nod32 only finds 82% virii in test

I am not a mod, but I agree with yall, this thread could stay or go, how big do you need this hole Blue?

 

Sounds like to me it should be in the "other antivirus software". But as for Sweetie...you are plain wrong. KAV is superior to NOD32. It is the best AV in the world...that is 4.5 personal and pro and I suspect 5.0 Pro which was released today will be right there at the top also (5.0 personal is not as good because it lacks configurability which the Pro has and 4.5 personal/pro has). KAV detects a ton of trojans and spyware that NOD32 doesn't get. NOD32 has improved tremendously in the trojan area since I first got it two years ago, but it still has a long way to go to catch up with KAV in this area. For worms and viruses NOD32 is excellent but that is not the whole game...for sure not now when trojans are the big thing.

NOD32 is slower that KAV now (at least on my XP Pro 3Ghz, 1024 RAM box) if you use the IMON HTTP scanner. This is the main reason why I have left NOD32. It is bloated now. KAV 4.5 personal did not slow my box at all. KAV 5.0 personal was slow though and has the ADS tags and System Restore problems. KAV 5.0 Pro I intend to test with great interest.

 

So you think this is a personal attack?

What I am sick to death of seeing is posts that have a biased view, such as one program is the best, everything else is second rate, or links to software comparisons that are questionable at best, and are taken as gospel.

Some of these post are by senior members, mods etc. that should know better!

 

They don't all perform the same so what's the point in pretending they do.

 

Sweetie(*)(*),

Since, in this thread, I'm the only one fitting that category, I guess that means me.

The test protocol that I point to is one of the better ones that I've seen of the more controlled examinations available in which the basic methodology is articulated in some reasonable form for all to weigh. Personally, I do not take these tests as gospel, and I would hope others don't either. As with any independent test, you have to place a certain level of trust in the testing group. This is true of both commercial and academic and/or private tests. Earlier I examined in very approximate fashion the impact of small testbeds from a purely theoretical perspective here to provide some guidance on how closely one should potentially believe tests encompassing randomly selected subpopulations. The precise reason for presenting this quick analysis was to provide some context so these tests would not be taken as gospel. That thread does contain a link provided by IBK to a much more detailed analysis of the same type. The aim of both analyses was to put some semiquantitative concept around the level of performance differences required for the products to be truely classed as yielding different results.

I do pay attention to the results of other efforts, the VB100 tests among them. Each test provides only a partial picture of performance. More importantly, depending upon usage behavior, the results of some tests may be more pertinent than others.

All these tests provide a historical snapshot of performance. They don't yield current behavior and extrapolation from past performance can be chancy.

You're quite correct in noting that lead placement of a particular program on the top of a test result should not relegate all the others to second tier status. I do try to adhere to this notion and do realize that AV scan performance is one criteria, albeit a very important one, a user should weigh in choosing an AV package.

Finally, and this is for all, let's keep the discussion centered on exchanging information and educating each other with respect to our personal experiences. When there are differences of opinion, that doesn't immediately mean one is right and the other is wrong. Both perspectives can be right, they're just applicable to differing circumstances, or they could be equally inappropriate. This comment applies to my own contributions as well.

Blue

 

KAV detects almost anything you throw at it. These 82% for NOD32 manly means 82% detection of uncommon malware. All common malware is usually covered by all AV companies (at least ~98-99% detection).
Also don't forget that engine used in that test is pretty old. NOD32 has recently gained Advanced heuristics and other goodies related with detection,so you cannot take these results too serious. Maybe 6 months back, but not now.

 

I own both, messed with both. Have to say I feel a bit more secure with KAV than NOD32, even with NOD32 2.12.3. The other issue I have with NOD32 is that updates don't occur on the weekend. As to the latest version of NOD32 and its detection rates, I haven't seen anything that indicates a significant improvement in detection.

Sweetie, bias isn't a bad thing as long as it's backed up. In this case, it has been. What's worse are folks making comments that add no value. Every test out there has proven KAV has higher detection rates of baddies than NOD32.

 

I belive they increased trojan detection and advanced heuristic stuff.

 

Please do NOT start out with personal insults. That is not a *sweetie* thing to be doing.

Also, how can you possibly know HOW much another poster does or does not know about a given topic?

 

Hi gang,

Sorry I didn't get back to you all earlier, I didn't realise I started a religious war!

Anyway, let me clarify my original post:

I want to buy an AV tool. I'm throwing up between KAV and NOD32, and the question I originally asked was:

ie.

1. I want to buy an AV Tool
2. I'm down to KAV or NOD32
3. I've found a test that shows KAV appears to be superior
4. Why would I choose nod32??

So, I was wondering (from the knowledgable and unbiased folk here ) does NOD32 give me something that KAV doesn't, given that KAV rated #1 in that test (I do realise this test is not the be-all and end-all of AV tests and I'm aware of the virus bulletin test that nod32 has been achieving 100%). Otherwise, everyone would just buy KAV??

Anyway, I have seen some responses which try to report the facts, which I appreciate (such as the quality of that particular test, resource usage, scan times, etc.).

