Just a little post to say I am very disappointed with NOD32 that I really thought being one the best kind.
I use NOD32 since 8 months (NAV 2004 was my previous app), and last week I made some Online Virus scans.
Panda dected 5 viruses, RAV 3 and BitDefender also 3! Then I launched back NOD32 which finally dected 3 viruses. As it is running in the background with a full scan every week I am wondering how did I get these viruses. Especially they were in old files in my archive disk....
As I never had this concern with NAV, I deceided to move to their latest version 2005.
Time will tell...

I have used Nod32 for over 2 years and have never found what you are seeing.

Do you have the latest version of Nod32 2.12.3?

Do you have Nod32 fully tweaked? http://www.wilderssecurity.com/showthread.php?t=37509

The older versions of Nod32 would allow a download of a zipped Virus or Trojan, however upon execution AMON would always spring into action.

The latest versions stop most problems at the front door, and should something slip past, AMON is there to protect.

I wish you all the very best with your new choice...

Cheers ;D

Yes I used their latest version and features were on max protection.
Anyway when I find a virus on my machine I got hard time to still trust the AV I am using. That's also why I left AVP (KAV) which did not stop viruses in my mail box.

Cheers

You have strange things, mate. Virusses not found but KAV and NOD32.... You must try to see if you can enter the Guiness Book of Records ;)

Interesting, I saw here another post in which a user complained NAV didn't detect a couple of trojans NOD32 did.

No AV vendor will ever guarantee 100% detection of every single piece of malware in the world. However, NOD32 exploits a superb advanced heuristics thansk to which NOD32 has detected thousands of not yet known viruses, worms and trojans including the latest Bagle threats without updating.

My sister's NAV2004 subscription expired last week and before she renewed it I suggested she trialed NOD32. Not knowing how to use it properly she went ahead and conducted a full scan before she downloaded latest virus signatures and it found a couple of trojans and three worms - some were sitting in her son's Outlook mailbox. She didn't make a note of what they were called. She rang me and I told her to update the signatures and rescan, which she did and it found yet another worm.

Since having trouble in the past with virus and spyware problems she has been very thorough in making sure that live update has run and doing a full weekly scan. But it seems NAV still missed 4 worms and 2 trojans on her PC.

I think she will be ditching NAV and will buy NOD32.

Well, I don't want to defend NOD32, but a few weeks ago I replaced Symantec Antivirus Enterprise Edition with NOD32 Enterprise Edition.
NOD32 found out 26 viruses/trojan that Symantec had missed...

-{ Quote: "Well, I don't want to defend NOD32, but a few weeks ago I replaced Symantec Antivirus Enterprise Edition with NOD32 Enterprise Edition.
NOD32 found out 26 viruses/trojan that Symantec had missed..." }-
I don't want to attack Norton but I never had more viruses that sliped trough than with that program.. I was updating definitions almost daily. :(

This topic is really funny...Well i do attack Norton as being the crappiest Av i had ever for these reasons:

1-It was set up in my computer...i didnt ask for it...all product that comes preinstalled in computers is nasty for me.

2-It slowed my pc tremendosly...when i got rid off it i found my computer a lot more lighty and fast.

3-It didnt detect 5 virus that Avast dectected when i switch from NAV to Avast. Tx Avast. Even free AV are better.

4-I had tones of problems to uninstalled the garbagge that Norton left in computers. He just dont wanted to go! Norton should respect freedom of choice.

5-i found out NOD32...hehe...just comparing is an offense.

;)

P.S. I forgot these:

6-The updates are eternal...never ends the update...and when i had Nav updates were only once a week

7-The scans are really slow.

Well thats it.

Everyone got its own experience and then opinion.
Respect is the key.

Cheers

-{ Quote: "Everyone got its own experience and then opinion.
Respect is the key.

Cheers" }-

Sorry if you feel attacked by me...but im not ag. you im ag. Norton coz Norton is ag. its users by using barely legal actions and abusing of its power in the market.

Regards.

Guys,

This discussion is serving no purpose now. Everyone is entitled to use whatever software they desire.
Since this is the NOD support forum, let's try to keep the discussions to questions on the use of NOD32.

Any help is appreciated.

Hi,
Just for the record, during yesterday I was infected a with a spyware/trojan bundle. It happened because I started an executable file from an untrusted source, depending solely on my resident NAV scanner. NAV stayed complete silent while several different malwares was downloaded and started by each other. During cleaning the infection with more competent softwares, I archived most of the malwares, and submitted them to an online scanner service at http://www.virustotal.com/xhtml/index_en.html

Here are the results.
1. 180 Solutions - msbb.exe
2. BookedSpace - polall1m.exe
3. optimize.exe
4. powerscan.exe
5. VX2 - alcem.exe

................1........2........3.......4.......5
BitDefender.... + ...... + ..... + ..... + ...... +
ClamWin ....... + ...... + ..... + ..... + ...... +
eTrust-Iris.... - ...... - ..... - ..... - ...... -
F-Prot ........ - ...... + ..... + ..... - ...... +
Kaspersky ..... - ...... + ..... + ..... - ...... +
NOD ........... - ...... - ..... - ..... - ...... +
Norman ........ + ...... + ..... - ..... - ...... +
Panda ......... + ...... + ..... + ..... + ...... +
Sybary ........ + ...... + ..... + ..... - ...... +
Symantec ...... - ...... - ..... - ..... - ...... -

