how long it take to add any new virus to database in KAV and nod32 ?

how long it take to add any new virus to database in KAV and nod32 ?

ist really nod32 need a week to add ?
I read alot of replys says they send same new virus to both of them
just after few hours the kav add it
but nod32 need a week or more
is this true ?
ist true nod32 slow in adding new virus ?

 

Yeah,thats usually true. Kaspersky Lab is very fast in submissions processing.
But ESET will also add samples asap if they found them to be well spread or that they might spread well. Although honestly i prefer Kaspersky's policy of samples handling...

 

thank you
i will buy KAV

 

Well it depends, if you're getting lots of mass mails with worms, then NOD32 might be a better choice (because of heuristics). But if you prefer to have better protection against all sorts of zoo malware out there on webpages, KAV is a better choice. At least at the moment things look like this.

 

heuristics not important if i can send unknown files recvied by email to KAV lab and waiting only 2 hours to reply and add the new virus to database

i think fast update in kav better than heuristics in nod32

becuase heuristics not work every time but the (true) definition is the best

i have seen many time nod32 found virus by heuristics and KAV found the same virus but by defintion

if nod32 do like what kav do it will be the best AV
the best in heuristics and the best in fast update

 

Yup, can't argue with the last line...

 

Why not try to send some of those infected missed snapshot samples in Jotti's to both of those av-vendors? It's quite hard to find them, but at least you have the names of those missed samples shown in Jotti's, maybe those missed Zip/RAR samples are easier to find via Google!

In my mind those two best heuristics av:s, NOD with AH and DrWeb, are quite different concerning all kind of infection updates, the other one has done it well and that's not NOD.

Best regards,
Firefighter!

 

How long does it take for researchers to find a new virus before they can give it to the Anti-Virus company ?

 

You're missing the entire point of heuristics in saying that.

 

Even if NOD should do those updates as fast as DrWeb, NOD should be clearly better at least in Jotti's than Kaspersky!

Best regards,
Firefighter!

 

It is good that some AVs are providing zero-time protection on fast moving significant outbreaks.

https://www.wilderssecurity.com/showthread.php?p=614135#post614135

 

Excellent rebuttal for this thread.

 

I guess the zero-time protection didn't work, when the I-Love-You-virus hit many computers world-wide and this virus wasn't the only one, I just don't remember their names.
Sorry for being sarcastic, I'm in a bad mood.

 

By the way, you can read this thread;
https://www.wilderssecurity.com/showthread.php?t=94934

 

Yes, great that a few of the AVs provided good zero-time protection
while a lot of other AVs had to wait to provide a signature and then the
end user having to wait for an update.

Product - Score
BitDefender - 6 of 6
Fortinet - 6 of 6
Nod32 - 5 of 6

 

To be honest, this zero our protection is only a high advertized myth. A couple of tens attacks PER YEAR were protected about 2...24 hours faster, what's that compared to those a couple of tens NEW hiding threats PER DAY, which were protected by some other av:s 1...6 weeks earlier?



Best regards,
Firefighter!

 

Heuristics are important, how much seems to depend on you're a nod32 proponent or not......

The simple fact is that those zero-hour infections is not going to happen to everybody all time, much will depend an zero-hour infection like the window of opportunity, your ISP, your possible other security software.

I have for example never been hit with a zero-hour infection, what i have been hit with, but not infected with is trojans and quite a few of them and thats why Kaspersky for me is the better choice, for others who apparantly receive zero-hour stuff all the time, Nod32, DrWeb or BitDefender would perhaps be better if we're talking zero-hour only (& an AV only setup), but to me there is a lot of other things to think about when choosing an AV than heuristics.

It's quite funny that an Andreas Marx test with no less than a whopping 6 samples is now used to prove how good Nod's heuristics are, when those of us who can still remember how his skills as an tester were being absolutely butchered by everbody including Stan999 if memory serves me correctly when he made tests in the past showing Nod as not so good in overall detection to the point where he was made to be clueless and had a grudge against Eset/Nod32, but now he's suddenly good enough............

It would be quite interesting btw to know exactly how many users with an updated AV has in fact been infected with zero-hour infection that had a lasting negative impact (like having to reinstall or have someone repair your pc).

 

Not when those zero hour protections were covering the current significant fast moving threats that were infecting a very large number of machines.

A large number of PCs can be infected while waiting for that "2...24 hours"
of protection for those types of infections.

 

Is the Finnish time zone a kind of self protecting mode to zero hour threats, because I have NEVER seen those in my email?

Best regards,
Firefighter!

 

Pretty much same for slovenia when i was using avast! and POP3 based email. I always got updates even before i got any mass mail email message into my inbox.

