Solution for all the problems of Nod32

i AM a kaspersky licence holder, i HAVE used kaspersky, and i HAVE come across quite a few FP's and annoyances within the PDM, to say its perfect without flaws , is just wrong.

sure, every av has its fanboys, but to not state its flaws and basically say its perfect.... is again, wrong.

----------
nods heuristics are the best, and if they didnt really matter (because of PDM), kaspersky themselfs would not be working on better ones for V7.

infact, if they were all that good, why dont kaspersky just scrap their heuristics, they obviously dont need them.

if the PDM offers this sooo called 99% detection that people can branding about, KL could probably scrap half the signatures too aswell as the heuristics. *laughs*

get your head out of the clouds boy, and come back to earth.

 

Possibly a tiered approach is what they're aiming for so that one of the methodologies in place is bound to catch something. Having said that, I've been testing v7, and the heuristics haven't flagged anything up, yet. It may not even do so for the average user because of the strength of their hourly signature updates.

 

There's a difference between perfect, and exaggerating its flaws. Perhaps I was expecting too much by thinking you'd be able to tell the difference? I hope not.

Why does Kaspersky needs heuristics? It's simple, really. Because people like you insist that Kaspersky needs them. As I've realized there are quite a few people who have no idea what the PDM is, much less how it works and what it does. If you ask me, Kaspersky would be better off refining its PDM algorithms rather than working on a "yesterday's technology" like heuristics (which might let the product score higher in heuristics tests like AV-Comparatives', but serve no extra purpose that would've been gained as well by fine-tuning the PDM), but when the masses of sheep insist that heuristics are necessary, then one does what one must to please the customer base and retain market share. Not that I fault them for it; it's business, no more, no less.

Not to mention that I can't see why Kaspersky would choose to focus on heuristics is to be taken an indicator of the flaws of the PDM. Would you care to elaborate?

What IS amusing, though, is when the sheep expect other people to lower expectations to their level.

 

Heuristics need to be fine tuned and updated regularly because of the ever changing malware landscape. In a sense, if an AV company has to update their heuristics, it's almost like signatures so then you're back to square one.

FYI: I made this post quoting Eugene Kaspersky on the subject of the use of heuristics and proactive protection techniques.

 

"The masses of sheep" (Average guy on the street) wouldn't know a heuristic if they fell over it let alone have heard of AV-Comparatives. The simple truth is you don't know enough about the thought process at Kaspersky or understand their product well enough to know why they feel the need to work on their heuristic detection. And neither do I for that matter, but at least I'll say so. But I am amazed that you think people like C.S.J. have enough pull to influence a company like Kaspersky to include a useless feature. Going on the offencive is an old debating technique to get your opponent to back off. But your not stupid so I don't see why you feel the need to go that route. Stick to arguing the facts as you understand them to be true. Insults get you nowhere and just cause people to tune out what may or may not be a compelling arguement.

 

Huh? I thought you're supposed to shut down all applications when installing new software in order to avoid problems. You know, like the new software not functioning properly due to bugs that were introduced as a result of having other programs running. But you're saying it's all right to have a heavy duty program like KAV running??

So basically, what you're saying is that NOD32's superior heuristics are vastly overrated. Do any other AV programs use a PDM feature like KAV has?

 

Are you ok AlamoCity? You have forgot to take your pills?

 

If AlamoCity is serious about this thread, you should send your complaints to Eset directly. They are best in a position to do something about your concerns. Simply venting anger really doesn't accomplish much.

 

Even E.Kaspersky finds NOD32's heuristic really good

http://forum.kasperskyclub.com/index.php?showtopic=956

translation:
... Technically ...
for example , NOD32 has its powerful heuristics


Also , Mike (the Inspector)

 

You apparently haven't been following this thread very closely, as I'm not using it to "vent anger" against Eset. In fact, I stated in the last post on page three:

I'm trying to learn something while expressing my opinion at the same time, if that's okay with you. Just because someone has a negative opinion about something doesn't mean they're "venting anger". Now lets keep this thread on topic, rather than speculating about the motives for what people say.

 

As I have said, you should express your concerns/complaints directly to Eset.
They best can do something about them. Otherwise, what is the point of your thread?

 

What is the point of any thread? As I have said, I am trying to learn something while expressing my opinion at the same time. If that is too difficult for you to understand, please feel free to PM me and we will continue this off-topic discussion in that venue.

As for sending complaints directly to Eset, I have already done that, years ago. Apparently you have some secret technique that you use to convince companies to do your bidding, simply by contacting them directly. Please PM me with this technique, as I would love to learn about it.

Now please respect the rules of this forum and the moderators by keeping your posts in this thread on topic.

