Solution for all the problems of Nod32

Well then..., the dues are in the mail .... Honest

Nope. These were all issues that were validated to be solely on KL's end. Occasionally luck would be a partial factor after they had posted a bad/corrupt/malformed/who-knows updcfg.xml file that torpedoed subsequent updates. In one case it was a change in how updates were administered which severely overloaded their servers. In all cases, it was a lack of attention to detail on someone's part.

Both seem fine, but the choice between them is likely more dependent on whether or not the system has a (relatively) static complement of applications.

Not really. With Norton, it is a combination of home and work experience. At home, KAV is actually the program with the most shortfalls of this nature. I've only had one issue with NOD32 (some problem with username/password) in this time.

The specific one's I mention above? No.

Not these. Here I mean standalone executable, nothing is running in the background unless the scanner is launched, and it is demand only by design.

Correct, other options contribute to an overall solution, but it goes beyond security in the usual sense - it's more along the lines of maximized system uptime regardless of the challenge (which could be malware, a hardware issue, etc.).

Blue

 

Funny you should mention that - there was a recent article in InfoWorld regarding a rumour of HP snapping up Symantec:
http://www.infoworld.com/article/07/03/22/13OPentinsight_1.html

 

Please pardon me for my ignorance, but what do you mean by saying this?

This is why I mentioned earlier to call it "Proactive protection for KAV".

Anyway, the way KAV does it, it is a type of heuristic but it is not a traditional method, so sometimes there is the argument that it is not a fair comparison between NOD32 (or any other AV with good traditional heuristics) and Kaspersky. So it has been put into a broader term called "proactive protection".

You know, in the corporate world, buzzwords are the "in" thing...sometimes their meanings collide with each other and get mixed up
So, all things considered, you are right in saying that overall NOD32 is second best in terms of proactive protection.

I *think* what solcroft meant to say was that HIPS in general work on-execution and alert the user whenever it detects ANY sort of suspicious activity. In some cases this may involve an occasional false alert. Since HIPS always alerts the user and asks him to make the final choice on what to do, if the user is not very experienced with computers and does not know whether the suspicious activity is being performed by a trusted/known application or not, then he will not be able to make the right decision and hence he will allow the activity to continue, hence allowing malware to continue infecting his PC.

KAV has a modified HIPS in the sense that it has been simplified somewhat and provides at least some description of whether it is displaying a known-malware like behaviour or not.

Believe me, nobody's going to let a 15-year old do the job of a 24-year old.
Besides, I'm not that good with security just yet, I'm sure I still have much to learn.

I hope that happens soon enough.

 

I was going to wait until tomorrow to respond to posts when I have more time, but with your post I'm making an exception.

Why would you make a post like you did without explaining what in the world you're talking about? And without acknowledging the detection rates that have already been established and discussed in this thread?

Haven't you seen the PC World review on AV programs that's been the subject of ongoing discussions in this forum? http://www.pcworld.com/article/id,130869-page,1/article.html

The review clearly states the proactive detection rate for KAV is 51%, vs 79% for NOD32. Yet you suddenly pop up like a jack-in-the-box and state that it's 7% vs 53%, claiming they are "test results". But you don't bother to offer any semblance of a clue as to what test results you're referring to.

Now that you've had some time to reflect on your post, do you see something wrong with it?? Or did you seriously expect people to accept it as fact, just because you said it?

Please don't think I'm being critical of you, I'm just a little surprised that someone would post something like that in a forum like Wilders. (Well truthfully, I am being a little critical, but don't take it personally. )

 

I believe the numbers are from the Av-Comparatives November 2006 Retrospective/Proactive test.

 

@AlamoCity: C.S.J refers to the test results of Kaspersky in a test made by AV-comparatives (http://www.av-comparatives.org) back in November 2006. That test compared only the on-demand heuristics of the various scanners though, so in real-time you still have top notch proactive protection.

BTW, if you want KAV with better heuristics (for the time being), then you should probably go with F-Secure. It uses KAV engine along with Norman, Ad-Aware and two custom developed engines. F-Secure also has a similar thing as Kaspersky's Proactive defense module which works in real-time, but whether it is as good as KAV's is not known.

 

AlamoCity,

Many of us here would either recall or presume www.av-comparatives.org, and as Thankful mentions, it is the latest (Nov. 2006) retrospective result.

However, what neither test can quantify is the convolved impact of update frequency. I took a stab at an extremely rough estimation here with a rather contrived model to illustrate the tradeoff in rapid signature deployment vs. heuristic coverage. It's a real factor that many forget.

Blue

 

yep, they were from av-comp.

one good result, people quote one av-test, one bad result people quote another.

 

That test was based on KAV's PDM, not its heuristics, which are really not that good.

 

I was just confused, I thought KAV's real-time detection consisted of heuristics.

 

Aren't you conveniently overlooking something? It's not that people were focusing on the PC World test results because of an ulterior motive, it's because they are RECENT.

Whereas the test results you quoted are ancient history. And it's simply illogical to quote six month old test results when reputable test results are available that are less than a month old. Which is why your post made absolutely no sense to me.

But I realize now that you posted without first familiarizing yourself with the thread. Thus you weren't aware that the recent PC World test results had already been repeatedly discussed. So I'm sure you can understand why I was a little critical of your post. In any event, I apologize for insinuating that you're a jack-in-the-box.