I really am after something that is fast, lightweight on resources and unobtrusive (NOD32?) and provides maximum protection (KAV?).

I have already trialled nod32, and i like it and was almost ready to buy it until i ran into that test. I'm now trialling the new kav Personal Pro 5.0.12 to see if i can live with that.

Thanks for all your help.

 

you may need to consider having a anti trojan scanner in addition to NOD 32 . Its a nice lite anti virus . With Kav you most likely can do with out one due to its excellent detection.

However the best deal maybe to buy both

 

There are more than a few people that do buy both and use NOD as the on access and KAV for scheduled scans or on demand scans(ie right click).

 

Hi,

I've also been trying out KAV and NOD32 along with McAfee.

1) I liked KAV because of its daily updates and its conprehensive scanning capabilities. However, I could never get KAV 5.0 Personal working with my other realtime programs. In fact, it really hung up my system for a couple of hours today as I frantically tried to figure out how to uninstall it. It is a tough program to get rid of. 5.0 does not appear to be configurable on installation so I could not prevent the real-time monitor from loading and causing havoc on my machine. However, 4.5 Personal, can be customized during installation so that only the on-demand scanner is loaded. However, I cannot find a trial copy of 4.5 Personal with a key so I am trying to figure out what to do next. Kav 5.0 Pro does not have a trial copy nor does it have extended database capabilities at this time.

2) NOD32 was a very well behaved product on my machine. It didn't seem to cause as many problems as KAV. What concerned me was that it did not seem to cover non-virus malware (e.g. trojans and spyware) as well as KAV and McAfee so I would have to add spyware (e.g. Giant Anti-Spyware) and trojan (e.g. Ewido) protection. I think this is O.K. The three products together behave quite well on my system.

3) McAfee appears to have very comprehensive protection similar to KAV. A trial copy is running on my system right now and it is behaving very well. Only I do not like the infrequent DAT file updates. My current DAT file is dated 10/14. With this type of infrequent updates, I feel I will probably have to supplement McAfree with a a trojan and spyware program just like NOD32.

4) I had NAV running, but I was not satisfied with its coverage or its infrequent updates, so I am dropping it.

Right now I am leaning toward McAfee. I figure that I will have very good protection with McAfee, Giant, and Ewido with TDS-3 as a backup trojan scanner. I was really ripped apart recently by a really nasty virus, so I feel that overlapping, layered protection is a good way to go. Plus, I am going to be more careful about the sites I visit. Sites are really masquerading nowadays, so greater diligence is required.

I hope this helps you. If anyone has any additional comments, I am all ears since I am also in the process of making a decision at this time.

Rich

 

There's a lot of room for question, in my mind, about that test. The test was done by a virus collector who's collection is probably mostly zoo samples (along with the other stated malware including constructors, tools, jokes, kits, etc.), and with testing methods that aren't exactly rigorous. ClamWin "out ranks" TDS-3 and Pest Patrol, what does that say?

That said, my opinion is:

Go for Kaspersky if you want the widest spread of protection in one program.

If you are looking for the widest spread with less performance loss, go for NOD32 with a trojan scanner (the bonus here is that using a specialized trojan scanner, like TDS-3, can give you way more options for tracking something down than just signature/heuristic scanning.)

If, however, you have relatively safe internet habits, don't come across a whole lot more than the commonly circulating malware, and want maximum performance, you won't go wrong with NOD32.

 

szerial,

You're already taking the most needed step, field testing on you PC.

NOD32 is lighter than KAV, both at default settings, in my hands. Settings can be adjusted with both to increase or decrease resource footprint, but I've never been able to get KAV lighter than NOD32. However, whether you notice this is dependent on your machine and internet connection. With a fast machine and relatively slow connection, you should see virtually no difference. On a relatively slow machine with a fast connection, NOD32 should be perceptibly lighter. I know some report the opposite. Those observations can be valid and reflect machine, process suite, and configuration differences.

The other differences and similarities that I've noticed:

• KAV's update servers do seem more robust than Eset's. Haven't had a real issue since NOD32 goes back on an hourly basis, but I generally do not see any update connection failures with KAV.
• While the av-comparatives.org retrospective test does give the edge to NOD32 in covering "future" threats, KAV's performance is mitigated by the rapidity with which they issue updates to new threats. They are absolutely the fastest in getting new signatures to the street when a new threat emerges.
• The historical hit on NOD32 is that it doesn't tackle trojans well. In the past this was quite true, they've made significant strides over the past few months in this regard. As is mentioned frequently on this board, the NOD32/BOClean combo is a very light solution that yields exceptional protection against trojans. This pair of application is cost neutral to KAV Personal Pro as long as BOClean is purchased from a discount reseller (e.g. CompUSA, see this thread for some comment regarding purchasing BOClean from a discount reseller).
• Licensing and renewal terms are basically equivalent. Initial cost is basically the same, KAV offers a 30% discount off initial price as a renewal, Eset's pricing is the same (30% discount on renewal)
• If there are multiple users on the PC, NOD32 is somewhat more graceful with fast user switching. KAV works, but dialog boxes go to the first logged user, not the currently logged console user.

