2004 Test Review of Latest AV: NOD32 performs poorly

Nameless :- did you mean -even- if-you are-an-idiot? and not"even-if-you-are-not-an-idiot"?
Steve

 

Huh? No, I meant just what I wrote. I want to know what malware NOD32 misses that someone who doesn't have idiotic computing practices really needs to be concerned with.

 

@nameless

How do you define idiotic computing practices? (If the definition is too narrow you will probably need no security software at all. If the definition is too wide I can easily provide you with a sample that will not be detected by NOD32.)

 

I didn't ask for a sample that NOD32 won't catch. I'm sure I can find one on my own. That is no big deal.

What I am interested in is a malware that NOD32 is ignorant of, which someone might come across without downloading crap from a P2P network, or a warez site, by running anything and everything that enters his inbox or browser, or by running without a firewall.

If you can point me to a legitimate software site that has such a malware, I'm sure that site would be as interested to know about it as Eset would be. Or, tell me how I might get infected with this magicalware without having done something really stupid.

 

@nameless

"I didn't ask for a sample that NOD32 won't catch. I'm sure I can find one on my own. That is no big deal." Agreed.

"What I am interested in is a malware that NOD32 is ignorant of, which someone might come across without downloading crap from a P2P network, or a warez site, by running anything and everything that enters his inbox or browser, or by running without a firewall."

If you avoid all these risks ... do you need an AV/AT at all? Which scenario do you have in mind where NOD32 will protect you?

Personally, I believe that NOD32 is good for detecting replicating malware (like internet worms) which infect thousands of users.

 

That would be a "No, I can't name any such malware." Thanks.

But you do ask a good question. Since I have never come across malware except from idiots who have emailed them to me, I've seriously wondered many a time whether I should hassle with it at all.

 

Huh huh!would have made more sense without the word "even" in the sentence!

 

@nameless

I have thought about our problem ;-)

Let's assume we are cautious and use Opera as our browser. We also have a firewall. We do not open executable files from non-trustworthy sources.

Nevertheless we will get infected with a trojan because we surf to a webpage and open a .pdf file.

See here ( http://secunia.com/internet_explorer_file_download_spoof/ ). This is because of a CLSID vulnerability. You can avoid the problem if you download the file first and do not open the .pdf with your browser. But since you may easily forget to adhere to this security guideline ... I would not call it idiotic behaviour if you get fooled by the trick.

For a more detailed explanation see: http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/

Against this background, it may be helpful if a scanner has a relatively good detection rate in respect of trojans (which NOD32 has not).

 

I'm not sure what you're talking about. It was a goofy way to write it, but it is correct. Consider:

"Is that malware something a lot of people come across, without pushing their luck on warez sites?"

"Yes; you-might-actually-come-across-it-even-if-you're-not-an-idiot"

 

I agree that wouldn't be "idiotic" behavior. I'm not going to run without an AV, but if you look at my new thread, you can see that I'll not be running NOD32.

 

Hi nameless we did both mean the same thing just crossed wires
Steve

 

Nod32 vrs the rest:
OK;
2nd installment:
Issue 43 of PC-Utilities [http://www.livepublishing.co.uk/pcutilities/pcu43.shtml

Reference to www.virus.gr [http://www.virus.gr/english/fullxml/] by Antony Petrakis [aka Virus-P]


.Gives the same results: KAV 99% ; McAfee 97% ; NAV 92% , NOD32 75%

I want to keep the faith [and my fast scanns] but it’s getting hard to step off the cliff willingly

How much slower is KAV? McAfee ? Does McAfee corrupt your computer as badly as NAV?

What to do??

 

Here's a thread from the Other Antivirus forum here regarding Virus P's test when it released last year: http://www.wilderssecurity.com/showthread.php?t=17092;start=0

Reportedly VirusP is improving his test methodology in response to some severe criticisms here and elsewhere. How that goes remains to be seen.

