NOD32 vs. KAV

If you have to rely on NOD32's advanced heuristics constantly, there isn't much benefit. Some of us would like to actually use our systems, rather than run a command-line scan every 20 minutes. I do realize, however, that some people don't mind being prisoner to their file scanners. But not me.

If you really have to rely on a product feature that doesn't work in real time, the damage will be done by the time you detect the malware. Better to run a product with strong real-time protection, and stay logged on as a user with limited privileges.

Safe computing practices and frequency of virus signature updates (where Kaspersky is much, much better than Eset) is more important than an inconvenient command-line-only feature.

 

I'm not agree with you comment: "inconvenient line commander". You can download NOD32 Advanced shell for check every file that you download from P2P programs, etc.
You also said that KAV is more good on the update area, it's true, but KAV for the most new viruses, need a update. Moreover, AH can be used via IMON and EMON, these 2 components of NOD32 protect the mail, etc. Many new worms use mail to spread. Also via NOD32 control center you can add a new task that include the AH enabled. In a real-time monitor, isn't the only important the protection that it give, the resource that it use is a very important point to consider and KAV in it point sucks.
Also you said: "Safe computing practices". If you use a firewall, download all the patches, not open any file, you don't need a real-time protection that scan deep into archive, packers, etc. For it purpose I think that the best method is use a on-demand scanner, so isn't very important include AH in AMON, ESET can't make a AV that use many system resources like: NAV and KAV

 

To sir_carew and Godzilla from Firefighter!

Why NOD is not using that advanced heuristics as on default settings in all scanning mode like there is with the deep heuristics? Is it because of those false positives that can be one reason to not get that VirusBulletin award?

"The truth is out there, but it hurts!"

Best regards,
Firefighter!

 

I don't think so. I think that ESET not include AH in AMON, because AH use many resource and ESET didn't want to make a AV that use many resource like others: Look at it phrase from ESET:
"We're confident that you won't be disappointed
with NOD32's performance - now, or in the future"
AH isn't similar to the rest of the heuristic like the deep heuristic of nod, kav, mcafee, dr.web heuristic's.

 

To Godzilla from Firefighter!

In that test I referred before there were 4 545 infections new that were not tested 5 months before with that same tester, NOD detected 3 473 of them, it is 76.41% and they were not trojan infections!

"The truth is out there, but it hurts!"

Best regards,
Firefighter!

 

To sir_carew from Firefighter!

So advanced heuristics will never be tested by VirusBulletin?

"The truth is out there, but it hurts!"

Best regards,
Firefighter!

 

Since I do practice "safe computing", I don't download junk from P2P programs in the first place!

But on-demand scanners are useless much of the time anyway. Most of the applications I install have setup programs. Many of these don't use self-extractors, so the contents aren't accessible to on-demand scanners.

What good is an on-demand scanner for this? None at all. The files of the installed application are only accessible once the application is installed, where a real-time monitor will have first dibs on them.

The other route of infection I worry most about is holes like this. Patching isn't the real answer, since Microsoft hasn't patched these (and other) holes yet, and since Microsoft is so careless, the holes remain even after the patches come out. Again, in this case, on-demand scanners are useless; only a real-time scanner will catch whatever comes through (just ask Kevin McAleavey).

I was unable to use IMON, because it was incompatible with Apache HTTP server. EMON was also useless to me, since I don't run Microsoft's buggy email products.

You've got me there! The KAV real-time scanner can be very CPU hungry!

[hr]
I guess it's apples and oranges... What is right for you depends on your computing practices. If you download individual EXE files from questionable sources all the time, preferring to throw caution to the wind, an on-demand scanner with good heuristics is a good thing to have. If you only download from reputable sources, and just want to use your system without spending 18 hours every day scanning it, you need a good real-time scanner which is updated frequently.

 

There is no need for this. NOD32 has almost (if not) perfect VB score. Regular NOD32s heuristics is powerfull and good as well.


tECHNODROME

 

To sir_carew from Firefighter!

