote: " quoting: illukka link=board=24;threadid=15618;start=15#msg97767 date=1067702041]
and i understand perfectly why vb puts so much meaning to false positives, it's a lot of work for an admin if suddenly there is 1000 workstations reported infected and it turns out to be a false positive... could be very well that a change of av proggie is in order.." }-
I would think if my av had to meet corporate standards in terms of false positives, for me as a home user, that would be great.. What's wrong with that?

-{ Quote: " quoting: illukka link=board=24;threadid=15618;start=15#msg97767 date=1067702041]
the wildlist viruses are just a small caption of the malware ready to infect a home user, yet it's what vb icsa and checkmark are all about..
so what i'm saying is that these tests mentioned by ff represent more the true situation a general home users faces, with trojans and stuff in the testsets, that's why they're valuable, there doesn't even have to be a hint of scientific research in them ...
" }-

THat may be so, but again, only Symantec and ESET scored 100% in all catagories.. Now with Andreas on board, maybe NOD32 will get better with trojan detection, and other malware, maybe not... ...who knows...?

-{ Quote: " quoting: illukka link=board=24;threadid=15618;start=15#msg97767 date=1067702041]
in a perfect world itw virii would be the only thing corporate admins ought to be worried about... " }-

ITW viruses are the REAL thread to Home User and Corporate users. I've been computing for very long time, received many ITW and never ZOO. If you download cracks or keygens or Warez no av will be perfect for you. So, Yes ITWs viruses are more realistic then non-ITWs.

-{ Quote: "and i understand perfectly why vb puts so much meaning to false positives, it's a lot of work for an admin if suddenly there is 1000 workstations reported infected and it turns out to be a false positive... could be very well that a change of av proggie is in order.." }-

Yes, and imagine home user (newbie) deleting Critical windows file because of FA.

-{ Quote: "the wildlist viruses are just a small caption of the malware ready to infect a home user, yet it's what vb icsa and checkmark are all about.." }-

ITW viruses are the problem. They present danger to anyone. If you see statistical info you will see where the real deal is.

VB shows how specific AV is able to deal with polymoric viruses and all bugs that specific AV had during test (ie. able to detect virus on demand but not on- access and so forth).


Again, if you don't download Warez or use cracks or Keygen, there is a small chance for you to get infected.


tECHNODROME

-{ Quote: " quoting: Technodrome link=board=24;threadid=15618

ITW viruses are the REAL thread to Home User and Corporate users. I've been computing for very long time, received many ITW and never ZOO. If you download cracks or keygens or Warez no av will be perfect for you. So, Yes ITWs viruses are more realistic then non-ITWs






tECHNODROME

-{ Quote: "" }-
With all that Computing experience could you reveal your top five Antiviruses?
Regards
Tim

To Technodrome from Firefighter!

If I understood right, here is the top 20 according to Kaspersky.

http://www.viruslist.com/eng/index.html?tnews=1001&id=158302

So what kind of infections are the most common ones on that list?


Best regards,
Firefighter!

Aren't they listed there?


tECHNODROME

-{ Quote: " quoting: TAG97 link=board=24;threadid=15618;start=15#msg97798 date=1067709547]
With all that Computing experience could you reveal your top five Antiviruses?
Regards
Tim
" }-

My all time favorites in terms of performance and detection:

KAV and Clones
NOD32
F-Prot & CSAV (Command)
DrWEB


tECHNODROME

@technodrome
i'm not doubting your computing experience..but i doubt what you're saying..you seem to completely ignore trojans etc..and kazaa

since kazaa and it's clones nowadays account for 70% of ALL network traffic( i just read this in a pc mag) it seems that there's more to worry than itw virii.. if you want to do a little checking, check kaspersky's list or even symantec's list

-{ Quote: " quoting: Technodrome link=board=24;threadid=15618;start=15#msg97781 date=1067706733]
ITW viruses are the REAL thread to Home User and Corporate users. I've been computing for very long time, received many ITW and never ZOO. If you download cracks or keygens or Warez no av will be perfect for you. So, Yes ITWs viruses are more realistic then non-ITWs.
" }-

I could not agree more. Your AV HAS to catch a VERY HIGH percentage of ITW--and CONSISTENTLY. That's the MINIMUM any AV should do, IMO. Detection of other threats should be a high priority, but ITW detection is the most important job an AV has--again IMO.

-{ Quote: "
Yes, and imagine home user (newbie) deleting Critical windows file because of FA.
" }-

Amen.

The VB tests measure important qualities for the corporate user, but they are no less important for the home user.

To Technodrome from Firefighter!

I am a bit of curious how AVK 12 Pro missed VB 100% Award with false positives when KAV, eScan an F-secure passed.

When I told some months ago that M$ will stop testing RAV in VB, was that because of RAV engine false positive that AVK missed because in my mind the samples are quite old (over a week or so) in VB tests so there couldn't be any update delay in this case?

An other thing is that to everyone. I didn't mean ICSA is the best tester available, only that CA thinks that VB isn't the nr. 1 but ICSA is that in their mind! For me the posive thing about ICSA tests is that the av:s have to detect 90% of those 6 000 infections, which is almost four times bigger that is in the VB "Zoo" tests (some 1 600 different virus names).

By the way, checkvir.com 8-2003 has over 3 800 different infections (50 polymorphics when VB has 43 in June 2003) , so it isn't so bad either!

Best regards,
Firefighter

-{ Quote: " quoting: Firefighter link=board=24;threadid=15618;start=30#msg97805 date=1067710337]
To Technodrome from Firefighter!

If I understood right, here is the top 20 according to Kaspersky.

http://www.viruslist.com/eng/index.html?tnews=1001&id=158302

So what kind of infections are the most common ones on that list?


Best regards,
Firefighter!
" }-

The most common ones in that list are ITW.
Is that your point?

To JimIT from Firefighter!

My point was that were they ALL in that "in Wild list" and were they Viruses, Worms, Trojans, Backdoors, Exploits or something else, because I belong to the common people and can't recognize that.


Best regards,
Firefighter!

I believe its important to have other testings done . No one or one organisatiion is beyond fault hence the reason for "layered defence" as so many experts recommend. So i welcome the other tests that are becoming more available and more respected. Those anti virus companies that dont allow such tests when other "respectable" conpanies do so , will maybe have to pay the price over time , of seeming to be selective to the extent that it may look as if they are afraid of such independant testing .

-{ Quote: " quoting: Firefighter link=board=24;threadid=15618;start=30#msg97856 date=1067721712]
To JimIT from Firefighter!

My point was that were they ALL in that "in Wild list" and were they Viruses, Worms, Trojans, Backdoors, Exploits or something else, because I belong to the common people and can't recognize that.
" }-

You are not "common", FF--you are extraordinary!! ;)

The answer to your question is: all of the types of malware you mention above are represented in the WildList, or supplements to the WildList.

And, in fact, (and someone correct me if I'm wrong) it appeared that all of the Kaspersky 20 are in the WildList or a WildList supplement.

To JimIT from Firefighter!

I'll take that extraordinary as a compliment for me!

Best wishes!


Best regards,
Firefighter!

How much more information does subscribing for VB100% give you?

-{ Quote: " quoting: illukka link=board=24;threadid=15618;start=30#msg97831 date=1067714986]
@technodrome
i'm not doubting your computing experience..but i doubt what you're saying..you seem to completely ignore trojans etc..and kazaa

since kazaa and it's clones nowadays account for 70% of ALL network traffic( i just read this in a pc mag) it seems that there's more to worry than itw virii.. if you want to do a little checking, check kaspersky's list or even symantec's list
" }-

I don't ignore anything. ;)

Its just that (as I mentioned) cracks, keygens and various warez from Kazaa and clones is very dangerous and illegal (of course). You’ll get infected no matter what av program you use. By using common sense engine you’ll be able to avoid this ugly situation. What can you expect from file named MS Office.exe in length 44 Kb? A retail version of MS Office ( which is more then 400 MBs)?

Its true that KAV will detect more malware then any other AV. If people use Kazaa to get warez, cracks and keygens, KAV would be their best bet. But not everyone is Kazaaing or downloading questionable codes.

I think discovering a new ITW virus without adding signatures is more important then detecting 100,000 ZOO viruses. This could save a load of $$$ to corporations or time and pain to home user.


tECHNODROME

we agree on the zoo viruses, yes!
detecting them is rubbish, as generally is detecting trojan editservers etc.. programs like pest patrol even detect help files of trojans as malware...
when i mention kazaa i'm not even talking about warez.. i'm talking about music, pr0n and stuff which every teenager wants to get out of kazaa...btw i read somewhere that kazaa has 250 million users..not all of them are after warez..
i'm talking about instant messengers, and the files that get transferred there, irc etc.. there's a whole lot of nasties not found on the ITW list...

here is symantec's latest threats page.. some of these you can actually find in the ITW list but most of them not.. http://www.sarc.com/avcenter/vinfodb.html

-{ Quote: " quoting: illukka link=board=24;threadid=15618;start=30#msg97893 date=1067729000]
when i mention kazaa i'm not even talking about warez.. i'm talking about music, pr0n and stuff which every teenager wants to get out of kazaa...btw i read somewhere that kazaa has 250 million users..not all of them are after warez.." }-
70% of them don't use AV at all. ;)

-{ Quote: " there's a whole lot of nasties not found on the ITW list..." }-

Sure. But many AV will detect more then whats on the ITW list.

tECHNODROME

great! now we agreed on the fact that there's more threats than on the ITW list... what more there is to argue....

