NOD32 2.7 detection rate compared to 3.0/4.0

[gugarci]

I've been using NOD32 for about 2 years now. I'm currently using version 2.7. Never bother to update to 3.0 and now I see 4.0 has just been released. NOD32 will be expiring on 4/1 and I have not renewed my license yet.

I've been thinking of switching to Avast or Avira, but why fix something that isn't broken. So I'm leaning towards renewing since NOD since it hasn't let me down yet and works well on my PC. But my question is am i missing something in detection rate by using 2.7 as opposed to 3.0 or 4.0?


I know a lot of people still use and love 2.7. I also know that NOD 3.0 got an advance + rating in the Feb 09 AV Comparative report.
http://www.av-comparatives.org/compa...ews/main-tests
Would the 2.7 engine do as well or am putting myself at risk by using an older version of NOD32?
Thanks.

[gugarci]

I'm now thinking of trying 3.0 since it's been out for a while and that's the version that has been tested lately by AV comparatives. I downloaded the installer last night but have not installed it yet. I will probably do it tonight. Hopefully all the bugs it had in the beginning have been worked out.

My biggest fear is that the engine in 2.7 might miss something that 3.0 will catch.

[GrammatonCleric]

I have asked the question numerous times before.
The answer is that the definitions and advanced heuristics are the same but yet the detection is better.
So I keep trying to press the issue why and at which point no mod cares to elaborate.
Wish you luck.

http://www.wilderssecurity.com/showthread.php?t=236525

http://www.wilderssecurity.com/showthread.php?t=235485

http://www.wilderssecurity.com/showthread.php?t=235542

[rnfolsom]

gugarci:

You might (or might not!) be interested in a related thread that I started: " Choice between NOD32 v3 versus v4," at http://www.wilderssecurity.com/showthread.php?t=237468

But in your thread, the response by GrammatonCleric (immediately preceding the message I am now writing) is somewhat discouraging. The question is reasonable, and someone knowledgeable ought to answer it.

I'll at least try version 3, for the same fear that you have, that v2 might miss something that v3 would catch.

I suspect that the primary security benefit of v3 and v4 over v2 is better malware (particularly spyware) protection, rather than better anti-virus protection, but I don't know what or where I read something that gave me that impression.

However, my wife's computer (also using NOD32 v2.7) has recently had several trojans (buried in zip files attached to incoming email) that were caught on a v.2.7 "in depth analysis" scan, but were not caught when the malicious email was downloaded (Pop3; we both use Mozilla-SeaMonkey browser and email) from our ISP. In the past, NOD32 v2.7 caught email that contained malware as it was downloaded, but I don't remember what the malware was or whether it was buried in a zip file.

Roger Folsom

[loverboy]

The most complete and honest reply was here
http://www.wilderssecurity.com/showp...79&postcount=2

Quote:

Originally Posted by Marcos

Quote:

Yes and the gap will grow in time.

Quote:

It's same for v2/v3/v4

Quote:

Actually you shouldn't notice any difference unless you modify default settings and enable AH on file access/execution (v2 didn't support that). Unlike v2, v3 and v4 don't use any limitations for file scanning by default so you may notice delays even if you didn't with v2. If you come across a file that takes long time to get scanned by v3/v4, we'll appreciate if you report it to us. There are at least 2 ways how to identify such problematic files: 1, using v4 and the integrated statistics window, 2, using Process Monitor by Microsoft and filtering out operations performed by ekrn.exe (in the case of pop3/http traffic, another application may be cloaked as ekrn.exe as its traffic is routed through it).

[GrammatonCleric]

Quote:

Originally Posted by loverboy

The most complete and honest reply was here
http://www.wilderssecurity.com/showp...79&postcount=2

yes but the question is WHY??

can someone just answer me WHY

Read my reply to what Marcos posted in the same Thread you quoted, there was no answer to why And yet my question to what he posted is quite reasonable.

I don't want to hear, The signatures and Advanced Heurstics between 2/3/4 are identical and YET THE DETECTION DIFFERENCE WILL GROW.
I mean that kind of contradicts each other. If malware runs in your ram, then it's decrypted and unpacked therefore if you are running the same heuristics and the same definitions then the detection SHOULD BE IDENTICAL.