But if you're that concerned about the various tests you've seen, switch to McAfee or KAV. If you want opinions on those two AV's or to see threads discussing them, go to the Other Antivirus forum. There have been a number of discussions there about KAV, fewer about McAfee to my recollection. So you might want to run a search for that forum to see what's already been discussed there about them. If you don't see something that answers your questions about these AV's, post a thread there.

 

Off-topic, personal remark. Removed - Pieter

 

Regarding the PDF vulnerability, just set Acrobat Reader to download all PDF files to disk. That way you don't have to worry about "forgetting" this security precaution. I have never let Acrobat Reader open in my browser.

 

I feel compelled to comment here...

I DON'T CARE WHAT IT'S CALLED, whether it's malware, a joke virus, a plain joke, Trojan, Worm, Blah Blah Blah... I DON'T WANT IT ON MY SYSTEMS!

and, yes, I believe in layered security, but I also believe in common sense, and this bickering is getting ridiculous, tiresome, and typiical of NOD32 "groupies" LOL...

What did William Shatner say? I believe it was "Get a Life!...

Don't be too surprised when Anton Zajec says that to YOU someday...

Let's face it, NOD32 is good, but it's not a KAV... and either know how to interpret VB's results or tell the truth...

It's no KAV...

 

Typpo - should be Zajac and not Zajec...

 

Ok, ok! Calm down, Shooter! Everything's going to be ok!

No one's going to take away your KAV! Right everyone?

 

newbie Heggs:- Hi I don't know what you mean by 2nd installment, they are results from the SAME test so the results will be the same!

 

With regard to speed of various AV programs if you are offline and NOT using files/apps of dubious origin you can turn off your AV,so speed should not be an issue,I also doubt whether any AV will make an impact on any system with regards online activity(with the exception off gaming)browsing,emails ,shopping etc will not be slowed by your choice of AV(IF it is can someone direct me to one that slows my wifes spending!!)

 

Speed is an issue to some of us because we don't want to have to hassle around with the real-time scanner. I sure don't want to have to remember to disable the scanner to defrag, to run a clean-up utility, to scan with this or that other utility, or for any number of other reasons. Doing that isn't only a pain in the rump, it is a good way to get infected by not remembering to enable the real-time monitor again (providing you're a fallible human, that is).

I love KAV in every way, except for how it devours CPU time, generally takes over my system whenever it wants to, forces me to constantly disable it and re-enable it, and prevents me from performing automated file-intensive tasks like defragging.

 

Hi nameless:-I agree with the points you raised,all I was meaning to point out is that the speed of whichever AV anyone chooses shouldn't "takeover"their PC or compting habits.If human fallability is a concern a batch file could be written to launch the real time monitor as IE or other browser was loaded

 

Why does every "test" topic on every forum attract certain anti-NOD32 evangelists, who suspect everyone who does not follow their Party Line of being a NOD32 "gang" member? I thought I had made it quite clear I am a KAV user, I have used KAV happily since it was called AVP, but that fact does not make me blind to NOD32's merits, and does not make me shout "KAV is better!" in every opportunity. No, NOD32 does not detect 100%. No, KAV does not detect 100%. No, NOTHING does detect 100%. I did not come here to defend NOD32, or KAV. My interest was the TEST RESULT, so I mentioned the unworthiness of AV-Test.org testing. Discounting the hype, compare AV-Test.org results with those of VB, SC-CheckMark, and ICSA, and decide for your own selves which to believe, the Top Three, or a test at the low end of the scale.

 

Sure, here you go.

Marked by Symantec as "Discovered on: February 10, 2004" (http://www.sarc.com/avcenter/venc/data/w32.dumaru.ah@mm.html - and you will need to copy and paste that URL, to include the "@mm.html" portion).

Detected by NOD32 eight days later on February 18, 2004.

No need to get angry at me; I'm just making reference here. I suppose people will say "Well, NOD32 detects it now, so it's no big deal." But an 8-day window is an 8-day window.