NOD or DrWeb, quicker against new nasties?

[Firefighter]

This kind of things has been seen too often.

Best regards,
Firefighter!

[Atomic_Ed]

Quote:

Originally Posted by Firefighter

This kind of things has been seen too often.

Best regards,
Firefighter!

I am running nod32 trial right now after running avast for the past week or so and one thing I also noticed was avast gave me a warning on a web site I had visited previously as having a trojan and today I was surfing around and accidentily selected from cache that same site and nod32 gave no warning at all. So either the site has since had the trojan removed since a few days ago or avast was falsely deteting the trojan or nod32 did not catch it at all. I am not sure which of these it was but based on your post I am starting to wonder if nod32 is catching trojans on web sites as good as avast did. From the reviews I have read, nod32 is supposedly like super compared to the others so it is a bit confusing.

[ronjor]

Nod has that trojan in the definitions.

NOD32 - v.1.1158 (20050629)
Virus signature database updates:
JS/TrojanClicker.Linker.L, JS/TrojanClicker.Linker.NB, JS/TrojanDownloader.Small.NAG, VBS/Exploit.Phel.I, VBS/TrojanDownloader.Phel.I, Win32/Bifrose.BP, Win32/Delf.NAP, Win32/Delf.NAQ, Win32/Kelvir.CQ, Win32/Lewor, Win32/Lewor.D, Win32/Mytob.GO, Win32/PSW.Gamania, Win32/Rbot.DUZ, Win32/Robobot.NAD, Win32/Spy.Banker.NEX, Win32/Spy.Banker.NEY, Win32/Spy.Harvester.02, Win32/TrojanClicker.Small.NAI, Win32/TrojanDownloader.Dadobra.AX, Win32/TrojanDownloader.Dadobra.CJ, Win32/TrojanDownloader.Dadobra.DB, Win32/TrojanDownloader.IstBar.JA, Win32/TrojanDownloader.Tiny.NAA, Win32/TrojanDownloader.VB.NAT

[RejZoR]

But it doesn't exactly mean that this is the one (although the name is the same).

I have also seen such screen many times...
http://img320.imageshack.us/img320/1788/jotti5356xq.png

...and another one...
http://img250.imageshack.us/img250/8...ti457450pe.png

[Brian N]

I like this alot better

[Firefighter]

Quote:

Originally Posted by ronjor

Nod has that trojan in the definitions.

NOD32 - v.1.1158 (20050629)
Virus signature database updates:
JS/TrojanClicker.Linker.L, JS/TrojanClicker.Linker.NB, JS/TrojanDownloader.Small.NAG, VBS/Exploit.Phel.I, VBS/TrojanDownloader.Phel.I, Win32/Bifrose.BP, Win32/Delf.NAP, Win32/Delf.NAQ, Win32/Kelvir.CQ, Win32/Lewor, Win32/Lewor.D, Win32/Mytob.GO, Win32/PSW.Gamania, Win32/Rbot.DUZ, Win32/Robobot.NAD, Win32/Spy.Banker.NEX, Win32/Spy.Banker.NEY, Win32/Spy.Harvester.02, Win32/TrojanClicker.Small.NAI, Win32/TrojanDownloader.Dadobra.AX, Win32/TrojanDownloader.Dadobra.CJ, Win32/TrojanDownloader.Dadobra.DB, Win32/TrojanDownloader.IstBar.JA, Win32/TrojanDownloader.Tiny.NAA, Win32/TrojanDownloader.VB.NAT

Kaspersky has covered several "Trojan-Downloader.Win32.IstBar.ja":s which have actually several variants in it. My sample really did this in my former post 21.

http://www.wilderssecurity.com/showt...694#post513694

So I think that it is also valid and really in the wild one. I've also tested that sample against NOD 2.51.3 Beta but with no detections.

Best regards,
Firefighter!

