I've been a NOD32 user for several years now and always loved the way it runs so smoothly, doesn't slow down my machine, never has had a conflict with other software - BUT today I tried a little test as I've noticed lately that although NOD32 has notified me of the odd threat, I haven't been able to actually delete the file that is causing the problem.

I downloaded a copy of Roboform by P2P - expecting it to be infected. Downloaded and extracted to my hard disk. No warnings from NOD32, despite there clearly being a crack included. I know that not all cracks are viruses, but the majority are malware of some kind.

Checked the same file with KIS6 and it notified me that the crack, a .dll file, was a backdoor trojan. It may have been a false positive, sure, but having a possible backdoor trojan with an application that is supposed to encrypt passwords and private information and not being alerted by NOD32 made me feel unsettled. The information KIS6 alerted me about the .dll file took me to the Kaspersky web site where it displayed that several other AV programs had also detected this file as a backdoor trojan (Dr Web, Avira and one other - but no NOD32).

Now I'd NEVER use a crack, warez, or any other 'dodgy' software on my machine, but the fact remains that NOD32 didn't pick it up.

Sure, no AV has a 100% detection rate, but KIS6 also picked up two other files in a customization pack that NOD32 didn't - again, perhaps false-positives, but at least KIS6 made me think twice about installing the file (I chose not to, naturally).

Of course I was never going to install a warez version of Roboform - this was purely a test - but I am unsettled that I got no warning from NOD32. Am I overreacting? Am I right to be unsettled by NOD32 missing what appears to be, by several other AVs, a very probable backdoor trojan?

I am now tempted to install KIS6 - something I have never considered before until now. I feel that picking up three threats, from an AV that isn't exactly known to give false positives, have been missed by what I had considered to be the best AV there is.

Oh, and I had my NOD32 set up to Blackspear's settings for advanced protection - everything on 'full', as it were, yet KIS6 I hadn't even started to tweak yet - I just scanned on the default settings.

After years of happiness, I am, all of a sudden, in doubt about my beloved NOD32. :'(

All Anti-Virus softwares miss malware. Its best to submit the sample to all vendors so they can add it to the database.

In China, many of the die-hard antivirus fans here would be utterly bombshelled by NOD32's poor detection rates.

Apparently NOD32's scanning engine is ridiculously easy to circumvent using packers/slight code modifications. Personally, I've lost faith in NOD32 a long time ago, despite its wide acclaim in the Western world.

Hello,

Two is not a sample group. You have 50:50 results. You need a bit more than two anti-virii to decide. Even if NOD missed something, it definitely is not a reason to ditch it, as there will always be something one or more products will miss.

Finally, why did you download the program via p2p?

Mrk

i do like nod32,

but ive never really been 100% sure about its abilities, sure test results only say one thing which is a bit 2D.

i dont think you should ditch nod on these few occasions, especially as its kept you clean for years.

-------
he downloaded it by p2p as he was most likely to get a virus with it, as he was testing.

".....I downloaded a copy of Roboform by P2P - expecting it to be infected. Downloaded and extracted to my hard disk. No warnings from NOD32, despite there clearly being a crack included. I know that not all cracks are viruses, but the majority are malware of some kind."

I use Roboform is it cracked? Or is it just the p2p method of getting it?

Should I dump RoboForm?:-\ ???

Mrk, what is this all about? We need clarity here?:-\

{QUOTE-> All Anti-Virus softwares miss malware. Its best to submit the sample to all vendors so they can add it to the database. <-QUOTE}

I will certainly do this


{QUOTE-> In China, many of the die-hard antivirus fans here would be utterly bombshelled by NOD32's poor detection rates.

Apparently NOD32's scanning engine is ridiculously easy to circumvent using packers/slight code modifications. Personally, I've lost faith in NOD32 a long time ago, despite its wide acclaim in the Western world. <-QUOTE}

At least I'm not the only one. And I'm probably blowing this out of proportion, but IF NOD32 is missing threats, and KIS6 is picking them up, then if it was any other software (a firewall not properly blocking, a HIPS not securing a system as it claims to, etc) then I would change to software that DID do these things without even thinking about it.


{QUOTE-> Hello,

Two is not a sample group. You have 50:50 results. You need a bit more than two anti-virii to decide. Even if NOD missed something, it definitely is not a reason to ditch it, as there will always be something one or more products will miss.

Finally, why did you download the program via p2p?

Mrk <-QUOTE}


I totally understand you Mrkvonic - I can't get rid of NOD32 after five years because it has missed a couple of threats (or can I?), but, as I've said above, if another program IS detecting those threats, then I am certainly, for the first time, tempted to change my AV.

Oh, and I downloaded the program via P2P deliberately to get a crack file/risk of getting a virus to test KIS6 and NOD32 in one of my FDISR snapshots. I like to test security software with FDISR - that's the beauty of the program, allowing me to test, replace the image if infected, and start again from new.

{QUOTE-> he downloaded it by p2p as he was most likely to get a virus with it, as he was testing. <-QUOTE}

Exactly the reason, C.S.J - no other reasons whatsoever. I wanted an infected file so that I had something to test my AV with.

{QUOTE-> ".....I downloaded a copy of Roboform by P2P - expecting it to be infected. Downloaded and extracted to my hard disk. No warnings from NOD32, despite there clearly being a crack included. I know that not all cracks are viruses, but the majority are malware of some kind."

I use Roboform is it cracked? Or is it just the p2p method of getting it?

Should I dump RoboForm?:-\ ???

Mrk, what is this all about? We need clarity here?:-\ <-QUOTE}

It's ok Escalader - it's nothing to do with Roboform itself - it could have been any other program, but I wanted something that was a security application, as a lot of security applications if downloaded by P2P can, and often do, contain malware/viruses. :thumb:

{QUOTE->
Oh, and I had my NOD32 set up to Blackspear's settings for advanced protection - everything on 'full', as it were, yet KIS6 I hadn't even started to tweak yet - I just scanned on the default settings <-QUOTE}

Hello . I don't want to discuss the other part - detection or not ... but I just want to note you that Blackspear's settings make you use AMON with settings "Clean automatically" as well as all other modules set to clean or delete automatically without any warnings.

http://pandaman.my.contact.bg/031.gif

Also note that Kaspersky is the antivirus which support many packs which other AVs may not , which means that Kaspersky can unpack almost any installer while other products will detect the threat a little bit later (don't know the exact case but this can also be)

If you want to see if something is detected while using Blackspear's settings , check the Log files (Control Center->Log files) . If you continue using NOD32 , make sure you send any undetected sample to email samples[at]eset.com , where [at] is @ .

{QUOTE-> Hello . I don't want to discuss the other part - detection or not ... but I just want to note you that Blackspear's settings make you use AMON with settings "Clean automatically" as well as all other modules set to clean or delete automatically without any warnings. <-QUOTE}

Actually, that's the one part of Blackspear's settings I changed to 'Prohibit access and show alert window with action options'. I like to have a final say on what to delete just in case a false positive is detected and I KNOW 100% that it IS false. I used to use a program to help with repetitive strain injury and because the program installed a hook, naturally to monitor your keystrokes and assess how much I was working, NOD32 would not let it install and clean the legitimate file before I had a chance to allow it to be installed. Since then I've changed this option so I am asked every time.

{QUOTE-> Actually, that's the one part of Blackspear's settings I changed to 'Prohibit access and show alert window with action options'. I like to have a final say on what to delete just in case a false positive is detected and I KNOW 100% that it IS false. I used to use a program to help with repetitive strain injury and because the program installed a hook, naturally to monitor your keystrokes and assess how much I was working, NOD32 would not let it install and clean the legitimate file before I had a chance to allow it to be installed. Since then I've changed this option so I am asked every time. <-QUOTE}

Ok , then . Thanks for letting me know :thumb:

{QUOTE-> In China, many of the die-hard antivirus fans here would be utterly bombshelled by NOD32's poor detection rates.

Apparently NOD32's scanning engine is ridiculously easy to circumvent using packers/slight code modifications. Personally, I've lost faith in NOD32 a long time ago, despite its wide acclaim in the Western world. <-QUOTE}
I cannot read Chinese, and hence the only source I have of Chinese tests is the malware-test.com website which is based in Taiwan and hence offers a decent enough view of all these AVs for the so-called Chinese malware.

However, I do receive many samples from time to time (and some of my samples come from a Chinese source), and it pains me to see NOD32 not detecting as much as some of the supposedly "worse" products according to other tests. For example, in my sample set, NOD32 detects less than AVG, BitDefender, AVIRA and Kaspersky. It is, however, still a bit better than Dr.Web (for example). I wouldn't call NOD32 "bad", but it certainly isn't among the best.

If you are a high-risk surfer then I highly recommend AVIRA, BitDefender, AVG Anti-Malware or Kaspersky to you. These four products also scored relatively high in the malware-test.com results.

firecat i wouldnt be too reliable with that chinese testing site,

dr.web got 3rd in the december test, which i think we all know is not true.

{QUOTE-> I cannot read Chinese, and hence the only source I have of Chinese tests is the malware-test.com website which is based in Taiwan and hence offers a decent enough view of all these AVs for the so-called Chinese malware.

