this is not a antivirus vs antivirus i would just like to know is the new nod32 2.5 has better detection than the kaspersky 5.0 ???

This depends are you talking 0-day or known malware, Both are excellent products and perform rather well. Making a statement as to which has a better detection rate is hard to do but I would say KAV simply due to the huge signature base they use. On the heuristic side NOD32 wins hands down, so it is a tough call. There are some very useful posts here to help you out. Also have a look at AV-Comparatives and VB100 etc. etc. As I believe no one has done any formal testing of 2.5 yet it is hard to say.
HTH

I don't see why NOD32 2.5 would have a better detection then the earlier versions, a slightly mofified engine but using the same database... Kaspersky would be better detection overall... NOD32 is good too, but can't touch Kaspersky and BitDefender (and McAfee) yet... Read my words, yet... We can't judge the future ;)

[edit]
Whoops, I used Nika's account by mistake :P She was logged in...

{QUOTE-> BitDefender (and McAfee) yet... ;) <-QUOTE}

Since when did McAfee become worthy of being in the same paragraph as NOD32 and KAV? :P

As of lately, it seems ever since they started updating VSE daily, the over all detection has sky rocketed, don't get me wrong they have always been good, but now it is getting even better IMO. :)
Sorry OT.

Hi,

I just came off of a substantial cleaning process. Kaspersky definitely was able to find more malware than NOD32. In particular, it was able to detect some lurking trojan data in ADS files.

Rich

{QUOTE-> Hi,

I just came off of a substantial cleaning process. Kaspersky definitely was able to find more malware than NOD32. In particular, it was able to detect some lurking trojan data in ADS files.

Rich <-QUOTE}

Did you run NOD first then KAV?

Hi Stan,

Originally, the infected machine had Norton AV and Internet security. Norton AV was turned off, and system restore was turned off.

The sequence was this:

1) Ewido Licensed: found about 200 pieces of malware including many dlls and exe's.

2) TDS-3:- found about 150 pieces of malware similar to Ewido but in a different system folder.

3) KAV 5.0 Personal Personal in real-time: 3 pieces of malware detected on startup - deleted.

4) KAV 5.0 Personal MP3 on-demand scan in regular mode: Nothing

5) McAfee in safe mode: nothing

6) NOD32 beta in safe mode: nothing

7) KAV 5.0 real-time: one piece of trojan in ADS

8 ) ADSSPY: 40 pieces of trojans in ADS deleted

I also used HijackThis to remove registry entries. About 30 in total were deleted.


Hope this answers your question.

Rich

{QUOTE-> Hi Stan,

4) KAV 5.0 Personal MP3 on-demand scan in regular mode: Nothing

5) McAfee in safe mode: nothing

6) NOD32 beta in safe mode: nothing

7) KAV 5.0 real-time: one piece of trojan in ADS

<-QUOTE}

I wonder why the KAV on-demand scan didn't find anything but
the KAV real-time did find one piece of a trojan?

{QUOTE-> Since when did McAfee become worthy of being in the same paragraph as NOD32 and KAV? :P <-QUOTE}
In a range of testing sites and over a long period of time these 2 AV's are always at or near to the top.

The McAfee engine is on par with Kaspersky's which is considered by many people to be the best.

{QUOTE-> In a range of testing sites and over a long period of time these 2 AV's are always at or near to the top.

The McAfee engine is on par with Kaspersky's which is considered by many people to be the best. <-QUOTE}

I agree that it is a decent AV...right up there with Norton, but IMO, I don't consider it to be near as good as NOD or KAV. It's bloatware and that is a big negative in my books. Remember <---My opinion :)

Hi Stan,

No idea why KAV behaved differently between on-demand and real-time scan. I was pretty surprised, but I recognized the trojan alert as being associated with ADS, so I ran ADSSPY and found lots of stuff lurking in the ADS. Different file types. Some were system, some were BMP. I do not know if they were associated with the same trojans or different ones. In the heat of battle, I just fire away. ;D

As of today, my friend is now using KAV 5.0 MP3 Beta Personal, ProcessGuard and RegDefend on his system. I believe he is going to stick with the Norton Firewall. Norton AV is gone. Frankly, I am shocked at how inept Norton was. I had previous issues with Norton before I switched to KAV (also due to leakages), but the severity of this breach was one to behold. My friend is still getting over it, since there was lots of financial stuff going on. Hopefully, Norton stopped all efforts by the keylogger(s) to transmit data.

