2004 Test Review of Latest AV: NOD32 performs poorly

Heads Up:

Latest Test results of a number of AV products sees NOD32 perform very poorly. Tested by AV-Test org, commissioned by PC Authority, March issue [http://www.pcauthority.com.au/Index.asp?PageType=toc&CatID=20 ]

This test is duifferent in that all performed well as AV, but each was also tested against 11,349 live Backdoor programs, and 14,288 Trojans.

Results: KAV, 100%, McAfee, 99.1%, NAV 97.6%, Bit Defender 92.6%, PC-Cillin 91%, NOD32 87.7% , Pander Platinum 86.6 % etc

Conclusion: The latest commercial AV's are now leaving NOD32 behind in also scanning for Trojans and Backdoors.

When will we see an Upgrade

 

"Preliminary" comment (without having reading that test):

NOD32 is an AV, not an AT.
It's the Virus-Bulletin tests that counts.
And as Paul uses to say "don't put all your eggs in one basket"

 

I believe in a layered defense. That is why I have NOD32 and TDS3 .

 

That is an arbitrary distinction alone, imposed on us by some manufacturers. There is no practical value in such a distinction, and it is used only to excuse the narrow borders of a product. The days of separating security products by such labels have long become invalid.

Really? You will see plenty of posts in this forum that counter such a claim. Over-reliance on these tests will risk you burning your fingers one day.

Absolutely.

 

In degrees of incompetence, AV-Test.org is 10 out of 10. You will be better served by the joke tests of Anthony Petrakis/VirusP than the joke tests of Andreas Marx/AV-Test.org.

 

As you can tell from my other posts I don't really put much faith in test results(feeling the results can be mainpulated to suit a given preconceived idea just by the "choices" of test material or by the way a product reacts to to threats that the AV manufactureres"pre know" their prodcts will be tested against )but it seems strange to me that the only results that are any seen as any good to most of the members here are the ones that give the results that they want and the ones that dont give the result theywant are "a joke"

 

PS Steve Moss seems to have it "dead right"

 

Look around you steve1955. I do not care where AV-Test.org places NOD32, Last or First is no matter to me because I use another av




Cleaned out insults - Pieter

 

Hello Steve Moss

We are interested in your opinion. Can you please give us information on a valid anti-virus test that uses only in-the-wild virii and no zoo virii as well as no Trojans or worms?

Once in a while we hear a rumor of such tests but to date we just can not seem to nail any down.

We would appreciate your input.

Thank you.

 

QSection, Such a test exists only in the minds of those whose knowledge of Virus Bulletin is limited to what they have read on the Internet. Yes, VB-100 is a test of In The Wild viruses, but always Virus Bulletin is performing VB-100 in conjunction with zoo viruses. This is a true fact.

 

See here ( http://www.f-secure.de/tests/ctvergleichstest0304.pdf ) for a similar test in German language.

If you carefully read the test you will see that Andreas Marx's results are well founded. He is one of the few real experts in this area. And he is far more competent than many self-proclaimed security experts / lamers / trolls which populate almost every security forum.

I do not agree with some of his conclusions because my priorities are different . But I believe that there are no statements in this test which are simply wrong.

 

Hello Bender

In the April 2001 issue of Virus Bulletin in the last part of page 4 and beginning of page 5 we find a response by Matt Ham of Virus Bulletin UK which states in whole,

"We broadly agree with the views of the University of Tampere on this issue but would like to clarify our position on the removal of 'OFFVs' [Old Fashioned File Viruses][zoo virii] from our test-sets. Currently, these types of viruses are not[emphasis original author] included in the criteria for the VB 100% award test regime. In other words, a product which does not detect this kind of virus may still qualify for a VB 100% award. This, we feel, reflects both the requirements of the average PC user and the real-life, modern day status of AV protection. However, we do include 'OFFVs' in our other test-sets, specifically the Standard test-set, as a matter of interest to our readers and in response to requests for this kind of information."

So Bender - we see this quote is from almost 3 years ago so if you have newer information that VB uses zoo virii for the VB 100% tests please let us know.

Thank you for your interest and comments.
Best wishes

 

No. You might be about to claim that is exactly what the VB tests are, but I would have no interest in it anyway, as I could see no practical use for its results. Such a test, the way you describe it, would exist IMO solely to produce statistics for the use of manufacturers in marketing their products.

Now, if you show me a test which (and these criteria are still very loose)...

a. Covers all ITW viruses, trojans and worms (and maybe other malware);
b. is performed not on a preannounced and prescheduled basis, but within hours following the outbreak of each and every major new virus/trojan/worm/etc. (and include samples of those viruses);
c. Runs on all major operating system platforms (or at least a representative selection per test); and
d. Tests with the current signature bases and heuristics of all products deemed part of the test, each configured to the manufacturers installation defaults.