How can things be SAME BUT DIFFERENT? What are they hiding, MOD PLEASE ELABORATE and not pick and choose your answers.

[gugarci]

I'm interested in any and all information. I've been scrolling to pass pages in this forum. I'm up to page 16 reading everything I can find of interest.
Like I said 2.7 works extremely well and is very reliable. But if the detection rate is better in the newer version I need to move up to at least 3.0. before something bad happens.

Also Grammaton I came across those 3 threads while scrolling the forum and I also read your thread Roger and Loverboy I also came across that post. After-all I was up to page 16.
Thanks for the replies.

What to do, what to do? Will need to do something this evening. Maybe I'll get home drink a couple of beer and see which way the alcohol takes me. LOL

[blazr63]

I've pondered the same questions since I'm still using 2.7. A while ago I installed 3.0 and noticed a slowdown in performance, so I reinstalled 2.7. It just runs so light and seems to do the job well enough. I'm also running ThreatFire and Spyware Terminator so the layered defense strategy appears to be effective. Both of those run light also (ST v. 2.3.0.507 since the latest is bloatware).

What troubles me is the trend of companies writing bloatware as newer releases. My PC runs lean and mean with XP SP3 and the older apps already mentioned. It's a fast system with Intel Duo 2.66Ghz processors and 4 gigs of ram, but I still want maximum speed out of it providing I don't sacrifice security significantly. Unfortunately eventually the older apps won't be supported so I'll have no choice.

[gugarci]

Well I have an old desktop, It's a 3.20Gz P4 and I'm running XP Pro SP3.

Added Spyware Scanner Module,
Extra Anti-Stealth Support,
SysInspector,
Self-Defense Support Module
Better Cleaning support
Windows Update Notification

These are some reasons to update to 4.0..
Will it be headache free? Possibly if you do the testing.. I'm sure 2.7 can do some of the same protection that 4.0 does.. 4.0 just adds on, and changes some things up in the area of self protection of the Anti Virus client itself, and AntiSpyware, and cleaning of already infected machines which is great for anyone who is going through a migration off Symantec or other AV in which you are unsure of the environment you inherited.

[gugarci]

I just installed 3.0. Just waiting for my user name and password to arrive since my old one has 0 days left and i can update the definition files. The old GIU looks more professional but I'll get used to the new one.

[Marcos]

Quote:

Originally Posted by gugarci

I just installed 3.0. Just waiting for my user name and password to arrive since my old one has 0 days left and i can update the definition files. The old GIU looks more professional but I'll get used to the new one.

If your license has already expired and the distributor you purchased from extended your previous license, it may take up to 24 hours for the license to become valid. In cases when a license has already expired we recommend distributors to issue a new license which is valid from the instant you receive it. Should this be an issue, install the trial version of EAV in the mean time.

[gugarci]

I just realized this right now. 24 hours.
The trial is only for 4.0. Guess I'm screw now.
I either try 4.0 or wait for 3.0 to start working again and hopefully I will not be infested over night.
This really really stinks big time.

[gugarci]

OK I uninstalled the paid version of 3.0 and I'm running the trial of 4.0 right now with current definitions files. I guess I'll get to try this version and it if works I'll skip 3.0 and go right to 4.0

The trial version is 4.0.314 the current paid version is 4.0417. At least I feel safer tonight.

[rnfolsom]

Quote:

Originally Posted by bradtech

Added Spyware Scanner Module,
Extra Anti-Stealth Support,
SysInspector,
Self-Defense Support Module
Better Cleaning support
Windows Update Notification

These are some reasons to update to 4.0..

Will it be headache free? Possibly if you do the testing.. I'm sure 2.7 can do some of the same protection that 4.0 does.. 4.0 just adds on, and changes some things up in the area of self protection of the Anti Virus client itself, and AntiSpyware, and cleaning of already infected machines . . .

Bradtech:

What "testing" do you have in mind?

Are any or all of your listed "reasons to update" applicable to v3 as well as to v4, or only to v4?

I know a little bit about some of the items you list, but can you give a brief description of:
Extra Anti-Stealth Support, SysInspector, and Self-Defense Support Module?

And why would I need NOD32 to tell me that Windows has a new update available, when I can set up Windows (at least Windows 2000) to do that itself?

Thanks for any answers, or places to look in the v3 or v4 Users Guides for answers.

Roger Folsom