I am starting a new thread here to continue a topic I, along with others, seem to want to explore, but should not be discussed in the NOD32 forum.. This is a continuation of this thread here...

http://www.wilderssecurity.com/showthread.php?t=29889&page=2

So, let use THIS thread here to continue...

Plainly stated, I ask,

What other programs in addition to NOD32 should you have on your computer to be able to detect as much or as close to what KAV detects? In addition to having layered protection, one would also have the advantage of using an AV that scored more wins with VB, and also be able to use Advanced Heuristics if wanted or needed...

That is what is funny about VB and other av testing sites. If you don't like the results just go to another site. Nod 32"s test results are not as good when you go to any other site other than VB. I am useing panda and it just depends whose test results you look at as to how good it detects. On most all the sites besides VB panda does very well. Mcafee has just as good trojan detection as KAV And their virus detection is excellent. But then again it depends whose test you look at.There is no best AV not Nod Not Kav and not mcafee. The best AV is the one that works the best for you on your system.


bigc

Well, you're saying it yourself, that NOD32 scores well ONLY (for the most part) at Virus Bulletin, which is a serious Deficiency, IMHO...
{QUOTE-> Nod 32"s test results are not as good when you go to any other site other than VB. <-QUOTE} And I agree with that..Still, some users want as much protection as possible, and still want to use NOD32... My point in this thread, is, what other programs should be combined with NOD32 to cover those weak spots...

as i said in the other thread:

{QUOTE-> I use the combiantion of NOD32, Outpost Firewall, SpywareBlaster and a good old Linksys router. I think that in conjunction with safe habits works pretty well. Though if it looks like i'm missing something obvious, let me know! <-QUOTE}

I've also just discovered a squared (http://www.emsisoft.com/en/) and am going to see how it handles the malware aspect of my security for a bit. then i'll try ewido and tds-3. i think somewhere in there i'll find a good setup.

1 KAV 5
2 F-secure 2004
3 NOD32 v2

{QUOTE-> as i said in the other thread:



I've also just discovered a squared (http://www.emsisoft.com/en/) and am going to see how it handles the malware aspect of my security for a bit. <-QUOTE}
Well, I know from what I read that it hasn't been updated in a while.. I wonder if Andreas still works for ESET? Just out of curiousity..

But, here is the problem. Through extended definitions KAV covers something called "pornware".. Anyone else cover that? I am trying to find different prorams that handle aspects of KAV, so if someone wanted to, they could use those programs...

Let's get to the paranoid dicussion. ;D First let's go to the facts: NOD32 performes extremely well on all malware that is currently spreading - the so called ITW (in-the-wild) malware. It doesn't matter at which test I am looking, take for example VB or AV-Test.org: NOD32 is scoring 100%.

The key difference comes when looking at test that uses zoo-malware. Zoo Malware is existing malware that is not spreading. So the chance to get infected with such zoo-malware comes close to 0. And also if such zoo-malware starts spreading NOD32 will update their signatures as they do with any other new viruses as well.

But coming back to the paranoid part: If somebody wants also first class detection for zoo-malware than the solution is quiet simple: Take KAV or any other product that is using the KAV engine as an additional av and you are set. KAV is the reference product in the industry when it comes to zoo-malware.

wizard

> The key difference comes when looking at test that uses zoo-malware. Zoo Malware is existing malware that is not spreading. So the chance to get infected with such zoo-malware comes close to 0. And also if such zoo-malware starts spreading NOD32 will update their signatures as they do with any other new viruses as well.

Exactly Mr Wiz! You hit the nail right on the head!

As I'm sure you will have seen for yourself, the continual wail from most amateur "virus experts" is "Virus Bulletin only tests antivirus products against In the Wild viruses!" ... which goes to show that they don't have the faintest idea what they're talking about right off the bat.

The plain and simple fact is that Virus Bulletin routinely tests antivirus products against many viruses that are not in the current WildList ... but the difference between Virus Bulletin's test sets and the poorly assembled and maintained "zoo" collections used by amateur wannabes is that Virus Bulletin's test sets are 100% crud-free ... at some time every sample used by Virus Bulletin has infected someone's computer during the normal course of everyday operations.

Let's face it ... if Virus Bulletin's tests really were as crappy as some self-appointed "virus experts" would have us believe then it would not have survived in the IT Security marketplace for fifteen years, let alone kept its reputation as "The Bible of The Antivirus Industry" for fifteen years ... it would have been rated down alongside amateur and university and computer magazine and other wannabe tests years ago, and ICSA and Checkmark would be fightng for the #1 spot in professional antivirus product testing.

At the end of the day, "who to believe" is up to the individual reader ... but readers would be wise to give credence to tests that are rated highly by IT Security professionals rather than to tests touted by know-it-all "Forum Virus Experts".

I second that.

