NOD32 in the real world

Thanks for your input MegaHertz. I was so happy with the results of the format and reinstall and more importantly, my father was impressed as well. That was all shot to hell when I put NAV 2004 on it. I am really hoping NOD32 will be the answer to protect this "relic from the past". Thanks again for your feedback. I am getting more and more encouraged.

 

A lot of good points being brought up

I do agree that there are certain factors that can sometimes "blur" test results (for ex: false positives, zoo virii, trojans, backdoors, worms, exploits etc). And I am very well aware that one can manipulate a test to show a desired result. But IMO there is enough consistency from these various tests to at least be curious or wonder about how NOD32 really performs outside of the "VirusBtn arena" (if you will).

The argument for zoo virii is becoming more and more blurred as well IMO. In the DSLR thread a lot of people mention samples coming from usage of P2P, which today is becoming quite common place among most average computer users (despite the obvious risk). If someone were to share a zoo virus on the network and a few people download it. Would it now not constitute as an ITW virii... "When a virus is reported to us by two or more Reporters, it's a pretty good indication that the virus is out there, spreading, causing real problems to users. We consider such a virus to be 'In the Wild'." (I dont know, maybe "reporters" can be considered subjective too ) And if what most people are saying about NOD32 not detecting many samples from P2P is that not another indicator?
(I did enjoy the reading that you presented sig, I hope you get some karma out of it!)

Quote from wildlist.org

To Paul: I agree completely that it is not the job of anyone from Eset to go around forums and acknowledge such arguments time and time again. But I fear there will be certain readers who will buy into what is being said without looking deeper into the situation. Both the thread here and at DSLR have been heavily read, and maybe it might present a good opportunity for Eset to clear things up and to relieve some user's concerns. If they do respond, I personally do not expect a technical reply or anything like that. But it would be nice to see how they view the "issue," or if they consider it a "problem," or if they plan on addressing it. I hope that is legitimate and not too much to ask.

 

I'm not kidding... It's 10:00 pm where I am right now and I just got an emergency call that'll probably keep me busy until Midnight... I will
1. Wait for a response from the person that I am waiting for...
2. Look for the damn samples when I get back..LOL...

I feel your pain... , really, I understand.. but I also feel that ESET shouldn't have to wait.. They can do as I said above... Read through the threads, and get the virii.. They are readilly available...

I seriously will try to end the mystery within the next couple of hours...

 

Don't worry. I'm sure we'll muddle through until you get permission and find the files.

We'll all be excited to have the matter resolved, as I'm sure those threats pose a serious hazard to all NOD32 users, and I for one applaud you for your efforts.

 

Heh, rerun, thanks but I think I just had way too much coffee today.

I think I recall linking to the wild list site at BBR, so here's the current list and supplemental and it also lists the reporters. Some names or at least organizations will be recognized: http://www.wildlist.org/WildList/Real-Time.htm

What's interesting is how long some of these critters hang around. There are some oldies but goodies on the list. And really although we use "virus" to describe much of the stuff out there as a convenient tag(including malware aka trojans I believe), the vast majority of the Wild List "viruses" are not viruses but worms.

And of course the Wild List does not include trojans, IRC stuff, etc which can be found at least in some quantity in any viable AV on the market today. Since they are "out there."

Just for a different although more limited list and an interesting pie chart grraphic, heres Kaspersky's Top 20 List for September 2003:

http://www.viruslist.com/eng/index.html?tnews=1001&id=158302

I'd like to see KAV's top 100 if they had such a thing.

 

Fine... all I know is my computer doesn't have those "things" in my system.. Yours might... LOL...

If I find them, I'll send them.. Only because there are some NOD32 users out there who should get a fair shake and have their AV be able to detect them..

BTW, is this strategy a tactic with "some" NOD32 users? When someone brings up a critique on NOD32, true or not, attack them and discredit them.... to no end? Last I knew some religious cults and L. Ron Hubbard employed those tricks..LOL..

 

JimIT: I rather doubt there's necessarily a serious threat if 8tunes is representative of the rest of test's threat level, prevalence and value.

Symantec doesn't appear to have a write up on it. Googling on the net garners mainly a number of VX sites one can download it from and write ups such as this:

A write up with a date of June 1990: http://agn-www.informatik.uni-hamburg.de/catalog/msdos/html/eight_tu.htm


Kaspersky's write up, under the category File viruses, DOS: http://www.viruslist.com/eng/viruslist.html?id=31

I found no chat board posts saying "hey, I've got 8tunes, how do I get rid of it" as one might find with prevalent viruses, spyware or even warts.

After a few pages I wound up looking at Looney Tunes and wondered if perhaps Motumbo is having a real good laugh at pleas that ESET include this "dangerous" and apparently at least 13 year old MS DOS virus in its database.....

 

I wouldn’t be surprise if ESET team already posses this samples. They simple don’t include them cause they don’t see them as a real threat. I for one do agree.