Rich

i think a person who runs norton generally dont know much about whats going on on a machine. i had this friend who kept clicking 'add to ignore' every time her AV detected something, thinking that...i dont know what she was thinking. im not sure waht AV she was using but the result was that her AV was told to ignore all infections. and this went on for about a year. only discovered it because she was sending me viruses on msn and irc

kaspersky,mcafee defenitely has better detection than nod32,and nod32 may equal bitdefenders detection IMHO..
kav until now is the best in detection and cleaning..

kav is (in my opinion) in a league of its own. its suffereing from not having good heuristics though, and nod may be better in such cases. however kis2006 prototype has very impressive heuristics. internal tests at KL indicate that kav06's heuristics will catch 95% of all viruses

edit: i should probably back that up. here goes: http://forum.kaspersky.com/index.php?showtopic=410&hl=proactive

ITW and ALL viruses are very different ::) .
BTW... i wouldnt class the proactive defence system of KIS 2006 as "heuristics"... rather a IDS/ Behaviour blocking system.

Hi tahoma,

My friend has worked on mainframe security systems for over 35 years and is very familiar with the nature of viruses. While he did get alerts from Norton Internet Security (which he blocked), what surprised him was that he never got any indication from Norton AV. Not real-time, not on-demand. He was not familiar with products like Kaspersky, ProcessGuard, and RegDefend, but he was pretty familar with other well-known products and basically took it for granted that the "market-leader" would have exceptional protection. I will not repeat his words concerning Norton.

Rich

As the question is DETECTION........

Nod is not better than KAV or McAfee and that has been proved time and time again (Av Comparatives - FF).
Just because Nod "once" detected a zero day virus people seem to thing it's heuristics will catch anything ::) IT WON'T.

Exactly. NOD32 heuristics are very good,but not almighty. NOD32 still lacks strong generic engine which is used in McAfee and also KAV.

{QUOTE-> Exactly. NOD32 heuristics are very good,but not almighty. NOD32 still lacks strong generic engine which is used in McAfee and also KAV. <-QUOTE}

Even with those generic detections it still seems that NOD32 does better on the Retrospective/ProActive Test provided by Av-comparatives.
http://www.av-comparatives.org/forum/index.php

The biggest weakness in NOD32 is it's defense aginst trojans. And yesterday i'll just had enought. NOD32 detects the trojan allright, and as usual, is unable to remove them.

After uninstalling NOD32 and installing Kaspersky Personal Pro i ran a complete scan and it removed all the trojans.

Even thoes i didn't know about. ;D

And now Kaspersky Personal Pro is a definite keeper.

I said that heuristics are nice,but general detection is still more important.
For example,i don't need heuristics since my mail is bullet proof. But files that i download are usually already old enough that signatures pick them. And thats where McAfee works like a charm (same with KAV).

I run NOD32 and Ewido and I have had no problems with detecting/removing viruses/worms/trojans/etc..The Heuristics have done an excellent job in detecting threats as well.

I'm not trying to start an argument, but I have had clients that went from Norton to McAfee and they still have all kinds of infection problems. After I implemented NOD32, the problems went away.

I praise NOD because of its heuristics and because of the size and the minimal amount of resources if consumes.

{QUOTE->

For example,i don't need heuristics since my mail is bullet proof. But files that i download are usually already old enough that signatures pick them. And thats where McAfee works like a charm (same with KAV). <-QUOTE}

I am not sure I would state that good heuristics are not important
in an AV because your mail is "bullet proof" and you only download
older files?