However, I do receive many samples from time to time (and some of my samples come from a Chinese source), and it pains me to see NOD32 not detecting as much as some of the supposedly "worse" products according to other tests. For example, in my sample set, NOD32 detects less than AVG, BitDefender, AVIRA and Kaspersky. It is, however, still a bit better than Dr.Web (for example). I wouldn't call NOD32 "bad", but it certainly isn't among the best.

If you are a high-risk surfer then I highly recommend AVIRA, BitDefender, AVG Anti-Malware or Kaspersky to you. These four products also scored relatively high in the malware-test.com results. <-QUOTE}
TBH Malware-Test.com is a piece of joke as far as I'm concerned. ;D My experience with NOD32 comes from several malware-exchange sites that I frequent, where malware simply bypasses NOD32 on a frighteningly regular basis.

{QUOTE-> firecat i wouldnt be too reliable with that chinese testing site,

dr.web got 3rd in the december test, which i think we all know is not true. <-QUOTE}
Well, I guess you are right, but still Dr.Web should do really well on detecting Chinese malware because of the hard work put in by the Virus Chaser team on this matter (They add signatures directly to the Dr.Web database). Due to their efforts, Dr.Web should remain at least somewhat good for these tests. This is because China is a major market for Virus Chaser, and hence a lot of focus is given to malware in that region.

{QUOTE->
Should I dump RoboForm?:-\ ???
<-QUOTE}


No - Roboform is a great little program - free or paid for. Just get a legit copy.

{QUOTE-> These four products also scored relatively high in the malware-test.com results. <-QUOTE}

Sorry to venture off topic, but I thought the regulars on this forum knew that malware-test.com was far from a credible source. :'( Firecat, you even posted in the thread below. :-X

Malware-Test Lab: Antivirus Comparison Report (February 26, 2007) (http://www.wilderssecurity.com/showthread.php?t=166856&highlight=malware-test)

On topic: I think it's obvious that Eset needs to step up. The recent credible tests show this to be the case as well. I've also been disappointed with their slow response to submitted samples.

the only credible test is the one performed by the user, surfing the net, download files etc etc.

the rest are just filled with malware that users will never even get, just for marketing-sake.

nod32 is a good av, ive tried it ... and it performs well, dont be too put off with this.

{QUOTE-> the only credible test is the one performed by the user, surfing the net, download files etc etc.

the rest are just filled with malware that users will never even get, just for marketing-sake. <-QUOTE}
So AV -Comparitives, av-test.org, and a few other independent AV review sites aren't credible in your opinion? With your logic it's also implying that AnandTech isn't a credible hardware review site since you need to test your own hardware. ::)

{QUOTE-> nod32 is a good av, ive tried it ... and it performs well, dont be too put off with this. <-QUOTE}
I never said that it wasn't a good AV, in fact I have a 2 year license. However I am not the only one that is a little disappointed with Eset in general. Just look how long NOD v3.0 has been vaporware and was finally released as a public beta.

you're right. NOD32 went on a way down in the last period... and I don't know whether they'll be again what they supposed to be.

{QUOTE-> Sorry to venture off topic, but I thought the regulars on this forum knew that malware-test.com was far from a credible source. :'( Firecat, you even posted in the thread below. :-X

Malware-Test Lab: Antivirus Comparison Report (February 26, 2007) (http://www.wilderssecurity.com/showthread.php?t=166856&highlight=malware-test)

On topic: I think it's obvious that Eset needs to step up. The recent credible tests show this to be the case as well. I've also been disappointed with their slow response to submitted samples. <-QUOTE}
Yes, I posted in that thread. Still, malware-test results are "interesting" to see depending on viewpoint. Personally, I wouldn't give it too much importance, I just mentioned malware-test as a possible "Chinese malware test" (I did say "so-called Chinese malware", did I not? :)). I've been in contact with someone at malware-test and my impression is that they are not fools, but they are not very knowledgeable either. They did mention to me the point about "Chinese malware", though. But a lot of Chinese tests show strange results, and I was wondering whether there was anything that I am not looking correctly into. :)

{QUOTE-> you're right. NOD32 went on a way down in the last period... and I don't know whether they'll be again what they supposed to be. <-QUOTE}

Yep, hopefully they'll improve again - they are aware of what the problem is (various threads have been made in the nod support forum about adding/missing malware and speed of virus lab, they usually end up being closed............ and the lack of response/reply to emails sent to samples[at]eset.com) it just depends on whether they are prepared (or have the resources) or see the need to change their policy.

{QUOTE-> So AV -Comparitives, av-test.org, and a few other independent AV review sites aren't credible in your opinion? With your logic it's also implying that AnandTech isn't a credible hardware review site since you need to test your own hardware. ::)
<-QUOTE}
spot on ;)

tests are created with 500,000 malware or whatever, that users will just not get, the only test that IS credible is the one created by himself, in his own testing and trials of the software.

Right, Joe Sixpack from Redneckville trying to judge an AV by performing his own tests.

Just what we need, a horde of clueless people spewing random results into forums.

No thank you.

right joe bloggs from wienerville

im not talking about making own tests,

but in my normal use of surfing and downloading, if i.e. sophos finds more than nod32, i will use sophos. no matter what these tests of half a million malware say, half a million... if the net was 'that bad', i for one wouldnt be on here.

But do not the tests, even though there are thousands of malware samples that the user will never get, demonstrate the ability of the AV to detect the samples? Is that worth nothing?

Although I realize that most of the malware samples will never be encountered by me, I am not sure which ones will. Accordingly, if the higher detection rated AVs run well for me, then I would prefer to use one of them.

If AntiVir or Kaspersky run well for me, I cannot think of any reason that I would use Dr Web or F-Prot, even though they might run well for me, and F-Prot did.
There is no disadvantage to that, and might be a definite advantage to the use of the higher rated AV if I encounter malware that is not normally encountered.

So if NOD misses more samples than KL why would I use NOD when the only reason I use an AV is protection from malware? This assumes that both run equally well for me. That is not always the case, of course, and might cause one to use a lesser AV due to conflicts.

Best,
Jerry

Wow, I'm really surprised by how many people seem to think that NOD32 perhaps isn't as 'good' as it used to be.

The whole principle here, for me at least, is the fact that yes, I downloaded a threat deliberately that I would never ever use - but that doesn't mean that my 16 year-old step brother who is frighteningly knowledgeable about how to find his way around a PC, might deliberately download the same threat I mentioned above, for Roboform, using P2P.

Under NOD32, it goes unnoticed, so he's installed this backdoor on my machine, and I'm happily using my legit copy of Roboform, entering my passwords, all the while unaware that my passwords could well be being stolen/seen or whatever - and all because NOD32 hasn't even warned me about something four other AVs recognise to be the same thing - a trojan.

I would rather get a false positive than no warning at all that there could be a chance of a threat.

I rely on my AV to tell me of anything suspicious - NOD32, at the moment, doesn't appear to be doing this as well as I thought it was.

{QUOTE-> the only credible test is the one performed by the user, surfing the net, download files etc etc.

the rest are just filled with malware that users will never even get, just for marketing-sake.
<-QUOTE}

Do you have any evidence to back this up? Most tests (even the crap ones that use honeypots etc...) collect malware from ITW. Do you think that antivirus testers are creating malware in the lab just for the sake of testing?

{QUOTE->
but in my normal use of surfing and downloading, if i.e. sophos finds more than nod32, i will use sophos. no matter what these tests of half a million malware say, half a million... if the net was 'that bad', i for one wouldnt be on here. <-QUOTE}

The malware used in av-comparatives is all ITW, AFAIK. They had 497,000 samples in the last test, each piece of malware in there will probably have infected a user somewhere, so the net is 'that bad'.

Personally, I am not "Shocked".:blink:

nor am i trjam, kaspersky has a far greater strength in different packers and formats than nod32, but then again ... nod32 still might have detected them, if the user tried to execute it, but personally, i wouldnt like to leave it to this chance.

For me at least the sky isn't falling. I use Nod and have no plans to change anytime soon although I won't say never.

{QUOTE-> nod32 still might have detected them, if the user tried to execute it, <-QUOTE}
This would be the case if the on-demand and on-access scanners used different engines and/or signature databases that would cause them to have different scan results. AFAIK, this is not the case.

Unless you're talking about dropped files when the malware executes, that is. Would still be a poor show on NOD32's part, though.

Basically, I am not performing my own tests, because if I had, then we'd have another virus.gr type test right here. I am just narrating what I have seen personally. Again, I must say that I do not think NOD32's detection rate is bad, I just remarked that in my experience it isn't as good as some others (i.e. the 4 other AVs I tried it on). :)

However, a bit of a problem is that Eset is a bit slow to virus submissions. Its not that they don't add, but sometmes it takes time for them to add. It doesn't put a very nice feeling for me, but what Eset wants to do in this regard is entirely their decision.

As such I think AV-comparatives is a credible testing organization, and to be fair, my own experience has been pretty consistent with what AV-comparatives says about detection rates, with the exception of a few switching of places (i.e. minor differences). :)

@CSJ: NOD32's generic unpacker unpacks a lot of files. Sure, its unpack engine may not be as good as KAV or BitDefender (for example), but its not very weak either (IMO). I think the unpack engine will be improved in NOD32 v3 as time passes. :)

with ten tousand of samples not detected by KAV and 16 tousands not detected by NOD32, what does the miss of 1 sample mean? You may find tousands occassions where one AV catches something while the other don't.