[Patrician]

Quote:

Originally Posted by Atomic_Ed

I am running nod32 trial right now after running avast for the past week or so and one thing I also noticed was avast gave me a warning on a web site I had visited previously as having a trojan and today I was surfing around and accidentily selected from cache that same site and nod32 gave no warning at all. So either the site has since had the trojan removed since a few days ago or avast was falsely deteting the trojan or nod32 did not catch it at all. I am not sure which of these it was but based on your post I am starting to wonder if nod32 is catching trojans on web sites as good as avast did. From the reviews I have read, nod32 is supposedly like super compared to the others so it is a bit confusing.

NOD32 does not detect trojans and/or malware very well at all when comared to some of it's rivals. I use a certain web-site for testing AV software (I know exactly what and how it tries to put on your system) and NOD just sits there letting everything through without a wimper. Even using the tweaking guid here at Wilders makes no difference, NOD completely ignores everything this site installs. Even AVG catches one of them and Avast Home gets 3, KAV gets them all (5)as does Panda Titanium and Platinum, along with any AV running the KAV engine.

At the moment I am running NOD as I have a licence until September and am running Windows x64 so doen't have a lot of choice, but I will not be renewing NOD's licence after it has expired, I'm not at all impressed with it. Looks like if you are runnning NOD32 you really need to have a backup to catch what it misse. Advanced Hueristics? My eye!

[Detox]

Quote:

Originally Posted by RejZoR

But it doesn't exactly mean that this is the one (although the name is the same).

But then it could - since as has been mentioned (aside from Jotti's own other warnings/qualifications) a few times before - Jotti's is on Linux

[RejZoR]

Yeah that might also be another factor...
Ragrding backdoors and trojans. With latest 2.5x.x release of NOD32 they really improved it alot. Check my screenshots and you'll notice string "a variant of" which means that NOD32 didn't exactly matched the malware with signatures,but it has found similarities and flagged a probably modified version of malware stored in signature database. And you'll see such detections quiet often. They never appeared in 2.1x.x versions of NOD32.

[Detox]

yeah - and it also seems (according to my recollection) that Firefighter keeps showing screenies of the same "istbar trojan" (probably a self-installer archive) over and over - why don't you send it to Eset if it's so dangerous? I asked them about it and they say he has not to date.


edited to fix a missing parenthesis - Detox

[RejZoR]

I share the same opinion with Detox...

[TopperID]

If you have a look at this thread from the A2 Forum you'll find a list of various nasties submitted to Jotti's. AntiVir actually finds more of them than NOD32!

http://forum.emsisoft.com/viewtopic....72dde1fe0b2b0f

I know this is not scientific, but when you add it to all the other examples one is left thinking that NOD32 is not nearly as good as some people like to think.

[waters]

Nod must depend on heuristics for weekend protection.
Very rare weekend updates,where as ,even free ones usally update.Antivir has updated twice today up to now.Dr web has also updated this weekend.

[jlo]

Hi,

Well I have to stick by Nod32 I find a lot of new malware on the internet and usually Nod detects with Advanced Heuristics. I do admit its not the best AV on Signitures but in my humble experiance its the best with Heuristics, althrough Norman Sandbox, Bitdefender, Mcaffee, Antivir, Dr Web, VBA and Arcavir are also very good.

I am more than happy with NOd but no AV is perfect. I happen to have 2 licences, use KAV personal on my main computer (more of a resource hog but excellent detection) and Nod32 on my Wife's laptop, runs very light and she is not a heavy websurfer.

I have trialed Dr Web and always submit nasties to them. I like Dr Web and would be happy running Nod32 (which I already do) or I would be more than happy to run Dr Web. Dr Web aways replie back once they detect the submitted nasty where as Nod do not reply back normally.

Dr Web updates more regularly but not quite as regularly as KAV yet!!

Cheers

Jlo

[JerryM]

Bit Defender 8.0 "ain"t" bad either.

Jerry

[Trooper]

Quote:

Originally Posted by RejZoR

I share the same opinion with Detox...

Ditto.

[Notok]

Quote:

Originally Posted by RejZor

I share the same opinion with Detox...

Same here.

Besides, how many here depend solely on an AV, and nothing else, to secure their systems?

[RejZoR]

Me No problems for 6 years since i'm on true PC scene.