-{ Quote: " quoting: Firefighter link=board=24;threadid=15618;start=30#msg97847 date=1067720271]
To Technodrome from Firefighter!

I am a bit of curious how AVK 12 Pro missed VB 100% Award with false positives when KAV, eScan an F-secure passed. " }-

VB tests every av with default settings. By default AVKs heuristic is on so this could be cause of FA.


-{ Quote: "An other thing is that to everyone. I didn't mean ICSA is the best tester available, only that CA thinks that VB isn't the nr. 1 but ICSA is that in their mind! For me the posive thing about ICSA tests is that the av:s have to detect 90% of those 6 000 infections, which is almost four times bigger that is in the VB "Zoo" tests (some 1 600 different virus names). " }-

I don't know about that but ICSA is quite different from VB. If av fails ICSA test, av vendor is informed about what’s missed and why is missed. After av vendor fix the problem, product is resubmitted to ICSA for retesting .


tECHNODROME

What's often forgotten amid arguing about ITW and the 100% awards is that VB also tests for zoo viruses. (Although perhaps not 13 yr old DOS viruses that may not even work on today's modern systems. ;) )

For a normal user the VB zoo results bear looking at as well since not all 100% ITW award winners are created equally, as often pointed out, when one looks at the zoo results. Although the VB tests don't (as far as I'm aware) cover Trojans. So there is that to also consider.

It seems to me though that some of the other AV tests (and certainly some of the VX collectors' recent "tests" we've recently seen) frequently are more of a database comparison rather than a test of protection against things most likely to be encountered in normal use by ordinary users. And therefore these tests may be of somewhat dubious value in suggesting what is the best for day to day AV protection against probable threats. What any test reveals of significance can only be judged (IMO) with an understanding of what and how the test is performed, what they are really testing for and what are the kinds of threats you are most likely to actually encounter given your behavior and use. A collector or a clever fellow can always whip out something that one's AV or even AT may not detect. But is such a feat a display to confound people or a significant revelation of a real weakness in protection against probable threats?

As for trojans and Kazaa, IRC, etc and for those engaged in known risky behaviors, one might suggest that even the great KAV with its capacious database may not be 100% all the time. Thus many people including KAV and McAfee users also use an AT. For coverage against trojans, an AT specific app would be recommend and not just an AV. Although many (if not most) of those engaged in such risky behavior don't have a clue and may not use any AV or at most may use whatever freeware is available.

Deciding what AV to use is not simply a matter of looking at tests and thinking all tests are testing for the same thing and are relevant to one's use. Same for AV's. Does one need protection primarily from the latest likekiest threats or against the whole kitchen sink which includes things one may never encounter? Which is best for you given your use? What's best for you and best for me may not be the same. Still, it makes sense to use an AV that does well on VB ITW tests (although of course I wouldn't rule out AV's that miss one in the VB ITW due to technical reasons) and preferrably one that also does well on the VB Zoo tests.

But I also don't freak when people are trying to scare others with MS DOS clunkers or VX collections available via the internet. Any more than I go to the doctor with flu symptoms and insist he/she test for Lassa fever. ;)

For VS: subscribing to the VB gives one the detailed test info and results, and the mag articles in a timely fashion. Otherwise, one waits for the archived magazines to be available on the website. By then new tests/editions of the mag are out. Due to the cost of subscription the mag is directed toward IT/AV professionals who have it as a business expense, usually paid for by the employer. It's not really something for the average home user unless he/she is interested and have a lot of money and the inclination to spend it on such things.

-{ Quote: " quoting: illukka link=board=24;threadid=15618;start=15#msg97767 date=1067702041]
you do not get the point rod.. vb, icsa etc are well known and undisputed authorities in this field, but they have nothing to do with how efficient an av program is stopping malware in HOME USERS PC'S... " }-

MALARKEY! ;D

If that's the case, then why don't AV companies leave the ICSA and 100% logos--IF they can even achieve it-- OFF their home products??? They don't!

-{ Quote: "
and i understand perfectly why vb puts so much meaning to false positives, it's a lot of work for an admin if suddenly there is 1000 workstations reported infected and it turns out to be a false positive...
" }-

You are ABSOLUTELY correct on that point! ;)

-{ Quote: "
but why is it inportant for av companies to do well in vb? it's because the really influential people in the business, the security people of LARGE companies subscribe it and read it... they buy the software.. and a hundred thousand licenses sold makes a difference.. the corporate money is the important money in this business. vb statistics are important to them coz with 100000 workstations in corporate networks in the wild viruses are the most common threat, and with these amounts of pc's there is room for a statistical approach
" }-

Well, I don't subscribe, but I am a network admin, and you are correct: There is room for a statistical approach. And my statistics tell me that EVERY piece of malware caught by the AV I use at work (NAV) in the last TWO YEARS--on two networks composed of over 200 computers--was an ITW piece of malware.

-{ Quote: "
the wildlist viruses are just a small caption of the malware ready to infect a home user, yet it's what vb icsa and checkmark are all about..
" }-

No, the wildlist is made up of the malware having BY FAR the GREATEST LIKELIHOOD of infecting a home user. There's a big difference there.

-{ Quote: "
so what i'm saying is that these tests mentioned by ff represent more the true situation a general home users faces,
" }-

No offense, but no they don't. ;)

They do not "represent more the true situation a general home user faces". They do not even represent the "true situation" 95% of ALL computer users face, IMO.

Again, the ITW stuff is BY FAR the most important crud your AV should detect. ;)

-{ Quote: " quoting: illukka link=board=24;threadid=15618;start=45#msg97902 date=1067731616]
great! now we agreed on the fact that there's more threats than on the ITW list... what more there is to argue....
" }-

Driving a car could be threat. Driving while intoxicated, a life threatening event. ;)


tECHNODROME

> the wildlist viruses are just a small caption of the malware ready to infect a home user, yet it's what vb icsa and checkmark are all about..

This is where you, and Firefighter, and many other forum users, fall off the rails.

Virus Bulletin, Checkmark, and ICSA do not test only against In the Wild viruses ... they also test against "zoo" viruses.

However, the "zoo" viruses used in Virus Bulletin, Checkmark, and ICSA tests have been individually checked and validated as infectious.

VXers and wannabe "virus experts" test antivirus programs against mountains of crud of unknown provenance ... rubbish files which they think are live viruses ... and this makes their test results worthless.

> so what i'm saying is that these tests mentioned by ff represent more the true situation a general home users faces, with trojans and stuff in the testsets,

Even if a collection didn't contain a heap of non-viral crud, and 100% of the samples had been tested and verified as live viruses, where is the "true situation" representation in a test score of 11.77% for TDS3, a highly rated anti-Trojan program, if it is tested against anything except Trojans ?

> that's why they're valuable, there doesn't even have to be a hint of scientific research in them ...

Such tests have zero value in the antivirus world. They invariably produce highly misleading results because the testing methodology itself is fatally flawed and can produce nothing else.

99.67% detection of 50795 malware samples is a very impressive score by anyone's standards ... the kind of score marketroids love to trumpet loudly in promotional material.

Q. Why doesn't F-Secure boast that their product was rated #1 in VirusP's last test ?

A. Because F-Secure knows the test results are worthless, and that they would be ridiculed by every professional AVer in the world if they quoted it.

It's not just me who thinks VX and wannabe "virus expert" tests are worthless, btw ... the whole antivirus industry thinks they're worthless!

You're free to believe whoever and whatever you like. The choice is yours.

> In my mind NOD is going to the right way just now despite of that you denied all the other tests than VB, which we have seen in the web.

You have never seen me "deny all the other tests than VB" ... if you care to check you will find that NOD32 has won numerous awards other than the VB100.

What you have seen is me say that Virus Bulletin tests are way ahead of the crap "tests" you persist in ramming down everyone's throats.

As far as "going the right way" ... sure, adding crud detection shut the anti-NOD32 gang up ... but it was the easy way out. I would have preferred to expose the shonky tests for what they were.

> ITW viruses are the problem. They present danger to anyone. If you see statistical info you will see where the real deal is.

You're right! Not long ago a check of the millions of infected emails intercepted by MessageLabs revealed that every single virus was an In the Wild virus.

> since kazaa and it's clones nowadays account for 70% of ALL network traffic

That's a little misleading. Perhaps with millions of people downloading billions of files several megabytes in size, 70% of all kilochr traffic is down to Kazaa and other P2P networks ... but by far the biggest percentage of individual item traffic is email, with its ugly sister spam running second.

Guess what ... over 95% of all viruses today are email-borne. :)

> Those anti virus companies that dont allow such tests when other "respectable" conpanies do so , will maybe have to pay the price over time , of seeming to be selective to the extent that it may look as if they are afraid of such independant testing .

Please point me to a "respectable" antivirus vendor who allows, quotes, praises, or even acknowledges as being anything other than worthless, an antivirus product test by a VXer.