First you have to know WHAT TYPES OF MALWARE ( Name + Variant ) are really common issues for the users. And i count here _NOT_ a patched single Backdoor, because if _THIS_PATCHED_ Backdoor becomes more popular it attracts the attention of other AV companies as well.

First you have to protect the users / customers against the wild spreading malware. ItW ( In the Wild ) is the name for this. Detection of a large range of zoo viruses is a NICE TO HAVE FEATURE but the protection ( A VERY FAST PROTECTION, WITHIN A FEW MIN. AFTER THE WORM/VIRUS WAS FOUND ITW ) is much more important. It is also important to prevent such spreading in advance with a good heuristics, based on experience of the _NEWER_ malware samples.

In both cases - NOD32 does it very well.

Just consider this: What would you choose if you know that AV program XYZ is very good with zoo malware but it (would) sucks with new ItW malware ?
The chance, that you get such a ItW worm is much more highter than the chance that you pickup a old zoo malware sample. (However, KAV is also very good with ItW malware, not that somebody missunderstands me here)

Every AV program has it strengths and weekness. KAV as well. Take a few thousends of replicated (and executable) uruguay viruses and try to detect them with KAV. ;) But who cares ? Some types of the uruguay viruses are very difficult to detect and they are dead. So no problem at all.

Regards,
Godzilla

There you go SS. You just learned a valuable lesson. Never ever try to suggest NOD is not the equal of ANY other AV. Once you start that, no matter how diplomatic you try to be they will come out with their defence's up. Another thing to note is that it is IMPOSSIBLE for them to put more than two sentences together without the words Virus bulletin or the initials VB. Yes this looks distincly like a nod user bashing thread. Well actually it's not. It's the view that you are all so obsessed with THAT test site, that you honestly believe(whether it's right or wrong) that if you get a good score there, then your AV is the best.

Lets look at the facts based on a multitude of tests and user experience. When it comes to ITW viruses then NOD is consistantly up to date and providing it's users with protection. It could be said with some accuracy that in this regard it is the lead product. The other fact is that when it comes to overall protection then it is not the lead product. NOD has always been an AV that you need to use with an Anti-Trojan and also an anti-spyware application. If you are prepared to use NOD with these two other forms of protection then you will have an outstanding defence. What you DO have to consider is that if you use it on it's own then you are under threat of being infected by a trojan or/and spyware. AV's like NAV, KAV and McAfee offer a stronger defence overall and include plenty of protection from 'other' malware than viruses.

So SS, back to your question. When it comes to viruses, NOD is already the equal of KAV if not better. But to make NOD the equal of KAV 'in overall protection' you would need an AT like TDS3 and an anti-spyware app like Adaware Pro. But tbh if you had those running with NOD then i'm sure that set-up would exceed KAV. It would certainly match it.

muf

muf,

{QUOTE-> There you go SS. You just learned a valuable lesson. Never ever try to suggest NOD is not the equal of ANY other AV. Once you start that, no matter how diplomatic you try to be they will come out with their defence's up. <-QUOTE}

I'll disregard the "diplomatic" phrase if you don't mind. As for the rest of your comment: please read godzilla's post right above once more. FYI: he's an AV expert indeed - but not in anyway related to Eset/NOD32; on the contrary. Thus: take it as an independed and very to the point statement.

{QUOTE-> When it comes to ITW viruses then NOD is consistantly up to date and providing it's users with protection. It could be said with some accuracy that in this regard it is the lead product. <-QUOTE}

That's the overall consensus - not restricted to this board - indeed ;)

{QUOTE-> The other fact is that when it comes to overall protection then it is not the lead product. NOD has always been an AV that you need to use with an Anti-Trojan and also an anti-spyware application. <-QUOTE}

Indeed the major strenght from NOD32 is ITW viruses; no arguement here.

{QUOTE-> If you are prepared to use NOD with these two other forms of protection then you will have an outstanding defence. <-QUOTE}

It's called layered defense - highly recommend by many in the field, and for very good reasons ;)

{QUOTE-> What you DO have to consider is that if you use it on it's own then you are under threat of being infected by a trojan or/and spyware. <-QUOTE}

...one more reason for layered defense. Apart from the fact, there is no software available taking care of all - question is: would such an "grab it all" software be the one to go for? Many nasties do target many security softwares nowadays (visible or hidden). In case the installed "grab it all"software is targetted sucessfully, results will be catastrophic: one would have lost not only his/hers Antivirus, but Antitrojan (and others, like Antspyware for example as well). Count your blessings if such a scenario comes true...

{QUOTE-> AV's like NAV, KAV and McAfee offer a stronger defence overall and include plenty of protection from 'other' malware than viruses. <-QUOTE}

...and that's in effect putting all eggs in just one basket. Tricky business IMO.

