"Very badly catches viruses"?

The following is a web translated, from Russian to English, portion of a long interview in a Russian newspaper recently with Eugene Kaspersky.
His remarks are being discussed in a thread on NOD32 over at dslreports.

http://www.gazeta.ru/avp.shtml

Question:

"How you do relate to the appearance of new competitors on the fight with the computer viruses, for example, such, as NOD32, which, as are considered many, are much more effective in comparison with the antivirus Of kasperskogo?//Sergey (Zelenograd)"

Answer:

"Speaking about other antivirus programs, I can make mistakes: it is not necessary to receive my opinion as the opinion of company - this is my the personal opinion of antiviral expert, which can not coincide with other opinions - companies and other antiviral experts.
NOD32 - very convenient, very rapid antivirus program, which very badly catches viruses. Regularly are obtained the rewards WB -100%, since "it is sharpened" to obtaining of these rewards. In the real life it very frequently passes the cases of infection. It enjoys popularity among the users, that determine the effectiveness of antivirus program on the beauty of interface. It does not enjoy popularity among the system administrators, who are investigated, that to what."

I don't agree, of course, with those remarks but I think it great that there this is this amount of competition as that is wonderful for the users. If NOD32 were not such a big competitor, I doubt Kaspersky would have made such strong remarks about it.

 

I'm not agree with this selfcentered sir Eugene Kaspersky
KAV detect more trojans than NOD, agree. But NOD has detected many of the new worms with heuristic than KAV not protecting its users without a update. KAV release every 3 hours update, because they want to hide its joke of heuristic. KAV is a good product, however many KAV empleoyee su*k*

 

Just some:
>It enjoys popularity among the users, that determine the effectiveness of antivirus program on the beauty of interface. It does not enjoy popularity among the system administrators, who are investigated, that to what."

Microsoft, yes Microsoft, has choose NOD as their AV products and NOT KAV or other, are they system administrators or users that determine the effectiveness on the beauty of the interface?
Kaspersky is speaking without argues!

 

I know Eugene personally, and I'm somewhat disappointed to see him talking like this. Perhaps comparing NOD32's 26/3 pass/fail VB100 rate with KAV's 21/13 pass/fail VB100 rate has affected his view of the real world.

Eugene isn't the first to postulate that NOD32 is "sharpened" to win VB100s. My standard retort is ... "If it's so easy to "sharpen" a program to win VB100s, why don't all antivirus programs win every time ?"

I rest my case!

 

I don´t think Eugene Kaspersky is that wrong. For sure NOD32 is a fine AV, but it´s lightyears away from the quality and overall detection rate of KAV or others (Dr. Web, McAfee). The heuristic is of course excellent - for worms and viruses, but if it comes to Trojans it fails - Advanced Heuristic or not. The next thing is the lack of known packers / crypters / archives. The VB awards are nice, but imho the wildlist is a easy thing for an AV (the samples are all avaiable). I know that it´s a policy in this forum to doubt any test that isn´t made by VB, but in the "real life" it´s a bit different. And believe it or not - NOD32 isn´t the first choice of sysadmins. If Dell decides to use it, you can bet it´s mostly the decission of bussinesmen not admins or engineers - same with MS. However, i like the speed and the heuristic,but there is a lot of work to do, not only improving the detection rate.

 

If it's so easy, why doesn't every antivirus program have a string of VB100 awards ?

 

Nope. Microsoft has choosen NOD32 along with others
Example : http://www.norman.com/News/Press_releases/2003/10766/en

 

Hi!

I agree with Sandish. In the Wildlist is not real life. Real life is Trojans, adware, backdoors etc. and all files from In the wild list. My experiance with support is better with KAV!!
I have licensed for NOD32 and KAV.

Allmost all antivirus program detect In the wild viruses, but some has false detection. If AV has false detection, then doesn't get VB 100 awards.

NOD32 has AH, I think that it is the best heuristics on market, but only IMON use AH. All other components doesn't use AH by default. Scanner use only with swich /ah, but this is not written in manual. Average user doen't know for this /AH switch. I hope that ESET will soon release IMON for http and ftp.

How quick is support from ESET: https://www.wilderssecurity.com/showthread.php?t=25373 (post 4) I have licensed NOD32, so they need to answer me if that file was virus or not.


Izi

 

Well, most of the major A/Vs do have: and those that fail have often (but not exclusively) done so because of false positives. Of course, *you* may argue that only NOD32 has the right to false positives...

Also, could it be that not all A/V manufacturers place such over-importance on the vB tests? Maybe users don't either. Shock horror.

Not correct. They have also chosen others *in parallel*. Could it be that Microsoft, yes Microsoft, don't have the total faith that some here seem to have in NOD32?? Shock horror.

 

Why do some folk get so "upset" if Nod is criticised? as long as they are happy and confident in its abilities does it matter what other people think?sometimes the way they react is akin to football fans when their team is criticised,after all any AV is only a "tool" and really should be regarded as such
Steve
PS as anybody thought Kaspersky may have made his comments to "wind up" Eset and Nod users(seems to have worked!)

 

Absolutely. Fortunately, it is only really a minority of such users who react so irrationally. It is quite surprising, though, who some of those people are. In any case, the problem with those people is that they end up compromising the general education that most users need (and will willingly receive), with misleading implications of how NOD32 will cure all their ills.