I've been hearing the "Eset only ever quotes Virus Bulletin because it's the only test in which NOD32 does well" story from a small group of dedicated NOD32 bashers for the past two or three years. It was ******** the first time I heard it, and it's ******** now.

NOD32 has won many awards from many sources.

Virus Bulletin happens to be the source with the most "clout" in the IT Security world.

NOD32 holds the world record of 24 x VB100 awards.

Why would we not quote it ?

Do you think that if another antivirus vendor had 24 x VB100s, they wouldn't quote Virus Bulletin instead of ICSA or Checkmark or whoever ?

I've regarded Virus Bulletin as the world's best and fairest independent antivirus product tester since 1989 ... long before I became involved with NOD32 ... and I would continue to regard it as such even if NOD32 came dead last in its testing.

I know VB's testing methodology is squeaky-clean. Can you say the same about the "independent tests" to which you refer ?

> OK, bear with me, I'm a bit out of the loop. Is NOD32 not particularly good at worm and trojan detection?

Not according to some of the "virus gurus" who flog their "expertise" in security forums. :)

The terms "worm" and "virus" are to some degree interchangeable, and are often used to describe the same piece of malware. In simplistic terms, a virus infects files on your computer or network, while a worm spreads from your computer to other computers via the Internet. Pedantically, a Trojan is a program which purports to do (and may actually do) one thing while surreptitiously doing something else.

NOD32 specializes in virus detection, but it does detect many (if not most) common Trojans.

Having said that, my personal advice (and the advice of many Wilders regulars who know what they're talking about) is to "layer" your protection by using programs dedicated to detecting Trojans, spyware, backdoors, keyloggers, browser hijackers, etc, in addition to an antivirus program. (Javacool has made several good anti-* programs available on the Wilders Security website.)

I think you will find that most anti virus co are taking other tests seriously .



http://www.f-secure.com/news/awards/

I could bore myself by searching thru all the top anti virus home pages and listing the incredible amount of merits and awards from so many various sources but i shant .

>
NOD32 has won many awards from many sources.

Virus Bulletin happens to be the source with the most "clout" in the IT Security world.

NOD32 holds the world record of 24 x VB100 awards.

Why would we not quote it ? <

Possibly because a leading software company can also quote that and more .
> eTrust Antivirus has been certified by ICSA Labs and West Coast Labs, and CA has received a record 33 Virus Bulletin “VB 100%” awards for detecting 100% of viruses “in-the-wild.” http://www3.ca.com/press/PressRelease.asp?CID=51948

and they give it away half the time for free

anyways i do not feel arguments are the way . I shant
be joining http://www.noddy.com/fun/default.asp?NavGID=3

> By the way, rodzilla should be less agressive with anyone who says "NOD32 is not the best"

You can say "NOD32 is not the best" all you like, with no risk of me becoming "aggressive", provided you can back up that statement with proof.

The only "proof" of NOD32's inferiority I've ever seen in security forums has been drivel based on the results of demonstrably flawed "tests" conducted by VXers and wannabes and self-touted "professionals" with zero knowledge of proper antivirus testing methodology ... posted by people who will believe anything they read as long as it rubbishes NOD32.

> I think you will find that most anti virus co are taking other tests seriously .

> http://www.f-secure.com/news/awards/

Sorry ... I can's see any reference to F-Secure winning VirusP's last "test" ... and that and similar "tests" was what we were discussing.

> I could bore myself by searching thru all the top anti virus home pages and listing the incredible amount of merits and awards from so many various sources but i shant .

I'm sure you could ... but one Virus Bulletin award is woth more than ten "Poopsville Gazette" awards.

> NOD32 holds the world record of 24 x VB100 awards.

> Why would we not quote it ? <

> Possibly because a leading software company can also quote that and more .
>> eTrust Antivirus has been certified by ICSA Labs and West Coast Labs, and CA has received a record 33 Virus Bulletin “VB 100%” awards for detecting 100% of viruses “in-the-wild.” http://www3.ca.com/press/PressRelease.asp?CID=51948

A nice squirt of marketroid snake oil if ever I saw one!

CA's 33 x VB100 are divided between two products ... neither of which comes anywhere near NOD32's 24 x VB100.

I can say, sans snake oil and slippery marketroid fact-tweaking, "NOD32 has been certified by ICSA Labs and West Coast Labs, and Eset has received the world record of 24 Virus Bulletin “VB 100%” awards for detecting 100% of viruses “in-the-wild” with one product."

> and they give it away half the time for free

Go for it if you think the price is right.

Looking at the worldwide Statistics recently ( I have to try and find them but i shall ) , showed that the top 5 big companies worldwide do about 95% of the business in the computer security (anti virus etc)
. 5% is done
by rest ( smaller companies such as Nod etc) . Why would that be ? Do you think they also dont believe in the VB awards . These are very commercial companies and there clients are companies and businesses that surely must take advice from those who are skilled in order to be successful. Maybe they dont believe or subscribe to VB either.

> Looking at the worldwide Statistics recently ( I have to try and find them but i shall ) , showed that the top 5 big companies worldwide do about 95% of the business in the computer security (anti virus etc)

More people drive Volkswagens than Ferraris. So what ?

I'm not trying to convince you to buy NOD32 ... or a Ferrari.

I hope this thread doesn't turn sour like many 'Nod32 v The World' threads have before.

For me Nod32 hasn't let me down once in all the time I've used it, that means more to me than any tests and reports. If it ever lets me down then I'll look at why it did and maybe look around, but it hasn't.
They say "if it aint broke dont fix it"
Well it 'aint broke'

Just my opinion. And I hope this thread can stay friendly.

:)
Kev

Solarpowered Candle, I'm not clear on what your point is with your last comment. But I'd say that a significant percentage of the world's top AV's (in market sales) is represented on the VB's advisory board:

http://www.virusbtn.com/magazine/overview/advisory/

Pavel Baudis, Alwil Software, Czech Republic
Ray Glath, Tavisco Ltd, USA
Sarah Gordon, WildList Organization International, USA
Shimon Gruper, Aladdin Knowledge Systems Ltd, Israel
Dmitry Gryaznov, Network Associates, USA
Joe Hartmann, Trend Micro, USA
Dr Jan Hruska, Sophos Plc, UK
Jakub Kaminski, Computer Associates, Australia
Eugene Kaspersky, Kaspersky Lab, Russia
Jimmy Kuo, Network Associates, USA
Costin Raiu, Kaspersky Lab, Russia
Péter Ször, Symantec Corporation, USA
Roger Thompson, PestPatrol, USA
Joseph Wells, Fortinet, USA

For the benefit of those who missed it, note that Eset is not represented in the list sig just posted. Remember this for the next time some know-nothing VX clown whines about Virus Bulletin stacking the deck in favor of NOD32.

Actually the thread has nothing really to do with nod so much at all . Perhaps it was taken as such earlier on from a comment from firefighter who was referring to something else ( Vet ).

Sig my point is to Rod and its quite obvious what i was referring to . And I doubt whether actually those you mention are in the catogry that i mentioned . Most are in that 5% catogry from the look at there associations.
The only exception, I believe, is the association with Symantic and CA associates who are in that 95% cata gory . Anyways this thread has gone off on a slight bender and I appologise for maybe having contributed towards that .

> I hope this thread doesn't turn sour like many 'Nod32 v The World' threads have before.

This isn't a "NOD32 vs The World" thread, Tinribs ... it's a "Rod vs All The Gullible People Who Believe In The Validity Of Shonky Antivirus Product Tests And Think Virus Bulletin Is A Shill For NOD32" thread.

> For me Nod32 hasn't let me down once in all the time I've used it, that means more to me than any tests and reports.

You may have heard that Australia is in Email Hell thanks to a huge problem Telstra (our main telecomms carrier) had with Swen.A ... a worm which did not infect one single NOD32 user anywhere in the world.

Despite all the negative "NOD32 missed 27356 viruses in my collection" crap you read in security forums, NOD32 seldom lets anyone down in the real world.

NOD32 isn't perfect ... but it's not one tenth of one percent as bad as certain people seem to spend every waking moment trying to convince everyone else it is.

> Just my opinion. And I hope this thread can stay friendly.

It probably won't. I have a low tolerance threshold for people who won't admit they're wrong when presented with irrefutable evidence ... and there are a lot of those around.

> Actually the thread has nothing really to do with nod so much at all . Perhaps it was taken as such earlier on from a comment from firefighter who was referring to something else ( Vet ).

Read your history and it will become obvious that Firefighter takes potshots at Virus Bulletin for no reason other than the fact that Virus Bulletin tests put NOD32 at the top of the mountain ... and he heaps praise and adulation on any test that doesn't.

> Sig my point is to Rod and its quite obvious what i was referring to . And I doubt whether actually those you mention are in the catogry that i mentioned . Most are in that 5% catogry from the look at there associations.

ROFL

NAI and Symantec between them sell more antivirus product than the rest of the industry combined ... and I don't think Trend Micro, Kaspersky Lab, and your favorite shill Computer Associates would take too kindly to being dumped in your "low 5%" category either.

Considering 95% of fortune 500 companies use CA associates and there software i can understand your comment .
I can understand you being defensive over any comments you feel are being directed against some thing you support strongly . however much you have milked this thread for it .
I dont have a problem with any product that helps keep our systems clean and tidy .

