WOW have you guys read the PCMAG review of nod32?

Actually PC-Cillin 2003 used LESS resources on my W98SE box than NOD32. I was quite surprised. It doesn't, of course, have the VB record that NOD32 has and it was slower but not by much ....again surprising to me as I expected it to be more like NAV 2003 which lumbered along quite slowly on that box.

BTW...those questions DO sound rhetorical.

 

Well I for one have never had any virus slip past KAV, it uses very little resources on my computer, and I could care less about the scan speed either because it scans while I'm away or sleeping.
But, nothing I mentioned really matters at all, as long as you are happy with your av program. If you are happy with your av program, then what difference does it make what the others can or cannot do?
I am not saying NOD32 is bad, because I like it and have used it in the past, it's just that KAV fits my needs better.
The question for you is since you sort of made it out to be "the best", then if so why doesn't everyone worldwide use it?

 

I wouldn't mind my wife having a BMW and my secondary PC's having NOD32 like my primary, but the wife drives a Toyota and the secondarys run AVG

 

I have actually sat quietly and read everyone's posts. Everyone has good points and bad points. I used NOD32 at home before a year and never had a problem. So I decided to pursue it at work (thanks the new RA) We used to use Norman (haven't seen anyone mention them). Norman also had very good scan times and light on the resources. As of the last couple of years they haven't been keeping up to date with the signatures. As of right now I feel that NOD32 is the best, but not perfect like everything else (my opinion). We currenlty have over 500 pc's and counting using NOD32. Norman also never got good reviews, but IT people loved it. We are happy with it so far. I agree with the review I love the GUI.

 

I must say that past performance is no guarantee of future results.

I run NOD32 and Trend on my pc's so I am not saying that in regard to any particular AV, but all of them.

 

Well as a person that uses nod32 everyday to clean up infected computers
I get a pretty good idea of the effectiveness[ in the real world] of the av and at programs in use by the unwashed masses. I see more nav and pc cillin and mcafee than anything else, I view avg[I've put avg on way too many machines ] as better than nothing, at least it doesn't seem to cause any trouble.
Nav is just a demon to be removed as soon as possible, mcafee seems marginally effective with all it's vast array of protection, it's uncommon for me to find a computer without trojans and virui regardless of how up to date they are.
I just use what works for me. Do I think that nod is perfect, no but it works for me.

It finds a surprising number of trojans , since I clean a machine with nod before I run my anti programs.
I'm sure that all of you can make each program perform better than my customers.
I've had people send me the reference to the article and I've spent some time reading this forum today. Personally I'm just going to continue using the products that work for me.

 

1.
Some people have said in this thread that Andreas Marx has a bad reputation/is infamous for his bad tests. In my opinion, that's not true. In fact he is a leading (may be the leading) AV tester. And because of his leadership he is also in a exposed position and has many critics.

2.
As a tester you face some kind of a dilemma:

If you do not disclose the specifics of your test procedure people may easily say that your tests are flawed. This applies to Andreas Marx, Paul Wilders, Rokop Security etc.

By contrast, if you do disclose the test procedure people will say that you are just bashing AV/AT software or, even worse, that you are helping the bad guys. (This applies to us.) Moreover, the software producers will start to hate you and perceive themselves as "victims"... If you want to make money from testing AV/AT software you will certainly try to avoid such unpleasant situation.

3.
I have received scan logs detailing the testset of previous tests conducted by AV-Test.org. And yes, I must say that I do question the validity/appropriateness of certain samples used. However, I never received enough evidence to say that a particular test by AV-Test.org was completely flawed. Moreover, I am pretty sure that Eset has received a scan log from Andreas Marx. They will have their reasons for not publishing it, won't they?

4.
Testing is always subjective. If you want to make up your own mind you need to exactly know what you expect from a product. Most people don't.

Are you looking for a virus scanner (for replicating malware -- viruses and worms), a trojan scanner (for trojans) or a good allround product (for everything)? If you are looking for a virus scanner NOD32 is probably just fine. There are only a few viruses/worms in the wild and NOD32 probably detects all of them (as demonstrated by its VB100 awards). Howeover, if you are looking for an allround scanner there are probably better choices than NOD32.