{QUOTE-> When it comes to viruses, NOD is already the equal of KAV if not better. But to make NOD the equal of KAV 'in overall protection' you would need an AT like TDS3 and an anti-spyware app like Adaware Pro. <-QUOTE}

A very sound and recommendable approach for reasons as mentioned above!

regards.

paul

To have Kav detect all the things Adaware detects you have to update Kav from the "updates_x" bases,something that kaspersky labs recommend AGAINST for home users:-possibility of too many false +ves so even kaspersky dont advice using Kav to try and detect everything!

> Another thing to note is that it is IMPOSSIBLE for them to put more than two sentences together without the words Virus bulletin or the initials VB.

Could that perbaps be because most NOD32 bashers also bash Virus Bulletin ?.?.? :)

> Yes this looks distincly like a nod user bashing thread. Well actually it's not. It's the view that you are all so obsessed with THAT test site, that you honestly believe(whether it's right or wrong) that if you get a good score there, then your AV is the best.

I'm not obsessed with Virus Bulletin's tests ... I could quote any of dozens of "other" intenational awards NOD32 holds, including ICSA and Checkmark Certifications ... but Virus Bulletin is regarded by most IT Security professionals as the world's #1 antivirus product testing authority and is the award every antivirus vendor strives to win and is the test most often put down by wannabe "virus experts" in these forums ... so consequently the need to defend it arises with monotonous regularity.

Note that I have been defending Virus Bulletin almost from its inception fifteen years ago ... through years of distributong "other" antivirus programs which were not Virus Bulletin's "star performer".

It's not a "NOD32 thing" with me ... it's a "Virus Bulletin" thing.

No doubt professional IT Security guys and girls would go for a product with "do everything" protection if the product provided the same level of protection as a set of dedicated antivirus, anti-Trojan, anti-spyware, etc, programs ... but ask any professional mechanic why he spent a small fortune on sets of sockets and ring and open-ended spanners to suit metric nuts and bolts and second sets to suit imperial nuts and bolts rather than just a few dollars on a single adjustable "do everything" wrench and he'll tell you "Adjustable wrenches are for amateurs. They have no place in a professional toolkit." :)

{QUOTE->
No doubt professional IT Security guys and girls would go for a product with "do everything" protection if the product provided the same level of protection as a set of dedicated antivirus, anti-Trojan, anti-spyware, etc, programs ... but ask any professional mechanic why he spent a small fortune on sets of sockets and ring and open-ended spanners to suit metric nuts and bolts and second sets to suit imperial nuts and bolts rather than just a few dollars on a single adjustable "do everything" wrench and he'll tell you "Adjustable wrenches are for amateurs. They have no place in a professional toolkit." :) <-QUOTE}
Well, frankly, even with my using KAV, I also have Spysweeper and Trojan Hunter and ZAPro running for "layered" protection..LOL..
Well, Ive always considered myself to be a fair person.. So, I installed NOD32 and will be using that EXCLUSIVELY, along with TH and Spysweeper... I will NOT practice Safe computing habits..LOL.. Admittedly, my laptop runs faster now with NOD32 than with KAV 5.... and that's important to me.. My concern is, with my new "layered approach", will I get infected? Time will tell.. In fairness, however, NOD32 caught an HTML Exploit this morning.. "heuristically". I could not save the file. I lost it... If I duplicate my steps and get it back, I'll send it to you, Rod..

Some interesting points made here. I would agree with Paul's comment about layered defense. Any scanner is limited by its signature file and if you think you have a good chance of encountering something not covered in the file (e.g. if you download from "warez" sites, Usenet, IRC or P2P) then using software to detect and block suspicious behaviour is a far more sensible approach than running a second scanner (which is going to duplicate the work of the first to a large extent).

Trojans almost invariably require Internet access so a firewall offering strong control over outgoing traffic is a must (and a firewall should be used for other reasons anyway). However virtually all malware tries to make alterations to the Windows Registry and system files (to ensure they are run on startup at least) so an application that monitors these is a good idea - as well as one that can detect any attempt to compromise other running processes. Diamond's Process Guard (http://www.diamondcs.com.au/processguard/) should do a good job at process protection and System Safety Monitor (http://maxcomputing.narod.ru/ssme.html?lang=en) (free download) can detect Registry/system file changes (via a plugin that you need to enable) as well as intercepting program calls and DLL injection. These should make a better choice than a second scanner for most people (although SSM is better suited for advanced users - expect a blizzard of popups when you first install it).

There is absolutly no doubt that a strong layered defense is going to protect your computer better than depending on a single application. That has always been a very good practice and will more than likely remain so well into the future. with all of the malware that is being written it would probably be impossible for a single app or security suite to detect it all and have impunity against deactivation by some of the nastier malware out there.

Hope you do not mind a novice inputing his opinion, but I am not sure I really want NOD32 to equal KAV.....I chose NOD purely on its sexy good looks :D :D :D

In all seriousness, I chose NOD because of its efficiency in doing its job. It effectively protects my systems while using the least rescources. AH is also a nice feature that has saved me from infection a few times now in the ~three months that I have owned a license.