-{ Quote: " quoting: solarpowered candle link=board=24;threadid=15618;start=60#msg98013 date=1067769498]
Considering 95% of fortune 500 companies use CA associates and there software i can understand your comment .
" }-

Lets me just say that fortune 500 Companies is a list of the 500 largest USA corporations. European, Australians, Asian & Middle East companies are not included here. So your info is only for USA and not the rest of world.


tECHNODROME

Well CA has various products, not just an AV. So without some info about what quoted numbers represent by product and function, the significance and applicability isn't dead on clear. (And Fortune 500 companies never get hit by viruses? Actually they do and it occasionally makes it into the press although they certainly don't like to publicize it for obvious reasons.)

According to Trend Micro their enterprise solutions have been adopted by over one-third of the Fortune 500 companies. (So CA has 99% of the Fortune 500, according to CA, while TM claims over 33%. Neat numbers.) Network servers and internet gateways seem to be their big thing. TM seems to do rather well in overall market share in those areas. My workplace recently switched to Trend Micro but also outsources email protection.

And interestingly, according to a year old Ernst & Young Study, some of those Fortune 500 companies many not be "world class" when it comes to digital security:
http://www.ey.com/global/content.nsf/US/Media_-_Release_-_07-15-02DC Odd, considering the goliath Fortune 500 security software company they appear to have advising them on digital security. ;)

So while talking about Fortune 500 corps that's all fine and dandy, what does that mean for the average home user? Should people toss their AV and pick up Etrust or PC-Cillin instead just because a lot of Fortune 500 corporations use their companies' products? Home use is a different environment than corporate. And even the top corporations evidently don't always do the best job in securing their operations, although one would think they would given the stakes involved and the funds available for them to do so.

If corporate market share should be our guide, what are we to think when big corporations are victimized by new email viruses that some of our so-called "5%" AV's catch before a definition for the virus/worm is even released? Hmn..... ;)

But this thread is supposed to be about November's VB test results, not about Fortune 500 companies. :)

-{ Quote: " quoting: sig link=board=24;threadid=15618;start=60#msg98039 date=1067777221]
But this thread is supposed to be about November's VB test results, not about Fortune 500 companies. :)
" }-

For a sec I thought this was some Wall-Street forum. ;D

Yup. Let’s stay on topic and leave Wall-Street out of this. ;)


tECHNODROME

Most of the USA's big companies and state angencies use Mcaffee
here in the USA, including the company I regretfuly work for IGT.
Both the company and most of the state agencies were hit by all the main last worms. Most of which was caused by their so called IT professionals not updating the SIGs on a regular basis.
and not traning the workers on how to do it themselves.
Most of you know what I think about Mcaffee so I won't go into any of that here again. Now, alot of the state agencies are changing their tune
as to getting a different AV and trying harder to train their employess on safer surfing ;)

Firefighter, you know that VB is not the only virus test organisation, but it is the most important one. This is a fact, or how else do you explain the following:

1. Respected AntiVirus Experts write Reviews and Virus Analyses for VB. Even Andreas Marx from AVTEST.ORG writes VB articles. For instance the last false positive review of certain AV programs.

2. All AV Vendors regard the VB Magazine and the results and reviews with respect. Even if ther own program did not score in this month.

3. VB works together with many other organizations such as wildlist.org. Did you ever hear about a alliance between wildlist.org and other self proclaimed antivirus testers such as ex VX'ers ? I did not.

There is much more knowledge needed than just reading the results and complaining about it. Much more. You have to understand the importance of a missed sample - missing an important sample is much worse than not detecting a bunch of old garbage viruses.

Or speaking about false positives - in a corporate environment you risk a lot of data with false positives. Just think about this - how should a normal user know that this file that is "infected" is clean ? He hits the delete button and your monthly company report is gone, even if it was not infected.

Judging an AntiVirus program's value is not a job for amateurs.

Regards,
Godzilla

Rodzilla, Godzilla, what's next--Modzilla? :P

I don't understand this 95%/5% crap being thrown around. What difference does the size and popularity of a company have to do with the quality and efficacy of its products? I doubt many big-name corporations run BOClean, but that doesn't mean I'm in a rush to uninstall it.

The big-name AV vendors have correspondingly big marketing, advertising, and sales budgets. Mystery solved.

To Rodzilla from Firefighter!

Because my name was quoted too many times I had to react.

You said. > Name one test that, in your "expert" opinion, is conducted with the same bulletproof methodology to the same exacting standards with the same degree of professionalism as the VB100 ... and this time try to come up with something valid ... to date, all your quoted facts and figures have been from tests by VXers and low-credibility wannabes using "virus" samples of doubtful provenance.

Thanks to you calling me "expert" even thus it was in parenthesis but I think that I am only among the common people and customers!

More important than rank av-testers is to find the consensus behind those different tests. Because the capability of av-products is hidden inside all independent tester's results and VB is the one which measures that what it's name is, VIRUSBulletin.

But when you asked, here are some that are including more (malwares too) to detect than VB in alphabetical order.

av-test.org
checkvir.com
Rokop
Virus Test Center; University of Hamburg, Computer Science Department


> Where does Computer Associates say "the 100% VB Award has lost it's purpose, when the real detecting rate has nothing to do with the Award."?

You missed the point. I meant that AWARDING ONLY clean in the Wild detectings with no false positives in the clean file test isn't fair to those very good performers overall.


> Your anti-NOD32 arguments are, and always have been, sheer puffery anyway. In addition to holding the world record in VB100 awards, NOD32 is also ISCA-certified ... and NOD32 is the first (and to date, the only) antivirus program in the world with Checkmark certification for Windows 2003 Server.

Be happy with it. But why you even reply to those sheer puffery makers?


Illukka wrote: "the wildlist viruses are just a small caption of the malware ready to infect a home user, yet it's what vb icsa and checkmark are all about.."


> This is where you, and Firefighter, and many other forum users, fall off the rails.

I have used several av:s and hardly ever have infected with a virus. How I know that? I have scanned my PC with NOD periodically and it hasn't found a single virus! Still I have got several bad things like trojans, worms or exploits etc, by using something else primary av than KAV engined ones. By the way, do you know what does it cost to an average dial-up modem user to update fully your WinXP to make those exploits harmless?


> Firefighter, you go out of your way to seek out shonky tests in which NOD32 performed badly ... then you tout those tests as Gospel Truths and blindly refuse to accept that they have little or no standing in the antivirus industry.

I have not said NOD is the worst available av in the market, I am not a NOD basher if you think so! The only that I tried to say that without KAV engined av, you are in trouble, use KAV at least with your backup because KAV is still the best against trojans and other malware.


> Virus Bulletin, Checkmark, and ICSA do not test only against In the Wild viruses ... they also test against "zoo" viruses

Where Ckeckmark testers use 6 000 different viruses and VB some 1 600 different virus names.


> where is the "true situation" representation in a test score of 11.77% for TDS3, a highly rated anti-Trojan program, if it is tested against anything except Trojans?

TDS3 detecting rate in VirusP 5-2003 against Trojans and Backdoors was 55,17%, not 11.77%, by the way, NOD has 59,70% detecting rate against Trojans and Backdoors in VirusP 5-2003.


> if you care to check you will find that NOD32 has won numerous awards other than the VB100.

Even I can learn something. Now I know where to find other than "Poopsville Gazette" tests!


> but it was the easy way out. I would have preferred to expose the shonky tests for what they were.

My vocabulary in english is growing thank's to you Rod!


> NOD32 specializes in virus detection, but it does detect many (if not most) common Trojans.

And even YOU admit that!!!


> More people drive Volkswagens than Ferraris. So what?

> I'm not trying to convince you to buy NOD32 ... or a Ferrari.

Are you sure about that? By the way, using Ferrari here in Finland during winter time is the greatest joke ever! Does it have a correlation with NOD too in difficult circumtances?


> This isn't a "NOD32 vs The World" thread, Tinribs ... it's a "Rod vs All The Gullible People Who Believe In The Validity Of Shonky Antivirus Product Tests And Think Virus Bulletin Is A Shill For NOD32" thread.

Unfortunately it was only your opininion about those gullible people!


> Despite all the negative "NOD32 missed 27 356 viruses in my collection" crap you read in security forums, NOD32 seldom lets anyone down in the real world.

I can only say that you know a source, from where it is easy to make a false positive test with 27 356 files, the winner we know of course, but let's think that NOD is a reference prog in there. I can help you a bit more, 5 671 clean files from av-test.org 2-2003 and 13 058 clean files from VirusP 5-2003 checked by NOD!


> NOD32 isn't perfect ... but it's not one tenth of one percent as bad as certain people seem to spend every waking moment trying to convince everyone else it is.

It's nice to see that from your keyboard.


> It probably won't. I have a low tolerance threshold for people who won't admit they're wrong when presented with irrefutable evidence ... and there are a lot of those around.

I totally agree the low tolerance! Are you sure that it's a valuable character feature?


> Read your history and it will become obvious that Firefighter takes potshots at Virus Bulletin for no reason other than the fact that Virus Bulletin tests put NOD32 at the top of the mountain ... and he heaps praise and adulation on any test that doesn't.