{QUOTE-> with ten tousand of samples not detected by KAV and 16 tousands not detected by NOD32, what does the miss of 1 sample mean? You may find tousands occassions where one AV catches something while the other don't. <-QUOTE}
You have a point there, and again that may not really be the problem. The strange thing is that I find NOD32 missing more than I expect it to. If it scored around the same level as BitDefender (for example), then I would expect it to miss roughly equal number of samples as BD (specifics of the samples don't matter). Maybe its just something with my samples. :-\

Anyway, I wouldn't be really concerned about this at all if it weren't for the fact that Eset is slow in adding signatures sometimes. I respect their priorities and it isn't my place to comment on that, but in the end I do not feel very good to see that my samples continue to remain undetected for a while.

{QUOTE-> In China, many of the die-hard antivirus fans here would be utterly bombshelled by NOD32's poor detection rates.

Apparently NOD32's scanning engine is ridiculously easy to circumvent using packers/slight code modifications. Personally, I've lost faith in NOD32 a long time ago, despite its wide acclaim in the Western world. <-QUOTE}
I don't think so,many days ago,nod32 Couldn't detect two nspacks,many people found it and used the way to keep nod32 from detecting,now nod32 can detect two nspacks,I am so happy.

I don't think eset is a very good company,I have sent many samples to eset,but they can't reply to me.I am too disappointed.

Never thought I would say it, but I would take Bitdefender in a heartbeat over what Nod has become. My license, thrown out the window.:)

{QUOTE-> I have sent many samples to eset,but they can't reply to me. <-QUOTE}

Not that they cannot reply to you but it is their policy not to reply emails with malware samples

{QUOTE-> Not that they cannot reply to you but it is their policy not to reply emails with malware samples <-QUOTE}
No offense HiTech, but why would you not reply, because of the samples themselves.

{QUOTE-> Not that they cannot reply to you but it is their policy not to reply emails with malware samples <-QUOTE}
I have emailed to eset,they said they were too busy to reply.

{QUOTE-> but why would you not reply, because of the samples themselves. <-QUOTE}

Some antiviruses (e.g. kaspersky) add every malicious sample you send them asap, and they tell you that (and the name the malware will be detected as) in their email reply. Eset's policy is to add malware on a 'priority basis', sometimes days, weeks or months after submission - by replying to emails confirming receipt of malware, they would put themselves in the position of having to add every malware they receive, or state that the file you have submitted is not malicious - by not replying to the emails, they are under less pressure to add the sample quickly.

{QUOTE-> I have emailed to eset,they said they were too busy to reply. <-QUOTE}
well now, that is a strong statement. You are saying that THEY contacted you back and said they were to busy to reply, or, they never answered you ,and you assume that meant they were to busy. Because if it is the second part, then that is just your opinion and in all fairness to Eset, well, isnt right.

{QUOTE-> Some antiviruses (e.g. kaspersky) add every malicious sample you send them asap, and they tell you that (and the name the malware will be detected as) in their email reply. Eset's policy is to add malware on a 'priority basis', sometimes days, weeks or months after submission - by replying to emails confirming receipt of malware, they would put themselves in the position of having to add every malware they receive, or state that the file you have submitted is not malicious - by not replying to the emails, they are under less pressure to add the sample quickly. <-QUOTE}
That isnt good from a customers stand point and if true, how are they still in buisness and selling such a product to customers. But yet you folks rave on, and on, and on. I really find this hard to understand, but I am not questioning your statement either. But damn, if true, I would be one pissed off customer looking to go elsewhere.

{QUOTE-> well now, that is a strong statement. You are saying that THEY contacted you back and said they were to busy to reply, or, they never answered you ,and you assume that meant they were to busy. Because if it is the second part, then that is just your opinion and in all fairness to Eset, well, isnt right. <-QUOTE}
It's the former.

Not that he worded it exactly, but I've seen a copy of the email ESET sent to this guy, and that was pretty much the gist of it.

EDIT: trjam, if you're a regular submitter of undetected samples to malware vendors, you'll find out quite soon that ESET pretty much ranks right at the bottom with Alwil in terms of response time. Contrast that with Grisoft, who don't send individual replies to their customers either, but do add the detection signatures promptly within 1-3 days after submission.

{QUOTE-> No offense HiTech, but why would you not reply, because of the samples themselves. <-QUOTE}

Not that it depends on me and I can't be 100% sure but I think they don't reply because of their Policy to add samples on priority bases . They cannot reply you like Kaspersky does tell you that the sample will be soon added if they are not sure when they are going to add it . I myself like this policy , it is perfect to keep the bases clean with no unneed stuff . Most often they have undetected trojan downloaders , no problem with other malware .
I am not a malware collector and my words are based on my experiece , real life and I had issues once or twice only with a trojan downloader (all the additional payload was detected) . After I submitted the sample , they added it in a few hours . I myself have no problem with detected/undetected samples and NOD32 is a perfect security solution for me and my clients . If you don't like it , well , no problem

{QUOTE-> well now, that is a strong statement. You are saying that THEY contacted you back and said they were to busy to reply, or, they never answered you ,and you assume that meant they were to busy. Because if it is the second part, then that is just your opinion and in all fairness to Eset, well, isnt right. <-QUOTE}
I think this is an excuse.

{QUOTE-> Not that it depends on me and I can be 100% sure but I think they don't reply because of their Policy to add samples on priority bases . They cannot reply you like Kaspersky does tell you that the sample will be soon added if they are not sure when they are going to add it . I myself like this policy , it is perfect to keep the bases clean with no unneed stuff . Most likely they have undetected trojan downloaders , no problem with other malware .
I am not a malware collector and my words are based on my experiece , real life and I had issues once or twice only with a trojan downloader (all the additional payload was detected) . After I submitted the sample , they added it in a few hours . I myself have no problem with detected/undetected samples and NOD32 is a perfect security solution for me and my clients . If you don't like it , well , no problem <-QUOTE}
No problem indeed my friend and now I understand. Some malware is more important then others. Meaning on a scale of 1-10, well a 10 gets added quickly and a 1, well, see you in a month. Curious though as to what or how, malware gets identified as a TOP threat or, bottom of the pit one. But I see your point.:)

{QUOTE-> I think this is a excuse. <-QUOTE}
No sir, not an excuse, but a clarification. Big difference.

{QUOTE-> No problem indeed my firend and now I understand. Some malware is more important then others. Meaning on a scale of 1-10, well a 10 gets added quickly and a 1, well, see you in a month. Curious though as to what or how, malware gets identified as a TOP threat or, bottom of the pit one. But I see your point.:) <-QUOTE}
It makes all the difference when the sample you sent wasn't just something you tested in an isolated environment, but something that had infected your computer.

Hats off indeed to the Kaspersky team in this regard, even though they're not likely to see my praise to them here. Regardless of whatever policies or clarifications other malware vendors deem necessary to adopt when it comes to adding detection signatures, Kaspersky gives you none of that bull, only a speedy update within hours (sometimes minutes) after submission. :thumb: And the best part is, they don't even advertise this as a feature on their website - really gives you the warm fuzzy feeling that they're sincere about their job, not just about the marketing aspect of it. ;D

{QUOTE-> It's the former.

Not that he worded it exactly, but I've seen a copy of the email ESET sent to this guy, and that was pretty much the gist of it.

EDIT: trjam, if you're a regular submitter of undetected samples to malware vendors, you'll find out quite soon that ESET pretty much ranks right at the bottom with Alwil in terms of response time. Contrast that with Grisoft, who don't send individual replies to their customers either, but do add the detection signatures promptly within 1-3 days after submission. <-QUOTE}

Hello,
Grisoft replied every time I submitted them a sample. Every time in less than 24 hours.
Mrk

a typical forum thread, disagreements :D

lots of if's, and but's and why's and how's, oh and maybe's.

love it :D

{QUOTE-> Hello,
Grisoft replied every time I submitted them a sample. Every time in less than 24 hours.
Mrk <-QUOTE}
Damn! Maybe I shouldn't have let slip that I was an AVG Free user. :(

Though I'm not really a "user" of antivirus software anymore, per se; all the antimalware scanners I have are installed on test machines or virtual environments solely for testing purposes. I graduated my main rig to SSM + EQSecure some time ago, and haven't looked back. ;D

{QUOTE-> Hello,
Grisoft replied every time I submitted them a sample. Every time in less than 24 hours.
Mrk <-QUOTE}
Well all of this is good news for the customer. My 10 gallon hat is off to those who are proactive in leading the way to listening to their customers. Because the rest of us using their product benefit. Yep, Stefan pretty much feels the same way about submitted samples. What is a 1 today, could be a 10 tommorow. As to those who dont, well, thank goodness for this icon.:thumbd:

Sometimes when I send some samples to Kaspersky,they reply to me some monthes later.

