Losing faith with NOD32 shocker!

No problem Elvis, I know better then most, if you are going to dish it out, be ready to swallow it. Cheers.

 

right... if you want to know whether the file is infected or not you should send it to another vendor to get a reply. You can't trust .."Hey, ESET didn't added it in 5-6 days, then it's clean." They could add it in 2-3 weeks.

 

The first time I installed NOD32 on my machine it found a five year old virus in an old email (spam) executable file attachment. The virus infected file had been saved as an archive from the previous system's hard drive. The NOD32 heuristics detected it and correctly identified the file as a virus on its first deep system scan while NAV, a trial version of KAV, TrendMicro, McAfee and all the other security software I had ever run on that machine for five years had missed it. NOD32 was the only one that found it. Certainly it could be argued that this particular virus was not a threat since it had never been active but it still impresses me that the NOD32 heuristics engine prevailed in this situation when many other top AVs completely failed. After this positive experience I knew that NOD32 was a special kind of AV with many other benefits such as being highly customizable and having a relatively light footprint. Besides using it for real time protection on my main desktop I have installed it as the main AV on many systems that I manage with excellent results.

I have seen KAV find malware that other top AVs and AS programs have missed and I have seen just this past year a fully updated Windows XP SP2 machine protected by the newer version of Avira PE Classic and Windows Defender get taken over by countless viruses within a few days. Obviously few think that the "single incident" test is a good way to judge an AV's effectiveness. However there is a good argument made here for having redundancy for security software which is why it is good to have backup AV and AS programs for on demand scanning. For power internet users who are doing allot of file downloading I think having backup security for on demand scanning becomes even more important.

With my current desktop setup if I have a questionable file I have it scanned first with NOD32 and SpySweeper which are both running in real time and if I choose to do so it only takes me a few seconds to disable NOD32's real time detection and scan the file on demand with the KAV engine in ZASS v7. If a zero day threat "super-virus" somehow slips past detection by NOD32, SpySweeper, Windows Defender, and the KAV engine scan on demand then hopefully the ZASS Program Control and OS Firewall will alert me and halt the malware activity.

 

I've performed another quick test in the same style as before - deliberately downloading malware from P2P. Ran a scan - Kaspersky, AVG Antispyware and A2 Free all detected a backdoor trojan.

NOD32 and SAS - nothing.

Again, I find it strange that NOD32 doesn't even alert me of a possible threat.

Ok, no more 'testing' on my behalf - my choice is firmly made. I know it's hardly an in-depth test, but it's enough for me.

 

A thankless task, "ain't it?"

Regards,
Jerry

 

I quite enjoyed it . Peace of mind is what it's all about, and I've personally gained that. I hope.

 

All AVs miss malware. That's the reason for a layered defense.

 

Been following along with your thread, very interesting.

What is the name of the backdoor Trojan you used? I want to see if my security software tools are aware of it.

Thanks

 

I use NOD32, and I'm not sure about detection, but one thing I am absolutely certain about is that it doesn't slow down my PC in any way or cause any O/S related problems such as crashing or hanging.

Why is it that I see so many posts regarding KAV users reverting to .303 from .621 because of speed and stability issues.

 

I agree with what you say and have reverted back to NOD32 for time being.

Gary

 

Unfortunately, KAV has some stability problems, and I have tried a couple of other AVs until the stability problems are solved. Right now I am using AntiVir Premium, and it is running great, as did NOD and Avast.

I will return to Kaspersky in time, assuming the bugs are worked out, as I continue to like it better than anything else, and have high confidence in its protection. But I sure do like AntiVir, and if KAV/KIS remains buggy on my system I anticipate that I will keep AntiVir. I have high hopes for KAV 7.

I can see how the OP has lost some faith in NOD, and I admit that I have seen enough threads regarding detection and removal re NOD that I do not have the confidence I did a few months ago. The failure to attain Advanced + on AVC did not help it either for me. I think I would feel as secure with Avast Home + AVG AS.

Best,
Jerry

 

I have the best luck with Kaspersky then... Every time I send them malware I get a response in less then 8 hours (Which is good because I wake up and have a response lol) and they say "New malware has been found" or "There is no malicious code found in the sample you gave us"

I get the same results unfortunately... Though my samples come from a different source.

 

JerryM, how light and stable/reliable is Antivir Premium compared to NOD?

 

IMO Slightly less stable as there have been reported some minor bugs while scanning certain types of files on specific computer configurations. As far as reliability goes, its about the best you can get.

 

Dear mrfargoreed,

A few posts back someone asked you:

So... can you help enlighten us please?