It's your opinion, unfortunately! Don't you see the correlation between that arrogance of some NOD folks and the reaction of so called NOD bashers as you called them?


> NAI and Symantec between them sell more antivirus product than the rest of the industry combined.... and I don't think Trend Micro, Kaspersky Lab, and YOUR FAVORITE SHILL Computer Associates would take too kindly to being dumped in your "low 5%" category either.

Shill; according to: http://dictionary.reference.com/search?q=shill&r=67

shill ( P ) Pronunciation Key (shl) Slang

n.

One who poses as a satisfied customer or an enthusiastic gambler to dupe bystanders into participating in a swindle.

v. shilled, shill·ing, shills
v. intr.
To act as a shill.

v. tr.
To act as a shill for (a deceitful enterprise).
To lure (a person) into a swindle.

Interesting viewpoint about CA & SHILL in my mind!


To Godzilla> Firefighter, you know that VB is not the only virus test organisation, but it is the most important one. This is a fact, or how else do you explain the following:

You said it, VIRUS tester, not antivirus program tester because the very many av-producers think a bit different way about that what an antivirus product have to detect.


To Godzilla too> 1. Respected AntiVirus Experts write Reviews and Virus Analyses for VB. Even Andreas Marx from AV-TEST.ORG writes VB articles. For instance the last false positive review of certain AV programs.

VB is also a forum where av-producers meet together, it's a good thing. The other testers are complementing the work what VB leaves behind.


I don't classify people to GOOD or BAD here at Wilders but they are either customers or salesmen. Obviously you Rod are not a customer in here!

By the way, do you know where I can open my own bank account to collect my share of that the amount of members here at Wilders is growing rapidly everytime you and me have a debate? ;)


Best regards,
Firefighter!

I look 4wards to the independant tests . I dont think independant companies should necesarily be put down or threatened with law suites because there testings do not meet the approval of the few either . We can get overly influenced depending which forum we reside at most by a certain "brand" of security software . To say that others are "shonky" etc because they dare to stand up "outside " of the sacred sanctum " and be counted is BS . I look forewards to those testings such as you mentioned firefighter . As do many others , Im sure. So keep posting them. :)

let's get this straight:
Q:what does virus bulletin test?
A: it tests if a given antivirus program has a signature for those viruses found in the ITW list, AND it tests if the said signature is strong enough not to cause false alarms.. that's it.. IIT DOES NOT REPRESENT HOW EFFECTIVE A VIRUS SCANNER IS DETECTING OVERALL

this is a fact and you guys can argue about this until armageddon comes
what jimiIT wrote in his post just confirms what i said about ITW list and the corporate world. ITW VIRUSES ARE A BIG THREAT...
if no-one of your employees downloads anything, if no-one of them has installed kazaa to download warez with your high speed corporate broadband, if no-one of your workers uses his/her pc to IM chat with the opposite sex etc..in that case ITW viruses are the biggest threat...

-{ Quote: " quoting: solarpowered candle link=board=24;threadid=15618;start=75#msg98169 date=1067803341]
I look 4wards to the independant tests . To say that others are "shonky" etc because they dare to stand up "outside " of the sacred sanctum " and be counted is BS . " }-

Well, I don't really need to defend rod, but he was not saying the tests were "shonky" because they "dare to stand up", he is saying they are "shonky" because they often contain heaps of "malware" that are not, in fact, malware--which has been proven more than once in other threads here.

He is saying that relying on tests which pit an AV against a large percentage of "files" that:

1. Are not a threat to anyone's PC

and

2. Are not, in fact, malware at all

...is a disservice to people who trust the AV companies to provide their computers with protection. It's also a disservice to people who come to Wilder's for help.

But hey...that's just my opinion. :-\

-{ Quote: " quoting: illukka link=board=24;threadid=15618;start=75#msg98172 date=1067804060]
let's get this straight:
Q:what does virus bulletin test?
A: it tests if a given antivirus program has a signature for those viruses found in the ITW list, AND it tests if the said signature is strong enough not to cause false alarms.. that's it..
" }-

Wrong! As was posted above, VB tests against ITW and ZOO malware. It awards the VB100% based on ITW. Read the thread again. ;D

-{ Quote: "
IIT DOES NOT REPRESENT HOW EFFECTIVE A VIRUS SCANNER IS DETECTING OVERALL
" }-

It represents "how effective a virus scanner is" in detecting 100% LIVE, CONFIRMED MALWARE.

The other "tests" "measure" how well a scanner works against 100% UNCONFIRMED "malware"--including JUNK FILES THAT AREN'T MALWARE AT ALL.

-{ Quote: "
this is a fact and you guys can argue about this until armageddon comes
" }-

No, it isn't. And the "facts" are above.

-{ Quote: "
what jimiIT wrote in his post just confirms what i said about ITW list and the corporate world. ITW VIRUSES ARE A BIG THREAT...
if no-one of your employees downloads anything, if no-one of them has installed kazaa to download warez with your high speed corporate broadband, if no-one of your workers uses his/her pc to IM chat with the opposite sex etc..in that case ITW viruses are the biggest threat...
" }-

With all due respect, you know nothing of my network's security setup. ;)

In regards to your comments above, a good AV is not the only defense on a network--or an individual PC--a fact also mentioned in previous posts in this thread.

And even if we didn't have the "extra" protection, ITW viruses are still BY FAR the biggest threat.

yes i know nothing about your networks security setup, one thing i know is human nature though..the setup is as strong as the weakest link... do you know everything your people do while they sit in front of their pc's?yeah vb test against zoo malware, i read that, i also read that you think zoo malware is meaningless.. what was your point reminding me about that? we both agree that the zoo test is meaningless... the itw test is the big test in vb, and it's just what i described above.

no it does not represent ability to detect 100% live known malware, read the symantec link i posted, those are all reported infections, no they're not ITW list stuff, but they still infect peoples computers ...i have personally submitted a lot of trojans to av companies, while they're not in the ITW list, some of them have now been downloaded 100000 times from their author's sites, not all of those did it to send samples to av companies...

Jim It I really do think that testings from


Rokop
checkvir.com
Virus Test Center; University of Hamburg, Computer Science Department
and perhaps a few others are, I thought, quite credible and impartial and give another facet to this whole business . (however if Im wrong here i stand corrected)
They only add to the rich tapestry that is provided in computing for us . both now and perhaps looking ahead I dont think most responsible anti virus companies would quote them in their success stories if they did not want to be tested ,or felt they were rubbish or misleading or of no worth.
However I agree with you that there will always be the odd individual who may have a personal vendetta against one or more and that is wrong .and misleading.

-{ Quote: " quoting: solarpowered candle link=board=24;threadid=15618;start=75#msg98208 date=1067811904]
Jim It I really do think that testings from


Rokop
checkvir.com
Virus Test Center; University of Hamburg, Computer Science Department
and perhaps a few others are, I thought, quite credible and impartial and give another facet to this whole business .
They only add to the rich tapestry that is provided in computing for us . both now and perhaps looking ahead (roktop) I dont think most responsible anti virus companies. would quote them in their success stories if they did not want to be tested ,or felt they were rubbish or misleading or of no worth.
However I agree with you that there will always be the odd individual who may have a personal vendetta against one or more and that is wrong .and misleading." }-

illukka and spc,

I hope you guys don't take offense to my comments. ;) I too, read the results from "independent testers", and some of the University stuff, but it's very important to realize that unless the samples used are 100% verified and all the testing methodology is consistent and logical--the results are WORTHLESS to anyone who is trying to make an informed decision on virus protection. I'm pretty sure that's what rod is pointing out, although far be it for me to put words in his fingers. ;D

There have just been too many "independent" virus tests that turned out to be full of worthless "non-viruses", and C-Net kind of stuff...

Imagine this stupid little analogy, if you will:

1. You have 25 boxes of eggs.

2. You have 20 different "egg-detectors". They all claim to be able to detect eggs without opening the boxes at close to 100% ability.