All virus definitions were the newest. Note that the test set is very small, so you should be carefull with conclusions.
Before you ask, the VirusTotal site submitted the samples to all of these vendors, and I submited them to DiamondCS too. I will also try with the same samples later to see if any of them updated the definitions.
-hojtsy-

Edit: WARNING: the VirusTotal site uses only a limited database of some softwares.

report for BookedSpace
Edit: WARNING: the VirusTotal site uses only a limited database of some softwares.

report for optimize.exe
Edit: WARNING: the VirusTotal site uses only a limited database of some softwares.

report for powerscan.exe
Edit: WARNING: the VirusTotal site uses only a limited database of some softwares.

report for alchem.exe
Edit: WARNING: the VirusTotal site uses only a limited database of some softwares.

From a lot of packages they used an old version. Strange.

It's not a good idea to include results from online scanners here. Please bear in mind that NOD32 for Linux used by online scanners doesn't include an option for detection of potentially dangerous applications which includes adware, too. Should the discussion on detection capabilities of various AV programs continue here, I suggest to move it to another thread.

-{ Quote: "Please bear in mind that NOD32 for Linux used by online scanners doesn't include an option for detection of potentially dangerous applications which includes adware, too." }-
I still have the malware files. I am ready to submit them to any submission service/site/person/whatever where I can test them against NOD in it's full power, and get a full report of what NOD detected.

-{ Quote: "Should the discussion on detection capabilities of various AV programs continue here, I suggest to move it to another thread." }-
I asked the same from Ronjor and he just did it.
-hojtsy-

Hojtsy

all those are as a result of the IE exploit being used as described here
http://www.wilderssecurity.com/showthread.php?t=55598

If you had XP sp2 you would have been protected

-{ Quote: "Hojtsy
If you had XP sp2 you would have been protected" }-
Sp2 isn't a good advice to everyone. I've tried sp2 in my WinXP Home Finnish version. Opening my PC took about a half an hour, still everything seems to be halted. Unable to remove correctly. Have to reinstall the whole WinXP Home again.

One of the biggest PC-vendors in Finland doesn't recommend to install that sp2 at all, also the same with one of the biggest ADSL broadband suplier's in here too!

Let's wait more about the GOOD news of that sp2 first.

Best regards,
Firefighter!

-{ Quote: "My sister's NAV2004 subscription expired last week and before she renewed it I suggested she trialed NOD32. Not knowing how to use it properly she went ahead and conducted a full scan before she downloaded latest virus signatures and it found a couple of trojans and three worms - some were sitting in her son's Outlook mailbox. She didn't make a note of what they were called. She rang me and I told her to update the signatures and rescan, which she did and it found yet another worm.

Since having trouble in the past with virus and spyware problems she has been very thorough in making sure that live update has run and doing a full weekly scan. But it seems NAV still missed 4 worms and 2 trojans on her PC.

I think she will be ditching NAV and will buy NOD32." }-

Norton is not just heavy for your system, expensive and used to update only in wednesday. As I don´t use it for a long time, why am I worried about it ?
If today I got the best, I´m sure I´ll never suffer again with NAV.

Do you know what is you see more than 30 computers, with the exclusion directory for scanning, full of virus ?
:D

I know it, and I´m sure these days won´t get back again ;D

Best Regards,

DonKid.

Shouldn't this topic be in the NOD32 Forum?

-{ Quote: "Shouldn't this topic be in the NOD32 Forum?" }-


No

it was moved from NOD forum because it turned into a general antivirus discussion & not a NOD "support" issue

KAV does detect these that the scan at Virustotal says it doesn't.
180 Solutions - msbb.exe
powerscan.exe

It's just that KAV has them in it's extended bases. Obviously the scanner at Virustotal does not include the extended bases. Here's what they are listed as in KAV's database.
not-a-virus:AdWare.PowerScan.a
not-a-virus:AdWare.PowerScan.b
not-a-virus:AdWare.180Solutions

muf

-{ Quote: "all those are as a result of the IE exploit being used as described here
http://www.wilderssecurity.com/showthread.php?t=55598" }-Yes, they could also be installed as a result of the expoit described there, but in my case as I already told all of these files were created/downloaded after I manually started a single executable file I have manually downloaded. I could not comprehend how could this be in any connection with IE exploits. It was an exploit of the human mind. Do you have Service Packs for Human Mind 1.0?
I know that there are several different protection layers which could have decreased the damage, but what I aiming at is to see which *antivirus* software could have recognized these specific malwares created/executed on my machine, by file signatures. As you can see some antivirus applications are capable of recognizing these files, so the need/idea is not entirely unjustified.-{ Quote: "Obviously the scanner at Virustotal does not include the extended bases." }-Thanks for this info. I repeated the scan of 180Solutions at http://virusscan.jotti.dhs.org/ and KAV picked it up. I guess they are using the more complete definition databases.
-hojtsy-

Much better results for KAV at http://virusscan.jotti.dhs.org/.