I think proactive protection like good heuristics are also an important
part of an AV and it is good to see more AVs are providing this like
Bitdefender, DrWeb, NOD, etc..

I also like the fact that NOD's HTTP scanner is using AH.

The endless battle rages on.....

Let me give my cents ;D

KAV - Excellent detection, not so good heuristics. Nice generic signatures, and not-too-good registry cleaning (but not bad either).

McAfee - Very Good Detection (almost as good as KAV in my experience), Not much of a heuristic engine, excellent generic signatures, and very good registry cleaning.

NOD32 - Good detection (not as good as KAV/McAfee overall), excellent heuristics, Not too many generic signatures, and good registry cleaning.

In the future:

KAV - Seems like Kaspersky is focusing on proactive detection, and the registry disinfection isnt really bad.

McAfee - 5000 series engine looks promising ;)

NOD32 - continuing development, it seems its gonna get better and better at signature detection....

McAfee is not that bad about heuristics lately. I saw lots of heuristic detections in last day my Mr. Mc.

will the kav 6.0 have better registry cleaning???

anyone knows

{QUOTE-> will the kav 6.0 have better registry cleaning???

anyone knows <-QUOTE}
I'm not quite sure, but considering that Kaspersky is currently thinking of a lot of things, it might just happen. :)

You have no reason to worry, because KAV does do limited registry cleaning (which suffices most of the time) for most malware. Remember, Norton, PC-cillin etc. do NOT do any registry cleaning.

{QUOTE-> will the kav 6.0 have better registry cleaning???

anyone knows <-QUOTE}

I was testing a KIS2006 image on Sunday "at some more risky websites" when it popped up a box informing me that Dr Watson was acting suspiciously. It then showed me the registry entry that had been changed and let me "roll it back".

My immediate reaction was to try and get Drwatson zipped and check it at Jottis but being in a hurry I just wiped the disk and re imaged. I suspect it was probably some sort of spyware but was pleased to see the warning none the less.

{QUOTE-> My friend has worked on mainframe security systems for over 35 years and is very familiar with the nature of viruses. While he did get alerts from Norton Internet Security (which he blocked), what surprised him was that he never got any indication from Norton AV. Not real-time, not on-demand. He was not familiar with products like Kaspersky, ProcessGuard, and RegDefend, but he was pretty familar with other well-known products and basically took it for granted that the "market-leader" would have exceptional protection. I will not repeat his words concerning Norton. Rich <-QUOTE}NAV *does* provide good protection and without seeing these so-called "missed" malware samples for myself, I reject assertions like this without any proof. I've never had any "peep" of malware that slipped by NAV on my PCs, and these negative "bashing" reports are usually proffered without the slightest evidence or proof. I guess we just take your friend's word for it that NAV Sucks and don't ask for any samples, evidence, or proof? OH Well .. how can anyone argue with that? :( So typical of the biased anti-Norton "bent" of this Board .. :(

no disrespect but i think ull find that every board with users who have had a computer for more than 6 months is anti-norton. and rightly so. just my opinion

{QUOTE-> no disrespect but i think ull find that every board with users who have had a computer for more than 6 months is anti-norton. and rightly so. just my opinion <-QUOTE}Such comment just serves to further demonstrate my point. :(

im sorry. i take it back. i dont like to see sad faces.seriously

{QUOTE-> im sorry. i take it back. i dont like to see sad faces.seriously <-QUOTE}The "frown" face was just expressing displeasure at what seems to be bias. All I'm saying to folks [and what I say everywhere] is to try to be fair, and try to provide some repeatable evidence to back up negative claims.

I don't speak against competing products that I don't use; I try to say something positive about other products, or not say anything at all; and if I did have anything negative to say, I would surely be prepared to back it up with hard demonstrative evidence and not hearsay.