My personal priorities today to make my decisions about my av are,

1. Capable to detect in the Wild viruses in VirusBulletin.

2. Updating daily, including weekends.

3. Good unpacking engine.

4. To be among those top 5-10 in independent large "in the Zoo tests" made by VirusBulletin, VTC, Rokop, av-test.org, VirusP and checkvir.hu.

5. To be not the most common av because script kiddies are attacking mostly against them.

6. Not so famous of false alarms.

"The truth is out there, but it hurts!"

Best regards,
Firefighter!

 

To technodrome from Firefighter!

An advanced charachteristics that has never been tested by an independent tester is at least suspicious in my mind, is there something to hide?

"The truth is out there, but it hurts!"

Best regards,
Firefighter!

 

Firefighter, no offense but i have the feeling that you write here only to entertain other people and not to listen and to learn from other people. If you know so much things, why do you still need to post here questions which you could answer to yourself ?

 

LOL @ firefighter!!

Various tests use a program's default settings to see how a program performs out of the box as a basic user might use the program. That establishes a general equitable baseline for the products tested.

You're not suspicious when a test includes nonfunctional viruses or things that are not viruses or malware to determine a product's efficacy in protecting against functioning viruses that actually might be encountered during ordinary use, but then are suspicious when a test uses actual functioning viruses and default program settings? LOL

 

Firefighter is happy as long as the AV detects a large majority of the files concerned--no matter if they can infect you, or are in fact malware at all.

This argument/discussion is so old...and the same answers still apply. And they are still ignored.

 

The rumor is, there is a big brain bug inside of AH..... Once you start using it its all over... No help…(breaking)…Beg for mercy...(breaking)… But you shall not receive one…..(breaking)…static…….


tECHNODROME

 

Jim said it all...


tECHNODROME

 

Currently have KAV and have noticed more CPU spikes. Can't go anywhere during a full scan. I've been pleased with its detection, though. With NOD32, would TrojanHunter be ok, or should NOD32 have TDS-3 with it?

I'm not sure one AV is better. It all depends on what you want in an AV.

 

Note: I'm still satisfied for now with my choice of KAV. It's just a question.

 

An AV that detect more viruses aren't the best.
The rokop test are bad, little comparison are real good, and rokop isn't.

 

The job of an AV is to detect more viruses.

 

There have been plenty of discussions on why more doesn't necessarily mean "better" if the vast majority of that "more" includes stuff that you won't ever encounter on your system. There have been plenty of discussions here and elsewhere about that. Some people are frightened and/or impressed with detection of crap that won't even function on their systems and/or aren't any threat in the wild. But that sort of thinking and marketing sells AV's. Which of course is why AV's do include all sorts of stuff in their databases that the vendors themselves know aren't a likely threat or won't function on one's system.

Some people apparently regard an AV as a magic bullet to save them from themselves and think that every virus that exists poses a real threat, even if it's never propagated in the wild or no longer functions on modern systems, while others regard AV's as a backup to their own common sense and are primarily concerned with the likeliest real threats that they might encounter during ordinary use.

KAV is good but obviously plenty of people who don't use it have systems that are not riddled with viruses and malware and never have been. And no AV, including KAV or McAfee, is 100% effective 100% of the time especially if users are careless and don't use the first and best preventative measure which is their brains.

As for Trojans, even AV's aren't always enough to deal with them, including KAV, if one's activities are such that one is at risk from encountering more than the most common ones.

And all AV's are reactive to the latest real threats like mass mailing email worms which constitute the vast majority of infections and threats on the internet. Users who unthinkingly rely on their AV's to provide total protection from these threats may find themselves on the leading edge of the propagation curve if they happen to run across a new worm before their AV has been updated to combat it and the program's heuristics aren't sufficient to deal with it prior to an update.

So if you think more is better go with the biggest database. Depending on your activities or luck that may or may not mean that you are better protected from the most common means of infection. I often recommend KAV or KAV Lite to people since I don't know how much of a clue they have about security or the activities in which they engage. For others, depending on their activities and systems, KAV may not be warranted or not even a real option and NOD may be more suitable.

 

To Sig from Firefighter!

I agree u that one av that suits to an other doesn't suit to someone else. Why I am so big KAV (KAV engined av:s, F-secure, AVK and KAV) enthusiast? Because I don't know a heck of any malware's life and attitude!