 

Let’s be clear here. NOD32 detects more then just ITW viruses. We can argue here weather NOD32 should detect all ZOO viruses or not (this has been beaten to death already). I personally think ESET team should not bother with this at all.

Mr. Marx tests are largely based on ZOO VIRUS samples. If you are concerned about zoo viruses (which makes no sense to me) then his test could help you to pick an AV for your needs.

But (RWT- Real World Theory comes here)…

NOD32 offers better protection then any other product on market (WOW). The most recent worm/virus outbreaks proved this theory. Detecting 100,000 ZOOs didn’t help at all. It did not. You had to wait a couple or more hours for updates. With NOD32 you HAD immediate protection. No waiting in lines… No headaches. NOD32 isn’t perfect either, but at least it gives you a fair CHANCE.

NOD32 missed 1,000 ZOO VIRUSES but detected 10 new ITW viruses (without updating). 10 vs. 1000? I’ll take my chances with 10, thank you very much. I am not crazy either. Why?
I’ve never received ZOO virus (unless I download it on purpose) but I did received many ITW ones. Simple as that…

According to Mr. Marx tests DrWeb has poor detection rate. It’s a bit misleading. Like NOD32, DrWeb32 is not good with ZOO viruses. But then again, when it comes to REALITY, DrWeb competes neck to neck with KAV.


tECHNODROME

 

@technodrome

Your are talking about viruses? There are almost no viruses ITW. Therefore, I guess you mean worms. Do you also mean trojans etc.? Please distinguish. That's important since NOD32 is not good for everything.

@Paul

1.
Your forum is defect ;-) I am deemed logged in although I am logged out and, therefore, cannot log in again. (Using Opera browser.)

2.
"No offense intended: but wrong approach. There's only one way to find out wether or not tests performed have merit or are flawed: revealing all the needed info. From that moment on, everyone is able to comment on the test(s) for real."

That's why we disclose (almost) all information. If you do not disclose all information people are required to trust you. We do not expect anyone to trust us.

I am not 100% sure but it seems to me that you have never disclosed more information than let's say AV-Test or Rokop. Most AV/AT testers expect people to trust them.

3.
"In case a test has been performed well, specifics available for all to see: I fail to see how such a test will/can result in bashing ...

IMHO this has no valid. "Bad guys" do know exactly strength and weaknesses from AVs - for sure you are aware of that ...

There's no logic in this. Provided a test has been performed the way it should, all needed info is in the open and plain for all to see: for sure those who didn't score well would ben't be pleased. Not because of the - well performed - test though: it would point them to the need to improve there product."

Well...you probably know our tests. And we ARE accused of bashing & bad testing all the time. Especially, by the vendors. I think its pretty hard to find the right balance between disclosure and non-disclosure. Therefore, I hesitate to condemn testers who do not disclose each and everything. Moreover, I repeat that, testing is always subjective. For example, a "flaw" like the rebasing vulnerability may be hyped although it's not (yet) of significant relevance ITW.

4.
"Exactly my point. you obviously have received info hidden from the public - and for that reason are able to comment, as you do right above on certain samples - rightly so in my opinion. the public lacks this kind of needed info. No further comment needed..."

Further comment IS needed. Where did you receive this information from? From the vendor? AFAIK every vendor receives a log from AV-Test.org.

According to my information, not only Eset but also emsisoft and ewido seem to be quite unhappy about the recent tests performed by AV-Test.org.

If the tests are really that bad all the affected vendors should post the respective log files containing the missed samples and discuss it in public. They should explain why they believe that the detection of certain samples is not required.

(IMHO it is not so clear whether it is the responsibility of AVTest.org or the vendors to disclose the logs.) If the vendors decide to not discuss the results in public there is no reason to freak out.

5.
"No offense intended, but this statement is merely shooting in the dark, Nautilus - no more, no less. "

Again, where did you get the log file from? If you got it from Eset it is unfair to make this statement. I have received logs from other vendors. Therefore, I am NOT shooting in the dark.

