New VirusP 8-2004 published!

well personalyi dont like puting my eggs in one basket

id get NOD if it worked well with others lol

i stick with nav for now

 

Oh dear I'm a little concerned now with my recent choice of av (nod32) apparently it ISN'T doing well in non vb tests AND fails to remove viruses in certain circumstances (including failing to remove eicar.zip from my pc). Please someone re-assure me, I bought a 2 year licence and I'm beginning to wish I'd waited! (and maybe even tried KAV) After allm what good is speed of scan if it doesn't perform well enough?

 

This statement is wrong. If you check other AV tests like those from av-test.org you will find out that NOD32 is also doing there an excellent job in detecting ITW malware. But if you start to mix up the test result with results from ZOO tests you get misleading information. What is considered as ZOO malware are samples that are not actually spreading or are old ones that would not work on actual operating systems at all.

If malware is detected inside an archive I would anyway recommend to delete the whole archive because even if one file inside is infected I would not trust the rest of the archive files at all. So not really a big problem in my opinion.

I have licences of various antivirus products like KAV or DrWeb which are both superb AVs but overall the program I most satisfied with (and which is running in background) is NOD32. So your 2 years licence is a good choise.

wizard

 

Hi,

In my opinion, if you judge the real quality of an anti-virus program by only count the VB100% Logo or/and think that the winner of VirusP test is the best, all these very mislead.

ITW virus/worm are the major real-world-real-time threats that your anti-virus program have to detect it 100% as soon as possible, it almost usless to detect Zoo malware, detecting Zoo malware is waste of CPU/RAM resources. I think that NOD32, AVG 7, Avast, eTrust and other anti-virus programs can do this well so you don't have to worry about it.

But the real-world-real-time threats are not only ITW virus/worm, the internet world is plentiful of private/public trojan, spyware, adware and other malware that you can encounter it someday.

The problem is, most people don't even know what malware are. They think that all malware are virus, virus, virus, virus, virus, virus, virus and VIRUS !!! so their anti-virus program should/can detect it all, but it really can't.

According to the ITW virus/worm and other real-world-real-time threats or zero day attack, I think that the signature-based mathod (Kaspersky) and heuristics/sand box (NOD32/Norman) of the traditional anti-virus program are not enough.

I think we should look for something difference to implement our old anti-virus programs such as some kind of behaviour blocking/intruder prevention system that don't rely on an old signature-based mathod or unreliable heuristics/sand box.

May be Prevx home (host intrusion prevention system for home user) is the way to go.

 

I have to agree with Wizard here, I'm interested in test results that reflect on real world situations. Comparitives like this make me wonder how relavant the results are to an environment outide that of the test itself. At least with VB it's their full-time job to make sure their results actually mean something. SHOULDN'T an AV have foreknowledge of what's considered ITW? Isn't that kind of the point? If companies have "cheat-sheets", so to speak, why are some still scoring so low? Are you saying that VB's tests really only reflect how many false positives the various programs give?

If I'm missing something here, please fill me in because the defensive posturing I see everytime NOD enters the equation isn't doing anything to facilitate the flow of information relavant to the process of making informed decisions as to what program would be best for my mother, friend, co-worker, client, etc.

Don't get me wrong, what program/s come out on top are irrelevant to the point I'm trying to make, which is that these types of tests should, IMO, be left to the professionals that have the time and knowledge to verify that all of the files are in fact malware, what kind of malware they are, and differentiate between ITW and Zoo. Making statements like "most junk files removed" immediatly makes me ask "so how many are left?" If one program detects 99% of the files, and it turns out that more than 1% are junk, what does that really say about that product? The issue is further confused when you test an anti-trojan the same way as, and right next to, an anti-virus. Sure, this AV beat that AT by so many thousands of files, but that doesn't tell me anything about how well the AT works when it's used as the developers intended.. WITH an AV. This, at the least, only misleads someone that is trying to find real information about ATs.

What I would really like to see is a comparative that outlines the different programs' strengths and weaknesses enough to give consumers an idea of what direction to go to satisfy their needs, rather than more tests with results in simple numbers that leave one product on top without regard to other aspects of the different programs.

Although this article speaks specifically to psychologists, the content would still be valuable to the next would-be "independant expert" on the subject of malware:
http://comp9.psych.cornell.edu/dbem/writing_article.html

 

In this AV test: www.av-comparatives.org. In the pro-active detection test almost every file is considered a ZOO file. All the zoo files scanned here wouldn't be a threat to my computer? And the pro-active detection test of the "new" zoo samples?

Why are they being tested then. Only 73 ITW samples were used and alot of ZOO samples.

Can anyone explain this?

Im not really an expert in these things

 

To Q Section from Firefighter!

> No offense firefighter but what security company will be likely to develop one super-duper programme for all ones' security needs since there is practically no market for it?

It's OK here in Wilders! But over 99.9 % of all PC users have never heard about these polls and Wilder's Forum. Over 80 % of all PC user's are very happy with their Norton's, McAfee's, Trend Micro's, so I think that there is quite huge marketplace waiting for investors to produce proggies that can find almost anything.

PS. Do you think that the majority of PC users have even heard or understood what trojans are? What about Spyware or Keyloggers then?

Best regards,
Firefighter!

 

Basically yes.

The chances that a sample gets "in-the-wild" is very limited. In the past it happened only a few times.

Depending on the precision of a test you can get some indication how a certain program would perform against certain malware types. This might gives you an idea how well the av software is performing against new threats of that type, e.g. how good the program is performing against macro malware or windows viruses.

But to get really a clear interpretation of such results you need to have a lot of background knowledge of how malware works and how such malware tests are performed. The risk of misinterpreting the results of such tests are very high.

wizard

 

Oh wow -- a poll with less than 40 responses, conducted on a forum that sponsors NOD32 -- a specialized AV. Amazing it should come out that way.

NOD32 is an excellent AV. One reason I hold it somewhat in disdain, however, is its rather arrogant proponents -- <snip>. With friends like that, NOD doesn't need any enemies.

Unlike the publicly available results at Virus Bulletin, VirusP's tests provide adequate disclosure as to the means & basis of testing. This leaves the viewer to darw his or her own conclusions. I value the results at Virus Bulletin, VirusP, & Comparatives. Each has its own strengths & weaknesses.


no personal comments please - Detox

 

Firefighter - in theory one programme might be a great idea but in practice it might not work so well because of the above.

bellgamin -

Of course this is not a statistically relevant poll but it probably indicates a trend (because after the super-duper all-in-one has been compromised the popular/public opinion and attitude shall surely change).

Someday it may be possible to achieve a very strongly defended programme that can fend off attacks and threats but for now and until we some evidence of it we (the cognoscenti) will stick with a layered defense, thank you.