3. 20 of the boxes have real eggs in them. The other 5 have plastic eggs in them.
***************************

Now then... ;D

A. After running the "tests" 17 of the "egg-detectors" detect 24-25 boxes as having eggs in them.

B. 3 other "egg-detectors" detect 20 boxes of eggs. The other 5 boxes do not set off the "egg-detector".

Which result, A or B, do you prefer? ;D

yeah we agree that it is necessary to have real malware when doing av tests..
take for example virusP's test, he used several scanners to verify his testset. when we talk about viruses, this is a relevant way of verification, let's say that two scanners( for example kav&mcafee) detect a sample, then it is guaranteed virus, because two very different kind of scanners detected it.. i'd like to remind you that generally virus traders do not accept reports from all av's as verification, usually they want reportfiles of at least 2 scanners when trading
this does not count for trojans though, because all av's(and some at's) detect editservers and clients, some even detect certain vb runtimes needed for trojan clients/editservers to run, or help files..
only trojan hunter detects servers only, and even that is going to change soon.
that's why i take virusP's virustest seriously(not his trojan test).. and with all the criticism he received last time,i can almost guarantee that his next test will be better in that respect

collecting samples and and guessing it is a virus because 2 other scanners said so is one thing - replicating viruses to make sure it is a really a living sample is the other one. Just one simple example: polymorph viruses.
How many difernet & certificated samples does a virus collect own of one polymorph virus type ? Right. In the most cases only ONE SINGLE SAMPLE. Detecting this sample MEANS NOTHING. It could be done with a signature over this sample. Everyone in the av business knows you can not detect (real) polymorph viruses with search pattern (signatures). Now calculate... Over 1000 (real) polymorph viruses available. It starts with "old" dos viruses such as OneHalf, goes into Win32 with Marburg over Marburg (with the same poly engine modificated) to CTX or the SK Virus for instance. Try to find them with signatures. Doesn't matter if you have good or bad signatures you wan't find them without at least an half opcode emulator. You need thousends of samples per virus type to make sure it is detected. And virus traders sharing viruses ( there is nothing new so far ;D ) but there starts the snowball effect - they may share dead samples without knowing it. That's also the reason why AV Vendors do not like to share samples with VX traders. They have more work with analysing and dead samples than asking an other av vendor for real samples. There are a lot of garbish files in the "free" virus collections - half cleaned files - some of the scanners still detecting this dead sample because it caries the byte inside from the scanpattern. But this virus would not even more run. And speaking about KAV and collecting viruses... They are the leaders in Trojan detection and the leaders in nonsense detections, such as stupid batch files with only a "COPY xyz C:\Windows32\" inside. Best example here is a batch file from the optix backdoor. It does nothing else than copying a file into the windows folder - THIS COULD BE ANYTHING ELSE - NOT ONLY THE BACKDOOR, but its flagged by KAV. Oh well...

May I ask a question to anyone who wants to take a crack at this? This is more of a summary...

What tests (according to NOD32/Rodzilla/or anyone else) are valid?

Which ones are the "shonky" ones?

I believe you, it's not that.. It's that this is a very confusing thread....

> Because my name was quoted too many times I had to react.

You're welcome to react whether your name is mentioned or not. That's what forum communication is all about.

> Because the capability of av-products is hidden inside all independent tester's results

I strongly disagree. Most antivirus product tests and reviews are not worth the paper they're printed on or the bandwidth they waste.

> and VB is the one which measures that what it's name is, VIRUSBulletin.

You hit the nail on the head! AntiVIRUS programs should be tested ONLY against VIRUSES. The inclusion of any type of non-VIRAL malware taints the test ... just as running TDS3 against a mixed bag of non-Trojans tainted the test.

> But when you asked, here are some that are including more (malwares too) to detect than VB in alphabetical order.

> av-test.org

ZERO credibility.

> checkvir.com

A relative newcomer to antivirus testing. I don't have much information about them, so I will give them the benefit of the doubt for now.

> Rokop

Not up to scratch at present, but Roman's not too "big time" to listen to advice, and he's working on improving his methodology.

> Virus Test Center; University of Hamburg, Computer Science Department

The VTC tests against a mountain of "zoo" stuff as well as ItW viruses, but its sample suite now includes Trojans, backdoors, "intendeds", etc ... which belies the name "VIRUS Test Center". Professor Klaus Brunnstein is an ethical and respected member of the antivirus community, but I've never been greatly impressed by his tests, and I don't consider VTC in the same league as Virus Bulletin, Checkmark, and ICSA.

> You missed the point. I meant that AWARDING ONLY clean in the Wild detectings with no false positives in the clean file test isn't fair to those very good performers overall.

Sorry ... it's you who (still) misses the point. You have "Virus Bulletin tests only against clean In the Wild samples" implanted firmly in your head ... but this is incorrect. VB also tests against "zoo" viruses ... BUT ... they are all guaranteed to be live viruses which have infected someone's computer during everyday operations. Virus Bulletin tests against the real viruses which you are most likely to encounter in the real world ... and that's the difference between a VB test and shonky tests conducted on poorly-maintained "collections" which include non-viral crud, non-viral malware, never-seen-outside-the-lab specimens, and other assorted garbage.

>> Your anti-NOD32 arguments are, and always have been, sheer puffery anyway. In addition to holding the world record in VB100 awards, NOD32 is also ISCA-certified ... and NOD32 is the first (and to date, the only) antivirus program in the world with Checkmark certification for Windows 2003 Server.

> Be happy with it. But why you even reply to those sheer puffery makers?

Because, unfortunately, some people who read them may be sucked in by your fairytales.

> I have used several av:s and hardly ever have infected with a virus. How I know that? I have scanned my PC with NOD periodically and it hasn't found a single virus! Still I have got several bad things like trojans, worms or exploits etc, by using something else primary av than KAV engined ones.

Mind telling me which worms NOD32 missed ?

> By the way, do you know what does it cost to an average dial-up modem user to update fully your WinXP to make those exploits harmless?

Probably a lot less than it would cost to repair the damage you might suffer without the critical updates.

>> Firefighter, you go out of your way to seek out shonky tests in which NOD32 performed badly ... then you tout those tests as Gospel Truths and blindly refuse to accept that they have little or no standing in the antivirus industry.

> I have not said NOD is the worst available av in the market,

Perhaps not ... but you have been evangelical in your attempts to make it appear much worse than it is.

> I am not a NOD basher if you think so!

I do think so!

> The only that I tried to say that without KAV engined av, you are in trouble, use KAV at least with your backup because KAV is still the best against trojans and other malware.

Here we go again with "Trojans and other malware".

Read my lips .... "V-I-R-U-S" !!!

>> Virus Bulletin, Checkmark, and ICSA do not test only against In the Wild viruses ... they also test against "zoo" viruses

> Where Ckeckmark testers use 6 000 different viruses and VB some 1 600 different virus names.

So what ? NOD32 has Checkmark certification!

>> where is the "true situation" representation in a test score of 11.77% for TDS3, a highly rated anti-Trojan program, if it is tested against anything except Trojans?

> TDS3 detecting rate in VirusP 5-2003 against Trojans and Backdoors was 55,17%, not 11.77%, by the way, NOD has 59,70% detecting rate against Trojans and Backdoors in VirusP 5-2003.

OK ... 55.17%.

I suppose I should be rejoicing and snake oiling the world with "NOD32 beat TDS3 in Trojan and backdoor detection!" ... but I find it impossible to believe that NOD32 out-detected TDS3 at its own game unless something was drastically wrong with the test set.

>> if you care to check you will find that NOD32 has won numerous awards other than the VB100.

> Even I can learn something. Now I know where to find other than "Poopsville Gazette" tests!

There are several on my website, and several more "local" awards on other international NOD32 websites.

>> NOD32 specializes in virus detection, but it does detect many (if not most) common Trojans.

> And even YOU admit that!!!

Sure I admit that. Why would I not admit it ? BUT ... NOD32 is still primarily an antiVIRUS program, and it should be regarded (and tested) as such. There is no way I, or anyone else at Eset, will tell you "You don't need an anti-Trojan program if you use NOD32."

>> More people drive Volkswagens than Ferraris. So what?

>> I'm not trying to convince you to buy NOD32 ... or a Ferrari.

> Are you sure about that?

Quite sure.

> By the way, using Ferrari here in Finland during winter time is the greatest joke ever!

Using a Ski-Doo on the freeway in summer is almost as funny.

> Does it have a correlation with NOD too in difficult circumtances?

If your "difficult circumstances" include Trojans and mailbombs and backdoors and browser hijackers and gaping holes in your operating system then there may be some correlation. Don't drive a Ferrari in Finland during winter, and don't expect NOD32 to protect yourself against Trojans and mailbombs and backdoors and browser hijackers and gaping holes in your operating system.

>> This isn't a "NOD32 vs The World" thread, Tinribs ... it's a "Rod vs All The Gullible People Who Believe In The Validity Of Shonky Antivirus Product Tests And Think Virus Bulletin Is A Shill For NOD32" thread.

> Unfortunately it was only your opininion about those gullible people!

I think I can safely say I've been in the antivirus industry longer than 99.99% of the people who will read this, so my opinion is based on a lot of experience.

>> Despite all the negative "NOD32 missed 27 356 viruses in my collection" crap you read in security forums, NOD32 seldom lets anyone down in the real world.

> I can only say that you know a source, from where it is easy to make a false positive test with 27 356 files, the winner we know of course, but let's think that NOD is a reference prog in there. I can help you a bit more, 5 671 clean files from av-test.org 2-2003 and 13 058 clean files from VirusP 5-2003 checked by NOD!

How about quoting a test with at least a little credibility!

>> NOD32 isn't perfect ... but it's not one tenth of one percent as bad as certain people seem to spend every waking moment trying to convince everyone else it is.

> It's nice to see that from your keyboard.

When have you ever seen me, or anyone else from Eset, claim that NOD32 was the perfect antivirus program ?

>> It probably won't. I have a low tolerance threshold for people who won't admit they're wrong when presented with irrefutable evidence ... and there are a lot of those around.

> I totally agree the low tolerance! Are you sure that it's a valuable character feature?

It is for me!

>> Read your history and it will become obvious that Firefighter takes potshots at Virus Bulletin for no reason other than the fact that Virus Bulletin tests put NOD32 at the top of the mountain ... and he heaps praise and adulation on any test that doesn't.