Well, have you ever submitted any to Avira. You see, that would be what really concerns me.;)

{QUOTE-> Sometimes when I send some samples to Kaspersky,they reply to me some monthes later. <-QUOTE}

Did you send them by airmail? ;)

{QUOTE-> It makes all the difference when the sample you sent wasn't just something you tested in an isolated environment, but something that had infected your computer <-QUOTE}

Yes , it is definitely a difference . If you read frequently ESET forums , you'll understand that if you are infected/have problems , they would prefer you contact Support and therefore send such malware to them where the Technical Support Dept can decide if it needs to be added . So , if you use NOD32 and you got infected by something (NOD misses it) , then send it to support @ eset . com

{QUOTE-> Well, have you ever submitted any to Avira. You see, that would be what really concerns me.;) <-QUOTE}
No,I haven't

{QUOTE-> Well, have you ever submitted any to Avira. You see, that would be what really concerns me.;) <-QUOTE}
A vote for Avira as well. Top-notch response time, though personally I'd still rank Kaspersky above them.

{QUOTE-> Sometimes when I send some samples to Kaspersky,they reply to me some monthes later. <-QUOTE}
;D ;D ;D

Check with your ISP , the emails might arrive later than they should ;D ;D

{QUOTE-> Did you send them by airmail? ;) <-QUOTE}
Why do you say so?

{QUOTE-> ;D ;D ;D

Check with your ISP , the emails might arrive later than they should ;D ;D <-QUOTE}
I hope so

lets keep this on topic and not a flame thread. EQ2, I think you are doing what you feel is right and no one here should fault you. But the next time you find one, send it to Avira and lets see what happens. All vendors can learn from a thread like this. The paying folks are speaking up, and you should listen.

{QUOTE-> A vote for Avira as well. Top-notch response time, though personally I'd still rank Kaspersky above them. <-QUOTE}
I'm not quite sure how Kaspersky does it, but the last time I submitted something, I got a response in less than 15 minutes saying it was going to be added to the next hourly update. :o

{QUOTE-> Why do you say so? <-QUOTE}
Maybe it's slightly a humorous remark to a perhaps slightly unbelievable story. ;) :)

{QUOTE-> lets keep this on topic and not a flame thread <-QUOTE}

We already got really out of the topic . Far away from the OP/OT ... but anyway , let's try ;)

{QUOTE-> I'm not quite sure how Kaspersky does it, but the last time I submitted something, I got a response in less than 15 minutes saying it was going to be added to the next hourly update. :o <-QUOTE}
Well I guess Kaspersky has set the benchmark, that the rest need to strive for. Kudos.

{QUOTE-> We already got really out of the topic . Far away from the OP/OT ... but anyway , let's try ;) <-QUOTE}
No, I think we are right on target.;)

{QUOTE-> I'm not quite sure how Kaspersky does it, but the last time I submitted something, I got a response in less than 15 minutes saying it was going to be added to the next hourly update. :o <-QUOTE}
Because they are usually 8-9 analyst's at it at any given hour of the 24 hours in a day.

9 at the moment:http://www.kaspersky.com/viruswatch3.

now that is impressive.

{QUOTE-> All Anti-Virus softwares miss malware. Its best to submit the sample to all vendors so they can add it to the database. <-QUOTE}
This is the second post in this thread and it probably sums it up best. Submit to all, it is then up the individual vendor if they want to add as per their priorities.

{QUOTE-> Because they are usually 8-9 analyst's at it at any given hour of the 24 hours in a day.

9 at the moment:http://www.kaspersky.com/viruswatch3. <-QUOTE}

I like this aswell.

{QUOTE-> with ten tousand of samples not detected by KAV and 16 tousands not detected by NOD32, what does the miss of 1 sample mean? You may find tousands occassions where one AV catches something while the other don't. <-QUOTE}

If 60% more missed samples is insignificant, then why are we doing all this? Most of us have no criterion to go on except the detection rates. The difference between the overall detection of Avira vs NOD may not be great, but it is an indicator, and I would always rather have the higher detection rates assuming that it runs well. I say again, all I have an AV for is protection, and if I buy one I want the "safest" that I can afford, and that will run well for me.

I think NOD is a fine AV, and probably one would not get an infection using it vs Avira or KAV, but the same might be said regarding Avast Home.
I still want the safest AV I can get, and I am not convinced that detection rates are insignificant. I am not sure which of the 10,000 vs 16,000 malware samples I might encounter.

There seems to always be a lot of excuses and statements that numbers do not really matter when one's AV is not at the top, but they sure do sing the praises when it is.

Regards,
Jerry

I think thats guys should give eset some more time since with the new version thing might improve a lot.

Having said that i've come across some files where nod32 gave an error, a cryptom error, don't remeber what it was cause i forgot and couldn't scan it. While kaspersky and avira detected them as malware. I know an av can miss a malware some time or another but from my experience i'd rather go for kaspersky or avira, detection still is important

{QUOTE->
There seems to always be a lot of excuses and statements that numbers do not really matter when one's AV is not at the top, but they sure do sing the praises when it is.
Regards,
Jerry <-QUOTE}
Finally people are starting to see the light, thank you Jerry. I work in local government, and I have a lot of friends for the Citys Information Technology department. 2 years ago all they raved about was Nod this and Nod that. They dont anymore. Of course they now rave about Avast, so I am not sure what the moral is here.:shifty:

{QUOTE-> Finally people are starting to see the light, thank you Jerry. I work in local government, and I have a lot of friends for the Citys Information Technology department. 2 years ago all they raved about was Nod this and Nod that. They dont anymore. Of course they now rave about Avast, so I am not sure what the moral is here.:shifty: <-QUOTE}

Hi trjam,

Maybe the moral is that they are not married to any AV, but just go for what they understand to be the best at any particular time. I must admit that in my view NOD is better than Avast, although Avast is not bad.
I will be interested in seeing the results of the new version of NOD. I suspect it will be good.

Comment removed. Please focus on software only. - Ron

Regards,
Jerry

{QUOTE-> Finally people are starting to see the light, thank you Jerry. I work in local government, and I have a lot of friends for the Citys Information Technology department. 2 years ago all they raved about was Nod this and Nod that. They dont anymore. Of course they now rave about Avast, so I am not sure what the moral is here.:shifty: <-QUOTE}Don't listen to civil servants? ;D

{QUOTE-> Personally, I am not "Shocked".:blink: <-QUOTE}

Neither am I!

It may seem strange to some, but I've never lost faith in any AV program over detection, even the Lanterne Rouge of the AV-Comparatives certified (standard and above) AV's. For me it's always revolved around performance with decent to better than decent protection. I can handle the bridge from decent to excellent manually if needed.

As for being wedded to a solution, I'm all for brand loyalty, but the vendors have to earn that loyalty from me each and every year.

Finally, I really don't believe that it's very healthy to define yourself solely by the products you use, or to define other folks by the solutions they choose to implement. While spreading the word of good and bad experiences and approaches generally benefits all, those experiences should be critically and objectively self-assessed before the sharing begins...

Blue

Yes, nod detection rate is not so good as in the test. The speed in adding samples is the key to fight malware, so kaspersky is better than other products for home users. In fact I am not very interested in advance detection, they are not reliable, I just use HIPS.

Hi Blue,
["For me it's always revolved around performance"]


What does that mean? Not an argument, but just curious as to how performance differs from protection. Maybe you are considering performance as how it runs on your system, conflicts, and updating??
I can sure agree that if there are problems in those areas an AV is not very useable.

Regards,
Jerry

I am quite interested in seeing some test results that support your contention that NOD32 has dropped in detection. NOD32 was the overall winner in 2006 according to Av-comparatives. NOD32 was also one of only two AVs (Norton, the other) which scored 12/12 in polymorphic detection for the Feb 2007 test. Are you basing your comments on the fact that NOD32 rated Advanced rather than Advanced+ during the Feb 2007 test? You are basing your comments based on this one test? Let's be fair.
If you have definitive proof that NOD32 is an inferior product, I would love to hear it. Bashing for the sake of bashing is one thing. Having reproducible test results is another.

{QUOTE-> I am quite interested in seeing some test results that support your contention that NOD32 has dropped in detection. NOD32 was the overall winner in 2006 according to Av-comparatives. NOD32 was also one of only two AVs (Norton, the other) which scored 12/12 in polymorphic detection for the Feb 2007 test. Are you basing your comments on the fact that NOD32 rated Advanced rather than Advanced+ during the Feb 2007 test? You are basing your comments based on this one test? Let's be fair.
If you have definitive proof that NOD32 is an inferior product, I would love to hear it. Bashing for the sake of bashing is one thing. Having reproducible test results is another. <-QUOTE}

Without defending the OP, I would not consider that stating one's personal experience is bashing. It may not be the experience of most users, but it is his, and is useful for consideration when choosing an AV.

Best Regards,
Jerry

{QUOTE-> Hi Blue,
["For me it's always revolved around performance"]


What does that mean? Not an argument, but just curious as to how performance differs from protection. Maybe you are considering performance as how it runs on your system, conflicts, and updating??
I can sure agree that if there are problems in those areas an AV is not very useable. <-QUOTE}Jerry,

Good catch, that was an ambiguous statement.

By performance I mean the operating performance (speed and stability) of basically the remainder of the machine - the OS and applications.

For most of what I do on my casual machines, that means browser and applications for writing, graphics, and simple numerics are not obviously slowed. To me, it should not be apparent, based on the speed/responsiveness/etc. of other applications that an AV (or other antimalware applications) is active.

You should not be innundated with extraneous alerts or notifications, applications should not stall while the AV figures out what to do, the system shouldn't crash because some security application got in the way.