KAV is an excellent solution for those who want their AV to catch as many things as possible. However, as a customer, I appreciate NOD's approach, and do not wish for them to change this philosophy. I have taken other steps to layer my defense against the threats of trojans, spyware, etc. I have tested KAV for the full trial period, and found it to be to computationally expensive on all but my newest pc's. Keep in mind this is a subjective judgement, as I am impatient! :)

Making it equal wont work i guess - but try this recipe:

Take some NOD-like speed and heuristic (not too much and not from the advanced one) and put it in the blender, now put some of the detection rate and archive/packer - support of KAV to it and shake it a bit - what comes out is a little green spider that gets up to 10 updates a day, doesn´t eat too much memory and works pretty reliable. But it needs some care (wise settings) - or it will get some nasty taste.

If you don´t like to prepare it yourself you can get it as an instant-product from www.dials.ru

Just to give this discussion some new "spice". ;)

> KAV is an excellent solution for those who want their AV to catch as many things as possible.

Yes, it's great at detecting a wide range of malware ... but as you're obviously aware, dedicated detectors for specific malware offer better protection than any single "do everything" program.

> However, as a customer, I appreciate NOD's approach, and do not wish for them to change this philosophy.

As an AV "purist", I would prefer that NOD32 detected only viruses and left other malware detection to the specialists ... but that's only my personal view. Unfortunately, a product's features are dictated by consumer wish lists. What the customer wants, the customer gets ... or he buys something else. Trojan detection in antivirus programs is on many consumers' (particularly home users') wish lists ... so we have to detect Trojans too.

I guess I'm just old-fashioned ... the argument for including Trojan detection in antivirus programs is valid ... but some "wish list" features are (imo) poinless time-and-resource-wasting flim-flam hyped into "desirable features" by ad men and snake oil marketroids ... for example: I see very little value in scanning inside archives, and no value at all in scanning outgong email.

> I have taken other steps to layer my defense against the threats of trojans, spyware, etc.

In my opinion, and it seems in the opinions of most informed members of this forum, that is the best way to go.

{QUOTE-> I guess I'm just old-fashioned ... the argument for including Trojan detection in antivirus programs is valid ... but some "wish list" features are (imo) poinless time-and-resource-wasting flim-flam hyped into "desirable features" by ad men and snake oil marketroids ... for example: I see very little value in scanning inside archives, and no value at all in scanning outgong email. <-QUOTE}

I agree 100%! Cut out the fluff and detect viral files to the best of your abilitiy. I like NOD because it lacks the bloat that is turning so many of the AV's into full blown CPU hogging security suites of sorts. The few true trojans that I have run across were caught by NOD. I was kind of disapointed....I wanted to see TDS in action! Oh well, a layered defense comes through, providing a safety net :)

{QUOTE-> I agree 100%! Cut out the fluff and detect viral files to the best of your abilitiy. I like NOD because it lacks the bloat that is turning so many of the AV's into full blown CPU hogging security suites of sorts. The few true trojans that I have run across were caught by NOD. I was kind of disapointed....I wanted to see TDS in action! Oh well, a layered defense comes through, providing a safety net :) <-QUOTE}How about cleaning viruses in archives?

NOD32 won't even clean the Eicar test file zipped once, let alone twice.. Is there a way to do it?

I don't know... I am trying hard to like NOD32, and beleive me, in all my spare time today, I have been throwing stuff at it. Yup, I did notice Trojan detection is much better.. Probably due to the "Andreas Haak" factor..LOL.. But not to delete a virus off a zipped folder.. ?

{QUOTE-> As an AV "purist", I would prefer that NOD32 detected only viruses and left other malware detection to the specialists ... but that's only my personal view. Unfortunately, a product's features are dictated by consumer wish lists. What the customer wants, the customer gets ... or he buys something else. Trojan detection in antivirus programs is on many consumers' (particularly home users') wish lists ... so we have to detect Trojans too. <-QUOTE}Given the problems in getting the "typical" home user to pay for just ONE security program, making that program cover as many bases as possible would seem a better choice. Also it would make sense to run just one scanner with a comprehensive signature file and use other software to provide different types of protection (file/registry/process checks, network access control, etc).{QUOTE-> ...some "wish list" features are (imo) poinless time-and-resource-wasting flim-flam hyped into "desirable features" by ad men and snake oil marketroids ... for example: I see very little value in scanning inside archives, and no value at all in scanning outgong email. <-QUOTE}I beg to differ here. Most downloads are compressed and any incoming file should be scanned as soon as it lands on your system. Having an AV scanner that can deal with archives makes this far easier (I use GetRight for downloads and configure it to kick off a virus scan on each one). Outgoing emails/instant messages should be scanned to stop viruses from spreading to others (especially important for business users who may face liability claims) - after all a system may be infected by other means than incoming email (and Outlook*cough*).