I'm a current licensed user of both and have confidence in both applications.

Blue

 

Although McAfee official DAT file updates are generally only once/week, during a major malware outbreak, McAfee will put out an emergency release.

In addition DAILY beta DAT updates are available if required; ( this is very similar to Norton AV )

http://forums.mcafeehelp.com/viewtopic.php?t=5004

http://vil.nai.com/vil/virus-4d.asp

And they also list the new viruses included in the new DATS for quick verification of 'hot' new viruses that are in circulation; http://download.nai.com/products/mcafee-avert/daily_dats/whatsnew.txt

Personally, unless you visit a lot of questionable, risky sites, McAfee AV should adequately cover the virus/worm/trojan threat by itself.

So overall, do not let the infrequency of official updates put you off using McAfee as a possible AV scanner on your machine.

 

Kaspersky (and AVs using the KAV engine) are clearly better than all other AVs in the majority of cases. Look how many AVs use the KAV engine.. there is a reason for that - it is the best. Not to say that Nod is no good, may have some advantages.

As for the statement (Blackspear was it) (nice bloke, not nocking you mate) that most of the people coming in to his shop with viruses have Norton etc - thats because 90% of the world uses Norton whereas Nod have sold about 3 copies!

I know that some people here know a lot about AVs etc, but it is funny how people here jump to defend their products like NOD when almost every test out there over the last few years shows that it fails to perform as well as any KAV based AV.

Dont get upset about these things, its only an AV, no one is insulting your wife or questioning your honour - just quoting results from tests.

Why do people feel the need to show how their AV is not in fact worse than another - but that it is the best in some cases. Wonder what Freud would say?

 

The daily DAT updates do not work with the new versions of McAfee.

 

Buy NOD32 if you want fast, lightweight, and (IMO) the best protection against emerging e-mail and internet-borne threats, "drive-by" trojans, and the like.

Buy KAV if you want the most comprehensive coverage of malware in total, lighting-frequent updates, and if you are a "higher risk" computer user--particularly with downloads from places of "questionable" origin. There may be a performance trade-off.

Trialing before you buy is really the way to go. Regarding the test you referenced--there is a lot of debate about it's worth, as there is with most tests of AV's. My suggestion is to read some of them, and make up your own mind about which ones you think make sense.

 

When any situation that is desired by the pleasure principle is prolonged, it only produces a feeling of mild contentment. (Or, in the case of the obsession with beauty -- an attempt to sustain contemplation beyond the point when it fades into mild contentment -- pathology.) We are so made that we can derive intense enjoyment only from a contrast and very little from a state of things. Thus our possibilities of happiness are already restricted by our constitution

 

I guess I have one of those 3 NOD copies.

Your choice of AVs depends a lot on your specific needs. I have F-Secure, (KAV engine) on 2 machines, NOD plus BOClean on a gaming machine used by a bunch of teenagers, and usually run one of the free AVs on a forth machine.

While F-Secure performs better on the tests then some other AVs it is somewhat heavy handed as far as CPU usage and just isn't suitable for my use on game machine or say a low end machine.

Actually the game machine here is the most exposed computer because the kids are all the time checking out the game platform and PC game walk throughs and cheat web pages that can contain infections.
Example of NOD's virus log on that machine.
Time Module Object Name Virus Action User Info
10/19/2004 20:46:05 PM IMON file http://(edit) Win32/TrojanDownloader.IstBar.NAD trojan connection terminated
10/19/2004 20:25:32 PM IMON file http://(edit) Win32/TrojanDownloader.Agent.BP trojan connection terminated
10/16/2004 18:06:43 PM IMON archive http://(edit) multiple infiltrations connection terminated
10/16/2004 18:06:42 PM IMON file http://(edit) probably modified trojan HTML/Exploit.Mht.A connection terminated
10/12/2004 17:41:18 PM IMON file http://(edit) Win32/SecondThought.C trojan connection terminated
10/2/2004 22:33:09 PM IMON archive http://(edit) probably unknown SCRIPT virus connection terminated

To date the combination of NOD and BOClean running real time protection with no noticeable impact on that machine has provided solid protection.

A number of AVs will provide good overall protection for most folks. To just say one is the best because of the overall detection rate on the AV tests is leaving out a number of other factors that need to be considered for specific platforms and individual day to day usage.

My ISP provides 3 copies of F-Secure free for their high speed users. I have no problems with F-Secure on two of my machines but for some folks F-Secure may cause some problems.

Same with NOD and the other good AVs available. Any specific AV may work well for some folks and their platforms and usage and not so good for others depending on a number of factors.

So I would be hard pressed to say "(..AVs using the KAV engine) are clearly better than all other AVs in the majority of cases". I also couldn't say any one AV is "clearly better than all other AVs".

 

You make an excellent point I place in bold. These are key considerations. I have never trialed anything, just bought and if after a year I do not like it I dump it. But I do a lot of checking before I buy. Trialing is good idea. I agree.

 

yep, I wished I could bought my car after 30 day trial...

love to trial first too before I buy.