That's the ideal. Now, real programs take CPU cycles. Resource consumption is finite. Some programs take system resources aggressively, others are quite parsimonius in their utilization of the system. I will trade some level of detection for a smaller footprint on the system ecology. That's basically what I mean by performance.

Areas like direct applications conflicts, updating and so on, are basic aspects of the AV functionality. Significant problems here result in removal of those applications.

Cheers,

Blue

{QUOTE-> Without defending the OP, I would not consider that stating one's personal experience is bashing. It may not be the experience of most users, but it is his, and is useful for consideration when choosing an AV.

Best Regards,
Jerry <-QUOTE}

I don't wish to minimize anyone's experience. Everyone has a right to post here.
That point will always be respected.
However, many people read the posts here and may use the information here in their security decisions. The problem the original poster had may or may not be malware related. How can a user lose faith with a product if it hasn't been determined whether malware is involved?

{QUOTE-> I don't wish to minimize anyone's experience. Everyone has a right to post here.
That point will always be respected.
However, many people read the posts here and may use the information here in their security decisions. The problem the original poster had may or may not be malware related. How can a user lose faith with a product if it hasn't been determined whether malware is involved? <-QUOTE}

I would have to say that if a product did not run well, and had problems regardless of the cause, and did not detect as expected that is germane. I agree that it does not prove that on someone else's computer the results would be the same, but if an AV does not work on my system I would lose faith regardless of the root cause. It is only useful to me if it does work on my system.

It must be admitted that NOD did not show as well on IBK's tests of Feb 2007. I also admit that there is not much difference in 1%, and that would not impact my decision.

I think it is legitimate to use the information posted here in making security decisions. I thought malware was involved even though from a cracked site. Other posters confirmed that in their experience NOD did not perform up to expectations.

I take these things, normally, at face value and recognize that not all will have the same experience, including me, but am appreciative of folks sharing their experiences. In the end, I never consider one post as the last word, and investigate an application to the extent I can.

I would not go to a risky site to try to prove the effectiveness of my AV. I prefer to let IBK test it, and consider those results more than my very limited experience, and very little expertise.??? ???
Have a good evening.

Best Regards,
Jerry

{QUOTE-> I am quite interested in seeing some test results that support your contention that NOD32 has dropped in detection. NOD32 was the overall winner in 2006 according to Av-comparatives. NOD32 was also one of only two AVs (Norton, the other) which scored 12/12 in polymorphic detection for the Feb 2007 test. Are you basing your comments on the fact that NOD32 rated Advanced rather than Advanced+ during the Feb 2007 test? You are basing your comments based on this one test? Let's be fair.
If you have definitive proof that NOD32 is an inferior product, I would love to hear it. Bashing for the sake of bashing is one thing. Having reproducible test results is another. <-QUOTE}

Retrospective IMO is less important then detection. But NOD32 does well in both and so it gets overall winner while other AV's didn't because they screwed up in one retrospective or on-demand test. I don't think NOD32 has dropped in detection but I do think NOD32 isn't "the" best anti-virus. Or #2 or #3 for the matter.

{QUOTE-> Retrospective IMO is less important then detection. But NOD32 does well in both and so it gets overall winner while other AV's didn't because they screwed up in one retrospective or on-demand test. I don't think NOD32 has dropped in detection but I do think NOD32 isn't "the" best anti-virus. Or #2 or #3 for the matter. <-QUOTE}

I also don't think NOD32 has dropped in detection. The "best" is a subjective measure which is different for each user.

{QUOTE-> If you have definitive proof that NOD32 is an inferior product, I would love to hear it. Bashing for the sake of bashing is one thing. Having reproducible test results is another. <-QUOTE}

I am not bashing NOD32 at all - as I said in one of my first posts, I have been using it for years now - what I am is disappointed with it, and I have never been disappointed with it before. It missed three threats that Kaspersky picked up. These may be genuine, they may not, but at least with Kaspersky I have the choice to research and decide - I feel NOD32 isn't allowing me this choice and I am now doubting it's abilities. What else has it let go in the past that may have been malware or harmful without me knowing?

{QUOTE-> The problem the original poster had may or may not be malware related. How can a user lose faith with a product if it hasn't been determined whether malware is involved? <-QUOTE}

Again, my point here is as above - the threat might not have been genuine, but I would still like to be alerted just in case. I feel Kaspersky did this, NOD32 didn't. NOD32 was, in my setup along with FDISR, the program that I installed without even questioning - now I have doubts about it.

If I installed a HIPS that I wanted to alert me about threats and it didn't do so, then I would feel that the HIPS was not doing it's job properly, whether the threat be real or not - I would want to make that choice. I expect NOD32 to alert me if it finds anything suspicious, and in this case, it hasn't - three times. To me, it's not about the threats being genuine, it's about what I had considered to be the best AV without question letting me down. Perhaps it is so confident that it does not need to alert me, I don't know, but I am finding myself not trusting NOD's detection any more, and this saddens me.

This morning, for the first time in many years, I find myself looking to try Avira and Kaspersky instead on NOD32. Whichever of those two feels better to me and makes me feel more secure, I will probably replace it over NOD.

I feel that my system could be more secure, and with an AV I really don't want to worry about if it is doing it's job well enough. At the moment, I am wondering and I don't like it.

This has been fascinating for me to read and I have been surprised at many people's reactions. I was expecting many to slate me for saying I was not happy over a pretty insignificant little test, but to me it was a real-life test that could very well happen on my machine (from one or two family members) at any time. They download from P2P and extract archives all the time. Seems NOD isn't as on the ball as I expected it to be, and I feel uncomfortable knowing that and the one certainty is that by the end of the day I will have a different AV running than I have at the moment, and although this kind of saddens me, I feel that it has to be done.

{QUOTE-> I also don't think NOD32 has dropped in detection. The "best" is a subjective measure which is different for each user. <-QUOTE}

I guess I forgot to put another IMO.

And @ mrfargoreed, Kaspersky always amazes me. Some user was having a splash screen thing... He tried McAfee, NOD32, AVG and others... I told him to try Kaspersky because I was 99% sure it would find it... He posted later and said that it did. It made me happy. lol

{QUOTE-> I feel that my system could be more secure, and with an AV I really don't want to worry about if it is doing it's job well enough. At the moment, I am wondering and I don't like it. <-QUOTE}
Unless you can find a scanner that gives you a 100% detection rate, there's always room for doubt no matter what you switch to.

{QUOTE-> Kaspersky always amazes me. Some user was having a splash screen thing... He tried McAfee, NOD32, AVG and others... I told him to try Kaspersky because I was 99% sure it would find it... He posted later and said that it did. It made me happy. lol <-QUOTE}

Yep, I certainly feel that this could be the way forward for me, personally. I think the time has definitely come to give Kaspersky a proper go on my machine once and for all.

{QUOTE-> Unless you can find a scanner that gives you a 100% detection rate, there's always room for doubt no matter what you switch to. <-QUOTE}

I totally accept this solcroft, just at the moment I don't even feel 50% secure with NOD32. I feel like I've been let down by my best friend :'(

{QUOTE-> I totally accept this solcroft, just at the moment I don't even feel 50% secure with NOD32. I feel like I've been let down by my best friend :'( <-QUOTE}
So what happens when you stumble across a virus your next anti-virus solution doesn't detect as well?

Just curious. And trust me, if it weren't for the PDM, Kaspersky is a scanner that misses a hell lot as well... at least on the Chinese malware scene.

{QUOTE-> All Anti-Virus softwares miss malware. Its best to submit the sample to all vendors so they can add it to the database. <-QUOTE}

I Agree

Hi AV guy's:

Please refer to the thread here:

http://www.wilderssecurity.com/showthread.php?t=167941

Although I missed my own self imposed deadline for my next "simplistic" have a look at the work needed to do this selection "right". IMHO as always!;D

Speculation about how your AV or mine might do or would have or could have done if only this had happened is known as post purchase rationalization. I'm suffering from it myself on BD BUT until it falls off my top group list I'm holding. :-\

If it falls and then subscription lapses and if it is still off my list then BD will be replaced. We aren't married to vendors are we?:'(

To me detection rate is not the holy crale, because in the next testing round product X could become nr 1. Take a look at support quality, system resource, easy of use...

{QUOTE-> So what happens when you stumble across a virus your next anti-virus solution doesn't detect as well?

Just curious. And trust me, if it weren't for the PDM, Kaspersky is a scanner that misses a hell lot as well... at least on the Chinese malware scene. <-QUOTE}

I guess I'll at least know that I am being better protected that if I were using NOD32.

{QUOTE-> Hi AV guy's:

Please refer to the thread here:

http://www.wilderssecurity.com/showthread.php?t=167941
<-QUOTE}

{QUOTE-> Actually,

Avira PE Edition 7.....................99.69 + 53.49 = 153.18
Nod 32 AV 2.5.........................99.07 + 53.09 = 152.16

Best regards,
Firefighter!

Btw, and

Kaspersky................................99.45 + 99 = 198.45 (with PDM) <-QUOTE}

Very impressive!

Originally posted by Trjam{QUOTE-> 2 years ago all they raved about was Nod this and Nod that. They dont anymore. Of course they now rave about Avast, so I am not sure what the moral is here. <-QUOTE}

I guess the moral is that people change their mind. Sometimes they have a reason and sometimes they don't - sometimes it takes two years, sometimes it doesn't ;) http://www.wilderssecurity.com/showthread.php?t=167555&highlight=trjam

To put things in perspective.
The OP cleary stated it was one event and his personal experience.