> It's your opinion, unfortunately! Don't you see the correlation between that arrogance of some NOD folks and the reaction of so called NOD bashers as you called them?

I don't know to whom you are referring with "some NOD folks", but in my case you confuse "arrogance" with "confidence".

> I don't classify people to GOOD or BAD here at Wilders but they are either customers or salesmen. Obviously you Rod are not a customer in here!

No, I'm not a customer ... but I'm not trying to sell you anything either.

> By the way, do you know where I can open my own bank account to collect my share of that the amount of members here at Wilders is growing rapidly everytime you and me have a debate?

Paul sends you a nice shiny new Krugerrand for every new member. Haven't you been receiving them ? :)

> Well, I don't really need to defend rod, but he was not saying the tests were "shonky" because they "dare to stand up", he is saying they are "shonky" because they often contain heaps of "malware" that are not, in fact, malware--which has been proven more than once in other threads here.

> He is saying that relying on tests which pit an AV against a large percentage of "files" that:

> 1. Are not a threat to anyone's PC

> and

> 2. Are not, in fact, malware at all

> ...is a disservice to people who trust the AV companies to provide their computers with protection. It's also a disservice to people who come to Wilder's for help.

Thanks Jim ... that is exactly why I consider some antivirus program tests "shonky"!

Virus Bulletin is (afaik) the only antivirus product tester in the world with an "open door" policy. If you're a bona fide antivirus researcher and you suspect some crud may have crept into their test suite, you're welcome to check it out yourself ... VB wants to know about it if it is crud. If you want to see how they conduct their tests, you can visit their test lab ... there's nothing shonky about their operation, and they have nothing to hide.

ICSA and Checkmark don't have (again, afaik) the same "open door" policy ... but they're both respected, reputable, ethical members of the antivirus community, and I have seen no evidence in their published test results to indicate that they test against non-viral crud, nor anything else to make me consider their tests shonky. I don't rate them as highly as I rate Virus Bulletin ... but they can toss a coin for the #2 and #3 slots in my book.

If those VXers and wannabe antivirus program testers whose tests I regard as "shonky" opened up their test suites for independent scrutiny and verification and used bulletproof testing methodology then I would no longer regard them as shonky ... but as things stand right now, their test results are nothing but useless misleading crap ... and I doubt that any professional AVer in the world will disagree.

> take for example virusP's test, he used several scanners to verify his testset. when we talk about viruses, this is a relevant way of verification, let's say that two scanners( for example kav&mcafee) detect a sample, then it is guaranteed virus, because two very different kind of scanners detected it..

Not even close to guaranteed!

This is the very reason why all VX "collections" are filled with crud. Disassembly can reveal that a file might be almost certainly a virus, but the only way to verify with 100% accuracy that a file is viral is to execute it and infect something ... and this is what Virus Bulletin has done with each and every virus in their test suite.

> i'd like to remind you that generally virus traders do not accept reports from all av's as verification, usually they want reportfiles of at least 2 scanners when trading

I'd like to remind you that a few months ago NOD32 was canned in the forums for not detecting an example of Magistr when FIVE other "big name" scanners said it was a virus. That file was available for dowload on no less than 22 VX sites! Eventually the sample was proved to be a damaged non-viral Magistr which could not have infected you if it bit you on the nose.

Tell me again about "guaranteed virus, because two very different kind of scanners detected it.."

> that's why i take virusP's virustest seriously(not his trojan test).. and with all the criticism he received last time,i can almost guarantee that his next test will be better in that respect

The antivirus industry will take VirusP's tests seriously when he cleans out the mountain of crud in his collection and tests antivirus programs only against live viruses. (I doubt that he will do this ... proper verification of every virus in his collection would take thousands of man-hours ... and he won't be getting paid for it.)

> May I ask a question to anyone who wants to take a crack at this? This is more of a summary...

> What tests (according to NOD32/Rodzilla/or anyone else) are valid?

According to me ... Virus Bulletin, ICSA, and Checkmark ... and a few computer magazines scattered across the world which call on the resources of one or more of those three organizations.

> Which ones are the "shonky" ones?

All the rest. :)

(Actually I don't regard U.Hamburg/VTC tests as "shonky" ... I simply think their tests aren't in the same league as "The Big Three".)

To everyone from Firefighter!

This is especially targetted to those whose native language is other than english.

Sorry about that it took so long to make clear what "shonky" actually means! ---

Classic FM Breakfast

Word of the Day: Thursday 24 July 2003

---Shonky---

Kel Richards writes:

According to Jonathon Green's Dictionary of Slang the word "shonky" is Australian and New Zealand slang, first recorded in the 1970s, and meaning "unreliable, dishonest, crooked, one who is engaged in irregular or illegal business activities". However, it turns out that this the expression -- which we think of as being quite harmless today -- had its origins in anti-Semitism.

After that Honorary Award I had changed my Avatar as you can see now.

http://news.bbc.co.uk/sport1/shared/spl/hi/cricket/02/ashes/game/html/shonky_or_drongo.stm

From the link above I can even make more nicknames if it is necessary.


Best regards,
Firefighter!

To Rodzilla from Firefighter!

> Sorry ... it's you who (still) misses the point. You have "Virus Bulletin tests only against clean In the Wild samples" implanted firmly in your head ... but this is incorrect. VB also tests against "zoo" viruses ... BUT ... they are all guaranteed to be live viruses which have infected someone's computer during everyday operations. Virus Bulletin tests against the real viruses which you are most likely to encounter in the real world ... and that's the difference between a VB test and shonky tests conducted on poorly-maintained "collections" which include non-viral crud, non-viral malware, never-seen-outside-the-lab specimens, and other assorted garbage.

VB is really AWARDING ONLY clean "in the Wild" tests together with clean test result of their false positive tests and all progs with default settings only. (So according to VB, NOD missed Swen if I understood right that default settings issue with NOD?)

It is an other story that VB makes also the Zoo tests with some 1 600 viruses which are hiding in some 21 000 infected files!

Counting only the Awards some prog has got, you are missing the point, YOU have to read the test reports in VB Magazines, to make clear how good some av is to detecting VIRUSES!

I have never said that NOD was performing average in those VB test reports but there are some progs too that are capable to detect every viruses too, perhaps there may be only one or couple samples within certain same virus collections that they missed but that's irrelevant when we are looking at the whole statistics with other progs.


I said before: Where Ckeckmark testers use 6 000 different viruses and VB some 1 600 different virus names.

> So what ? NOD32 has Checkmark certification!

The point was that ICSA's (not Checkmark as I wrote before) virusbase was almost four times as large as VB:s, that has nothing to with NOD or have I said somewhere about that! I'm just a curious to see those detecting rankings from ICSA, but unfortunately I couldn't find them!


> Mind telling me which worms NOD32 missed?

I told that I was checking my PC with NOD some 5-6 times a year and NOD hasn't found any virus or other infections either from my PC. So my virus protection is at least on the same level as by using NOD!

Unfortunately I have copied my infections just after August this year, so I haven't any copy of those possible worms that were in my puter before and I can't remember if NOD missed some (hardly happened)!


> Sure I admit that. Why would I not admit it? BUT ... NOD32 is still primarily an antiVIRUS program, and it should be regarded (and tested) as such. There is no way I, or anyone else at Eset, will tell you "You don't need an anti-Trojan program if you use NOD32."

So is there something bad to have KAV or some of KAV clones in your primary AV when the whole resident protection level against viruses plus malwares are after that on the best level?

Personally I use Outpost 2 Firewall, eXtendia AVK Pro as my resident AV, TrojanHunter as my AT and eTrust v7 Promo as my backup AV, because every prog can break down sometimes. Was that so RAV detected Swen with heuristics too, or remember I wrong again? If RAV detected that, eXtendia didn't have Swen problem either with DEFAULT settings!


> If your "difficult circumstances" include Trojans and mailbombs and backdoors and browser hijackers and gaping holes in your operating system then there may be some correlation. Don't drive a Ferrari in Finland during winter, and don't expect NOD32 to protect yourself against Trojans and mailbombs and backdoors and browser hijackers and gaping holes in your operating system.

After that you just said NOD is an excellent AV when some IF:s were patched to my use with other costly progs you choose carefully! I agree that.


I dont consider myself the more liar than you, the only difference is that I am fond of numbers and statistics when you are fond of verbal acrobatics!


Maybe it's our way here in Scandinavia, the home of Jewish Vikings, or how was that with the "Shonky" issue? ;)


Best regards,
Firefighter!

Firefighter, PLEASE DON'T try to win the argument with Rod by subtly implying now that he's an Anti Semite... That's a pretty weak and cowardly way .... Stick to the issues, I swear I'll hit the Mod's button if this crap continues...
Everything was going along fine until the "Jewish" thing came around... If you are a closet Nazi, keep it to yoursself...
>:( >:( >:( >:( >:(

> VB is really AWARDING ONLY clean "in the Wild" tests together with clean test result of their false positive tests and all progs with default settings only. (So according to VB, NOD missed Swen if I understood right that default settings issue with NOD?)

Pedantically, if Virus Bulletin used a copy of Swen.A in its test before NOD32 released a detection update (this would never happen, but I'll play your game) then the NOD32 on demand scanner at its default settings would have missed it ... just like every other antivirus scanner missed it.

