how long it take to add any new virus to database in KAV and nod32 ?

I didn't say to just depend on good heuristics?

But as shown by the recent large fast moving outbreaks having an
AV with good heuristics that also helps stop the majority of these outbreaks
at the zero time provides an additional proactive defense.

These are the type of infections that effect a large group of
folks as shown by the various virus radars. The counts go up very fast
then start coming down as the AVs scramble to provide their
signatures and the end users update.

For an AV to already have the ability to stop this sort of outbreak
without having to wait for a signature is a good thing.

 

Well, according to av-comparatives not that much... but we may speak of high dangerous viruses, like Mytob..

 

av-comparatives is one good resource for evaluation but if you look at Jotti's Nod misses many (with heuristics enabled) that kav detects, so six of one and a half dozen of the other.
At least that is my (mis)interpretation of the difference in the detection rates of the two in question.
Who really can argue that by using either one of these AV's, gives you about as good of protection as you can get. There are a few others that fall in this category also.
KAV does have heuristics, they just call them signatures.

 

From Jotti:
"You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service."

 

Thus the sentence "At least that is my (mis)interpretation of the difference in the detection rates of the two in question."

 

Yes, I see it... I´m just remembering you....

But just don´t forget NOD32 has signatures too... nod32 does not have only heuristcs... IBK classified nod32 as excelent (advanced+) in the last on-demand test, just as KAV. Both are great products, with both you will be very well protected, but this myth that KAV has a very better overall detection is just a myth... you only have to look at av-comparatives...

 

Look at NOD's updates about a week before the Av-Comparatives test 08-2005 and you'll see that there was some about 2 months worth update done just before the test. Similar situations you'll see with some other av:s, but not just before the test I presume. So, to add defs drastically before tests may show good in the test reports, but actually it doesn't add the protection level that much. You have to update constantly, on very frequent basis, with about a regular amounts of add defs so that the protection stays in acceptable level ALWAYS.

These are things that you don't see in the Av-Comparatives test table because this kind of tests are not randomly published, you can always prepare to this kind of tests, why not prepare to every TOMORROW then? That's about what Jotti's stats are more or less showing to you, not the overall detection rate!

Best regards,
Firefighter!

 

Did i say anything about heuristics not being a good thing?

I'm just questioning whether heuristics is the thing that makes an AV great or not, i'm quite sure that there are a very large group of users (again with an AV up to date) who have never been infected with one, virusradars or not.

 

No myth! Take a look at a variety of testing sites and you will find that overall KAV is always at the top of the pile for overall malware detection. Most people would agree with this view

 

I'm not against NOD in my former posts in this thread, actually NOD was 4:th among 14 scanners in Jotti's snapshot tests, but it seems to be so that ONLY NOD has the potential to by-pass Kaspersky and be the number 1. in here at Jotti's too. So, why they do not accelerate the updating procedures at least to the same level as DrWeb does?

That's the main thing why I'm so pissed off the attitude of ESET!

Best regards,
Firefighter!

 

Ding-Dong

 

There is a lot of rubbish and non-functional samples submitted to Jotti's scanner. Eset does not strive for the largest database which would include non-functional and corrupted samples as some other AV do. Hence you may see a lot of files "missed" by NOD32. Of course, no AV detects 100% of viruses and there are also samples that are actually missed and should be detected. Before making any conclusion, test the files for functionality.

 

From my former 2.7k samples collection (at least 7...8 months old samples), where those checksums were checked by IBK, I made these observations.

NOD detected about 6.5 % of all DETECTIONS made by NOD as by ProActive methods, but DrWeb 4.33 detected about 3.5 % of all DETECTIONS made by DrWeb as by ProActive methods.

Compared these to what they detected in Jotti's.

In Jotti's NOD detected almost 62 % of all DETECTIONS as by ProActive methods, where as DrWeb 4.33 detected only about 22 % of all DETECTIONS as by ProActive methods. These correlations doesn't match at all together because DrWeb should detect about 33 % as by ProActive methods in Jotti's, if the ProActive methods ratio between NOD/DrWeb remains the same. I just can't believe that most of those snapshot samples DrWeb could name by signatures were FP:s, but DrWeb made signatures faster than NOD.

Best regards,
Firefighter!

 

Yes, I know Eset should implement signatures, but NOD32 has about the same level of detection rate than KAV.. (ww.av-comparatives.org). If Eset implement more and more signatures, they will be better than KAV in overall detection...

 

Your interpretation of one testing site.

 

But av-comparatives, virusbulltin and Hamburg University are the only tests I trust... is there any other I can trust?

 

Why not use your own small combined tests? Just use your instinct and it's groovy!

After all, it's only you who knows your needs, there is any need to trust some outsider.

Best regards,
Firefighter!

PS. Of course you will get some critics, but that's the most amusing part of it, just make the corrections needed and you will get some new critics again!

 

But I don´t have any collection... and I don´t have time to do all the necessary methodology. So I just check Av-comparatives, imho, the best test we have..

 

My PERSONAL opinions of these 3 testers!


Av-Comparatives:

Pros: The tester honestly tries to be independent.

Cons: When he gets samples from DIFFERENT AV-VENDORS, there is always some doubt that certain av-vendors gives more samples than the others. So the objectivity suffers more or less.


VirusBulletin:

Pros: Probably the most appreciated among AV-industry!

Cons: The same as above. Industry is in the opposite of the PC customers. They are concentrating against viruses/worms, when for instance in Jotti's these are only 8.2 % in my own studies according to 6 x 100 snapshots between 17. -24. Nov. 2005. Secondly, these ItW samples are already known BEFORE their tests.


The University of Hamburg :

Pros: The tester honestly tries to be independent.

Cons: They will publish their test results so late, that those results doesn't represent the situation what av-solutions have just now.

Just my humble opinion of course!

Best regards,
Firefighter!

 

By the way, does someone knows when will be released a new test in university of hamburg?

 

Let's start to collect that about 2.5k collection. Use some virtual PC environment proggie like ShadowUser to avoid real nasty infections in your PC, Zip your samples to the safe place before you shut down collecting and ShadowUser.

I am a father of 3 kids, between 17...20 years, and I still have time to this.

Best regards,
Firefighter!

 

I agree with you. Hamburg University is in the first place for me.
Av-Comparatives is a little suspicious for me. Because A/V alternatives aren't varied. I want to see other A/V vendors in their tests.

I want to add www.av-test.org to my trusted A/V testers group.

 

I accept that your proggie has the best heuristics now, when you are adding signatures more frequent to be the nr. 1. in overall all kind of new nasties, so that I can buy your license?

PS. I'm still a Finn and Slovakia belongs to the EU as Germany too, where you are from.

Best regards,
Firefighter!

 

But there is the main difference between Slovenia and Finland. I have got any mass mail email messages into my inbox here in Finland at all.

Best regards,
Firefighter!

PS. I use those free Finnish email providers in the web protected mainly by F-secure and a part with AntiVir.

 

Another example for the biggest outbreak 2005:

http://www.pcwelt.de/news/sicherheit/124839/index.html

"Erkennung ohne aktuelle Updates:" means "Detectin without updates"