Well, I didn't catch Rodzilla's post about scanning archives being unnecessary.. and if the answer to a feature that is lacking in a product is .."It's not needed..."... That is not my way of seeing the answer..

Shooter,

{QUOTE-> Well, Ive always considered myself to be a fair person.. So, I installed NOD32 and will be using that EXCLUSIVELY, along with TH and Spysweeper... <-QUOTE}

Sounds fair enough. The confusing part here is, someone pointed me to your statement elsewhere you won't do so at all and dropped NOD32 ??? No doubt that's your perogative! Then again stating X over here and the opposite shortly after elsewhere is at the least...ehh "strange". But of course: it's your system ;).

{QUOTE-> Well, I didn't catch Rodzilla's post about scanning archives being unnecessary.. and if the answer to a feature that is lacking in a product is .."It's not needed..."... That is not my way of seeing the answer.. <-QUOTE}

Archives are harmless as such - that's common knowlegde ;).

regards.

paul

{QUOTE-> Well, frankly, even with my using KAV, I also have Spysweeper and Trojan Hunter and ZAPro running for "layered" protection..LOL.. <-QUOTE}

Are you saying you don't believe all the BS about Kaspersky finding more trojans than Trojan Hunter? :-)

{QUOTE-> ...what comes out is a little green spider that gets up to 10 updates a day, doesn´t eat too much memory and works pretty reliable. But it needs some care (wise settings) - or it will get some nasty taste.

Dr.Web is another nice AV indeed - but I for one would strongly advice against it for the average user. Far too many average users have havoced their system as a result from the bolded part above.

Apart from that - layered defense is lacking in using any AV as the only layer of defense.

{QUOTE-> Just to give this discussion some new "spice". ;) <-QUOTE}

You're most welcome ;)

regards.

paul

{QUOTE-> Making it equal wont work i guess - but try this recipe:

Take some NOD-like speed and heuristic (not too much and not from the advanced one) and put it in the blender, now put some of the detection rate and archive/packer - support of KAV to it and shake it a bit - what comes out is a little green spider that gets up to 10 updates a day, doesn´t eat too much memory and works pretty reliable. But it needs some care (wise settings) - or it will get some nasty taste. <-QUOTE}

Don't forget to add double-digit false alarms to the recipe! :-)

AV's receive massive amounts of submissions of ITW malware. AT developers such as DCS instead receive some submissions (obviously less) but also actively collect trojans. We accept that numbers might indicate more trojans detected by an AV, where in reality if you want protection from trojan users you should use an AT. AV's only scan for one file signature for a known trojan. No memory scanning, no additional scans such as those in TDS, and often no trojan-specific heuristics. Beware of numbers :)

Paranoid2000,

{QUOTE-> Given the problems in getting the "typical" home user to pay for just ONE security program, making that program cover as many bases as possible would seem a better choice. <-QUOTE}

Ease of use does not necesarilly go hand in hand with optimal defense - on the contrary. Personally, I do agree there's some tension here in regard to the "common user" wanting all in one and optimal protection.

{QUOTE-> I beg to differ here. Most downloads are compressed and any incoming file should be scanned as soon as it lands on your system. Having an AV scanner that can deal with archives makes this far easier <-QUOTE}

It's OK to agree to disagree ;). Could you elaborate as for why they should be scanned as soon as in lands on your system? They are harmless as such, and will be taken care of by the resident scanner anyway if needed.

{QUOTE-> Outgoing emails/instant messages should be scanned to stop viruses from spreading to others (especially important for business users who may face liability claims) - after all a system may be infected by other means than incoming email <-QUOTE}

A matter of view. Performing (very) frequent full system scans would eliminate a) infected files residing on a system b) subsequently spreading infections - since the system has been found clean.

regards.

paul

Rod,

{QUOTE-> As an AV "purist", I would prefer that NOD32 detected only viruses and left other malware detection to the specialists ... but that's only my personal view. <-QUOTE}

Seems the both of us are on the same track here.

{QUOTE-> Unfortunately, a product's features are dictated by consumer wish lists. What the customer wants, the customer gets ... or he buys something else. <-QUOTE}

The everlasting combat between marketing and sales vs solid layered protection.

{QUOTE-> Trojan detection in antivirus programs is on many consumers' (particularly home users') wish lists ... so we have to detect Trojans too. <-QUOTE}

...and marketing and sales wins the battle. I for one can see the reasons for taking this route for sure. From a sound protection point of view, it's a pitty though..

regards.

paul

{QUOTE-> AV's receive massive amounts of submissions of ITW malware. AT developers such as DCS instead receive some submissions (obviously less) but also actively collect trojans. We accept that numbers might indicate more trojans detected by an AV, where in reality if you want protection from trojan users you should use an AT. AV's only scan for one file signature for a known trojan. No memory scanning, no additional scans such as those in TDS, and often no trojan-specific heuristics. Beware of numbers :) <-QUOTE}

Amen to that, Gavin!

regards.

paul

{QUOTE-> Dr.Web is another nice AV indeed - but I for one would strongly advice against it for the average user. Far too many average users have havoced their system as a result from the bolded part above.
<-QUOTE}

I don´t know how long ago you reviewed Dr.Web - i´m using 4.31b here and wasn´t able to get a false positive. Even after a full scan (all files, all container/archives) of 250 GB data - no false alert. The most impressive feature is the abillity to recognize viruses in password protected zip-files (in mails, where the pass is mentioned in the body at least).
The key to avoid false alerts - imho - is to turn of the Virus activity control in the SpIDer Mail settings.

