Which one has better heurístics?

NOD32 is lighter but both of them are good heuristic-based scanners :D

-{ Quote: "Which one has better heurístics?" }-Answered in www.av-comparatives.org with their latest retrospective tests. Nod32 1st with 70% detection, Bitdefender 2nd with 49% detection.

Cheers ;D

But it was with Bitdefender 8...did not Bitdefender 9 improved its heuristics?

-{ Quote: "But it was with Bitdefender 8...did not Bitdefender 9 improved its heuristics?" }-As did Nod32 from 2.12.3 to 2.50.25

Cheers ;D

Good point! :)

Only about an hour ago I trialed Panda Truprevent 2005 and it detected and eliminated after updating 3 nasties from my Windows Registry.

Dialer.BJP
Dialer.AKD
Adware/ExactSearch

I have scanned my Laptop before with DrWeb 4.32b with risky/nasty beta defs, Vba32 v3.10.5 beta, NOD32 for Windows 2003/XP - 64 BIT v2.51.8 with AH, the new KAV online scan, Ewido 3.5 Plus, M$ AntiSpyware beta, Ad-Aware SE 1.06 Personal, SpyBot 1.4 with Beta defs, F-secure Blacklight beta plus I have SpywareGuard, SpywareBlaster and BOClean 4.12 installed on my Laptop too. After all these they still detected nothing. >:(

Best regards,
Firefighter!

As I said from day one: Panda has very good detection, but it's a hog which is the only reason why I'm not using their software anymore, even though I still have 376 days left of my license :)

Truprevent is not an entire antivirus program, it's like a sandbox, almost.

http://www.pandasoftware.com/products/truprevent_tec/

-{ Quote: "TruPreventTM Technologies cover this additional security need, protecting computers from both unknown viruses and intruders. These new preventive technologies neither replace nor conflict with ‘traditional' reactive technologies used by antivirus solutions. On the contrary, they complement one another to reinforce the security of your computer." }-

-{ Quote: "Only about an hour ago I trialed Panda Truprevent 2005 and it detected and eliminated after updating 3 nasties from my Windows Registry.

Dialer.BJP
Dialer.AKD
Adware/ExactSearch

I have scanned my Laptop before with DrWeb 4.32b with risky/nasty beta defs, Vba32 v3.10.5 beta, NOD32 for Windows 2003/XP - 64 BIT v2.51.8 with AH, the new KAV online scan, Ewido 3.5 Plus, M$ AntiSpyware beta, Ad-Aware SE 1.06 Personal, SpyBot 1.4 with Beta defs, F-secure Blacklight beta plus I have SpywareGuard, SpywareBlaster and BOClean 4.12 installed on my Laptop too. After all these they still detected nothing. >:(

Best regards,
Firefighter!" }-
Aren't the only programs that actually scan the registry the antispyware programs?
(Did you actually have the malware are just the supposed registry entries for them?)

Is it likely that Truprevent would conflict with other AVs such as Bit Defender?

Thanks,
Jerry

-{ Quote: "Is it likely that Truprevent would conflict with other AVs such as Bit Defender?

Thanks,
Jerry" }-
Apparently it works with many but has been said by some reviewers to cause slowdowns.

-{ Quote: "Which one has better heurístics?" }-

NOD32's Heuristics are worthless, they detect nothing.

-{ Quote: "NOD32's Heuristics are worthless, they detect nothing." }-

Maybe a few? http://www.eurosecure.com/heuristics.asp

-{ Quote: "NOD32's Heuristics are worthless, they detect nothing." }-
What is your proof? Not oppinion. Not bashing. Proof!

-{ Quote: "What is your proof? Not oppinion. Not bashing. Proof!" }-There is no proof here nor there (http://www.wilderssecurity.com/showthread.php?p=541378#post541378)

;D ;D ;D

Hi, Patrician


-{ Quote: "NOD32's Heuristics are worthless, they detect nothing." }-
I see you are still huffing and Puffing at NOD32.

Take Care,
TheQuest 8)

-{ Quote: "NOD32's Heuristics are worthless, they detect nothing." }-Your persuasive writing skills need a little improvement... when you make a claim you need to back that claim up with evidence from a credible source. :)

-{ Quote: "Only about an hour ago I trialed Panda Truprevent 2005 and it detected and eliminated after updating 3 nasties from my Windows Registry.