 

You guys are forgetting that NOD32 has almost the same level of detection than KAV, according to AV-comparatives.

Its true that KAV was superior than NOD32 in the test, but like IBK said, in real life, the superiority of KAV result is practically none... you guys talks like NOD32 has a poor detection rate of zoo viruses, but according to av-comparatives, its not true.

In the other hand, NOD32 proactive defence is really superior than KAv´s

1. NOD32 on demand is very close to KAV´s on demand (almost the same level in real life)
2. NOD32 heurístics is by far better then KAV´s

 

However, a number of folks are as indicated by the various virus radars and other reports that track that type of information. Folks get infected and pass it on which causes the overall count to increase very fast over a very short time span.

 

another day I´ve got an e-mail with a trojan that nod32 heurístics detected it... but KAV didn´t...

 

well look at this then:

Sober.X Virus Spoofs CIA
A newly discovered Sober variant, dubbed Sober.X by some antivirus vendors, is using scare tactics to trick users into opening its infected attachment. The Sober.X worm pretends to be from the CIA and the body of the message warns.

But worse, listing only those three implies they were the first three responders. In fact, for this particular threat, McAfee, Symantec, and F-Secure all took 5+ hours to provide protection. Conversely, five vendors (Dr. Web, QuickHeal, eSafe, Nod32, and Fortinet) detected heuristically - i.e. without requiring specific updates. And of those detections that did require updates, several vendors responded far more quickly than Symantec, McAfee, or F-Secure, including:

BitDefender 2005-10-06 00:54
ClamAV 2005-10-06 01:00
AntiVir 2005-10-06 01:13
Kaspersky 2005-10-06 01:26
F-Prot 2005-10-06 01:50
Sophos 2005-10-06 03:07
Command 2005-10-06 03:42
Panda 2005-10-06 03:53
McAfee 2005-10-06 at 05:13
Symantec 2005-10-06 at 06:36
F-Secure 2005-10-06 06:45

--------------------------------------------------------------------------------------------------------------

and now the info:
Press Release Source: BitDefender


Second Variant of Sony DRM Trojan Detected and Protected by BitDefender
Thursday November 10, 7:03 pm ET
Company's HiVE Technology Enables Detection of New Variation Before Competing AntiVirus Solutions


FORT LAUDERDALE, Fla.--(BUSINESS WIRE)--Nov. 10, 2005--BitDefender(TM), an award-winning provider of antivirus software and data security solutions, announced today that its HiVE technology enabled the detection of a new, second variation of the Sony DRM backdoor Trojan, named Backdoor.IRC.Synd.B. This new variation of the highly publicized Trojan was proactively detected by BitDefender's Labs through behavioral detection made possible through the HiVE virtual environment.
Similar to the first Trojan found earlier today but written with a new digital signature to get past anti-virus defenses, this new version also uses the cover provided by the Sony DRM component to hide itself. Changes found by BitDefender in this new variant include reparation of the bugs from the first version, a change of the file name to "$sys$xp.exe", change of the IRC channel name, as well as some additional minor technical changes.

"BitDefender's HiVE technology enabled us to detect the second variant of the virus without any need for additional signatures," commented Viorel Canja, head of BitDefender Labs. "While this new strain is also in the wild, BitDefender will continue to monitor for any additional variations of the Sony DRM Trojan. BitDefender is committed to being one step ahead of virus writers, so that our customers can feel confident that they are always protected."

According to BitDefender Labs, this new Trojan installs an IRC backdoor on the affected system and may have other functions. BitDefender is currently conducting further analysis on the Trojan and will publish further analysis to its corporate website, http://www.bitdefender.com.

About BitDefender(TM)

BitDefender is a leading provider of security solutions that satisfy the protection requirements of today's computing environment. The company offers the industry's fastest and most effective line of anti-virus and email security defense, setting new standards for timely threat detection and for simple installation, use and updates. BitDefender delivers effective threat management for over 41 million home and corporate users in more than 100 countries. BitDefender is a division of SOFTWIN and is headquartered in Bucharest, Romania, with offices in Fort Lauderdale, Florida; Tettnang, Germany; and Barcelona, Spain. Further information about BitDefender can be obtained by visiting: BitDefender http://www.bitdefender.com/site/home

 

But, again whether you or i get infected depends on a number of things and to just depend on good heuristics is by no means a guarantee of not getting infected.
I'm not saying Heuristics aren't important, i'm just saying balance in your security armor is more important than relying on Heuristics to catch what isn't in your AV's bases yet, because it just won't.

I'm sure thats true, but then again how times have Kav detected trojans that Nod didn't..............