In cases like this, all it takes is for someone to produce malware samples that Product-X [in this case it is NAV] is not detecting.

I would feel the same way if someone claimed any well-known product, say, NOD32, allowed their system to become infected without uttering a peep. I would want to see hard evidence of that before I accepted it at face value.

I too mean no offense by my remarks. Take Care ..

{QUOTE-> Originally, the infected machine had Norton AV and Internet security. Norton AV was turned off, and system restore was turned off. <-QUOTE}This happened to me once. Norton was off and I was hammered. Of course, NAV was off since I had turned it off - yes, on purpose. The machine was too aged to reasonably try to run NAV, I tried, became a little impatient, and turned it off. This was a long while ago - the PC was underpowered, this wasn't a bloatware issue.

This was my own fault. Given some of the things I see out there, it wouldn't surprise me if many folks have intentionally or unintentionally disabled their protection and were caught short.

I'll take Rich's and anyone else's reports as true at face value. What we oftentimes fail to learn are the root causes leading up to the incident.

Enough of the NAV critique. This could be replayed with any AV on the market. While the finger is being pointed at one AV here, why not also point that finger towards neglect of a strategy most of us follow to some extent - partially overlapping layered protection? Seems that may have assisted in dealing with the incident in the cases being mentioned as well.

Blue

Hi Blue,

As you suggest, I always use and recommend overlapping defense. I do not trust KAV 100%. In fact, last week, BitDefender's online scan detected some malware that KAV real-time and on-demand could not. So I always recommend ProcessGuard and RegDefend to backup up the AV.

I have no idea how the trojans got past Norton AV. (He was running it in real-time and he also ran a complete disk scan). But I do know that I was also badly bitten multiple times a year and a half ago while running Norton, and it was these incidences that finally motivated me to find a better solution. A simple, layered solution is the best way to go, and my friend was extremely grateful to me this morning (he is leaving on Wed. on a long, overdue vacation) both for my "cleaning efforts" and my advice. Cleaning is always much more difficult than preventing. Tonight I'll get some sleep. ;)

Rich

I personally don't have anything against any AV for any reason.

I run NOD32 on my home PC, Norton2004 on my laptop, F-prot on 1 machine, etc..

For me Norton has just become too resource hungry, which is why I went away from it. I never had any infection problems while using NAV. It is a great AV in it's own right (why do you think it has been around so long).

I have not really used McAfee much, but many members of my family have. They've never gotten infected either with it running, but it has just become too big to run on older machines.

I have not tried using KAV. I have ready tons of reviews and i know it is a big-dog among AV's.

I know BitDefender is a great free (on-demand only) AV and I recommend it to people that need to do a clean up. (it's on my website)

I recommend different AV's for different people depending on their needs.

I have no beef with any AV and I'm glad there are so many choices :)

{QUOTE-> no disrespect but i think ull find that every board with users who have had a computer for more than 6 months is anti-norton. and rightly so. just my opinion <-QUOTE}
I had NAV 2003 and thought it was great! I went through a period where I was being bombarded with infected emails. NAV nailed everyone as the emails were being downloaded without interupting the connection. I did switch to NOD only because I wanted faster on demand scans than I was getting with NAV while not sacrificing protection. NAV is great for new users because it has excellent protection and NO learning curve. I had to go to school on NOD so to speak at the NOD forum to use it effectively. Nav does require more resources though, and if you know that you can compensate with more ram.

I've ran Norton and it looks very pretty but alot of trojans got thru and hammered me, I eventually found this board and gave it up and picked up Avast Pro at first, works good, trojan caught me again and then tested every single AV out there and I must say that I prefer 1. Panda - It's rock solid to me but my computer can't run the bloat program, when I get a powerful pc, that's where I'm going.

2. Mcafee - I love mcafee, it catches almost everything and it's not that heavy of a program.

I ran Nod and found 3 trojans in my Opera8 coach so I DL'ed Mcafee today again and re-purchased a license, needless to say it caught all 3 trojans with a non-updated database of definitions.