" ... A conclusion build on nothing more then a presumption, isn't it "

Do you reach another conclusion? Which one?

6.
"Beside the point as well. The test and all coming with it is the issue here - let's focus on that one!"

No. It's not beside the point. You cannot comment on a test w/o determining first what has been tested.


Cheers,
Nautilus

 

Sorry for confusion.

I didn't mean Trojans and backdoors.
As far as I know, Mr. Marx tests Antivirus products, not Anti-Trojan or Anti-Spyware (even though he tests av for trojans/backdoors).
Yes, I mean script viruses, Polymorphic, Macro, File etc. Virus is a virus. True you can categorize them by different techniques, different approaches, different types of infection,payloads etc. but they all got the common goal. In this case I didn’t really categorize them…


tECHNODROME

 

Hi
Cant help wondering do certain people post bad "reviews/opinions" of NOD here and Kaspersky over at:-
http://forums.useice.com/cgi-bin/ikonboard.cgis=3f5f78982728ffff;act=SF;f=1
just to try and "wind up" the normal "users/fans" of these two products?
Mischief making? I think so!erhaps we should ignore these type posts then they would eventually get bored of making them,after all no point in fishing if nothing(nobody)takes the bait!
(same thing may happen on other products sites but as these are the only two av's I use,these are the only two sites I bother looking at!)

 

Hi Paul
I posted here cos the first post in this thread was bringing to light another so called bad/poor review of Nod,I just feel the only reason this is done is to cause a stir in the forums allied to the products they criticise
Steve

 

I'm not an expert on testing methodology, but it seems rediculous to measure an AV's capabilities by testing it's effectiveness against a list of miscellanouse virii. In my opinion, a more real-world measure would be to test it against the most prevelant and widespread creatures, even if not the most dangerous. I know from only a month's experience that my NOD scanner has alerted me over a dozen times to problem apps I've encountered, and eliminated them all without a hitch. That's a good enough test for me.

 

Paul, It is obvious from the original thread starter's posts on the first page that this thread was started to rile up the loyal NOD32 users. Steve 1955's post is quite pertinent to this thread.
I'm not sure there anything wrong with riling people up...it gets a good discussion going.

 

An interesting discussion to say the least. With the above exception, most of which seems to be hot air. I learned a long time ago to question everything in print. It appears that many of you fail to heed that little truism.

 

Addendum:

I could imagine that AV testing may (have to) undergo material changes as soon as AV software developers have done their homework and added real memory scanning capabilities and/or strong behaviour based heuristics to their products.

Since you cannot test a memory scanner etc. w/o executing malware you may face a problem if, for example, 5,000 old DOS virii, Linux malware or damaged samples are included in your testset.

ntl

 

How intuitive. It took you how long to figure that out?

 

I have no problem to prove the opposite. Mr. Marx does not even follow some of his own ideas and opinions presented on public forums in the past.

 

Well i just got infected by a nice gaobot version. and even with nod32 claiming being on top of that. it's as you said quiet as a mouse when i run all scanning settings over them with nod32 (yes even advanced heuristics scanning)

https://www.wilderssecurity.com/showthread.php?t=30973&highlight=gaobot nod32
i have a nice email contact now with a guy from eset about this one (very friendly though, but still i can't help feeling a little dissapointed with nod32.

 

Sorry to hear so - I'm conversating with a KAV rep about a nastie KAV did miss. Guess this happens to all av-s on ocassion. Nothing new - and it will never change, whatever av you use.

Blue

 

The simple answer is, multi-engine solutions.. Theres two out there, F-Secure and AVK. Both have the KAV solution, but back it up with at least 1 or more other solution, including second layer of heuristics.

I'm now subscribed to the mentality that a single, basic AV, is just not going to cut it, but a multi-engined system will - and based on my testing, that seems to be the case so far. Seems to me that people are so worried about viruses, they are forgetting the more common, and sometimes more deadly threat of Malware and Trojans.. Check out your products performance on those very closely before you say you are secure or you might wake up one day surprised..

Good luck.