{QUOTE-> Don't forget to add double-digit false alarms to the recipe! :-) <-QUOTE}

see above

Sandish,

{QUOTE-> I don´t know how long ago you reviewed Dr.Web - i´m using 4.31b here and wasn´t able to get a false positive. <-QUOTE}

Installed on one of our systems here as well. We are confronted with false posivites.

{QUOTE-> The most impressive feature is the abillity to recognize viruses in password protected zip-files <-QUOTE}

Glad you like it! Personally, I fail to see the use for it for the average user.

But hey! - this is by no means an Dr.Web bash; I do like the app for sure. Then again, I'm not that much of an average user. As long as you're happy! ;)

In the meanwhile, we are getting rather off topic in regard to the subject from this thread. Let's put it back on track ;).

regards.

paul

{QUOTE-> Well, frankly, even with my using KAV, I also have Spysweeper and Trojan Hunter and ZAPro running for "layered" protection..LOL..
Well, Ive always considered myself to be a fair person.. So, I installed NOD32 and will be using that EXCLUSIVELY, along with TH and Spysweeper... I will NOT practice Safe computing habits..LOL.. Admittedly, my laptop runs faster now with NOD32 than with KAV 5.... and that's important to me.. My concern is, with my new "layered approach", will I get infected? Time will tell.. In fairness, however, NOD32 caught an HTML Exploit this morning.. "heuristically". I could not save the file. I lost it... If I duplicate my steps and get it back, I'll send it to you, Rod.. <-QUOTE}

How's the test going, Shooter?

Shooter? People like to know...

swatch

{QUOTE-> Shooter? People like to know...

swatch <-QUOTE}
Well, I got VERY discouraged with NOD32 inability to Clean and delete the Eicar Test Vitii in a zipped folder... In fairness to NOD32, I am cleaning my computer off all previously installed programs, even if I have to reclone it from a previous time (with no av or at installed).. I had a problem with browser freeups with NOD and ZAPro.. when I uninstalled ZApro, and uninstalled NOD32, and installed KAV 5, the browser problem was no more. Then I tried Sygate free, no freezeups, then I uninstalled Sygate and installed Outpost.. the trial version of 2.1.. No freezeups.. Now I am cleaning the computer and will reinstall NOD32, to check the freezeups...but I forgot from past experience that NOd32 doesn't clean infected zips, and I don't see why I'd want to keep using it.. But that's me..

EDIT.. Cleaned computer.. Only NOD32 and Spysweeper.. The browser freezup returned.. Freezeups and then the browser crashes..

{QUOTE-> Well, I got VERY discouraged with NOD32 inability to Clean and delete the Eicar Test Vitii in a zipped folder... <-QUOTE}

This issue has been addressed over here. Feel free to comment in case you believe the arguments do not hold.

{QUOTE-> ...I had a problem with browser freeups with NOD and ZAPro.. when I uninstalled ZApro, and uninstalled NOD32, and installed KAV 5, the browser problem was no more. <-QUOTE}

According to your post elsewhere, you did not encounter any problems having the NOD32/ZAPro combo installed. You did encounter these problems as soon as you installed KAV v5 while using ZAPro. Correct?

{QUOTE-> Then I tried Sygate free, no freezeups, then I uninstalled Sygate and installed Outpost.. the trial version of 2.1.. No freezeups.. <-QUOTE}

...all related to the KAV v5/ZAPro combo, right? You have stated in this specific thread you - at least for a short period of time - did have both NOD32 and ZAPro installed without any problems...

{QUOTE-> Now I am cleaning the computer and will reinstall NOD32, to check the freezeups... <-QUOTE}

Looking forward to your comments, The issue never has been NOD32/ZAPro - let's keep the discussion straight, Shooter :)

{QUOTE-> but I forgot from past experience that NOd32 doesn't clean infected zips, and I don't see why I'd want to keep using it.. But that's me.. <-QUOTE}

Please read this thread all over again - and after that, explain as of why exactly this is an issue.

regards.

paul

{QUOTE->
EDIT.. Cleaned computer.. Only NOD32 and Spysweeper.. The browser freezup returned.. Freezeups and then the browser crashes.. <-QUOTE}

There must still be something else going on with your system? I just don't
see any other reports of browser freeze-up and crashes with NOD32? I may have missed them?