1. 180 Solutions - msbb.exe
2. BookedSpace - polall1m.exe
3. optimize.exe
4. powerscan.exe
5. VX2 - alcem.exe
................1........2.......3.......4........5
Antivir........ + ...... + ..... + ..... - ...... +
Avast.......... + ...... + ..... - ..... - ...... +
BitDefender.... + ...... + ..... + ..... + ...... +
ClamAV......... + ...... + ..... + ..... + ...... +
drWeb.......... - ...... + ..... + ..... - ...... +
F-Prot......... - ...... + ..... + ..... - ...... +
Kaspersky...... + ...... + ..... + ..... + ...... +
mks_vir........ + ...... + ..... + ..... + ...... +
NOD............ - ...... - ..... - ..... - ...... +
Norman......... + ...... + ..... - ..... - ...... +

180solutions:
AntiVir TR/Spy.180Solutions (0.14 seconds taken)
Avast Win32:Trojan-gen. (1.52 seconds taken)
BitDefender Application.Adware.180solutions.A (0.70 seconds taken)
ClamAV Trojan.Spy.Small-1 (0.33 seconds taken)
Dr.Web No viruses found (0.52 seconds taken)
F-Prot Antivirus No viruses found (0.06 seconds taken)
Kaspersky Anti-Virus not-a-virus:AdWare.180Solutions (0.62 seconds taken)
mks_vir .Ncase180 (0.21 seconds taken)
NOD32 No viruses found (0.40 seconds taken)
Norman Virus Control W32/Ncase.E (0.12 seconds taken)

BookedSpace - polall1m.exe
AntiVir Worm/Rbot.IQ.03 (0.14 seconds taken)
Avast Win32:Trojan-gen. {Other} (1.51 seconds taken)
BitDefender Trojan.Downloader.Agent.AE (0.32 seconds taken)
ClamAV Trojan.Downloader.Agent.AE-2 (0.32 seconds taken)
Dr.Web Trojan.DownLoader.560 (0.48 seconds taken)
F-Prot Antivirus security risk or a "backdoor" program (0.06 seconds taken)
Kaspersky Anti-Virus TrojanDownloader.Win32.Agent.ae (0.59 seconds taken)
mks_vir Trojan.Downloader.Agent.Ae (0.19 seconds taken)
NOD32 No viruses found (0.36 seconds taken)
Norman Virus Control W32/DLoader.BG (0.12 seconds taken)

optimize.exe
AntiVir TR/Dldr.Dyfuca.BH.2 (0.14 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender Adware.Opti.A (0.48 seconds taken)
ClamAV Trojan.Dyfuca-20 (0.34 seconds taken)
Dr.Web Trojan.Dyfuca (0.51 seconds taken)
F-Prot Antivirus W32/Dyfuca.DF@dl (0.06 seconds taken)
Kaspersky Anti-Virus Trojan-Downloader.Win32.Dyfuca.dk (0.60 seconds taken)
mks_vir Trojan.Trojan-downloader.Dyfuca.Dk (0.19 seconds taken)
NOD32 No viruses found (0.35 seconds taken)
Norman Virus Control No viruses found (1.61 seconds taken)

powerscan.exe
AntiVir No viruses found (0.93 seconds taken)
Avast No viruses found (3.36 seconds taken)
BitDefender Adware.PowerScan.B (0.30 seconds taken)
ClamAV Adware.Powerscan-1 (0.30 seconds taken)
Dr.Web No viruses found (0.46 seconds taken)
F-Prot Antivirus No viruses found (0.11 seconds taken)
Kaspersky Anti-Virus not-a-virus:AdWare.PowerScan.b (0.57 seconds taken)
mks_vir .Powerscan (0.19 seconds taken)
NOD32 No viruses found (0.36 seconds taken)
Norman Virus Control No viruses found (0.65 seconds taken)

VX2 - alchem.exe
AntiVir TR/Dldr.Alchemic (0.14 seconds taken)
Avast Win32:Trojan-gen. {VC} (1.51 seconds taken)
BitDefender Trojan.Downloader.Alchemic.A (0.31 seconds taken)
ClamAV Trojan.Alchem (0.33 seconds taken)
Dr.Web Trojan.Alchem (0.49 seconds taken)
F-Prot Antivirus security risk or a "backdoor" program (0.06 seconds taken)
Kaspersky Anti-Virus TrojanDownloader.Win32.Alchemic (0.59 seconds taken)
mks_vir Trojan.Trojandownloader.Alchemic (0.20 seconds taken)
NOD32 Win32/TrojanDownloader.Alchemic.A (0.35 seconds taken)
Norman Virus Control W32/Alchemic.A (0.12 seconds taken)

Hmm sorry for the long post.
-hojtsy-

I have been forced to move to NOD32 by that PC eating piece of trash called TruPrevent that Pandasoftware added to their (used to be excelent) AV products.

While I have to say that NOD's on demmand scanner is one fo the best, I must admit that it's resident scanner doesn't fill me with as much confidence. It does seem to be a bit more "lax" than Panda's equivelent (pre TruPrevent) and lets a lot more Malware and Spyware through, relying in it's great on demmand scanner to clean the system up afterwards. This observation is backed up by the fact that after doing a full system scan NOD32 has found one or two things that it's resident scanner let through.