... then I might take a look at its results with some (but not total) interest. Of course, no such test exists, but if it did it would then provide some explanation to that large band of people and companies who have suffered from damaging infections, despite having the 'best' security products up and running (and that includes many with NOD32, by the way).

Now, which test was it I always base my buying decisions on ... ?

 

QSection, sorry, my English is not very clear. Yes, VB-100 is a test of In The Wild viruses "only", for the award one must detect 100% of these. But every test is performed in conjunction with some zoo viruses. You can read in Virus Bulletin, February 2004, is tested virus categories "Macro", Standard", "Polymorphic". These are zoo virus categories, far apart from In The Wild categories, but zoo virus detection is reported, but is not considered for VB-100 award winning. My KAV has 100% detection of all those zoos. So has many other avs. Now compare Virus Bulletin figures with AV-Test.org figures, for the same avs. What is wrong with this picture? Is AV-Test.org guys smarter than Virus Bulletin guys? No way!

 

Steve Moss, if a University exam is conducted that all students are given the questions ahead of time, and they can study for the precise answers, how can a student have a genuine excuse for failing such an exam? His Degree should be assured! VB-100 test is a parallel of that exam. It is a fact, all av makers have access to the Wild List. It is a fact, all av makers have access to Virus Bulletin testing protocols. It is a fact, no av maker should have a genuine excuse for failing to detect 100% of In The Wild viruses in VB-100, except his own incompetence.

 

Bender: I'm not really sure what your point is, except that you seem to quote such a lot of facts, and no opinions . Even if what you say is indeed fact, please appreciate that not everyone considers those 'facts' to be relevant.

 

Hello Steve Moss

Can you document just one case of NOD32 not stopping an in the wild virus? We have heard stories of such but to date no one has been able to document even one case for us to review.

 

With all due respect--speak for yourself. I want ~100% detection of current and imminent threats. I'm not interested in detection of relic/partial/junk/joke virus files. If the situation warrants it, I'll use an AT. I appreciate the fact that NOD doesn't claim to detect "everything". It's a valid distinction as far as I'm concerned.

It seems that every few months this "argument" gets rehashed. I won't rehash it...it's free reading here and elsewhere.

You're free to place your faith in whatever. Over-reliance on any test risks singed digits. However, I prefer to let the record, and professional reputation of a product--and test authority--speak for itself.

 

Bender:- was the term newbies meant as an insult? If you read my post you'll realise I didn't stick up for the test or its result,just an observation,by this newbie(to this site at least)of the reaction in the posts to a results of a test that didn't show NOD in the best light

 

Virus Bulletin is a good test, but NOT the only one... I don't base my decisions on "just one test"... and yes, I admit that The U of Hamburg and VirusP's tests gave me another point of view to look at... I for one, do want an AV that'll detect everything, and that doesn't mean I depend on just one AV... That's just me...

But don't worry about it... Just get as much info as you can grab ahold of... and YOU decide... Virus Bulletin's testing methodology is what it is... I think it's a good methodology, but not the ONLY one..



Cleaned out off-topic remarks - Pieter

 

Well, JimIT, I respect your viewpoint, but I also believe in the adage "Question Authority..." LOL.. I don't place blind faith on any one test... I try to consider them all... If a test is not perfect, well then I try to see if there is any merit at all, and take what I consider important, and discard the rest.. I can't stand False Positives, but for Virus Bulletin to tell me that KAV is not as good as NOD32 because KAV had one false positive is ridiculous.. Everyone knows that KAV WILL detect more Malware, and although I believe in layered security, I still take KAV's word for it versus any AT out there, and I mean ANY... Besides, in my experience, Trojans and Spyware are just as prevalent, and even more so, than Viruses, so I prefer what I want to prefer..

 

KAV's great. Be comfortable with whatever you choose.

 

JimIT well said being comfortable with what you choose+a little common sense is possibly the best course of action for everybody,being paranoid about viruses etc is probably worse than getting them(at least a virus on your PC can't make us physically ill,worrying about them probably can!)

 

Oh no! I guess if I ever start downloading crap from Kazaa, or frequenting warez sites, I better switch away from NOD32! [YAWN]

Show me one real, prevalent, you-might-actually-come-across-it-even-if-you're-not-an-idiot example of malware that NOD32 misses. Just one. Show me. I want to know. Then tell me how a non-idiot would actually come across that malware. I don't mean to sound argumentative; I'm absolutely serious here.

The only malware I've ever come across is via email, which is obviously easy to protect against. This, despite the fact that I've downloaded software thousands and thousands of times over the years. I think if people are doing things that puts them in a position to worry about trojans to that extent, they don't need a different AV, they need to change their computing habits.