NOD32 v2 concerns

[n8chavez]

I have purchased NOD32 v2 about two months ago. I have to say that I like NOD very much since v2's release, big fan of the interface (no more taskbar clutter!!!!) However, there are a couple of concerns I have with NOD.

1. Everyone says that NOD's trojan detecion/cleaning rates are not that good. NOD ever admits that it is not meant to catch trojans.

2. The scanning engine on NOD can't scan inside very mmany archived files (cab, dat, exe...etc.)

3. Somewhat trivial..is there a way to turn of what is displayed in the log file as you are scanning (password protected files)?

I would like to know if this is true about NOD and its lack of ability to detect trojans. If it is are there any future plans to improve this. Also are there plans to improve NOD's unpacking engine? Thanks.

[AplusWebMaster]

IMHO, no AV vendor does a great job when it comes to trojan detection or removal. That is (apparently) a widely held view that I have seen many places recently and have adopted it as mine, too.
Nor do they do a good job removing or preventing spyware, hence this forum's existance for improvement in the field of security on the web. As recently as April, 2003, the "Whatsnew.txt" that came with the updates for Symantec's NAV update included -deletion- of "adware" products from their list of definitions. 'Not sure what's going on with them...I had previously thought their definition files were cumulative - not so, I guess.
- There are many "generalists" in the business, but if you want the best coverage for the "specifics" regarding trojans, may I recommend a post made shortly after your last one:
http://www.wilderssecurity.com/showt...77695#msg77695

[n8chavez]

Actually what I meant if there was going to be improvements in NOD's engine that might improve trojan detection and unpacking of archieves...much like kaspersky. NOD has the speed, interface, and low resource consumption going for it. But lacks these features (or at least they are not as good as KAV.) I was just wondering if there were improvements planned for these areas.

[Blackcat]

NODv2 has shown big improvements in this area, but probably KAV is the only AV where you may not need a AT program to run alongside to adequately protect against trojans.

Its horses for courses and NOD is at the present time the best ITW virus detector in the business.

As regards unpacking abilities, again NOD has shown big improvements over version 1, but there seems to be an association between scanning speed and unpacking ability. It is difficult to have both in the same package.

For example, NOD and F-Prot for Windows have very fast scanners with a relatively small/ minor effect on system resources but their unpacking ability needs improvement. Whereas, KAV which is the king of the unpackers has a slow scanner speed and a much bigger hit on system resources.

I am sure that NOD will improve in these areas in the future but Eset have concentrated on a very fast scan speed with top-notch ITW virus detection. Not a bad combination .

If you are worried about trojan detection run a AT together with NOD for layered protection.

[Acadia]

Quote:

quoting: Blackcat link=board=39;threadid=12079;start=0#msg77773 date=1060065238]
If you are worried about trojan detection run a AT together with NOD for layered protection.

Bingo, that says it all. In my opinion, EVERYONE, with the POSSIBLE exception of KAV users, should run both an AV and an AT.

Acadia

[Mele20]

>Bingo, that says it all. In my opinion, EVERYONE, with the POSSIBLE exception of KAV users, should run both an AV and an AT.

Ummm..I think McAfee and F-Secure are probably ok also without a trojan cleaner. I know that if I had XP I would likely be using Kaspersky although I wouldn't like the tech support so who knows.

[Stan999]

What about this post on DSLReports?

http://www.dslreports.com/forum/rema...ty,1~mode=flat

"With AH enabled NOD32 is able to emulate and unpack virtually any packer or crypter. Tested it with about 20 of them."

Is that correct?




Added URL tags

[Blackcat]

But if you read Schouw's comments further down in the same post, this is still only a small number of unpackers.

NOD is good but its unpacking engine is below that of the Kaspersky one.

It will need to sacrifice some of it's scanning speed to approach the unpacking ability of KAV.

No AV is perfect, not even KAV.

And as mentioned previously, Eset have concentrated on scanner speed and ITW detection for NOD.

[Stan999]

Well, I hope Eset continues to concentrate on scanner speed and ITW detection for NOD.

I wouldn't like to see NOD start sacrificing the scanning speed and causing a slow down on a system by trying to do everything KAV does.

I think NOD and a good AT is a great combination as for as speed, system impact, and protection.

Just my personal opinion.

[Blackcat]

Completely agree .

No arguments from me there!

[WilliamP]

I think that I have this thing figured out. I have NOD as my monitor and do scans once a week. I also have KAV Lite 4071 and use only the scanner which I plan to use once or twice a month. I disable AMON temp. then scan. I also have BOClean. I just like to play.

[Blackcat]

You seem to be well protected there, William .

You have a lean, mean virus and trojan- eating machine!!!!!