Also: http://www.dslreports.com/forum/remark,10119740~mode=flat

However, each platform is unique, that is one of the reasons why some folks choose one AV over another.

Shooter,

{QUOTE-> EDIT.. Cleaned computer.. Only NOD32 and Spysweeper.. The browser freezup returned.. Freezeups and then the browser crashes.. <-QUOTE}

They didn't when you stated trailing NOD32. Do you still have KKAV v5 installed?

regards.

paul
__________________

Paul...

I took out KAV 5 (uninstalled it).. and Then installed NOD32....

The reasons I said I would trial NOD32 were due to detection, not usability..Besides, if I could predict the future, I certainly wouldn't spend my time on forums..LOL...
j/k...

Shooter,

You did not address the issues i've mentioned; would you mind doing so, if only to get the record straight?

{QUOTE-> The reasons I said I would trial NOD32 were due to detection, not usability <-QUOTE}

Well, you have posted this earlier on in this thread (I've bolded the essential parts):

{QUOTE-> Well, frankly, even with my using KAV, I also have Spysweeper and Trojan Hunter and ZAPro running for "layered" protection..LOL..
Well, Ive always considered myself to be a fair person.. So, I installed NOD32 and will be using that EXCLUSIVELY, along with TH and Spysweeper... I will NOT practice Safe computing habits..LOL.. Admittedly, my laptop runs faster now with NOD32 than with KAV 5.... and that's important to me.. My concern is, with my new "layered approach", will I get infected? Time will tell.. In fairness, however, NOD32 caught an HTML Exploit this morning.. "heuristically". I could not save the file. <-QUOTE}

Sounds like both detection and usability to me...

regards.

paul

Shooter,

You've mentioned elsewhere that KAV 5 was causing the freeze-ups and browser crashes--is that truly the case?

Back to NIS 2004, eh? :-\

Since I'm cheap (and poor) I like to use AVG 6.0 free edition as a second on-demand AV scanner to go with NOD32. AVG seems to get along quite well with NOD and its features complement those of NOD quite nicely. To my mind at least, it's an easy program to run, and I have installed it as the main AV on several of my friends' computers, with no complaints yet. I notice that the AVG updates are coming out a lot more frequently than they used to, and the program seems to have been greatly improved in terms of its scanning ability. All in all, adding AVG to NOD is an extremely cheap (i.e. free) way of getting "multi-layered" protection.

{QUOTE-> No doubt professional IT Security guys and girls would go for a product with "do everything" protection if the product provided the same level of protection as a set of dedicated antivirus, anti-Trojan, anti-spyware, etc, programs ... but ask any professional mechanic why he spent a small fortune on sets of sockets and ring and open-ended spanners to suit metric nuts and bolts and second sets to suit imperial nuts and bolts rather than just a few dollars on a single adjustable "do everything" wrench and he'll tell you "Adjustable wrenches are for amateurs. They have no place in a professional toolkit." :) <-QUOTE}
This argument presumes that KAV is billed as a do-all solution, while NOD32 is not. The fact is that KAV is billed primarily as an anti-virus application, just as NOD32 is. They are direct competitors. And in fact, Eset says that NOD32 is intended to protect against "viruses, worms, trojans and other malware" (http://www.nod32.com/products/products.htm).

Since KAV isn't being promoted by the vendor as an "adjustable wrench" any more than NOD32 is, and since there is no reason a user can't run auxiliarry applications (TDS-3, Ad-aware, etc.) along with KAV, the same as they could with NOD32, what was your point?

The bottom line is that all else being equal, it's better for your "anti-virus" utility to detect a wider range of malware (which KAV does). In other words, it makes absolutely no sense to defend a product by saying that "You should be using other utilities anyway!"

This is where the reply comes in, "Well, all else isn't equal! NOD32 impacts the system less than KAV!" Well, quite the contrary, that varies by system: NOD32 gave me mini-freezes every time I ran a runtime-packed file, and it caused my system to throw blue-screen crashes. KAV isn't perfect, but it runs a whole lot better on my system than NOD32 does.

Looks like we're back to "The best anti-virus utility is the one that provides the widest range of protection, and runs acceptably on your system, and within your price range."

By the way... I've said it before, I'll say it again: All you guys (including Paul) who promote "layered security" are totally misusing the term. To "layer" security isn't to use one solution for one problem, and another solution for another problem (such as using an AT scanner for trojans, and an AV scanner for viruses). A true "layered" approach means that you have multiple solutions for the same problem.

A good example of this is to use a hardware firewall and a software firewall. Another good example of this is to use an anti-malware scanner that can detect viruses and trojans well, and to have backup AV and/or AT scanners on top of that. A very bad example of this is to use an AV utility that sucks at detecting trojans, and an AT utility to pick up the slack. Rather than "layered security", that is actually "patchwork security".