I just don't trust Norton, nor Nod32, not even F-prot.

Mcafee, Kav, Panda is awesome and Bitdefender for me, one of those four I'll deal with the slowdowns, I need good protection.

{QUOTE-> As you suggest, I always use and recommend overlapping defense. I do not trust KAV 100%. In fact, last week, BitDefender's online scan detected some malware that KAV real-time and on-demand could not. So I always recommend ProcessGuard and RegDefend to backup up the AV. <-QUOTE}Gosh if you don't trust KAV, then I guess it makes me feel a little better that you don't trust NAV, because you aren't going to find a better AV than KAV in terms of detection rate of *all* sorts of malware, including trojans and trojanlike code.

{QUOTE-> I have no idea how the trojans got past Norton AV. <-QUOTE}But Rich, that is the problem. If people don't collect samples and give specifics, but only vague personal testimony, there is no way to know what specific malware was "missed" or why. Not only that, but I don't understand why people so often fail to follow through and submit undetected malware to the Vendor for analysis. This is very easy to do with NAV, just takes a few clicks, I've submitted hundreds and hundreds of samples shared with me by friends and colleagues.

{QUOTE-> But I do know that I was also badly bitten multiple times a year and a half ago while running Norton, and it was these incidences that finally motivated me to find a better solution. <-QUOTE}No disrespect intended but I have to wonder what you were doing to encounter exotic undetected samples? NAV has essentially 100% ITW detection so anything undetected has to be perhaps less-well-known trojans, spyware, or some non-ITW "zoo" malware. I accept what you say, it is similar "Norton-failure" story to others I've heard, only I have to wonder what specific malware was being missed, and where was it coming from ?? ...

{QUOTE-> A simple, layered solution is the best way to go, and my friend was extremely grateful to me this morning (he is leaving on Wed. on a long, overdue vacation) both for my "cleaning efforts" and my advice. Cleaning is always much more difficult than preventing. Tonight I'll get some sleep. ;) Rich <-QUOTE}You know I agree with that statement but, go back and note what Blue said: "such can happen with *any* AV solution". You already said you don't trust KAV; but KAV consistently outdoes everyone in AV comparatives so I don't think there is any other AV which could be said to be more trustworthy in terms of at least *detecting* all the malware one might encounter in-the-wild or perhaps on P2P {Kazaa, Grokster, etc.} or however one might encounter more exotic or less-well-known malware.

Finally let me emphasize I am not questioning yours or anyone's testimony & experience, not questioning your word; only, it would help to have more specifics [malware names, variants, types, etc.] and even [ideally] some *samples* to look at. But the fact that you say even KAV "missed" something you thought should be detected, tells me something about how high your standards must be: because, after testing hundreds of samples sent me, I probably can count on my ten fingers the number that KAV has missed. And if KAV is missing anything, the Kaspersky Labs [KL] is very very quick to include it for detection once they get a sample: newvirus@kaspersky.com

I mean no disrespect but KAV is generally accepted as the best overall malware detector, at this and in other security circles; that is why I single out KAV to suggest that if it isn't enough, then no single AV is enough. If one has extremely high or perfectionist standards, one will probably never find a single AV solution that will satisfy the requirement to detect every possible malware and variant out there.

Let me also mention that spyware-adware, jokes, dialers, and other "expanded threats" are in NAV's database but are not detected by versions of NAV prior to 2004. NAV 2003 and earlier does not use that part of the database. Also, NAV had no runtime packers until 2004 and later. So it *is* possible that folks get "bitten" because they are running earlier versions of NAV which don't detect all the malware that later versions [2004-2005] are detecting. Just a thought ..

And also people should remember that spyware is often given "trojan" type names by AVs when in fact it is in the adware-spyware category and not the classic trojan category; so when people say "Norton missed some trojans" they could actually be saying: "A version of NAV prior to 2004 missed some spyware" .. just another thought .. as, I have had folks send me samples they *thought* were undetected but the samples turned out to be adware that *was* detected with the latest version [engine] of NAV.