This is akin to MDs publishing single Case Reports in the medical journals.
Evryone reading these reports cleary understand that it is simply the experience of one individual BUT no one takes their conclusions as the definite law!

These case reports sometimes stimulate other researchers to undertake scientific studies based on the single case report, (very large groups of test subjects vs controls, double blinded, randomized etc. etc.)
Only after a few of these types of peer-reviewd studies are accepted for publishing by the major medical journals, can some type of "conclusion" be made... (and even then....)

I would think it should be the same with the OP's experience/case study.
It is an interesting read.
But again, one single case study does not make for an at-large conclusion (about any A-V, software, drug, product etc.)

{QUOTE-> Originally posted by Trjam

I guess the moral is that people change their mind. Sometimes they have a reason and sometimes they don't - sometimes it takes two years, sometimes it doesn't ;) http://www.wilderssecurity.com/showthread.php?t=167555&highlight=trjam <-QUOTE}
No problem Elvis, I know better then most, if you are going to dish it out, be ready to swallow it. Cheers.;)

{QUOTE-> Some antiviruses (e.g. kaspersky) add every malicious sample you send them asap, and they tell you that (and the name the malware will be detected as) in their email reply. Eset's policy is to add malware on a 'priority basis', sometimes days, weeks or months after submission - by replying to emails confirming receipt of malware, they would put themselves in the position of having to add every malware they receive, or state that the file you have submitted is not malicious - by not replying to the emails, they are under less pressure to add the sample quickly. <-QUOTE}
right... if you want to know whether the file is infected or not you should send it to another vendor to get a reply. You can't trust .."Hey, ESET didn't added it in 5-6 days, then it's clean." They could add it in 2-3 weeks. :(

The first time I installed NOD32 on my machine it found a five year old virus in an old email (spam) executable file attachment. The virus infected file had been saved as an archive from the previous system's hard drive. The NOD32 heuristics detected it and correctly identified the file as a virus on its first deep system scan while NAV, a trial version of KAV, TrendMicro, McAfee and all the other security software I had ever run on that machine for five years had missed it. NOD32 was the only one that found it. Certainly it could be argued that this particular virus was not a threat since it had never been active but it still impresses me that the NOD32 heuristics engine prevailed in this situation when many other top AVs completely failed. After this positive experience I knew that NOD32 was a special kind of AV with many other benefits such as being highly customizable and having a relatively light footprint. Besides using it for real time protection on my main desktop I have installed it as the main AV on many systems that I manage with excellent results.

I have seen KAV find malware that other top AVs and AS programs have missed and I have seen just this past year a fully updated Windows XP SP2 machine protected by the newer version of Avira PE Classic and Windows Defender get taken over by countless viruses within a few days. Obviously few think that the "single incident" test is a good way to judge an AV's effectiveness. However there is a good argument made here for having redundancy for security software which is why it is good to have backup AV and AS programs for on demand scanning. For power internet users who are doing allot of file downloading I think having backup security for on demand scanning becomes even more important.

With my current desktop setup if I have a questionable file I have it scanned first with NOD32 and SpySweeper which are both running in real time and if I choose to do so it only takes me a few seconds to disable NOD32's real time detection and scan the file on demand with the KAV engine in ZASS v7. If a zero day threat "super-virus" somehow slips past detection by NOD32, SpySweeper, Windows Defender, and the KAV engine scan on demand then hopefully the ZASS Program Control and OS Firewall will alert me and halt the malware activity.

I've performed another quick test in the same style as before - deliberately downloading malware from P2P. Ran a scan - Kaspersky, AVG Antispyware and A2 Free all detected a backdoor trojan.

NOD32 and SAS - nothing.

Again, I find it strange that NOD32 doesn't even alert me of a possible threat.

Ok, no more 'testing' on my behalf - my choice is firmly made. I know it's hardly an in-depth test, but it's enough for me.

{QUOTE-> I've performed another quick test in the same style as before - deliberately downloading malware from P2P. Ran a scan - Kaspersky, AVG Antispyware and A2 Free all detected a backdoor trojan.

NOD32 and SAS - nothing.

Again, I find it strange that NOD32 doesn't even alert me of a possible threat.

Ok, no more 'testing' on my behalf - my choice is firmly made. I know it's hardly an in-depth test, but it's enough for me. <-QUOTE}

A thankless task, "ain't it?" ;)

Regards,
Jerry

{QUOTE-> A thankless task, "ain't it?" ;) <-QUOTE}

I quite enjoyed it ;D. Peace of mind is what it's all about, and I've personally gained that. I hope. :wacko:

All AVs miss malware. That's the reason for a layered defense.

{QUOTE-> I quite enjoyed it ;D. Peace of mind is what it's all about, and I've personally gained that. I hope. :wacko: <-QUOTE}

Been following along with your thread, very interesting.

What is the name of the backdoor Trojan you used? I want to see if my security software tools are aware of it.

Thanks

I use NOD32, and I'm not sure about detection, but one thing I am absolutely certain about is that it doesn't slow down my PC in any way or cause any O/S related problems such as crashing or hanging.

Why is it that I see so many posts regarding KAV users reverting to .303 from .621 because of speed and stability issues.

{QUOTE-> I use NOD32, and I'm not sure about detection, but one thing I am absolutely certain about is that it doesn't slow down my PC in any way or cause any O/S related problems such as crashing or hanging.

Why is it that I see so many posts regarding KAV users reverting to .303 from .621 because of speed and stability issues. <-QUOTE}

I agree with what you say and have reverted back to NOD32 for time being.

Gary

{QUOTE-> I use NOD32, and I'm not sure about detection, but one thing I am absolutely certain about is that it doesn't slow down my PC in any way or cause any O/S related problems such as crashing or hanging.

Why is it that I see so many posts regarding KAV users reverting to .303 from .621 because of speed and stability issues. <-QUOTE}

Unfortunately, KAV has some stability problems, and I have tried a couple of other AVs until the stability problems are solved. Right now I am using AntiVir Premium, and it is running great, as did NOD and Avast.

I will return to Kaspersky in time, assuming the bugs are worked out, as I continue to like it better than anything else, and have high confidence in its protection. But I sure do like AntiVir, and if KAV/KIS remains buggy on my system I anticipate that I will keep AntiVir. I have high hopes for KAV 7.

I can see how the OP has lost some faith in NOD, and I admit that I have seen enough threads regarding detection and removal re NOD that I do not have the confidence I did a few months ago. The failure to attain Advanced + on AVC did not help it either for me. I think I would feel as secure with Avast Home + AVG AS.

Best,
Jerry

{QUOTE-> right... if you want to know whether the file is infected or not you should send it to another vendor to get a reply. You can't trust .."Hey, ESET didn't added it in 5-6 days, then it's clean." They could add it in 2-3 weeks. :( <-QUOTE}

I have the best luck with Kaspersky then... Every time I send them malware I get a response in less then 8 hours (Which is good because I wake up and have a response lol) and they say "New malware has been found" or "There is no malicious code found in the sample you gave us"

{QUOTE-> I've performed another quick test in the same style as before - deliberately downloading malware from P2P. Ran a scan - Kaspersky, AVG Antispyware and A2 Free all detected a backdoor trojan.

NOD32 and SAS - nothing.

Again, I find it strange that NOD32 doesn't even alert me of a possible threat.

Ok, no more 'testing' on my behalf - my choice is firmly made. I know it's hardly an in-depth test, but it's enough for me. <-QUOTE}

I get the same results unfortunately... Though my samples come from a different source.

JerryM, how light and stable/reliable is Antivir Premium compared to NOD?

{QUOTE-> JerryM, how light and stable/reliable is Antivir Premium compared to NOD? <-QUOTE}
IMO Slightly less stable as there have been reported some minor bugs while scanning certain types of files on specific computer configurations. As far as reliability goes, its about the best you can get. :)

Dear mrfargoreed,

A few posts back someone asked you: {QUOTE-> What is the name of the backdoor Trojan you used? I want to see if my security software tools are aware of it <-QUOTE}
So... can you help enlighten us please?

{QUOTE-> Dear mrfargoreed,

A few posts back someone asked you:
So... can you help enlighten us please? <-QUOTE}

Yes, please I'm the someone Rickk refers too, all malware has a name, what is it please?

{QUOTE-> Yes, please I'm the someone Rickk refers too, all malware has a name, what is it please? <-QUOTE}


It should be easy for mrfargoreed to find the name of the malware tesed/detected... Just look through the scanning logs. ;D

{QUOTE-> JerryM, how light and stable/reliable is Antivir Premium compared to NOD? <-QUOTE}

I think it is probably slightly less stable than NOD, but I am not having any problems. I did have two instances of the icon not showing in the tray, but I removed Snoopfree and UnHackMe, and have changed SAS and AVG AS to on-demand. The only think I have running at start is AntiVir Premium, firewall LNS, and WinPatrol.
I find that it loads faster, and slightly faster than NOD, although the difference is not great.

Overall AntiVir is running superbly.

As to resources, I do not remember what NOD did, but AntiVir is not noticeable on my system, and neither was NOD. I do not think either is lighter overall than KAV. F-Secure is definitely heavier than those three, but I like it anyway, and it does not slow my system but is a couple of minutes slower to start. Of course it has more running processes than the others. I am using the IS suite so I expect it to be a little slower due to the number of processes.