 

Yes, please I'm the someone Rickk refers too, all malware has a name, what is it please?

 

It should be easy for mrfargoreed to find the name of the malware tesed/detected... Just look through the scanning logs.

 

I think it is probably slightly less stable than NOD, but I am not having any problems. I did have two instances of the icon not showing in the tray, but I removed Snoopfree and UnHackMe, and have changed SAS and AVG AS to on-demand. The only think I have running at start is AntiVir Premium, firewall LNS, and WinPatrol.
I find that it loads faster, and slightly faster than NOD, although the difference is not great.

Overall AntiVir is running superbly.

As to resources, I do not remember what NOD did, but AntiVir is not noticeable on my system, and neither was NOD. I do not think either is lighter overall than KAV. F-Secure is definitely heavier than those three, but I like it anyway, and it does not slow my system but is a couple of minutes slower to start. Of course it has more running processes than the others. I am using the IS suite so I expect it to be a little slower due to the number of processes.

Of the top notch AVs I have used I like KAV, AntiVir, F-Secure, and NOD in that order. Unfortunately at the present time neither KAV nor FS runs well on this machine so the two I find usable now are AntiVir and NOD.

Regards,
Jerry

 

Hey Escalader!

Unfortunately the first trojan I used has been wiped from the system - I was using an FDISR snapshot to test, which I have since deleted so I don't have the original log files from anything. I think I set Kaspersky to remove it.

A couple of other tests I did:

One was picked up by AVG AS as 'Trojan.Feutel.av - Risk High' Not detected by SAS and Kaspersky, but NOD32 showed as 'Win32/Tool.TPE.A application'.

The other picked up by A2 as 'Backdoor.Win32.Ciadoor.13 - 3 files - Risk High'. Not detected by SAS, Kaspersky or NOD32.

Both have been cleared from the testing snapshot now. The strange thing is that when I re-installed Kaspersky this morning to try the test again with the above two examples, it didn't detect either! And this was on a clean snapshot with no other security software to affect results, so now I am even more confused than ever.

This is getting extremely confusing. Another thing is that NOD32 didn't detect the file until I extracted the file with Winrar, whereas AVG detected without extracting even though I had set NOD32 to scan archives, too.



I will try to re-download the first trojan I used and report back with the name and details for you, provided I can remember the file I downloaded in the first place.


PS - didn't reply sooner as been asleep - it's been night in the UK.

 

I agree that those are all top rated AVs and considering that it is really the luck of the draw if one of them doesn't happen to detect a specific malware then the only real question is which one runs best on your system. I think that power users should find two that are able to co-exist then choose the one they like the most for real time protection and the other one as a back up for on demand scanning. My order of preference right now is NOD32, KAV or a KAV engine based AV and AntiVir Premium but my opinion is based on what works best along with my other security software and not just the detection capabilities. I also have no problem recommending any one of those three top AVs to common users as a stand alone AV program.

 

to me the ability to clean, supersedes the ability to just detect.

 

To me, it just happens to be nitpicking. I wouldn't trust an infected system any further than I can throw it, no matter how well any scanner claims to be able to "clean" it.

 

solcroft, your point is a very valid one. But I wonder how many of us use sytems like that, knowingly or not.

 

I prefer completely deleting the infected file or files unless they absolutely "must" be retained. While doing PC tech referral work I have successfully cleaned systems with over a thousand malware detections. I used multiple web based and fully installed AV and AS programs (in standard and safe mode) to clean them but for those heavily infected systems I usually recommend a complete HD re-format and re-install of Windows. However with the heavily malware infected PCs where cleaning the entire system is the requested there is always that unsettling feeling that system security has been permanently altered for the worse no matter how effective the AV software cleaning seems to have been.

 

Although the tests I have done are far from professional (I wouldn't know where to start), one thing that has really hit home more than ever, is the idea of the layered defense approach - of course, no AV or AS will detect everything, and just when I think one is better than the other, it doesn't detect a couple of threats I throw at it this morning. So I feel I am back to square one. Yes, NOD32 has shocked me a little as to missing things, but so has Kaspersky today. And, throughout all these 'tests' I have had SuperAntiSpyware running in the background which hasn't even woken up.

Do these simple tests indicate the strength of software like FDISR and Rollback RX which will restore your system in seconds? Or the need for HIPS programs to harden the system even more?

As I have read here on numerous occasions, it all comes down to common sense - don't surf on the wild side, don't use file sharing apps, and don't let anyone else but yourself use your machine (unless you are 100% certain that they are not doing anything malicious), but this is not often possible unless I am the only user (which I am not).

I guess the search for the 'perfect' set up continues.