I hope you and anyone who has found themselves disappointed with NAV will find that "ideal AV" out there, which will detect and intercept everything that you expect it to. ;) Frankly if KAV isn't it, I don't know what single-AV could or *would* be the successful candidate.

The alternative is to go with the "layered prevention", which you and I and Blue can all agree upon: AV, AT, AS combinations along with other preventative security software "mix".

For the record, your testimony aside, I do not regard Norton as a "lesser" or inferior solution: I accept that you and others feel that way, just "agree to disagree". For most people, and under normal circumstances, NAV should offer good protection IMHO. Not taking away from your testimony, just offering reasoned counter-opinion and honest [but respectful] rebuttal. ;)

Take Care,
Sincerely, Ran

{QUOTE-> I had NAV 2003 and thought it was great! I went through a period where I was being bombarded with infected emails. NAV nailed everyone as the emails were being downloaded without interupting the connection. I did switch to NOD only because I wanted faster on demand scans than I was getting with NAV while not sacrificing protection. NAV is great for new users because it has excellent protection and NO learning curve. I had to go to school on NOD so to speak at the NOD forum to use it effectively. Nav does require more resources though, and if you know that you can compensate with more ram. <-QUOTE}Thank you for your gracious comments: I think both NAV and NOD32 have excellent detection {essentially 100% ITW} -- and under *normal* circumstances, for the *average* user who doesn't go to the dark places of the Net or engage in unsafe practices, should be enough, especially if supplemented by a good AT and AS solution. I exchange samples with some NOD32 friends and my impression is that the detection rates of the two AVs are very close .. thanks again for your gracious comments, much appreciated! ;)

Hi Ran,

Fair enough. Everyone has different experiences in this world. When I drive down the highway, I see enumerable different cars, models, colors (the most prevalent being the black Honda Accord Ex :) ). So everyone has their own taste.

The problem here, and the reason I brought it up, was:

1) I ran several different products against my friend's machine. Not one caught all of the problems. Ewido found many. So did TDS-3. I ran these first because it was somewhat of an emergency situation. My friend's system had been penetrated by a keylogger (we had the files) and it was connecting out to home. We had no idea, until we began running the ATs that there was any problem at all, certainly not to this extent. Remember, my friend had run NAV full disk scan as well as having the real-time scan in place. KAV 5.0 MP3, found the last remnants which were apparently lodged in some system and bmp ADS.

2) The extent of the penetration was substantial, considering the system was rather new. I can tell you only one of the trojans that was found, because I was too busy trying to determine the extent of the situation to bother too much with documenting everything. My friend had absolutely no interest in retaining any files. He wanted all of the trojan material off as soon as possible. The one trojan I can definitely document is what KAV called Trojan-Downloader.Win32.Agent.bc.

3) There is a substantial with Norton somewhere. This could not possibly be a "new" trojan (or group of trojans), since TDS-3, Ewido, and KAV 5.0 were all able to detect aspects of them. My guess is that KAV 5.0 on-demand could not detect the ADS component, while KAV 5.0 real-time was able to detect the ADS because the trojan revealed itself in real-time in such a way that KAV was able to detect it. Once I realized there was an ADS issue, I ran ADSSPY and found lots of "stuff" in the ADS, of substantial size. What it was, I have no idea. My friend just wanted them off his system. I hope you understand that this is a system involved with substantial financial data.

4) This whole incident further underscores for me the need for layered protection in order to diminish the chances of this type of infection from occuring. No one product was complete in itself. It took many products to clean the system. My guess is that there are many, many other home users who run into similar situations (we have heard on this forum from those who specialize in this area), and simply have their systems cleaned. It is not only a loss of time and data, but it is often a most uncomfortable feeling to know that you may have been hacked and that someone may have been following every keystroke that you entered into your computer. My friend was crushed, but somewhat relieved to know that his system is clean. He has taken appropriate measures with the understanding that passwords and other identity data may have been stolen.