Of the top notch AVs I have used I like KAV, AntiVir, F-Secure, and NOD in that order. Unfortunately at the present time neither KAV nor FS runs well on this machine so the two I find usable now are AntiVir and NOD.

Regards,
Jerry

{QUOTE-> Been following along with your thread, very interesting.

What is the name of the backdoor Trojan you used? I want to see if my security software tools are aware of it.

Thanks <-QUOTE}

Hey Escalader!

Unfortunately the first trojan I used has been wiped from the system - I was using an FDISR snapshot to test, which I have since deleted so I don't have the original log files from anything. I think I set Kaspersky to remove it.

A couple of other tests I did:

One was picked up by AVG AS as 'Trojan.Feutel.av - Risk High' Not detected by SAS and Kaspersky, but NOD32 showed as 'Win32/Tool.TPE.A application'.

The other picked up by A2 as 'Backdoor.Win32.Ciadoor.13 - 3 files - Risk High'. Not detected by SAS, Kaspersky or NOD32.

Both have been cleared from the testing snapshot now. The strange thing is that when I re-installed Kaspersky this morning to try the test again with the above two examples, it didn't detect either! And this was on a clean snapshot with no other security software to affect results, so now I am even more confused than ever.

This is getting extremely confusing. Another thing is that NOD32 didn't detect the file until I extracted the file with Winrar, whereas AVG detected without extracting even though I had set NOD32 to scan archives, too.

:wacko:

I will try to re-download the first trojan I used and report back with the name and details for you, provided I can remember the file I downloaded in the first place.


PS - didn't reply sooner as been asleep - it's been night in the UK.

{QUOTE-> ...Of the top notch AVs I have used I like KAV, AntiVir, F-Secure, and NOD in that order. Unfortunately at the present time neither KAV nor FS runs well on this machine so the two I find usable now are AntiVir and NOD.

Regards,
Jerry <-QUOTE}
I agree that those are all top rated AVs and considering that it is really the luck of the draw if one of them doesn't happen to detect a specific malware then the only real question is which one runs best on your system. I think that power users should find two that are able to co-exist then choose the one they like the most for real time protection and the other one as a back up for on demand scanning. My order of preference right now is NOD32, KAV or a KAV engine based AV and AntiVir Premium but my opinion is based on what works best along with my other security software and not just the detection capabilities. I also have no problem recommending any one of those three top AVs to common users as a stand alone AV program.

to me the ability to clean, supersedes the ability to just detect.

{QUOTE-> to me the ability to clean, supersedes the ability to just detect. <-QUOTE}
To me, it just happens to be nitpicking. I wouldn't trust an infected system any further than I can throw it, no matter how well any scanner claims to be able to "clean" it.

solcroft, your point is a very valid one. But I wonder how many of us use sytems like that, knowingly or not.::)

{QUOTE-> To me, it just happens to be nitpicking. I wouldn't trust an infected system any further than I can throw it, no matter how well any scanner claims to be able to "clean" it. <-QUOTE}
I prefer completely deleting the infected file or files unless they absolutely "must" be retained. While doing PC tech referral work I have successfully cleaned systems with over a thousand malware detections. I used multiple web based and fully installed AV and AS programs (in standard and safe mode) to clean them but for those heavily infected systems I usually recommend a complete HD re-format and re-install of Windows. However with the heavily malware infected PCs where cleaning the entire system is the requested there is always that unsettling feeling that system security has been permanently altered for the worse no matter how effective the AV software cleaning seems to have been.

Although the tests I have done are far from professional (I wouldn't know where to start), one thing that has really hit home more than ever, is the idea of the layered defense approach - of course, no AV or AS will detect everything, and just when I think one is better than the other, it doesn't detect a couple of threats I throw at it this morning. So I feel I am back to square one. Yes, NOD32 has shocked me a little as to missing things, but so has Kaspersky today. And, throughout all these 'tests' I have had SuperAntiSpyware running in the background which hasn't even woken up.

Do these simple tests indicate the strength of software like FDISR and Rollback RX which will restore your system in seconds? Or the need for HIPS programs to harden the system even more?

As I have read here on numerous occasions, it all comes down to common sense - don't surf on the wild side, don't use file sharing apps, and don't let anyone else but yourself use your machine (unless you are 100% certain that they are not doing anything malicious), but this is not often possible unless I am the only user (which I am not).

I guess the search for the 'perfect' set up continues.

{QUOTE-> As I have read here on numerous occasions, it all comes down to common sense - don't surf on the wild side, don't use file sharing apps, and don't let anyone else but yourself use your machine (unless you are 100% certain that they are not doing anything malicious), but this is not often possible unless I am the only user (which I am not). <-QUOTE} You hit the mark with this statement. For those who feel they must surf the wild side the layered defense is critical. Using a security program with HIPS is a good idea. Besides choosing a good feature set of security software I would also suggest using Firefox or another alternative to IE as your main browser. Although Windows XP SP2 and IE v7 have more protection, enabling the use of ActiveX in IE can still be a risky venture.

In my privacy settings for ZASS I have the mobile code control enabled and I ONLY allow web based scripting, embedded objects, ActiveX, Java script, etc. for TRUSTED sites. It is a kind of a hassle to do this but I only need to configure the permissions one time for each site I frequently visit. Unless you are taking the huge risk of downloading files from questionable sites, or you are opening all your email file attachments on your system, or playing online games then I believe that being infected from web based mobile code is one of the greatest common threats.

{QUOTE->
If you are a high-risk surfer then I highly recommend AVIRA, BitDefender, AVG Anti-Malware or Kaspersky to you. These four products also scored relatively high in the malware-test.com results. <-QUOTE}


How would you rate Spyware Terminator as a resident program? I'm using AVG anti-spyware free for on demand scanning, as well as Bitdefender AV free for on-demand.

By the way, how come this thread is being discussed here rather than in the NOD32 forums? The last time I started a thread in the NOD32 forum that criticized the program, they were a bit upset, to say the least.

{QUOTE-> How would you rate Spyware Terminator as a resident program? I'm using AVG anti-spyware free for on demand scanning, as well as Bitdefender AV free for on-demand.

By the way, how come this thread is being discussed here rather than in the NOD32 forums? The last time I started a thread in the NOD32 forum that criticized the program, they were a bit upset, to say the least. <-QUOTE}
I have not tested Spyware Terminator, as my resident protection in AVG includes the Ewido engine which I'm quite happy with (with trojan detection that almost matches KAV, who won't be happy? :D). :)

But still, looking at the Spyware Terminator website, my impression of it is not so good. I wouldn't call it a top-level AS myself, but its not *too* bad either. I think it will do a decent enough job for normal people. BitDefender AV and AVG Anti-Spyware also also very good at what they do, keep doing regular scans with those and you should be safe. :)

As for why this thread is here, the NOD32 forum on Wilders is a support forum and not intended for comparison of NOD32 with other products, thats why. :)

{QUOTE-> I have not tested Spyware Terminator, as my resident protection in AVG includes the Ewido engine which I'm quite happy with (with trojan detection that almost matches KAV, who won't be happy? :D). :)

As for why this thread is here, the NOD32 forum on Wilders is a support forum and not intended for comparison of NOD32 with other products, thats why. :) <-QUOTE}

No wonder the replies "sounded" like everyone's blood pressure was getting raised!:o ;D


As far as Spyware Terminator goes, do you think it's a better than my previous Spybot's Teatimer? I did notice that Teatimer seemed to alert me more often as to registry changes (unless they were just fp's. For example it constantly was trying to block a IE toolbar CLSID which is listed on the Castle Cops site as a legit IE clsid). I also have Winpatrol Free running.


{QUOTE-> Because they are usually 8-9 analyst's at it at any given hour of the 24 hours in a day.

9 at the moment:http://www.kaspersky.com/viruswatch3. <-QUOTE}


That site is very, very impressive! No wonder Kaspersky is getting rave reviews.

{QUOTE-> As far as Spyware Terminator goes, do you think it's a better than my previous Spybot's Teatimer? I did notice that Teatimer seemed to alert me more often as to registry changes (unless they were just fp's. For example it constantly was trying to block a IE toolbar CLSID which is listed on the Castle Cops site as a legit IE clsid). I also have Winpatrol Free running. <-QUOTE}

I used Spyware Terminator for awhile, but quit using it after some updated versions started using so many resources. I thought it's real-time shield and HIPS functions were impressive. It's on-demand scanning, however, leaves a lot to be desired. However, if you used it for real-time and used AVG or SAS for actual scanning, it would serve you well. Also, I personally don't think you can compare TeaTimer with ST. They function quite a bit differently. If I had to choose between the two, though, I would choose ST by far. There is also a lot of overlap with TT, ST & Winpatrol, as they all monitor many of the same things. Winpatrol, IMHO, is still the best at catching any startups or changes to hosts file. I would dump TeaTimer, as it is redundant if using ST or Winpatrol, and takes up unnecessary resources.