Personally I would much rather the resident scanner did it's job properly, then the on demmand scanner could just be ran once a week to double check my system. As it is I now feel the need to run a full system scan before shutting my PC down for the day, everyday. (I just don't trust Amon); Something that wasn't needed with Panda Titanium.

Don't get me wrong, I think NOD is a great AV package, I just think it's resident scanner needs a little more work.

-{ Quote: "I must admit that it's resident scanner doesn't fill me with as much confidence. It does seem to be a bit more "lax" than Panda's equivelent (pre TruPrevent) and lets a lot more Malware and Spyware through" }-Personaly I do not expect from an AV or AT tool to deal with spywares. There are other tools specialized for that. I'd rather prefer touse the best of breed policy.

-{ Quote: "...I must admit that it's resident scanner doesn't fill me with as much confidence...This observation is backed up by the fact that after doing a full system scan NOD32 has found one or two things that it's resident scanner let through....(I just don't trust Amon)..." }-That was my point. It is also true that Panda and BitDefender got most of the virus that NOD32 does through its On Demand scanner. Just try their online scans and you'll see by yourself. I also found that they both do scan more files that NOD32 does. BitDefender being the one which scans more files.

-{ Quote: "I repeated the scan of 180Solutions at http://virusscan.jotti.dhs.org/ and KAV picked it up. I guess they are using the more complete definition databases.
-hojtsy-" }-
Jotti's site uses the extended KAV bases, whereas perhaps VirusTotal uses their standard bases. Plus VirusTotal uses windows versions of the AVs and Jotti use Linux versions, so there would be slight differences there. Good to see ClamAV/ClamWin doing okay.. but again, it's only one series of tests.

Cheers,

Steve

-{ Quote: "Personaly I do not expect from an AV or AT tool to deal with spywares. There are other tools specialized for that. I'd rather prefer touse the best of breed policy.
" }-


as the spyware authors are more and more using virus/trojan/backdoor code and methods in their work i find it is good that they have started to detect spyware..also the difference between viruses/trojans and spyware seems to be nonexistent now

the av companies are big, even huge if you compare them to vendors like lavasoft

also spyware authors are utilising advanced packers etc to battle av detection..

one other thing: a simple scanner is not anymore enough to detect these new spyware variants.. av companies have their super advanced scanning engines, they only need spyware signatures added and their av's transform into a superb spyware detectors.. if only they'd get the removal to be as good as the detection ;)

cheers !

-{ Quote: "Sp2 isn't a good advice to everyone. I've tried sp2 in my WinXP Home Finnish version. Opening my PC took about a half an hour, still everything seems to be halted." }-Remove or update the poorly-designed third-party software you use.
-{ Quote: "Unable to remove correctly. Have to reinstall the whole WinXP Home again." }-You installed a service pack without creating a full backup first?
-{ Quote: "One of the biggest PC-vendors in Finland doesn't recommend to install that sp2 at all, also the same with one of the biggest ADSL broadband suplier's in here too!" }-That's so they don't have to deal with the support calls, not because it is actually sound advice to the user.-{ Quote: "Let's wait more about the GOOD news of that sp2 first." }-You mean the several vulnerabilities that have surfaced recently, which affect SP-1 but not SP-2, aren't good news enough?