Dialer.BJP
Dialer.AKD
Adware/ExactSearch

I have scanned my Laptop before with DrWeb 4.32b with risky/nasty beta defs, Vba32 v3.10.5 beta, NOD32 for Windows 2003/XP - 64 BIT v2.51.8 with AH, the new KAV online scan, Ewido 3.5 Plus, M$ AntiSpyware beta, Ad-Aware SE 1.06 Personal, SpyBot 1.4 with Beta defs, F-secure Blacklight beta plus I have SpywareGuard, SpywareBlaster and BOClean 4.12 installed on my Laptop too. After all these they still detected nothing. >:(

Best regards,
Firefighter!" }- No chance of FP? You seemed to have scanned with everyting but the kitchen sink.

-{ Quote: "No chance of FP? You seemed to have scanned with everyting but the kitchen sink." }-How do I know when they have all gone? ???

Best regards,
Firefighter!

Either those are false positives or we should all dump our current security programs and download Panda! :)

-{ Quote: "Either those are false positives or we should all dump our current security programs and download Panda! :)" }-Or they are valid findings pointing to malware that has been already dealt with. The registry is a database, it contains configuration and state information. These entries could be neglected orphans. It's good practice to deal with them, but they are not a sign of active infestation.

Blue

-{ Quote: "Or they are valid findings pointing to malware that has been already dealt with. The registry is a database, it contains configuration and state information. These entries could be neglected orphans. It's good practice to deal with them, but they are not a sign of active infestation.

Blue" }-
Agreed, a reg cleaner should have found these, or a manual inspection after an infection.

-{ Quote: "Agreed, a reg cleaner should have found these, or a manual inspection after an infection." }-Maybe, but not that EasyCleaner which made a full all possible clean just before the Truprevent installation. :o

Even this VGrep shows about that Adware/ExactSearch, that they are not all so easy to detect.

Best regards,
Firefighter!

-{ Quote: "But it was with Bitdefender 8...did not Bitdefender 9 improved its heuristics?" }-The new heuristic is also available in version 7 and 8. ;)

Firefighter, it seems Panda only detected some left-over registry keys.
So no worries. ;-)

In my experience with lots of collections and new malware scanned, NOD32 has the better heuristics over Bitdefender. Bitdefender is lacking more rules for better heuristics, they can emulate pretty well so they actually could achieve the same detection rate as NOD32's heuristics.

HiVE is not fully impliemnted yet,so they still have time and space for improvements. I just wonder how is HiVE compared to Norman Sandbox...

Best Heuristics: NOD32 2.5 vs Bitdefender 9?
Well my opinion is NOD32 still is best when it comes to Heurisitcs, Bitdefender 9 is good but not as good as NOD32

My opinion is that SandBox isent that good anymore so it will probably beet it like NOD32 do ;)

Is there any test other than that one for Zotob variants that tests the HiVE ?
I'd like to know how effective really is and so on...

@Firefighter: As Mr.Kurtzhals said, Panda only deleted some leftover registry entries (Panda is good at these things). :)

@RejZoR: Time will tell, but I still think NOD32 is better than BD in terms of heuristics.

Well as far as i know these virual environments can only run Win32 like executables. HTML files,BAT files and VBS (i'm not 100% about these).
At least Norman Sandbox rejected many such files as they can't be run in Sandbox. While on the other hand NOD32 heuristics work different and they can inspect any file with all heuristics strenght.

-{ Quote: "HiVE is not fully impliemnted yet,so they still have time and space for improvements. I just wonder how is HiVE compared to Norman Sandbox..." }-

There are 4 factors that will influence the performance of this kind of heuristics/generic detection :

- The quality of the emulator itself (floating point, MMX instructions and more, structured exceptions handling, weird PE file structures, ...)
- The quality of the virtual environment (emulation of the windows API)
- The quality of the rules that have been defined for recognizing the behaviour of malware (e.g it is not easy to find a rule that will detect keylogers and that will not produce any false positive)
- The quality of the link between emulation and signature scanning.

I think Norman Sandbox emulation of the malware and environment are very good. It probably lacks some behavioral rules for detecting some types of malware, but its main weakness is that there is no link between sandbox emulation and signature scanning.

In Bitdefender, this coupling between emulator and signature scanning is visible through the flags "Dropped :" and "GenPack :" for example. I think that NOD32 (detections of "a variant of...") has implemented something similar. And I hope that they will finaly implement it inside Norman.