So far when I'm sending a lot of "infected" files to 5-7 different av-vendors and I'll get different feedback of those infections, it's best to take the deepest protection available, because even professionals don't know which is an infection and which not. How can I as "an average Joe" make that "infected" diagnose when even professionals can't do that? Infections seems to be far away from exact science, yes or no, but there is too often probably.

"The truth is out there, but it hurts!"

Best regards,
Firefighter!

 

FF: also as I recall you have kids who are adventurous on the internet so you really do need to load up on protection against all sorts of things since the range of things they are likely to encounter is certainly greater than in my case. Although I also use an AntiTrojan app just as a precaution.

And as spyware apps are getting more intrusive, using trojan like methods and lax IE settings or vulnerabilities to get on people's PC's even people who thought they were safe since their practices were not particularly risky are finding some nasty stuff on their PC's. (The majority of users still use IE as their browser and if they even know the safest settings often will not use them since they impede some "functionalities" on the net.) Some AV's are increasingly addressing these sorts of things, but not all. And I've noticed increasingly that my AT, BOClean, is. If I may quote from an update email from PSC:

" Apologies to all for yet another update - the world of malware has
literally EXPLODED since Microsoft's last "update" and new holes in
Internet Explorer where people STILL allow "active scripting" to be turned on - trojans are being detected in copious quantities as well on so MANY of our customer's machines. Worst we've ever seen. Thus another update as it's once again "zero hour" for yet more spammer takeover tools, exploitation ad-ware and rootkits. Folks who are unprotected are getting hammered.

 Even our OWN customers are seeing BOClean getting busy as soon as they hit a site and files start coming in, while their file scanners sit there fat, dumb and happy. Never seen anything LIKE this in all the years we've been doing this. The "spyware" people have started hiring the former "backdoor" people and have begun using the same techniques as actual trojans. And unlike the normal situations where an AV catches it coming in as a file, more people have been reporting BOClean activity than ever before, and while BOClean has dealt with it, want to know more about what happened."

Not to take the thread off topic, just noting that the days of the "pure" AV has been over for a long time now but perhaps the days of just having a good AV for a one app protection mechanism may also be over even for the average unadventurous user. (Since trojan detection and removal can be a tricky thing. Often I see people post that their AV has detected a trojan but cannot remove it. They either have to do so manually if instructions can be provided or download an AT that can take care of it.)

Anyway, we definitely do agree that people's skills and activities should dictate the kind(s) of protection they need. You have specific circumstances and previous experience to tell you what you need to protect against. If I were in your circumstances I'd go with the heaviest duty and broadest AV and AT protection I could find. And still have an AT app as a backup, which I believe you do also.

 

To Sig from Firefighter!

Even I am layering my protection despite of my eXtendia av. Just now my whole strongest protection is eTrust EZ firewall, eXtendia AVK Pro, TrojanHunter 3.7, SpyBot 1.2, SpywareBlaster, MRU-Blaster, Clean Up 3.1.2, Hijack This, CWShedder, YAW 3.5 anti-dialer (not necessary because of my fast ADSL connection).

So my work is basicly updating those aplications because they all don't do that automaticly.

"The truth is out there, but it hurts!"

Best regards,
Firefighter!

 

I'm not a security expert by no means. I own licenses for KAV, AVK, McAfee and NOD32 just expired. I am using KAV as my main AV and AVK as my on demand scanner. I've been using this combination for a while now and it works. It would take alot of convicing me to move away from KAV. It is the best in my opinion. c

 

For Firefighter:
You're saying that ESET not include AH in the AMON for the falses positives. I recently download a ZIP package that include aprox 6.480 files that KAV with the latest update detect as infected and the files aren't infected. I check it with many AV, and I send some of these sample to AV laboratories, and the reply is: The file is clean. KAV incorrently detect those files as infected. I'm segure that KAV produce more falses positives than NOD32. Note that these falses positives are produced with the Code Analyzer disabled!, in other words the bases are the problem
I will not send these files to Kaspersky, because I hate the people of it company.
PD: If you don't believe me, send me a private message with your mail address and I will send you 2 falses positives.