Comparative tests of antivirus programs

Rank


1. Kaspersky Personal Pro version 4.5.0.58 - 99.09%

2. F-Secure 2004 version 4.71.5 - 98.77%

3. Extendia AVK Pro version 11.0.4 - 98.68%

4. AVK version 14.0.7 - 98.50%

5. Kaspersky Personal version 5.0.149 - 97.88%

6. eScan 2003 Virus Control version 2.6.484.8 - 96.75%

7. McAfee version 8.0.41 - 93.59%

8. Norton version 2004 Professional - 93.38%

9. RAV version 8.6.105 - 93.14%

10. F-Prot version 3.15 - 91.85%

11. Command version 4.90 - 91.41%

12. Panda Titanium version 3.02.00 - 91.38%

13. Norton Corporate version 9.0.0.338 - 90.29%

14. Panda Platinum version 7.05.04 - 89.97%

15. MKS_VIR 2004 version 2.0 - 89.45%

16. Virus Chaser version 5.0 - 89.07%

17. BitDefender version 7.2 - 88.52%

18. BullGuard version 4.5 - 87.26%

19. Dr. Web version 4.31b - 85.35%

20. PC-Cillin 2004 version 11.00.1253 - 84.80%

21. Nod32 version 2.0.0.9 database 1.840 - 82.68%

22. Sophos Sweep version 3.84 - 81.31%

23. Avast version 4.1.418 - 80.55%

24. AntiVir version 6.27.00.01 - 79.57%

25. Vexira version 2.14.00.01 - 79.50%

26. AVG version 7.0.262 - 72.50%

27. Norman version 5.70.14 - 67.72%

28. UNA version 1.83 - 62.85%

29. Solo 2.5 version 2.6.3 - 61.08%

30. ZoneAlarm with VET Antivirus version 5.0.590.015 - 60.82%

31. Fire version 2.7 - 60.52%

32. E-Trust version 6.2.0.28 - 58.48%

33. V-Buster Pro - 57.61%

34. Protector Plus version 7.2.F04 - 51.28%

35. VirScan Plus version 14.091 - 48.36%

36. ClamWin version 0.35 - 48.08%

37. ViRobot Expert version 4.0 - 45.68%

38. MR2S version 1.47 - 44.36%

39. V3Pro 2002 Deluxe version SP2 - 42.33%

40. RHBVS version 4.13.656 - 41.99%

41. Digital Patrol version 5.00.08 - 38.52%

42. Quick Heal version 7.01 - 30.13%

43. Wave version 2.0 - 22.07%

44. TDS version 3.2.0 - 16.67%

45. PestPatrol version 4.4.3.24 - 15.34%

46. A Squared 2 - 15.05%

47. AntiTrojan Shield version 1.4.0.9 - 11.82%

48. PC Door Guard version 3.0.0.14- 11.77%

49. Trojan Hunter version 3.9.807 - 6.76%

50. The Cleaner version 4.1.42.52 - 6.34%

51. Trojan Remover version 6.2.8 - 5.62%

52. Tauscan version 1.6.1024 - 4.82%

53. Hacker Eliminator version 1.2 - 3.38%

54. IP Armor version 5.46.0703 - 2.87%

55. Anti-Hacker & Trojan Expert 2003 version 1.6 - 0%


More info on http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

This test says not all. Looking at AV-comparatives you see that their test differs and I think that they test better than our Greek friend.

AV-C will have their new test somewhere on Wednesday in the coming week published, I guess. Because than it's December ;)

As it says, it is a test and info only. Interpratation is yours.

Fellow Creatures,
Interesting thread. Discussion of these issues is always good. May I just step in and state an observation based on research and not my use of a bunch of different AV programs. I do listen carefully to those who do (such as BigC) and respect them and taken their advice. But my research indicates KAV and NOD are both very good products. But they are AV products if they get a trojan good job, but I do not expect them to capture or kill trojans or spyware. Get products that are designed to go after those. We discuss those here at the Wilders too. As someone said "best of breed." Just my 2 cents worth. ;)

Oh I disagree - anti-trojans should be used as backups IMO. And because many people don't think about ATs, an AV should do a decent job of detecting trojans. At least the common trojans.

-{ Quote: "Comparative tests of antivirus programs
*****************...
More info on http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67" }-
It would have been helpful if you had disclosed the fact that these data have been previously reported & discussed umpteen other times in this forum, & that the tests were dated 8/04, & that several of the versions tested were outdated versions from 2003 or early 2004.

If you did this courteous thing, it might help people avoid wasting time by visiting the link in the mistaken belief that you had posted new & fresh information when, in fact, it is old hat.

Bellgamin, when it has been done is not very important, especially when it is in August this year, the key IMHO is the program versions. Except apps like NAV or NOD32 and maybe few others that released new version after september, most of them are version which are running today.
I also do not believe because you released a new version n+0.1 (which are not even real releases) that you will move from the bottom to the top of the rank. Most of the time, engines are the same, companies just add few extra stuff which are usually more marketing than technical changes. At least that's what I think.

But in order to please you, a friend of mine just sent me this link. Made in October 2004. Enough fresh? No offense just teasing ;)

-{ Quote: "The comparison was conducted in October 2004 (26 September- 1 October 2004) on a sample of over 9000 infected files. Files were infected with old and new virus, mildly harmful and very harmful, in addition to worms, trojans and similar. These files were unpacked in a dedicated folder where they got analysed by the different antivirus systems.
Each antivirus was set to operate to the top of its heuristic and scanpotential. It is important to note that in the results enclosed below, the slowing down of the OS has not been taken into consideration. The only factor that has been considered is the individual ability of each virus to detect and remove virus, worms, trojans and so forth." }-

1 McAfee Viruscan Enterprise 8 (http://www.mcafee.com/)
2 Kaspersky Anti-Virus Personal (http://www.tkqlhce.com/jg117efolfn2B844BC2A533C36)http://www.lduhtrp.net/l0102h48x20MVSOOVWMUPNNWNQ
3 Extendia AVK Pro11 (http://www.extendia.com/)
4 Antivir PE (http://www.10ts.com/reviews/antivirus-freeware.htm)
5 F-Secure 2004 (http://www.f-secure.com/)
6 Bitdefender free 7 (http://www.bitdefender.com/bd/site/downloads.php?menu_id=21)
7 Trend Micro PcCillin 2004 (http://www.trendmicro.com/)
8 Panda Antivirus Platinum (http://www.pandasoftware.com/home/default.asp)
9 McAfee Viruscan Pro 9 (http://www.mcafee.com/)
10 Norton Antivirus 2005 (http://www.symantec.com/region/it/)
11 Symantec Antivirus Corporate (http://www.symantec.com/)
12 Ez Trust Antivirus (http://www.my-etrust.com/)
13 ClamWin (http://www.10ts.com/reviews/antivirus-freeware.htm)
14 Avast! Home free (http://www.avast.com/i_kat_207.php?lang=ENG)
15 F-Prot 3.15 (http://www.f-prot.com/)
16 NOD32 (http://www.nod32.com/)
17 AVG Pro 7 (http://www.grisoft.com/)

More Info on: http://www.10ts.com/reviews/antivirus-test.htm

As you can see KAV, F-Secure or AVK are still in the Top 5.

