Latest AV-comparatives.org test results ( was latest test resultsfor Nod32)

Discussion in 'other anti-virus software' started by Edwin024, Nov 30, 2004.

Thread Status:
Not open for further replies.
  1. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Once again my freind Blackspear wins the Noddy award for the second year running , of continued excellent support for Nod. you may download your prize now @ http://www.noddy.com/fun/fun.htm
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: Latest test results for Nod32

    Firefighter, my post was in relation to Nod32 passing a series of tests and coming in 1st place, at the point in time when I posted, it was in the Nod32 forum. Now that this thread has been shifted out into other antivirus software and given the same start of the thread in this forum, I would not have made such a comment. I will add, if it is not that hard, then why do we not see all others in the same position that Nod32 finds itself within this test.

    On a final point, I’m not here for a debate, just to comment on why my post was presented in the manner that you see it.

    Hope this helps…

    Cheers :D
     
  3. no13

    no13 Retired Major Resident Nutcase

    Joined:
    Sep 28, 2004
    Posts:
    1,327
    Location:
    Wouldn't YOU like to know?
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: Latest test results for Nod32

    Apologies IBK, yes very well done on a such a fine job, I like your approached to the testing, maintaining a beyond reproach stand.

    I'm looking forward to the next round to see how the latest update to Nod32's Heuristic Trojan component tallies up...

    Cheers :D
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thank you Solarpowered Candle, I think ;) :D

    Cheers :D
     
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Re: Latest test results for Nod32

    I'm not here to debate either, unfortunately the difference between debate and discussion is sometimes only a thin line on the water. Especially, when the other part writes an other language as his own native one. It's so hard to indicate all possible nuances with totally foreign language, but there is only one answer, just keep on trying.

    Best regards,
    Firefighter!
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re: Latest test results for Nod32

    LOL, that's ok Firefighter, I'm bad enough with English as my first language, you are doing exceedingly well using 2 languages :D

    All the best…

    Cheers :D
     
  8. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    The two retrospective tests you've done have been the most interesting (and eye-opening) AV tests I've seen in a while.

    Nice job, Andreas...

    :D
     
  9. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Just clarifying a bit how many samples we really have to collect those ItW samples (ItW list just now 393 viruses) if we want to have 90 % Reliability/Confidence Level for that the heuristics detecting rates have the Precision/Accuracy Level of 5 % (= max % error in the detecting rate). The result will be about 160 samples.

    In the long run, there were about 21 new ItW viruses per month. It takes with the median growth of 21 new ItW viruses per month about 8 months to wait that the whole sample collection is finished and the test is available to run.

    Of course NOD doesn't need to wait so a long time, just disable the signature scanning and scan the already known ItW list of files.

    Best regards,
    Firefighter!
     
  10. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,886
    Location:
    Innsbruck (Austria)
    Thx JimIT. :)

    BTW: the forum on www.av-comparatives.org/forum can now be also read by guests. In order to post there etc. a registration is required.
     
  11. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Is it possible to just remove or zero out the signature file in some of the others AVs to test their heuristics detecting rates?
     
  12. _anvil

    _anvil Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    56
    It isn't that easy. Remember that heuristics are updated, too... ;)
     
  13. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    Nice test. :)

    Although F-Prot which i'm currently trialling did rather crap. :'(

    muf
     
  14. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    Re: Latest test results for Nod32

    Let me guess... Eset proposed this test, because it's the only way they could ever beat Kaspersky?

    If nothing else, it should give NOD32 users comfort, in the event that they go for several months without updating their signatures.

    Grrrrrrrreat... I wish I'd read that before bothering to look at the test results.

    Thanks for the laugh.
     
  15. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I tried to zero out those files with DrWeb but no success.

    Best regards,
    Firefighter!
     
  16. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,229
    Re: Latest test results for Nod32

    So you are suggesting that IBK has become an advertising spokesman for Eset? I hardly think so. He has spent a lot of effort and time doing this research. No one complains that the On-Demand comparative could seem to be biased towards KAV, and yet KAV has scores highly in them, I would also say that KAV did rather well in this retrospective/pro active test. I am currently using KAV as a backup on demand scanner and it has never found anything that NOD "missed"
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Re: Latest test results for Nod32

    In an honest battle, the winner changes. So far that has been in Av-Comparatives heuristic's tests too, the first "winner" was McAfee, the second was NOD.

    Best regards,
    Firefighter!
     
  18. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Re: Latest test results for Nod32

    nameless,

    Given the direction of a number of AV vendors, it seems in hindsight a rather obvious test.

    From your second comment, I believe you're still missing the point of the test. It doesn't matter how often you update signatures, only that the new form of malware strikes before you update to a signature version level that will handle that virus. It could be months, days, or hours. It doesn't matter, the final outcome is the same. This test seems to be the best practical implementation of a field test to see how well you are covered in that scenario. Is it perfect? Maybe not, but if you feel it's deficient - what type of objective testing protocol would you suggest in it's stead?

    In terms of performane metrics, I would agree that it misses one critical feature for a consumer - and that's the mean time from when a virus goes active in the wild to when it is handled by a given AV package. Part of KAV's power is to make the vulnerability period quite short via frequent updates and a staff focusing on culling out the latest malware. Another approach is to flag on the programmatic behaviorial characteristics of the code - use a heuristic approach. The vulnerability period is zero if the heuristics recognizes the malware, unfortunately the vulnerability period can be quite long if pure heuristics fails and signature updates are less frequent. There is a clear trade-off in the time dependence of the vulnerability profile between the two approaches. There are other tradeoffs as well.