Personally, I never get into a discussion about which AV is better than another. I only relate my own experiences, my own decisions and the reasons for my decisions.

Thanks for your comments. Security is a tough business and I appreciate the efforts of everyone in this industry.

Regards,
Rich

P.S. I want to give special mention to the guys at Merijn. HijackThis (a product that I support through donation) was instrumental in my ability to clean this particular machine. Thanks much!!

{QUOTE-> The one trojan I can definitely document is what KAV called Trojan-Downloader.Win32.Agent.bc <-QUOTE}Thank you; that is example of what I mean; it is most likely spyware. The "trojandownloader.xx.yy" classification, as well as the "backdoor.agent.xx" classification assigned by most AVs, is almost always from the adware-spyware category.

{QUOTE-> There is a substantial with Norton somewhere. This could not possibly be a "new" trojan (or group of trojans), since TDS-3, Ewido, and KAV 5.0 were all able to detect aspects of them. My guess is that KAV 5.0 on-demand could not detect the ADS component, while KAV 5.0 real-time was able to detect the ADS because the trojan revealed itself in real-time in such a way that KAV was able to detect it. Once I realized there was an ADS issue, I ran ADSSPY and found lots of "stuff" in the ADS, of substantial size. What it was, I have no idea. My friend just wanted them off his system. I hope you understand that this is a system involved with substantial financial data. <-QUOTE}[I understand the "panic" feeling and uneasiness and wanting to get rid of the malware without regard to sample collection]. Actually though, those products, especially ewido, have detection added for such expanded threats and malware. One need only take a look at the Ewido site: http://www.ewido.net/en/

{QUOTE-> We offer you realtime protection against these threats:

Hijackers and Spyware
Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.

Worms
Nobody should receive e-mails in your name with malicious files in the appendix anymore.

Dialers
Security against all kinds of dialers. No fear when receiving the next phone bill.

Trojans and Keyloggers
No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings. <-QUOTE}
Then go to Ewido's "Why" page: http://www.ewido.net/en/why/ -- to see that Ewido is designed to "complement" [not replace] classic AV solutions by including expanded threats and malware that is often overlooked by AVs or that is not satisfactorily covered by the classic AV solution.

You mentioned a keylogger but normally that isn't what we think of as a classic backdoor trojan. It falls under what Symantec considers expanded threats and security risks (http://securityresponse.symantec.com/avcenter/expanded_threats/). Scroll down that page to the following:
http://securityresponse.symantec.com/avcenter/expanded_threats/
{QUOTE-> Hack Tools
Tools that can be used by a hacker or unauthorized user to attack, gain unwelcome access to or perform identification or fingerprinting of your computer. While some hack tools may also be valid for legitimate purposes, their ability to facilitate unwanted access makes them a risk. Hack tools also generally:

Attempt to gain information on or access hosts surreptitiously, utilizing methods that circumvent or bypass obvious security mechanisms inherent to the system it is installed on, and/or
Facilitate an attempt at disabling a target computer, preventing its normal use

One example of a hack tool is a keystroke logger -- a program that tracks and records individual keystrokes and can send this information back to the hacker. Also applies to programs that facilitate attacks on third-party computers as part of a direct or distributed denial-of-service attempt. <-QUOTE}For more information on hack tools:
http://securityresponse.symantec.com/avcenter/security_risks/hack_tools/

Which is also what I was getting at near the end of my last post: I wonder if your friend was running NAV 2004 or higher? Because earlier versions of NAV would not detect these malware even if in the database.

Regardless of the "why" or "how" of his infection, I'm glad he got cleaned up, and that there were some tools to help facilitate the cleaning.