A884126

Having harmless (virus) files on one's hard drive is not anything to worry about if one has an Anti-Virus application that can stop any malicious virus files from executing on one's computer. If some malware does not execute and cannot execute than so what? You did not say NOD32 did not prevent some virus from executing.

Your body has some malicious bacteria in it but you may not be diseased or sick. Why? You have an immune system that prevents the baddies (malware) from attacking (executing). If you absolutely got rid of all the baddies in you than you also would not have any good bacteria either. Granted this is not a perfect example but hopefully you can see the picture. [Yes - a "perfect" AV app would not get rid of any good files.]

You bet Q or should I say Doc :D . I like the analogy ;)

Cheers

8) .

Wow, so AntiVir PE is as good as KAV, and even ClamWin is better than NOD32?

Great Information....Thank you,

My PERSONAL Opinion had been that McAfee 8i is the better option over Kaspersky but this forum all time is talking about: Dr.Web, Kaspersky and F.Prot but McAfee is The great AV.....

Regarding the results at www.virus.gr you must also understand their testing methodology. A cut and paste from THEIR rules;

The 76556 virus samples were chosen using VS2000 according to Kaspersky, F-Prot, RAV, Nod32, Dr.Web, Sweep, BitDefender, E-Trust and McAfee antivirus programs. Each virus sample was unique by virus name, meaning that AT LEAST 1 antivirus program detected it as a new virus.

By new they mean a heuristic detection so in other words a Heuristic false positive by ONE AV counts AGAINST all the other AVs as a miss, not very scientific or fair IMO.

-{ Quote: "Great Information....Thank you." }-
These personal AV tests should not be used by themselves to judge the effectiveness of a particular scanner.

Although it shows that, as usual, Kaspersky-engined AV's are near the top of the pile, the results of other well-known scanners are shall we say a little strange!!!!
-{ Quote: "Wow, so AntiVir PE is as good as KAV, and even ClamWin is better than NOD32?" }- ;D ;D

-{ Quote: "Remove or update the poorly-designed third-party software you use. You mean the several vulnerabilities that have surfaced recently, which affect SP-1 but not SP-2, aren't good news enough?" }-Maybe so that you said, or is it simply because of this,

http://support.microsoft.com/default.aspx?kbid=842242&product=windowsxpsp2

the list of problematic programs shown in my link above may continue forever, but only the ink had runned out from the writer's laser printer? ;D

Best regards,
Firefighter!

-{ Quote: "http://support.microsoft.com/default.aspx?kbid=842242&product=windowsxpsp2" }-
someone may say that some of these programs have fixes available... BUT as an example... Nero's fix is ~28 MB... Do you think that 100+ MB of updates should be done AFTER you install SP2, then go through the harrowing baseline-config process that many firewalls use is justified when most of the browser exploits are blocked easily by Kye-U's config. pack for Proxomitron?

eScan 2003 Virus Control is pretty good as well

But eScan is KAV based... is it as heavy? What of its other*editions*? Anyone seen it reviewed anywhere (properly)?

you mean, is escan a resource hog? no, its light for me, even when im scanning for viruses it produces no lag, its lighter then nod32 :O (i still love nod32)

It seems that KAV engine should be pretty good if eScan and F-Secure is using it....

It's the best available (if you have an encyclopaedic database like KAV/eScan)

Remember that KAV engine is used in several anti-virus programs: AVK, F-Secure, eScan... which means that the engine should be pretty good.

The only amazing thing it is for instance why F-Secure (KAV, Orion, F-Prot engines) or AVK (KAV, Bit Defender engines) are not on the top...?

Those who enjoy comparative test results may care to visit this thread:-

http://www.spywareinfoforum.com/index.php?showtopic=6165&st=0

Where the results given include the following:-

Kaspersky Anti-Virus 98.94%
McAfee, Virus data file v4382 98.28%
Symantec's Norton Antivirus 92.48%
AntiVir Personal Edition (AVPE) 85.36%
nod32, (20040730) NT 82.19%
Avast! 4, VPS file version 80.08%

The test may have been far from ideal, but it's enough to make Nod lovers cry in their beer!!

-{ Quote: "The test may have been far from ideal" }-

That's quite an understatement ;D - personally, I do prefer pro tests above one more amateur going for it, no matter the result ;)

-{ Quote: "but it's enough to make Nod lovers cry in their beer!!" }-

I for one will never cry in my beer - there are limits!

regards.

paul

@TopperID The link is broken. Try again, please. I would love to see the test data.

As for crying in one's beer -- tears are salty. A dash of salt goes well with beer at times. :)

aloha...... bellgamin

-{ Quote: "@TopperID The link is broken. Try again, please. I would love to see the test data." }-

Over on Mike's place, one has to register to get access.