[Atomic_Ed]

Quote:

Originally Posted by Patrician

NOD32 does not detect trojans and/or malware very well at all when comared to some of it's rivals. I use a certain web-site for testing AV software (I know exactly what and how it tries to put on your system) and NOD just sits there letting everything through without a wimper. Even using the tweaking guid here at Wilders makes no difference, NOD completely ignores everything this site installs. Even AVG catches one of them and Avast Home gets 3, KAV gets them all (5)as does Panda Titanium and Platinum, along with any AV running the KAV engine.

At the moment I am running NOD as I have a licence until September and am running Windows x64 so doen't have a lot of choice, but I will not be renewing NOD's licence after it has expired, I'm not at all impressed with it. Looks like if you are runnning NOD32 you really need to have a backup to catch what it misse. Advanced Hueristics? My eye!

Well, after running nod32 for a short time on my x64 machine and having previously tested Avast! Pro, I ended up uninstalling nod32 and puchasing the Avast license tonight. While nod32 seemed to run pretty quickly on my system, it was using more memory in the processes than Avast did which was puzzling. That wasn't any issue for me however since nod32 ran fast regardless. What I did not like about nod32 was it not reporting the web sites I had been with avast that did report trojans. In fact while using nod32 I only received one warning out of many sites. Don't get me wrong as I thing nod32 is a very good antivirus program, I just don't believe it is as good at detecting web sites with trojans as avast does. The script blocker in avast is really good too. The only other thing I really didn't care for with nod32 was the interface which to me had no polish whatsoever. I think with such a robust program they could put a bit more work into the interface. Now on the other hand I think Avast is just the oposite with its overdone interface. Anyway after running them both I felt more comfortable running Avast which is why I bought the license. All in all I think they are both really terrific programs I just personally felt like Avast was the better choice overall especially fro surfing web sites that may contain nasties. Avast also appears to run pretty light as well and is using less memory overall. I say if you choose either of them you can't go wrong, but if I were to have kept nod32 then I would have been looking for another supplemental trojan protection app as well in order for me to feel protected better while surfing.

[RejZoR]

Yeah in latest revisions avast! lowered memory usage significantly.
But NOD32 usage is also very low. And interface is also quiet good,you just have to get used to it as with any other interface. Anyway,i hope avast! will serve you well

[fosius]

You said Avast! had detected trojans which NOD32 hadn't. Have you tried www.virustotal.com if that trojans hadnt been only false positives?

[RejZoR]

Not necessary.

AntiVir TR/Agent.P.2
ArcaVir Trojan.Agent.P
Avast Win32:Adware-gen.
AVG Antivirus X
BitDefender Trojan.Agent.P
ClamAV X
Dr.Web not a virus Adware.Aomi
F-Prot Antivirus W32/Agent.PV
Fortinet X
Kaspersky Anti-Virus not-a-virus:AdWare.Gratis.b
NOD32 X
Norman Virus Control W32/Agent.DSI
UNA Trojan.Win32.Agent
VBA32 Trojan.Win32.Agent.p

This one is more likely to be seen on webpage. avast! detects it,NOD32 doesn't. As you can see it's certanly not a false positive.
But this one detects this and misses something else. It's the same for every AV...

[Patrician]

Quote:

Originally Posted by fosius

You said Avast! had detected trojans which NOD32 hadn't. Have you tried www.virustotal.com if that trojans hadnt been only false positives?

Obviously I cannot speak for Atomic_Ed but I know the site I use for testing puts real nasties, not false positives, on your system.. Quite simply NOD does not catch them coming down through your web browser as well as some of it's rivals, including Avast Home edition.

[IBK]

Quote:

NOD or DrWeb, quicker against new nasties?

Why not looking directly at av-comparatives proactive test to get an idea on how the answer could be?

[Firefighter]

Quote:

Originally Posted by IBK

Why not looking directly at av-comparatives proactive test to get an idea on how the answer could be?

My purpose was actually to discuss about the signature scanning capability of those two av:s, not just heuristics. Several samples of new Trojan-Downloaders, AdWare and Exploits are actually detected by defs only, not by heuristics, as we can see here in those other examples too.

Best regards,
Firefighter!