 

I am on topic. Obviously you have a serious grievance with Eset. I'm sorry. If you don't like their AV, don't use it. There are plenty of others to choose. Someone who suggests that a top notch company should scrap their AV, obviously has another agenda.

 

AFAIK McAfee and F-Secure use some type of HIPS, possibly similar to what KAV/KIS has. Not exactly sure about the extent of the coverage though. Then there are HIPs programs like Online Armor and Safe'n'Sec that use AV as part of thier detection process.

 

Thanks for your response. Solcroft's position, if I understand him correctly, is that Kaspersky's PDM technology is significantly superior to ordinary heuristics, so I'm just wondering if it's patented.

Because if I could get a third party program with the same feature, then I might switch to NOD32 for it's stability. (Of course, I would also add other layers of security to supplement NOD32's detection.)

What would really be nice is to find an AV program with KAV's detection rate and PDM feature, that is stable/non-buggy. Since Eset has the technical expertise to keep NOD32 stable on a consistent basis, there's no reason why Kaspersky can't accomplish the same thing. As I said in a previous post, "what good is superior detection if it creates more problems than it solves".

I tried F-Secure years ago, and had problems with it. If anyone reading this has had any recent experience with it, could you please tell me:

1) Is it more stable and less buggy than KAV?
2) Does it use a lot more resources than KAV?

Thanks in advance!

 

To be honest, I think that's old advice that doesn't really hold true anymore. I have personally never seen crashes during software installation because I didn't turn off this program or that, but then again that's just me.

No, NOD32's heuristics aren't "overrated", per se. They're very good when compared to other heuristics; it's just that HIPS programs and behavior blockers are in another category altogether. It's like comparing slingshots to guns. No matter how good a slingshot you make, it's not going to be anywhere as effective as, say, a revolver, though both have their respective advantages and weaknesses in different aspects.

 

To me, they are both in the same boat, just different types of anchors.

 

I would like to have KAV running during a software installation, I was just concerned the new program might later be buggy as a result of a small file having been corrupted or put in the wrong place, etc.

I'm confused, in an earlier post regarding NOD32's heuristics you said "79% protection rate is not "better than any other HIPS programs" out there, not by a long shot". Could you clarify this? And could you recommend a good third party heuristics program that's comparable to NOD32's heuristics?

Thanks for clarifying this. If I switch to NOD32, then I definitely want to get a good "behavior blocker" program. Can you recommend one by any chance?

Thanks in advance!

 

"I'm confused, in an earlier post regarding NOD32's heuristics you said "79% protection rate is not "better than any other HIPS programs" out there, not by a long shot". Could you clarify this? And could you recommend a good third party heuristics program that's comparable to NOD32's heuristics?"

He means NOD32 heuristics are better than the competition - which is shown in that test. However, he is also saying that heuristics, per se, are still not as good as HIPS like KAV's PDM. Because heuristics will run the program in a "semi-emulation" and try to use algorithms to determin whether it is a virus. Whereas HIPS will automatically ask your opinion of certain "suspicious" behaviour whether by a legit program or not. Such behaviour that KAV intercepts include things like certain registry changes, programs attempting to change system files (like windows update or a malware) and so forth. KAV's PDM does not distinguish between "virus" and "non-virus" - heuristics do. In that sense PDM's are hard-to-use for average users, and heuristics much easier-to-use.

 

There is....

System Safety Monitor
http://www.syssafety.com/

ProSecurity
http://www.proactive-hips.com/

Online Armor
http://www.tallemu.com/Online-Armor.php

Safe'nSec
http://www.safensoft.com/

Appdefend
http://www.ghostsecurity.com/appdefend/

... just to name a few. You can run a search on the forum for each of the apps above or search using the key word "HIPS", etc.

 

Incorrect. KAV's PDM includes rules to flag certain behavior that are typical of certain classes of malware. For instance, it has a set of rules that allows it to recognize generic trojan and worm behavior. It does monitor certain sensitive registry and autostart locations, and prompt you "dumbly" about them, but only if you turn the protection settings to the highest levels, and still then, the rules have been fairly customized to watch only vital locations of the system, as opposed to "does not distinguish" as you claim. That's what a HIPS does - it warns you about everything. The PDM comes with its own set of rules to minimize user interaction, and it decides what to watch and flag.

 

By "does not distinguish" I think what he means is, the PDM doesn't label the behavior it is flagging clearly for the "average" everyday user ( ie Trojan-Downloader.Win32.Agent.bbb or probably a variant of Win32/PSW.QQShou)... In the end it's up to the user to determine if the behavior is good or bad. Personally I like the Kaspersky PDM, but I know a few people who wouldn't be comfortable with it.