However, NOD32's email scanners at their default settings and NOD32's on access scanner at its default settings did detect and block Swen.A heuristically the instant it appeared ... and not one single NOD32 user in the world was affected by Swen.A.

> It is an other story that VB makes also the Zoo tests with some 1 600 viruses which are hiding in some 21 000 infected files!

You're the mathematical genius ... not me.

> Counting only the Awards some prog has got, you are missing the point, YOU have to read the test reports in VB Magazines, to make clear how good some av is to detecting VIRUSES!

I do read them.

> have never said that NOD was performing average in those VB test reports but there are some progs too that are capable to detect every viruses too, perhaps there may be only one or couple samples within certain same virus collections that they missed but that's irrelevant when we are looking at the whole statistics with other progs.

A miss by any other name is still a miss.

I'm not saying that an antivirus program which misses one virus in a VB test is a waste of money ... but skilled mathematician that you are, you must accept that 99.999999% is not the same as 100%.

> said before: Where Ckeckmark testers use 6 000 different viruses and VB some 1 600 different virus names.

> So what ? NOD32 has Checkmark certification!

> The point was that ICSA's (not Checkmark as I wrote before) virusbase was almost four times as large as VB:s, that has nothing to with NOD or have I said somewhere about that! I'm just a curious to see those detecting rankings from ICSA, but unfortunately I couldn't find them!

So what ? NOD32 has ICSA certification too!

> Mind telling me which worms NOD32 missed?

> I told that I was checking my PC with NOD some 5-6 times a year and NOD hasn't found any virus or other infections either from my PC. So my virus protection is at least on the same level as by using NOD!

You've been lucky. You wouldn't be singing that song if you'd been hit by any one of the several hundred viruses/worms which NOD32 has detected heuristically this year alone hours before any other vendor released their first update. This information is readily available ... and provable. You're an expert at digging up shonky tests which trash NOD32. Why don't you check out the real facts ?

> Unfortunately I have copied my infections just after August this year, so I haven't any copy of those possible worms that were in my puter before and I can't remember if NOD missed some (hardly happened)!

Oh ... I see. The old "NOD32 missed some worms on my PC but I can't remember what they were" story. Sorry ... I've heard it all before.

> Sure I admit that. Why would I not admit it? BUT ... NOD32 is still primarily an antiVIRUS program, and it should be regarded (and tested) as such. There is no way I, or anyone else at Eset, will tell you "You don't need an anti-Trojan program if you use NOD32."

> So is there something bad to have KAV or some of KAV clones in your primary AV when the whole resident protection level against viruses plus malwares are after that on the best level?

Have I ever said KAV was a bad choice ? Ignoring malware (we're talking viruses here) I will state right here and now that KAV is one of the best virus detectors in the world. (I distributed AVP/KAV for more than five years, and I've probably forgotten more about it than you ever knew.)

> Personally I use Outpost 2 Firewall, eXtendia AVK Pro as my resident AV, TrojanHunter as my AT and eTrust v7 Promo as my backup AV, because every prog can break down sometimes. Was that so RAV detected Swen with heuristics too, or remember I wrong again? If RAV detected that, eXtendia didn't have Swen problem either with DEFAULT settings!

As far as I'm aware (I could be wrong) NOD32 was the only antivirus program to detect Swen.A heuristically in incoming email ... which is why we saw no urgent need to release an update for it.

>> If your "difficult circumstances" include Trojans and mailbombs and backdoors and browser hijackers and gaping holes in your operating system then there may be some correlation. Don't drive a Ferrari in Finland during winter, and don't expect NOD32 to protect yourself against Trojans and mailbombs and backdoors and browser hijackers and gaping holes in your operating system.

> After that you just said NOD is an excellent AV when some IF:s were patched to my use with other costly progs you choose carefully! I agree that.

Sorry ... my English skills are not good enough to decipher your meaning.

> I dont consider myself the more liar than you, the only difference is that I am fond of numbers and statistics when you are fond of verbal acrobatics!

I don't tell lies ... and I've never accused you of telling lies.

> Maybe it's our way here in Scandinavia, the home of Jewish Vikings, or how was that with the "Shonky" issue?

I actually replied to that post, but I deleted my reply in the hope that this "anti-Semitic" ******** would die a natural death ... but it hasn't. :(

Don't believe everything you read!

The word "shonky" is C0ckney (London, England) slang dating back to the dim dark ages of human memory. Kel Richards' suggestion that it's an Australian slang term which first appeared in the 1970s is laughable.

This "shonky is anti-Semitic" crap dates back only as far as Hitler's 1930s, when some clod claimed that "schonk"was a distortion of the Hebraic "shoniker" (street vendor) and was intended as an insult to German Jews. This ridiculous claim became an urban myth which was later expanded to include the British "shonk" ... and unfortunately numerous supposedly reputable literary reference sources have since "legitimized" it.

The word "shonky" is heard in all walks of life, all over the world. It has been uttered in Parliament. The governments of several Asian countries print English language leaflets warning tourists about shonky merchants. We often hear it in Australia on TV News broadcasts and read it in newspapers. An Oxford University paper on the Enron scandal states: "With hindsight, the 'Cayman Islands' strategy employed by Enron should have been a red light to investors and regulators alike. Yet all the shonky practices and unsustainable debt went under the official radar."

Do you really think that in this modern day of "political correctness", the regular use of an anti-Semitic insult by Parliamentarians, public officials, printed and visual media, and universities all over the world would be permitted without censure ?

One could draw a parallel with the Hebraic "shroff" (money lender) which can be used by Jews as a (probably jocular) insult among themselves. A Jewish friend of mine once told another Jewish friend who said he had to leave just when it was his turn to buy a round of beers, "Your arse is tighter than a shroff's!" The word was carried to Asia by the British a hundred years or more ago, where for some inexplicable reason it gained colloquial acceptance ... and the guy who collects money at a Hong Kong toll booth (for example) became officially known as a shroff.

I imagine that if I put my mind to it, within a few years I could have the word "shroff" designated as anti-Semitic too. :)

Edit .........
SS ... I don't think FF was accusing me of anti-Semitism. He just thinks "shonky" is an anti-Semitic word. Maybe I can get him a job as a shroff. :)

Edit #2 .........
A helpful Wilders regular just gave me a link to a site which dates "schonk" back to 1913 in Germany. Now I've read it, I remember this as being correct. My memory isn't as clear as it used to be, and I guess the fact that "Hitler" and "anti-Semitism" go hand in hand confused me a little. I had the facts right in my head, but the timeframe was out by 20 years. Blame it on Alzheimers. :)

No need for that Straight Shooter.

I would appreciate it as well if this stayed focused on the topic.
That alone will be enough to warm up a rainy autumn day. ;)

Regards,

Pieter

clever language tricks form ol'roddy boy, trying to fool a non english member with language tricks, maybe it would be wise (and fair too) if firefighter started posting in finnish, he could do same kind of verbal acrobatics..
firefighter can you write in savo-dialect?
roddys tactics apperar to be the same as veikko vennamos.. a deceased political party leader in finland
you can keep your etymological knowledge to yourself rod(google?)
why did you start defending nod here in the first place? you was the first to mention nod 32 in this thread..paranoid about nod?

Where I come from.. some people go out and get snockered (drunk) and then go out and shag (dance).

I see alot of that in this thread..

Virus Bulletin slams shonky CNet reviews !!!



http://www.nod32.com.au/nod32/awards/vb_cnet_zdnet.htm



"Genius is the ability to reduce the complicated to the simple."
http://www.shonky.com/


Getting all this upset over testing results, when most of you are perfectly happy with the Antivirus each is currently using is hilarious.

Some of you have to get out of the house..and relax.

::)

thanks john for the links! i had never been to rod's site.. found lots of interesting stuff there...
this is a fun thread to read and participate..
i'm just waiting if firefighter speaks savo...
and what rod makes of it.... it'll be great..
nuijasota was nothing compared to this...

*

illukka ... GROW UP!

-{ Quote: " quoting: illukka link=board=24;threadid=15618;start=90#msg98438 date=1067874794]
clever language tricks form ol'roddy boy, trying to fool a non english member with language tricks, maybe it would be wise (and fair too) if firefighter started posting in finnish, he could do same kind of verbal acrobatics..
firefighter can you write in savo-dialect?
roddys tactics apperar to be the same as veikko vennamos.. a deceased political party leader in finland
you can keep your etymological knowledge to yourself rod(google?)" }-

??? Well, I for one, don't know what the heck you're referring to, illukka. Sounds pretty much like straight-forward English to me.

-{ Quote: "
why did you start defending nod here in the first place? you was the first to mention nod 32 in this thread..paranoid about nod?
" }-

*sigh!*

He suggested that Firefighter should view ezAV and it's ICSA-certified proclamations in the same light as Firefighter views NOD's VB100% proclamations. He was pointing out inconsistencies in Firefighter's argument.

But, go ahead and slice the baloney another way! It's still baloney! ;)

Agreed. The last sensible words I could find in this thread:

-{ Quote: " quoting: Primrose link=board=24;threadid=15618;start=90#msg98439 date=1067874972]
Some of you have to get out of the house..and relax.
" }-

Closing this one for now.

Pieter