-{ Quote: "As for crying in one's beer -- tears are salty. A dash of salt goes well with beer at times. :)" }-

No arguement here as for salt. Crying in my beer is quite a different story ;D

-{ Quote: "aloha...... bellgamin" }-

aloha bellgamin :)

regards.

paul

-{ Quote: "
The test may have been far from ideal, but it's enough to make Nod lovers cry in their beer!!" }-

I have NOD on one machine, a KAV AV on two machines and one of the free AVs on a fourth machine.

All of these AVs are good at detecting current infections. However, I
prefer NOD over some of the other AVs because it stands a better chance of detecting 'zero-day' infections. Even if definitions are updated every hour that may be an hour too late. In fact this has happened to me several times.

Example:
http://www.wilderssecurity.com/showthread.php?t=42010

Also Retrospective/ProActive Test:
http://www.av-comparatives.org

Looks like I've upset both the beer lovers and the Nod lovers with this one. I think I'll reserve my sympathies for the former though!!! :D ;D ;)

-{ Quote: "Looks like I've upset both the beer lovers and the Nod lovers with this one. I think I'll reserve my sympathies for the former though!!! :D ;D ;)" }-

Actually a KAV user because that is what I am running on two of my machines.;)

-{ Quote: "TopperID The link is broken. Try again, please. I would love to see the test data." }-

You need to be a member of spywareinfo to view the link.... i think.

Anywho here is a little more info from that thread..


-{ Quote: "UPDATE August 1, 2004: I have updated the number of infected test files to 758. I have added an attachment containing a chart of which test files were identified or missed as containing malicious code. (Replaced on 8/02 with an easy to read text file instead of a html in a zip file wink.gif ) My testing of several thousand infected test files has been postponed due to a hard disk crash.

I recently acquired a few more possible viruses (I am now up to 758 possible Trojan, backdoor, and virus infected files). All of these test files were acquired from in the wild, mostly through cleaning of infected computers and through catching them in the act. There are no known zoo viruses in these tests. Each and every test file was identified as containing malicious code by at least one of these antivirus programs.

Please note that some of these files represent several variations of the same Trojan/virus/malware. It is also possible for one file to contain the code of more than one Trojan, virus or malware. There might also be a few duplicates.

All of the scans were preformed with the following options (if available): scan all files, scan compressed executables, scan inside archive files, and high heuristics.

(The software name and virus definition date precede each test result)

AntiVir Personal Edition (AVPE)
Program: v6.26.00.00 VDF-File v6.26.0.53 from 07.30.20043
647 Possible Viruses/malware/Trojans Found in 647 files out of a total of 758 files!
Approximately 85.36% detection. (Based on number of infected files, not number of infections)

Avast! 4, VPS file version: July 29, 2004 - [0431-2]
620 Possible Viruses/malware/Trojans Found in 607 files out of a total of 758 files!
Approximately 80.08% detection. (Based on number of infected files, not number of infections)

AVG 7.0.253 Professional, Virus Base 264.1.0 7-29-2004:
532 Possible Viruses/malware/Trojans Found in 523 files out of a total of 758 files!
Approximately 69.00% detection. (Based on number of infected files, not number of infections)

eTrust Anti-Virus, 30-07-2004:
575 Possible Viruses/malware/Trojans Found in 576 files out of a total of 758 files!
Approximately 75.99% detection. (Based on number of infected files, not number of infections)
585 Possible Viruses/malware/Trojans Found using non-standard scan!

F-PROT ANTIVIRUS, 30 July 2004
673 Possible Viruses/malware/Trojans Found in 667 files out of a total of 758 files! (Infected: 496, Suspicious: 117)
Approximately 88.00% detection. (Based on number of infected files, not number of infections)

Kaspersky Anti-Virus, Updated: 30-07-2004:
756 Possible Viruses/malware/Trojans Found in 750 files out of a total of 758 files!
Approximately 98.94% detection. (Based on number of infected files, not number of infections)

McAfee, Virus data file v4382 created Jul 28 2004:
756 Possible Viruses/malware/Trojans Found in 745 files out of a total of 758 files!
Approximately 98.28% detection. (Based on number of infected files, not number of infections)

nod32, (20040730) NT
630 Possible Viruses/malware/Trojans Found in 623 files out of a total of 758 files!
Approximately 82.19% detection. (Based on number of infected files, not number of infections)
633 Possible Viruses/malware/Trojans Found using ‘Advanced heuristics’!

Panda Titanium 2004 Anti-Virus, Updated: 07-30-2004:
699 Possible Viruses/malware/Trojans Found in 688 files out of a total of 758 files!
Approximately 90.77% detection. (Based on number of infected files, not number of infections)

Symantec's Norton Antivirus, 7/30/2004:
740 Possible Viruses/malware/Trojans Found in 701 files out of a total of 758 files!
Approximately 92.48% detection. (Based on number of infected files, not number of infections)

Attached is a chart of which test files were identified or missed as containing malicious code by each AV program.