    Blue
     
  19. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Unfortunately this may not be so simple in the future. There are already 1065 samples more in the official Supplemental (ItW) List just waiting for to be real ItW in the near future.

    Best regards,
    Firefighter!
     
  20. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,229
    Well said BlueZannetti, much more eloquent than I was. BTW on an OT note I finally got KAV to co exist with NOD on my system, I just had to roll back to 4.5.0.49 and now it works like a charm.
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see FF :D

    Cheers :D
     
  22. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,229
    Thanks buddy!! But now I wonder if it is needed at all, I have been with Nod for almost 9 months now and KAV for the last few weeks and it hasn't found anything Nod missed thouh. Did I really need a backup? Anyway sorry for taking this OT.
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My pleasure. It depends on your surfing habits, I run Ewido once a month, so far so good, Nod has been doing it's job. I have a younger male in the household that likes to test out how well the security is on my system, and still it is holding up, even though he thinks I don't know where he wanders off to, treating my little sedan like a 4WDrive ;) :D

    Tis only for a moment, it will go back on course any moment now ;) :D

    :D :D :D
     
  24. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Flyrfan111,

    This isn't really OT if you think about it. Taking the retrospective and demand testing all together, the comment that I made regarding potential variable lenths of windows of vulnerability above, and most peoples desire to have minimal system impact with maximal protection does emphasize the balancing act that we all negotiate in selecting our personal approaches to malware coverage.

    A configuration based on a very light approach - NOD32, F-Prot, or any of the other consensus low resource utilization packages - may benefit from occasional second opinions. These products are getting a lot better, but they still lag some of the heavier solutions out there. To me, having a very comprehensive solution available to periodically confirm that the system is clean, or if a heuristically flagged sample is potentially malware, makes sense. Sometimes the gap is due to a genuinely missed chance, sometimes it will be connected to the specific set of configuration options employed - remember, the mental starting point for me here is low resource realtime solutions backed up with an insurance policy. Certainly, using one of the on-line scanning solutions is also an option.

    If you accept this type of approach, and look at the either the av-comparatives.org test results or the more informally presented assessments posted in this forum by Firefighter!, combintions such as NOD32(main)/KAV(backup) make a certain amount of sense, while others, for example even the simple reverse configuration of KAV(main)/NOD32(backup), would seem to provide less benefit. In arriving at this setup some clear goals have been articulated (for example - the speed/low resource utilization) and some specific mitigating measures have been deployed to address potential gaps (e.g. KAV as a final comprehensive demand arbiter). You can also partially achieve this end result with KAV alone by opening up the realtime monitor to maximize speed, and buttoning down the demand scanner to handle things that the higher speed settings have let through.

    Do you need a backup? You might as well ask if you need insurance given that you haven't experienced a medical or property loss problem in the past. If you go on past history, the answer would be no. But you're not doing this to deal with history, the insurance is there to deal with unforeseen future events and minimize your personal risk in the future situation. This type of software application is no different than insurance, nor is the logic behind the final configuration.

    Note, some configurations that wouldn't make sense from my starting assumptions, do make sense if the initial assumptions are altered. A specific example would be someone requiring freeware solutions all around. In general, these tend to be a bit less comprehensive than payware solutions, so partial duplication of coverage to mitigate the less extensive single application coverage is certainly more understandable.

    Finally, while it's popular to go with all sorts of measures to deal with malware realtime - having working monitors to handle malware/spyware/pop-ups/trojans/worms/etc. - I personally prefer to go with a lighter scheme realtime and augment it with a dose of scheduled demand treatment off-hours. I generally use an AV/BOclean/ProcessGuard/software firewall/NAT-SPI router. A second AV may be present as demand only or installed on a backup boot partition for occasional system checks. Spyware is dealt with using Giant Antispyware/Adaware Pro SE as needed without any of the realtime monitors enabled on either application. TDS3 is available for demand scanning/debugging as required. Total process count is generally 35-40 while working with roughly half of RAM utilized on average. This scheme meets my requirements of lightness - although I have to admit that even a configuration stripped KAV 5.0 WS is pushing any reasonable definition of lightness (and I really wish that they hadn't gone with an integrated package in 5.0 - 4.5's modular approach is more consistent with the direction that I prefer) and I'm still figuring out how I want to proceed with respect to KAV. The NOD32/BOClean combo is almost equivalent to KAV with a lot better performance (IMHO).

    Back your question - do you need a backup? Look at you goals, potential exposures, and implemented solutions. Do you have a consistent approach? If you want lightness with high coverage available as needed - you have a good, internally consistent, solution implemented.

    Blue
     
  25. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I want to add. If the ItW list is after some months about 600 samples, you have to collect almost 190 samples to have Precision/Accuracy Level = 5 % in detection rate when the Reliability/Confidence Level remains the same as 90 %. So it will take propably the same 8 months to make this test, because the average new ItW infections may rise to 25 per month.

    Best regards,
    Firefighter!
     
    Last edited: Dec 3, 2004
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.