I thought I should trial KAV - just the AV, not the full suite.
However - it won't play with my firewall, which is Comodo.
Are there any good FREE firewalls out there which are compatible with KAV? Is the AOL AV, which I understand uses the Kaspersky engine, not compatible with Comodo too?
I don't want to buy a firewall just to trial KAV!
Recommendations gratefully received.http://www.cosgan.de/images/more/./bigs/a037.gif

If all you want is to trial KAV, why not simply use the Windows FW and save the annoyance of installing/uninstalling something else?

Eventually my brain kicked in and I did just that. I have to say thatI did not particularly care for KAV - although that may be because I'm not used to it after a good long time with NOD32.
Back to ESS for the time being!

{QUOTE->
I don't want to buy a firewall just to trial KAV! <-QUOTE}


Why get the trial version when online retailers such as Outpost and Staples are offering Kaspersky Internet Security for free after rebate ($70 - $70 rebate)?

rebates seem to be for the U.S only,

i know our country, UK-england is probably the most expensive in europe *lol* and wayyyy more expensive that america.

Yes - and I'm in Spain!
Even many "Trial Pay" offers don't apply here!

I am trailing AntiVir right now. My computer was acting odd, so I desided to checkup on my regular AV NOD32. So I did a online scan at Kaspersky.com, It didn't find anything. But I downloaded AntiVir and it found 2 copys of TR/Agent.BJG. 8)

{QUOTE-> I am trailing AntiVir right now. My computer was acting odd, so I desided to checkup on my regular AV NOD32. So I did a online scan at Kaspersky.com, It didn't find anything. But I downloaded AntiVir and it found 2 copys of TR/Agent.BJG. 8) <-QUOTE}
If you still have the samples, can you scan them at VirusTotal and see who else is detecting these? :)

{QUOTE-> I am trailing AntiVir right now. My computer was acting odd, so I desided to checkup on my regular AV NOD32. So I did a online scan at Kaspersky.com, It didn't find anything. But I downloaded AntiVir and it found 2 copys of TR/Agent.BJG. 8) <-QUOTE}
nice work for AntiVir. :thumb:

{QUOTE-> If you still have the samples, can you scan them at VirusTotal and see who else is detecting these? :) <-QUOTE}
I sent the samples in a zip to ESET and Virus Total.

I have been preaching that for a year now.::)

{QUOTE-> I've been a NOD32 user for several years now and always loved the way it runs so smoothly, doesn't slow down my machine, never has had a conflict with other software - BUT today I tried a little test as I've noticed lately that although NOD32 has notified me of the odd threat, I haven't been able to actually delete the file that is causing the problem.

I downloaded a copy of Roboform by P2P - expecting it to be infected. Downloaded and extracted to my hard disk. No warnings from NOD32, despite there clearly being a crack included. I know that not all cracks are viruses, but the majority are malware of some kind.

Checked the same file with KIS6 and it notified me that the crack, a .dll file, was a backdoor trojan. It may have been a false positive, sure, but having a possible backdoor trojan with an application that is supposed to encrypt passwords and private information and not being alerted by NOD32 made me feel unsettled. The information KIS6 alerted me about the .dll file took me to the Kaspersky web site where it displayed that several other AV programs had also detected this file as a backdoor trojan (Dr Web, Avira and one other - but no NOD32).

Now I'd NEVER use a crack, warez, or any other 'dodgy' software on my machine, but the fact remains that NOD32 didn't pick it up.

Sure, no AV has a 100% detection rate, but KIS6 also picked up two other files in a customization pack that NOD32 didn't - again, perhaps false-positives, but at least KIS6 made me think twice about installing the file (I chose not to, naturally).

Of course I was never going to install a warez version of Roboform - this was purely a test - but I am unsettled that I got no warning from NOD32. Am I overreacting? Am I right to be unsettled by NOD32 missing what appears to be, by several other AVs, a very probable backdoor trojan?

I am now tempted to install KIS6 - something I have never considered before until now. I feel that picking up three threats, from an AV that isn't exactly known to give false positives, have been missed by what I had considered to be the best AV there is.

Oh, and I had my NOD32 set up to Blackspear's settings for advanced protection - everything on 'full', as it were, yet KIS6 I hadn't even started to tweak yet - I just scanned on the default settings.

After years of happiness, I am, all of a sudden, in doubt about my beloved NOD32. :'( <-QUOTE}
I'm not surprised about your findings, I've experienced something similar before: http://www.wilderssecurity.com/showthread.php?t=166321

{QUOTE-> Hey Escalader!

Unfortunately the first trojan I used has been wiped from the system - I was using an FDISR snapshot to test, which I have since deleted so I don't have the original log files from anything. I think I set Kaspersky to remove it.

A couple of other tests I did:

One was picked up by AVG AS as 'Trojan.Feutel.av - Risk High' Not detected by SAS and Kaspersky, but NOD32 showed as 'Win32/Tool.TPE.A application'.

The other picked up by A2 as 'Backdoor.Win32.Ciadoor.13 - 3 files - Risk High'. Not detected by SAS, Kaspersky or NOD32.

Both have been cleared from the testing snapshot now. The strange thing is that when I re-installed Kaspersky this morning to try the test again with the above two examples, it didn't detect either! And this was on a clean snapshot with no other security software to affect results, so now I am even more confused than ever.

This is getting extremely confusing. Another thing is that NOD32 didn't detect the file until I extracted the file with Winrar, whereas AVG detected without extracting even though I had set NOD32 to scan archives, too.

:wacko:

I will try to re-download the first trojan I used and report back with the name and details for you, provided I can remember the file I downloaded in the first place.


PS - didn't reply sooner as been asleep - it's been night in the UK. <-QUOTE}


Hi I checked these out on BitDefenders AV list

1st one listed as Trojan.Feutel.AV
2nd wasn't listed by the name you gave the closest they had was Backdoor.Win32.Cyn.2.3

So, on the face of it my Av would have caught only 50% of what you experienced.

Once again proving that no one AV covers all!

{QUOTE-> Hi I checked these out on BitDefenders AV list

1st one listed as Trojan.Feutel.AV
2nd wasn't listed by the name you gave the closest they had was Backdoor.Win32.Cyn.2.3

So, on the face of it my Av would have caught only 50% of what you experienced.

Once again proving that no one AV covers all! <-QUOTE}
Checking it on a signature list says *nothing*. Sometimes lots of malware are detected by different names by different vendors. The lab samples as indicated in vgrep, for example, may not accurately reflect whether your AV detects something or not. It is indeed true that no AV detects all, but you cannot determine anyone's detection rates by looking at some signature list.

@Carver: Eager to see the results! :)

{QUOTE-> Checking it on a signature list says *nothing*. Sometimes lots of malware are detected by different names by different vendors. The lab samples as indicated in vgrep, for example, may not accurately reflect whether your AV detects something or not. It is indeed true that no AV detects all, but you cannot determine anyone's detection rates by looking at some signature list.

@Carver: Eager to see the results! :) <-QUOTE}

Thanks Firecat:
Didn't know that! I naively thought that the matching name meant something!:-[

{QUOTE-> I sent the samples in a zip to ESET and Virus Total. <-QUOTE}
keep us updated with the status of your submission (e.g. when NOD32 adds the sample)

I've run it on a replicator, so far it appears to be a sort of junk (a trojan simulator). I have passed it to our vlab for analysis asking for an official statement.

Edit:
The file has turned out to be a test for PDM, it's not a real trojan. That said, we will not detect it.

{QUOTE-> I've run it on a replicator, so far it appears to be a sort of junk (a trojan simulator). I have passed it to our vlab for analysis asking for an official statement.

Edit:
The file has turned out to be a test for PDM, it's not a real trojan. That said, we will not detect it. <-QUOTE}
Are you talking about the file submitted by Carver? ???

{QUOTE-> Are you talking about the file submitted by Carver? ??? <-QUOTE} To me...it looks like Marcos is talking about the file I submitted.

I was talking about a file detected by Avira as TR/Agent.BJG which I also found among the recent samples submitted. Hence I gather it's the file from Carver.

Now isn’t that just a bit coincidental.:dry:

{QUOTE-> I was talking about a file detected by Avira as TR/Agent.BJG which I also found among the recent samples submitted. Hence I gather it's the file from Carver. <-QUOTE}
So if you say that file is junk, then why is AVIRA assigning a high priority to it? I mean, detecting junk is understandable, but AVIRA named it a "high risk threat". I wonder why this should be. Maybe someone from Avira can comment?

Déjà vu :dry:

{QUOTE-> Déjà vu :dry: <-QUOTE}Speak plainly please. If you've got something to say, say it. At least Firecat doesn't beat around the bush and his question is good.

{QUOTE-> So if you say that file is junk, then why is AVIRA assigning a high priority to it? I mean, detecting junk is understandable, but AVIRA named it a "high risk threat". I wonder why this should be. Maybe someone from Avira can comment? <-QUOTE}

Maybe they detect also something else under the same name. However, this trojan simulator for testing PDM is not a real trojan and thus it will not be detected by us.

{QUOTE-> Maybe they detect also something else under the same name. However, this trojan simulator for testing PDM is not a real trojan and thus it will not be detected by us. <-QUOTE}
Either that, or maybe you got hold of the wrong sample since it could very well be different from what Carver submitted and still be detected by Avira using the same name (due to maybe incorrect signature or something). ;)

I made sure the sample I checked was detected by Antivir under that name by having it scanned at VT. I didn't find any other suchlike sample submitted to us.