Indeed. It could become an enjoyable sport for those so inclined

 

Fine, no problem - assuming, that is, you demonstrate some balance and deal publicly with rodzilla's juvenile name calling and personal insults in the currently related thread. That is quite unacceptable behaviour by him, and it is IMO important for these forums to be seen as impartial to all.

 

Err ... so you consider "Dimbulb" and other such comments meet those criteria and are an acceptable way to use your forums?

 

Speaking about Kaspersky, I'm not agree with he's comments, not only because I'm a NOD user, because I'm not agree when the competitors attack the others. Maybe Kaspersky can said: NOD has a excellent heuristic, but need a more solid signature engine, but said that NOD very badly catches viruses?, it sound as a attack. Worse is that he said that ESET has many users because users find detection in the beauty of the interface, it sounds for me as a insults against ESET workers and their work!
Is true that ESET need to solve some details, but the work in general is excelent, the heuristic, the speed and light, etc.

Sandish said:
The next thing is the lack of known packers / crypters / archives.

If you don't know, Advanced Heuristic of NOD32 use a generic unpacker engine, in others words, if a virus appear compressed with a new packer never seen before, NOD for the moment will be the only in decompress this!, due to this generic unpacker. Richard told me that.

 

Just to clarify, the person who first talked about this article is fluent in Russian. After someone else (over at dslr) posted this translation, this person compared the translation to the Russian original and said that the translation "is very, very close to the original". This is why I provided this particular translation.

http://www.dslreports.com/forum/remark,10094231~mode=flat#10099092

 

If by this you mean that I should not have posted Eugene Kaspersky's comments about NOD32 in this NOD32 support forum, I am afraid I don't understand or agree with that. I for one do not wish to go through life wearing a pair of rose colored glasses. I also get a bit weary of the attitude in these forums here. Life is rough and tough at times and I don't see how that can realistically be avoided here...unless Wilders is asking that we all don our tinted glasses upon entering this site! I don't see the need for spitting contests either...but this is real life and I also have no desire to remain ignorant of important facts. I also don't think that NOD32 users should have to go to forums such as dslr to find the interesting discussions about NOD32.

If I have misinterpreted your intent here, then I apologize in advance. If not, then I stand behind what I stated above.

 

Thanks for the clarification and I agree with what you have stated.

(Plus, I'm glad the site is back up! Of course, we had a thread about it over at dlsr and Gavin said he was seeing, like I was, the worst Ping Plotter I've ever seen to anywhere was to here during the outage...all hops beyond my first two were knocked out..usually it is just one or two hops with much packet loss or unpingable at or just before the target not all hops from Oahu, Hawaii totally unpingable)!

 

Running a major forum is like dancing on a greased tightrope above a pit of starving crocodiles while juggling vials of nitroglycerine and trying to avoid spears thrown by the audience.

Paul's job requires everything from pacifying those sensitive souls who faint at the sight of the word "poopookikkiweeweebum" through keeping stirrers and ratbags who deliberately set out to disrupt the forum under control to persuading certain aggro members not to launch vicious retaliatory strikes against the aforementioned stirrers and ratbags.

I'm sure Paul has no real problem with you posting Eugene's comments, Mele ... they're public property, and if Eugene hadn't wanted them publicized (and criticized) then he should have stayed schtum.

I think Paul's muscle-flexing was aimed at the way the "Eugene" topic was degenerating, not at you for starting it ... probably with a bit of bleed-over aggro due to an obvious attempt to resuscitate and transplant a dead topic into this thread thrown in.

 

LOL! Please don't disappear for such long periods. I have so missed your posting style here. I get such a kick out of your way with words. Sometimes it just gets staid and boring here. You tell it like it is using facts and reasoned argument and perhaps a bit of sarcasm now then..but only if really provoked. I always learn a lot from your posts.

Paul has stated that his concern was not with my posting these remarks so I'm cool. Actually you know, I think Kaspersky's sharp comments about NOD32 may have come about because Anton Zajac's interview in Information Week recently. I'm certain Kaspersky took a dim view of Anton's comments which, while he did not mention any vendor by name, are obviously directed at Kaspersky AV in particular IMO.

"Basically, there are two types of scanning systems. One is based on prior knowledge where a signature is extracted and the companies prepare updates. The second approach is based on heuristics. I strongly believe that the system which has any chance of survival is a system which has the strongest heuristics implemented in its scanning engine. And our system has the strongest heuristics to date. It can detect more than 85 percent of all the newest infiltrations.

CRN: Why do you think an antivirus system based on updates is flawed?

Zajac: A classical antivirus system that relies on signature scanning needs to get an update from a vendor. That usually takes anywhere from an hour to several days before the vendor is able to analyze the infiltration and prepare the update. It takes time to actually detect the infiltration to realize that there is malicious code traffic. ..... In general, we're two to 50 times faster than any competing system. We have the only system in the world that not only detects all existing viruses in the world, but does it in record time."

http://informationweek.securitypipeline.com/trends/18900335;jsessionid=K3IP3GNIYA5XCQSNDBCSKHY

Those are fighting words to a man like Kaspersky who has just been trumpeting his latest policy of releasing new signature updates every three hours (edited to add) and whose AV is probably the slowest of all in scanning times.