{QUOTE-> .. This whole incident further underscores for me the need for layered protection in order to diminish the chances of this type of infection from occuring. <-QUOTE}On that you, me, and Blue of course would be in perfect harmony. ;)

Hi Randy,

I did not look at the version of Norton that he was running. It came with a Toshiba laptop that he purchased one month ago. Of course, it could be an old version. If I have a chance to talk to my friend before he leaves, I will confirm the version that he was running.

Personally, I have copies of several security programs that I have purchased over the years for various reasons. This includes Ewido, BOClean, TDS-3, and TrojanHunter, WormGuard, etc.. I run them from time to time to see if anything has ever gotten through KAV/PG/RegDefend. So far, nothing has. Each product has their own "qualities" but it is difficult to explain to my friends the differences. But I recognize their value, and I support the vendors who help me. I am not simply protecting my "computer". I am protecting my privacy and security. Given the amount of money I spend each year for other types of "insurance", I consider these products a bargain.

Rich

For a business that needs its net to be as bullet-proof as possible, would it be a good solution to run NOD on-access & use KAV on-demand?

Hi Belgamin,

I would consider this a good idea, since each product has its own strengths which both overlap and complement each other.

I would highly recommend, if it fits within your overall strategy and resource capabilities, to consider proactive defense measures that will prevent malware from executing and/or installing on your machine. To me, this is preferable to "detection" which is more reactive in nature. My two favorite programs in this category are ProcessGuard and RegDefend. They are mighty strong and complement AVs very well. Both of these products have forums on this board that you may want to visit.

Rich

{QUOTE-> For a business that needs its net to be as bullet-proof as possible, would it be a good solution to run NOD on-access & use KAV on-demand? <-QUOTE}I agree with Rich: find products designed to complement the classic AV solution. I'm not a business, just a home user, but I have similar to what you suggest: NAV on-access, with KAV and BitDefender on-demand. If a person insisted on only using one single product to detect the widest possible spectrum of malware, that choice would have to be KAV. I've tested many many samples and KAV simply doesn't miss much malware, period. But as Rich and Blue suggest, layered solution is the best, because not even KAV can by its lone self detect everything; and also the preemptive-proactive posture is better than reactive ["reactive" meaning, signature detection after-the-fact].. ;)

I currently have a KAV 5 licence and have been looking at an ideal free backup scanner. I've tried bitdefender and like it. But Whilst not much gets by KAV once it's signatures are updated I was wondering about having NOD32's advanced heuristics as a back up scanner for day 0 nasties - i.e. have it as free by letting the trial expire but use it as on demand for heuristic scanning - presumably the advanced heuristics are not reliant upon sig updates??

I hope I'm not committing any forum offences asking this as I'm not asking for cracks or anything but mods please delete if this is crossing the line.

{QUOTE-> For a business that needs its net to be as bullet-proof as possible, would it be a good solution to run NOD on-access & use KAV on-demand? <-QUOTE}

Yepper. For a couple of reasons:

1. NOD32, due to it's heuristics, is going to catch most of the through-the-mail stuff at 0 day. That's the biggest threat to business users, IMO. It's very good through-the-browser trojan and d/l'r ability makes it my preference here also. It's also lighter on the PC.

2. KAV excels at having a definition for everything, so as a backup scanner, it's probably unsurpassed, and would be great as an on-demand.

My .02.

A couple of comments about Symantec AV 7, 8, and 9--which is what we use at work:

We have SAV protecting over 250 PC's, and except for what I consider nuisance spyware, it has caught pretty much everything thrown at it for almost 4 years. Version 9 has also improved in the spyware detection area, as well. Much better than even a year ago.

To offer more detail: these PC's are used in an educational, networked environment, with over 500 users, on the net 15/6. ;)

{QUOTE-> Mcafee, Kav, Panda is awesome and Bitdefender for me, one of those four I'll deal with the slowdowns, I need good protection. <-QUOTE}

Among these options, Panda or BitDefender should give you a nice balance between speed, detection and heuristics ;)