Any reason why NOD32 scan missed a Trojan?

Well, like... when a trojan is claimed to be a codec to view "funny movies" and what it does is automatically spread through e-mail in real world before it's even detected by any AV, it can't really be a zoo sample, can it? And that's just one of the numerous ITW I've seen undetected by NOD32 (it's detected now). At that's just ONE of the numerous experiences with undetected trojans I've seen. Please, let be real here, if you think you have an AV that covers all the trojans in the wild, think again. The rest is just marketing BS.

 

Maybe you missed my last scan result from a Zlob variant - NOD32 was the only one to detect it (apart from the other 2 scanners who alerted on the envelope) and it's always one of the few AVs to detect it among first. Shortly NOD32 will catch any new variant without generic signatures anyway.

 

Anyway, to make long story short, NO av detects everything. That also includes NOD32 along with all other AVs. If' they offer 100% detection for all current and future threats, all other vendors could just close their software studios...
It's unrealistic anyway, coz that won't happen anyway.

 

Marcos, are you actually saying that we should believe a "100% ITW detection" claim? Won't happen with me, especially when I've seen first-handed that it's not even remotely close to reality.

 

Well they do detect ALL ITW samples listed on wildlist. Thats for sure.
So their claim is correct. Weak link here is the wildlist though...

 

I was refering to this particular Zlob - I just insist on my statement that NOD32 is always among the first AVs to detect TD Zlob. Shortly any new variants will be detected without update.

 

Nobody is questioning NOD's awesome heuristics, nor NOD's detection capabilities.

Nevertheless, when I'm looking at the claim

(http://www.nod32.it/products/awards.htm) I can only cringe. This claim might refer to some particular "wildlist" of sorts, but some effort was taken into making it look like this applies to a real-world scenario as well. But it's misleading marketing. Sorry.

NOD32's detection capabilities notwithstanding, in the real world, since may 1998, NOD failed the identification of a big amount (hundreds, most definitely) of viruses/trojans/whatever in the wild, that's the truth.

 

Which ones? Did you actually see the list of ITW threats?

 

Hmm, whether it makes people cringe or not, I think it behooves ESET to make the claim. I think the biggest reason that they should continue to trumpet their performance on this evaluation is that it helps point out ESET's longevity in the AV field. ESET is a relatively small company and I would imagine that it is a comfort to some potential customers that the company has been performing well on AV tests for the last 8 years. That is a long time in the computer world.

Whether or not the wildlist is deficient is way beyond me. It is up for the AV industry as a whole to work out agree upon testing schemes. Until things are changed, I would think ESET is justified in making this claim that no other company can make.

Also, I think the ESET employees who post here continually state that no AV finds everything. No sensible company is going to put that statement into their advertising however.

 

I don't need someone else's list, I test these things myself. I repeat the question: are you implying that NOD did detect every existing trojan or virus in the wild (and when I mean "in the wild", I don't mean "listed on some site")? You can't be serious.

I even showed an undetected one to directly to Paolo Monti some months ago, if you needs some proof of at least one undetected. There could be many others, but (a) I don't keep malware samples when they start being detected (b) I usually only sent samples to Kaspersky and Ewido.

 

I think you need a reminer of NOD's power , This should help you:
http://www.eset.com/products/windows.php
http://www.eset.com/products/compare.php
http://www.eset.com/products/compare_heuristic_detection.php
http://www.eset.com/products/compare-NOD32-vs-competition.php

Best regards!

 

Then it's not In-The-Wild if it exists only on your computer and maybe on a few websites.

 

If it exists on scam sites that try to exploit browser vulnerabilities, or if exists on public accessible web sites and it poses as a legitimate file, then it's not "in the wild"?

 

Nope. ESET never makes a claim to detect all the malware in the real world. This type of claim could and would be described as snake oil! I think you need to re-read my post. I defined ITW malware as malware SPREADING in the real world. The SPREADING part is the most important component of this sentence

You're making a big fuss about some undetected malware. ALL AV misses malware at some point because AV to date is based primarily on a RETROACTIVE model which means it adjusts to what has happened in the past ie. malware found by AV vendor > malware analysed > detection made available to Vendor clients > client protected. This chain of events is exactly the same for every vendor except for when technology is able to replace the bit in the middle ie. the human doing the work. In the case of AV this is either due to generic detection or Heuristics. NOD32 has best of breed for both I don't understand why you are giving these ESET guys a bad time. They have excellent signature database and superb proactive detection. You get the best of both worlds.

Now... I'm no moderator but i think it's time to close this useless thread.

 

Depends on the website. Is it a popular website or something set up on a webserver residing on an infected pc? Are infected as a result of this website widely distributed and are common? There is lot's of variables to determine if malware is 'wild' or not. Just because a file exists and is malicious does not make it ITW

 

This a useless distinction, sorry. It's VERY rare that malware is hosted on popular websites; most of the CWS malware, for instance, is hosted on obscure websites, yet I wouldn't say they are exactly a minor problem. Also, malware such as this one (or one of its variants) was initially missed by NOD32 (in fact, it was missed by all the major AVs), and initially hit quite a few people. According to your definition, an "in the wild" threat is such when it causes only a major disruption at national or world level. That's not "in the wild"; "in the wild" is "spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users".

EDIT: the variant was actually the one referenced here.

 

It's a combination of how common and widely spread infections are.

 

CWS uses exploits and trojans.

 

These are seperate detections. Not CWS itself.

 

So that's what they mean, 100% ITW as defined by those particular tests!

No doubt, it is a bit misleading, but then marketing scumballs seem to be present in every organization. The software team probably doen't even allow them in their part of the building.

I've seen much broader tests where NOD32 detected only 93% or so. That's worrysome, however...that was the highest score of all tested. Anyway, I'd feel worse about the marketing claims if in reality they had poor detection, but they could be called number one fairly honestly, at least in top 3 of all well known antiviruses. I'm too lazy to look it up now, but the thrust of the test was that if you can't afford NOD32, then using multiple layers of protection of free programs can get you comparable protection (AVG + Ewido). However for me (the overkill king) the real message was use NOD32 and Trojan Hunter, and you have the highest protection of all. (He did not specify that combo, but did name those two as top products so it is consistent with what he was pointing out). If you want to stop all trojans, or close to it, IMHO you are still only about halfway done at that point.


-HandsOff

 

Yawn. They're used by CWS affiliates, created by CWS affiliates, and CWS has with very little doubt a part in this. When I talk about "CWS malware", I don't mean just the Adware part.

 

The wildlist in indenendant of AV Vendors. No marketing ploy here

Be careful where you get your information. There are many useless tests out there carried out my unqualified persons. I recommend www.av-comparatives.org and www.av-test.org as do most av vendors.

I don't know the test but I can say that the best protection from malware starts with the user and practicing safe-hex http://www.claymania.com/safe-hex.html - yes after this having a good AV like NOD32 or KAV or similar is also important. Use FF or Opera, Use Thunderbird or similar (I use the bat!). Watch what you download/double click/ etc. Anti-Malware is just as much about havig your wits about you than it is having software to detect the threat.

 

Yawn

Seperate detections... it's a fact. Not part of the wildlist... it's a fact.

You are argumentative (ie. always wanting last word but nothing is constructive)... it's a fact

 

I mean, it's a discussion forum, isn't it?

 

I think this is a more complete quote that better explains exactly what is being communicated. I see no attempt at deception, but a clear and concise statement of truthful fact.

from www.nod32.com.au
Cheers