Did your favorite antivirus perform poorly in this test? There are a lot of factors that could have caused this:
Each AV program uses a different virus database. Some containing more malicious signatures than others, meaning some AV programs will have higher detection rates than others.
Each AV company has their own interpretation of what constitutes malware. Some AV companies only want their product to target primarily viruses and worms, and to a lesser degree Trojans and exploits, and to an even lesser degree (or not at all), spyware, hijackers and adware. For example, if you look at the attached chart, you may notice that several of the tested AV programs miss a significant number of the Trojans.
Considering there are roughly 100,000 (or more) unique infections in the wild, a population sample of 758 infected files may not accurately represent true detection rates of AV programs.
Could poor detection of certain AV programs be due to ‘zoo’ viruses in this test sample?
Not likely. First of all, many AV programs will detect zoo viruses. Second, all of these test files were obtained from within the ‘wild’, meaning that all of these files exist outside of laboratories and they have been (unfortunately) released out into the real world. ‘Zoo’ viruses are proof of concept viruses or otherwise unreleased viruses and generally do not exist outside of controlled laboratories. There are no known zoo viruses in these tests.
These test are NOT to determine which AV software is superior, this is just a test on 758 POSSIBLE Trojan, backdoor, and virus infected files.

Please, do not PM, e-mail or otherwise ask for any of these files. These are live viruses, they can do serious damage to your system and others. They are NOT available for sale or trade and will NOT be distributed to anyone. ALL requests for these files WILL BE IGNORED!" }-

-{ Quote: "You need to be a member of spywareinfo to view the link.... i think. Anywho here is a little more info from that thread.." }- Sub Quote

-{ Quote: "Could poor detection of certain AV programs be due to ‘zoo’ viruses in this test sample?" }-Although even I have used before the term "Zoo" sample, I still want to ask if there actually exists at all these kind of samples?

Why? In the real Zoo, the wild animals are behind the bars, in their own cages, so that you just can't touch them and get hurt.

In the real Web world, when I collected my a bit over 3.5k sample collection of all kind of nasties, my only "key" to the "cage of nasties" in the "Web Zoo" was the Google. No registration to any virii collector sites, just using Google and you can get even so high amount of nasties that really are capable to infect my unprotected WinXP Home system. So are they then Zoo samples or what?

The only difference comparing my samples to the official ItW samples is that my samples do not mainly spread via emails, but you can get them from anywhere else in the web. In my mind the Zoo term is only a marketing term.

Secondly about the above Spywareinfo 8-2004 test results against 754 samples. The results doesn't differ so much from my av-test 10-2004 against 2829 "Common PC Protection samples".

Spywareinfo = without parenthesis xy.zz %

My test = parenthesis (xy.z %) = FF av-test against 2829 samples, but AVG had 1906 samples and eTrust 2823.

Kaspersky Anti-Virus
Approximately 98.94% -- (97.0 %) detection.

McAfee
Approximately 98.28% -- (94.6 %) detection.

Panda Titanium 2004
Approximately 90.77% -- (89.4 %) detection.

F-PROT ANTIVIRUS
Approximately 88.00% -- (87.3 %) detection.

NOD32
Approximately 82.19% -- (83.9 %) detection.

Avast! 4
Approximately 80.08% -- (83.1 %) detection.

AntiVir PE (AVPE)
Approximately 85.36% -- (78.4 %) detection.

AVG 7.0 Pro
Approximately 69.00% -- (65.6 %) detection.

eTrust Anti-Virus
Approximately 75.99% -- (57.4 %) detection.

I'll bet that this eTrust tested in Spywareinfo hasn't the VET engine but the IRIS one. Anything more to say? The real web world seems to be very much like that if you want collect some nasties!

To clarify these nasties better, I prefer to call them more likely "randomly met samples" than Zoo samples and that's why my eScan scored "only" 97 % and not very close to 99 %.

PS. I used eScan, Command AV and Panda Platinum instead of the products mentioned above but they have about the same scanning engines except my eTrust EZ, that has the VET engine.

Best regards
Firefighter!

82% virus detection rate is bad, heh, that is when you can do better, but i will say this, i love OD32 because of its realtime scanner and its heuristic detections the rest i leave up to eScan and i havent found a virus in over 3 weeks...

-{ Quote: "Maybe so that you said, or is it simply because of this, http://support.microsoft.com/default.aspx?kbid=842242&product=windowsxpsp2 the list of problematic programs shown in my link above may continue forever, but only the ink had runned out from the writer's laser printer? ;D" }-So what? That's a list of "Programs that may require you to open ports manually" for the WinXP SP-2 firewall. (You actually use that firewall anyway?)

-{ Quote: "So what? That's a list of "Programs that may require you to open ports manually" for the WinXP SP-2 firewall. (You actually use that firewall anyway?)" }-Because I don't understand a heck of Firewalls, I use Sygate 5.6 Free to fill up that gap.

Btw, just runned sp2 in my WinXP Home system about a week again and let's hope not big problems occur again. A bit of slowdowns met when I had Avast 4.5 Home as one of my backups, but after uninstalling Avast, they were gone.

Best regards,
Firefighter!

I am very impressed how McAfee is doing well in many test reports. They seem to improve their engine each year.

Maybe that's is why my companie chose it... ;D