NOD32 in the real world

http://www.wilderssecurity.com/showthread.php?t=14988

 

Sorry wrong thread try this one. http://www.wilderssecurity.com/showthread.php?t=14961

 

Hello,
I think that NOD32 have an excellent heuristic scanner able to detect 70 % aprox of the in-the-wild viruses without requering "updates".
I probe it with many macro and P2P worms and detect many of those without any update.
Only NOD32, McAfee and Dr.Web have a good heuristic for unknown p2p worms, because NAV and KAV have P2P heuristic, but isn't good.
I think that KAV detect more viruses than NOD with bases, but think the following:
KAV use bases, and heuristic as complement.
NOD use heuristic, and bases as complement.
PS: I think that the most important in a AV software isn't daily updates, is the heuristic.
Best Regards.

 

Sir, I think I represent a sizable amount of folks who would probably bet on signatures... Signatures are definate... They however, need to be released asap, otherwise they won't be of any use to many folks when there is a virus outbreak...

But I would probably say, 80% - 85 dependence on timely signatures, with 10 - 15% dependence on Heuristics, is probably a safer route... Signatures with good strong unpackers also help with in most cases having a need for multiple definitions for virus variants.. That's the real world to me....

Nod32 would be fine,A fast acting, always updated AV as primary protection, with heuristics secondary is a good idea... for me... Can you imagine what would happen if a heuristic Av was ever created that could detect 99 % of all NEW threats? A lot of them would go out of business...

 

Here are screenshots I pulled off of DSLR forum about viruses and other such things that they say NOD32 didn't detect. The person who posted these screenshots was Motumbo at DSLR. I am currently testing his findings and I will post my results here. So here goes with the first of seven screenshots.

 

So here goes the second of seven screenshots.

 

So here goes the third of seven screenshots.

 

Here goes the fourth of seven screenshots.

 

here goes the fifth of seven screenshots.

 

Here goes the sixth of seven screenshots.

 

Here goes seven of seven screenshots.

 

I just sent the samples to ESET.. I got my permission.. PS.. I forgot, but they were ALREADY sent 3 weeks ago LOL...

 

SS,

Did you personally send them to ESET 3 weeks ago or do you know someone who did?

 

Someone I know said to me they were sent a while ago, about 3 weeks ago.. I checked with Symantec's Virus Encyclopedia and the majority of the stuff seems at least about 3-4 weeks ago...and the integrity of the people I "spoke" is not to be questioned.. When you consider that KAV, McAfee, NAV and Dr.Web detected this stuff, it makes the whole issue VERY believable.. Besides, I can understand send virus samples that are newfangled, modified, or unique in some ways, to SARC or ESET or whatever, but when folks send old news that's acknowdged by at least the major AV companies, to ESET, at least to me, the burden falls on ESET as to why?

To be honest with you, I personally don't care that NOD32 doesn't detect this stuff... I originally posted a reply to Rerun2... and this grew into a 6+ page thread LOL... I'm all set in my AV needs...

 

Hello,
I've JS.Germinal and JS.Funtime and NOD32 detect it perfectly, please rename it with the extension .js and NOD will detect it.
PS: I probe it with the option scan all files and NOD not detect it, only detect if you rename as .js

 

@ radicalb21

Hi Mark..it is time to update your Nod to Current Version: 1.535 (20031016)

http://www.nod32.com/support/info.htm

Then run it again.

Have you looked at NOD32 Antivirus System version 2.0 ?

Be Well,
John

 

Hi John

1.535 is virus signatures database version not program version. NOD32 program version 1 and 2 share the same virus signatures database.


tECHNODROME

 

OK..thanks...I am learning So assume since this thread is in the Nod version 2 section that is what everyone is running.

 

No problem John.

It’s kind of confusing. I think they should change UPDATE title to Current Virus Signatures Database Version.


tECHNODROME

 

Seems like the problem is that the files are zipped. I may be wrong though.

 

Wrong assumption. Real order while scanning a file is:
1. scanstring
2. dedicated scanning algo
3. heur engine

 

Hello. I have been reading this thread and also the one at DSLR. It is very interesting reading. I was just over at DSLR to see if anything new has popped up. The latest NOD32 tests from Motumbo........

http://www.dslreports.com/forum/remark,8201352~root=security,1~mode=flat~start=220#end

Being that I'm not a security expert, what does Motumbo's latest test signify? I take it from StraitShoot's comments below the test results, it's not good?

 

Pretty simple...LOL..THE FOLLOWING IS MY OPINION...

NOD32 is trying to sweep stuff under the rug.... LOL... There was this malware that 4 others AV's would detect and NOD32 wouldn't... After being bombarded from this site and from DSL Reports, (coincidentially, I submitted these samples to ESET a couple of hours ago), ESET decided to include them in today's update... That's funny...

Read FF Again's comments at DSL Reports and you'll get it....

Peace.
Jim

 

Well, what it signifies is that all NOD32 users are now protected against a few pieces of malware that the average user is probably not going to see, and--unless something changed very recently--are not even listed on the supplement to the WildList, not to mention the WildList itself.

Which means you had a very low percentage chance of ever getting one of them.

I'll give you a personal example: In the last year where I work, our AV--NAV--has caught 11 different pieces of malware.

On over 200 computers.

With over 500 different users.

Running 16 hours a day.

6 days a week.

How many non-WildList badguys?--ZERO!.

I don't fault NOD32 for including them in today's updates, but apparently NAV has been detecting some of them for a while. If they're so prevalent, and NAV ID's them--why aren't they in my logs? I checked again today--they ain't there!

I recall that Rodzilla mentioned in a long previous thread that in a 1-2 month period, something like over 3 million pieces of malware were intercepted in a particular area of the Internet. Out of the 3 million pieces--ZERO were non-ITW viruses.

I hope their inclusion today makes you feel a little bit safer. I know I'm relieved!

(thanks for the correction, Sig!)

 

Much more safer.


Hi JimIT. Thanks for the information. Trying to keep up with everything in both threads in both forums is beginning to make my head spin a little.