With my current troubles with 4.0 I am thinking of going back to 2.7 for the time being, but now my question is:
What is the detection difference between 2.7 and 4.0?
The CPU/Resource usage of 4.0 is Huge when compared to 2.7, therefore I am wondering if the detection performance is warranted or can 2.7 suffice?

Any known comparison tests?

Hello GrammatonCleric,

There are no comparison tests. The products are years apart and the detection has been worked on with each newer version to protect customers from the ever changing malware environment.

Thank you,
Richard

AH in specific is the exact same module in 2.7

There is nothing wrong with running 2.7, tons of users do it, you are still sufficiently protected.

So my main question is:
What has changed in order to allow for better detection?
If things gets to run in RAM then no matter what hooks you have, you will still see it. The only difference it would be that with extra hooks it might be easier to clean, but even that is a gamble.

Sidenote:
AH is still unable to keep up with Antivirus 2009 malware. I have been collecting lots of samples by googling PIFTS.exe and just downloading the crap into my VM box, meanwhile NOD3 V4 sits silently there with AH on.
But then again in Virustotal only (on average) 3 out of 39 AV's detect it.

{QUOTE->

Sidenote:
AH is still unable to keep up with Antivirus 2009 malware. <-QUOTE}


Well, two days ago NOD32 v.4.0 saved my pc from Antivirus 2009 while my girlfriend was web searching for some songs, everything got deleted and quarantined (20 blocked attacks in total) and all of this was done with default settings.

Don't know what happened in your case but, to me, this proves that NOD's "real life" protection is really excellent. :thumb:

Fake av software is really hard for heuristics, because it simply doesn't really do anything. It's like watching a movie on your pc display nonsense then ask you to visit a url.

{QUOTE-> Fake av software is really hard for heuristics, because it simply doesn't really do anything. It's like watching a movie on your pc display nonsense then ask you to visit a url. <-QUOTE}

These particular strains were of the:
Visit a website, Change the website so it looks like "My computer" with fake hard drive icons and red flashing "infection detected" followed by a fake antivirus scan showing very old virus/worm names being detected, followed by a popup stating that "Infection detected, click here to install the full version of Blah Blah Blah", no matter where you click, the site automatically downloads the Antivirus2009.exe file or Defender2009.exe file etc. Inexperienced users freaked out by the recent security breach news would probably install the file thinking that it's real etc.