Some AVs companies will add anything and detect anything and some won’t. Some AVs will identify virus sources (in *.txt formats) as infected, some won’t. I’ve seen many viruses detect by Avs that simple DON’T and CAN’T infect you at all. There are many Av companies out there and obviously we see different results and views on these issues.

The battle between Avs is never ending story. Improvements, detection, features, performance are some of characteristics and issues of this battle. Common goal is to provide end user with best possible protection. As an end user you should relax, knowing that there is someone out there looking out for you.

These tests (such as dslr tests) prove nothing. There are and they will be viruses not detected by some AV (if not all). You simple CAN’T relay on these tests. If you do, you will keep changing Avs like socks.

What AV is ideal for you?
The one that works for you.

What AV is the best?
None.
People who think that they use the best AV will be bulletproof are most likely to get infected. Why? Because if specific AV scanner identified some file as clean, it’s most likely user will believe that there is no danger of running it. Wrong. Use common sense.

The guy who ran this test (hardly a test) selected viruses that NOD32 will miss. NOD32 got all ZEROs. I am sure that he has viruses that are detected by NOD32 but he wanted to trash NOD32. I am amazed to see a large number of people consider this as a real test.

It would take 4 minutes of my time to do the same thing to KAV or NAV or DrWeb. But this isn’t my motto. It’s not ethical. Or is it...


tECHNODROME

 

I wouldn't know. I hope you took my remarks in the manner in which I intended them.

I find it unfortunate that when someone contributes to a critique on NOD32--true or not--in the Official NOD32 Support Forum--after several days of the critique gathering steam elsewhere, and several days of extensive "testing" on samples done elsewhere, that those very same supposedly damning samples are suddenly nowhere to be found, or require "permission" to be sent to the very place they need to go.

At face value, it could be construed that the interest lies mainly in trashing NOD32, not in finding an answer to why the samples aren't detected.

But that's just my opinion. No offense intended.

 

Well, I did find them.. I made a back up of "My Documents" and luckilly I had them saved there...

Now, I am waiting for permission.. I said before, I don't want to break a trust.. Assuming you understand that, I'l wait...

Now I'm a Nod basher...Maybe pretty soon I'll get "banned" too...LOL..

Besides, the samples are around.. They were detected by NAV, McAFee, KAV and Dr. Web...

But, like I said, I promise to send them out if it's okay...
Otherwise, label me a Nod basher and ban me... LOL..

 

MOVED: Re:NOD32 in the real world

Taken offline for Admin review. Please stay on-topic and refrain from personal attacks.

TIA,

Pieter

 

Very, and i say , VERY good points here Tech.
Fully agree with you.

 

Im not sure whether it would be considered ethical either , but if these samples were NOT detected by the 3 AVs you mentioned, AND detected by NOD32 as legitimate ITW virii, it sure would be interesting to see. Thanks again everyone.

 

Yes it can be done. No, it wouldn’t be ethical. The point is this kind of test is easy to produce. Only author of test is aware of virii selection and his/her goal.

I sent many virii sample to x and y av companies. They'd thank me for submission or let me know that they are aware of those samples but since they are not a real thread they won't add them.


tECHNODROME

 

What about all the undiscovered itw viruses floating around the net... aren't those the most dangerous ones? NOD32 with it's extremely powerfull heuristics scanning engine would make most other av's look pretty unsafe if you could collect all those viruses and scan them

Personally I feel much safer using NOD32 than with any other AV.

 

Would it be considered very unethical and against free speech if i'd requets admin to close this thread ? The discussions is very off topic ....

 

I would prefer it remain open until we either get the samples or not get the samples......still awaiting those results from SS.

 

I second that. I realize I am very new to this forum (and site) but as long as there are no personal attacks, I welcome everyone's opinions, both positive and negative. I see no better way to make a decision on something than to get as much quality feedback as possible. I am enjoying this thread and the one at DSLR and I hope the intelligent discussion can continue as I am learning more and more with each new post.

 

Closing a topic at this point is like turning off the TV 5 mins before the end of a real good movie .

 

Well it has been awfully quiet today in this forum and dslr.........haven't seen SS post anywhere when normally he's posting "several" times per day. SS.....are you going to post the files or not


Edited for spelling error.

 

Can anyone supply the name and contact information of anyone who has gotten infected with a virus and had NOD32 installed and updated?

 

I have been using NOD32 for several years now and it has kept my computers from being infected a large number of times over that period. I have some of the same e-mail addresses from 1996 that have been posted on a number of web sites so I get a fair amount of stuff sent my way. So far NOD has been very effective for me. I consider that "real world" protection.

 

I'm still around...

I did have to work today... LOL....

Did not get permission yet... I am waiting just like everyone else...

If I don't get it, you folks might as well ask someone else who has them... I don't want to break a trust... You can argue all you want, but that's how it is... Other folks DO have them.. Check them up on DSL Reports..


I sincerely am not trying to be difficult... I just don't want to break a trust...


PS Trojan Hunter ALSO detected some of them too...
Jim