Think about it before you get angry at me. Wearing a snow suit over long underwear is being layered--both help to keep your upper and lower body warm. Wearing pants to keep your lower body "sort of warm", and a shirt to keep your upper body "sort of warm", is not layering. These are facts.

To Nameless from Firefighter!

One of the best writings your last "Layered Defence" lesson. When we have seen such writings that some other AV:s than KAV plus TDS3, BOClean or TrojanHunter can offer better protection than KAV, we are forgetting that which proggie can detect those viruses that those other proggie's than KAV were missed?

I have just now scanned some 738 infected archived VIRUS samples with 8 different av-proggies. Surprice, the other 7 but not eScan Free (= Kaspersky engine), were able to detect 22 infected VIRUS archives that eScan missed. Good or bad? Still eScan was able to detect totally 39 VIRUS archives more than the best not Kaspersky engined AV was able to detect. In my VIRUS collection were 291 Win32 -viruses, 264 Worms, 77 BAT viruses, 59 Macro viruses etc. Of those worms, some 220 were P2P and I-Worms. How could those 220 worms be other than REAL ITW worms, when they were even named as Worm.P2P.xxx or I-Worm.yyy by eScan and Antidote Super Lite (= Kaspersky engine too). I think that the official ITW Institution don't count P2P or the Internet as a whole system to an ITW source, because there have been added totally 53 NEW ITW viruses to the ITW List THIS YEAR.

After my own AV-test, I think that there are any enough protection offering AV:s in the market, and if u want the best protection, have at least eScan Free as your backup if u don't want to use KAV engined av:s as your primary AV!

Best regards,
Firefighter!

Nameless,

A matter of semantics - it has been and is plain for all what has been talked about in regard to'" layered defense".

FireFighter,

No offense intended - but we have been here before. Private tests, without providing test bed used, circumstances, etc. etc. are at most useful for the one who performed such a "test" - and for no one else.

regards.

paul

To Paul Wilders from Firefighter!

It's very nice policy. I have 231 kb zipped archive where my testing protocols are just now. If I am publishing those results (and how here at Wilders Forum when they are all gathered in the same zip file) which are quite huge amount of rows (totally 1226 infected archives including trojan like programs and riskware), may we see also those wilders.org testing protocols, where certain known program is even better agains't viruses than Kaspersky, u know from which I am talking about!

Best regards,
Firefighter!

{QUOTE->
This is where the reply comes in, "Well, all else isn't equal! NOD32 impacts the system less than KAV!" Well, quite the contrary, that varies by system: NOD32 gave me mini-freezes every time I ran a runtime-packed file, and it caused my system to throw blue-screen crashes. KAV isn't perfect, but it runs a whole lot better on my system than NOD32 does.
<-QUOTE}

It has been my direct experence and also reading the posts that for the majority of NOD32 users it doesn't cause that problem for them. It would seem there is some conflict on your specific system that causes the BSOD with NOD32?

Also it seems a number of KAV users post they have to tweak down the KAV settings in order for KAV to run with less impact on their systems. They also post that by tweaking down KAV's settings they are not sure then how well they are protected?

Here is a link to a program that uses the KAV engine. It doesn't clean viruses, but you can check your system without installing KAV. Freeware.

[url]http://www.vintage-solutions.com/English/Antivirus/Super/

{QUOTE-> To Paul Wilders from Firefighter!

It's very nice policy. <-QUOTE}

Thanks :)

{QUOTE-> I have 231 kb zipped archive where my testing protocols are just now. If I am publishing those results (and how here at Wilders Forum when they are all gathered in the same zip file) which are quite huge amount of rows (totally 1226 infected archives including trojan like programs and riskware) <-QUOTE}

Well, we don't allow .zip files to be uploaded in the first place, and we have a 100 kb upload limit as well. Feel free to upload them divided into two .txt files though, coming with a full explanation how you performed your test ( I'll take it, on a fresh Windows O/S install for every nastie as usual) and the usual test enviroments.

{QUOTE-> may we see also those wilders.org testing protocols, where certain known program is even better agains't viruses than Kaspersky, u know from which I am talking about! <-QUOTE}

Grin... this has been discussed as well in the past - and the answer remains the same: we do have a solid 100 Gig .RAR database of nasties and pick at random X numbers for our tests on fresh installed Windows O/S's for each one of them. Since we aren't waiting for thousands of emails coming in, we don't publish specifics. Looking at the reviews as well as stats, there's no need for doing so either :) . Besides that: we have only that much time to spare - and we'd rather focus on other issues then answering thousands of emails. Take it or leave it - 98% do take it you might belong to those 2% left.

Finally: it's not a spitting contest. No problems in any way as for Kaspersky - it's a very nice AV. That said: as fairly all AVs, it can be tricked rather easily. Eugene Kasperky knows - as many VXers. Bottom line: there is no such thing as a "catch it all/full proof" AV.

regards,

paul