 

Then the post made by C.S.J. obviously makes sense after all, at least partially. As he apparently assumed everyone who would see it has been a long term user of Wilders, and thus would know which test he was referring to. But the part that puzzles me is that he brought up six month old test results, when the PC World tests were conducted less than a month ago. As six months is a long time in the anti-virus industry, since it's been said that a minimum of 70 new malware threats are discovered each day.

The weirdest thing is that there could be such a wide disparity in the test results. It's enough to make people think the tests were flawed in some way.

I read that material, and of course your summation sums it up perfectly: "It's in the roll of the dice. No more, no less."

As for trojans, my opinion is that hourly signature updates are irrelevant, since a trojan can infect people for months before it's detected and a signature is added for it. Whether you get infected depends on the dice and the capabilities of your non-signature based security programs, rather than if you get the signature an hour after the trojan is finally discovered.

 

I was referring to the PCUA (Paranoid Computer User's Association), of which I'm the president.

Thanks for the additional explanations, I've learned a lot in this thread.

 

Sounds like it would use a lot more resources than KAV, and according to the Feb. 2007 test results of av-comparatives, the total 'score' for F-Secure was 97,91% vs 97,89% for KAV which isn't much difference. But thanks for the suggestion.

http://www.av-comparatives.org/seiten/ergebnisse_2007_02.php

BTW, here's a surprise about Norton: "Only Symantec's Norton AntiVirus and ESET's NOD32 Anti-Virus caught every variant of the 12 polymorphic families"

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9012078

 

Interesting article. That would really be funny if Symantec got swallowed up by a whale, after they've swallowed up companies so they wouldn't have to compete with them. It would serve them right. But even if they don't get eaten, it appears they don't have the resources to canablize Eset, Kaspersky, Comodo, etc., at least not for a while.

 

yep thats correct, it was in the last av-comparatives test.

have you read the reports,they are quite important, they make it a bit more clearer to what each av did and did not do.

 

Sorry, my mistake, I meant Blackspear's settings:

https://www.wilderssecurity.com/showthread.php?t=37509

 

Well, there's only so many settings available, they're probably close to mine

Blue

 

To make it clearer about the distinction between heuristics and proactive protection such as that used in Kaspersky's current product range, I see heuristics as generic detection as against specially created signatures for specific malware and the Proactive Defense Module as a behavour analyser which is triggered on application execution. Both operate differently.

Kaspersky products have had heuristics for some time i.e. a set of generic signatures, and the November 2006 and earlier retrospective tests at av-comparatives will have tested this along with the heuristics of other products such as NOD. Those results show Kaspersky haven't done well in this arena.

However, the PDM results in the special May 2006 test show a different picture as previously shown, but this is not heuristics. I think this is where the confusion lies.

 

In plain English: heuristics analyze code, the PDM analyzes behavior.

Heuristics is much weaker than the PDM because there are so many ways to can write obfuscated code and encrypt it to throw off the heuristics scanner. There are literally endless ways to write different code that all accomplish the same objective, and since heuristics depend on a set of fixed rules to analyze code, it's simply too stupid to catch them all. The PDM, on the other hand, flags the BEHAVIOR of the code by watching what the program does in real-time. It doesn't matter how the code is written; if it tries to accomplish a particular objective, the PDM will nab it when it does, then ask the user what to do. The obvious drawback of this is, of course, that its overall effectiveness depends a great deal on whether the user is educated enough to make the smart choices, but the algorithms of the PDM themselves simplify this process a great deal when compared to traditional HIPS programs.

 

very good article to read

which is why, nods heuristics are far better than kasperskys.
to think heuristics do not matter would be foolish, as kaspersky themselfs are working on newer/better ones for v7 right?
sure the PDM is fine at what it does, but it still has its flaws and also has its fp's and annoyances to users.

 

I believe the FPs and annoyances of the PDM are exaggerated by people who have a) never used it, and/or b) have no idea what it is.

Try it. It MIGHT pop up an occasional alert or two when you install new software. Other than that, if you get an alert, there's a VERY good chance something is amiss with your system. And it has a detection rate of unknown malware that no heuristics - not even NOD32 - can even dream of getting anywhere close to.

 

arrogance is bliss

 

So is ignorance.

 

Thank you for clearing this up. So the bottom line is that NOD32 currently has the best heuristics of any AV program.

If KAV 7 can beat their heuristics detection rate, and the developers can produce a miracle by making the program stable after years of buggy operation, then Eset could lose a lot of market share.

Because a large percentage of their customers won't be able to justify keeping it solely for the speed. Since KAV will be detecting a lot of malware that NOD32 simply speeds past.

But if KAV remains buggy and unstable, then I don't think Eset has anything to worry about. In fact, I may dump KAV myself and switch to NOD32, as I don't put up with unstable programs that have amateurish bugs.

I would just supplement NOD32's somewhat inferior overall detection rate by adding some on-demand scanning programs like Blue uses, as well as other security programs that are stable.

Kaspersky needs to invest some money in hiring experts who have the technical skill to get the bugs out of their software, instead of just focusing on detection. Because what good is superior detection if it creates more problems than it solves.