ESET should work on adding more signatures...

I know they say that they try to keep a clean database but I really think they should work on creating a bigger database. I am thinking of switching to KAV because I think they do a much better job at detecting viruses, but I love NOD because of its quick scanning, ease of use, and it doesnt slow my comp. And I like the Advanced Heuristics because it does save your butt.
Lately I have noticed that NOD misses a lot of viruses on jotti's site that others detect and im not talking just about trojan downloaders or malware. Things like variants of other viruses that should be picked up. I know its not easy just to add all the signatures but I think that they should work on gathering more signatures from different places and add them quickly. Even if it means getting more help to do so. I dont think they should really go to KAV and take in everything they can find but they shouldnt just let some submitted samples through that people submit to them. I also think they should start to improve on all kinds of trojan detection because most of the viruses these days are trojans and I know that trojans could end up being worse than regular viruses (you can always restore your computer, but you cant always get your identity back without consequences) So for all the people saying its not an AT its an AV trojans are the new viruses IMO. Just something to think about. I know I have downloaded a few viruses that I had to upload to Jotti to find out they were trojans which upsets me.
NOD32 still hasnt let a virus or anything through that KAV has detected so I will continue to use NOD(in part because a few of our computers are old and NOD is the best choice for protection and resources) Also with the new KAV coming out soon it looks like I might be switching over to it. I will probably get flamed for this post but Im just giving you guys something to think about.

 

Re: I think NOD should work on adding more signatures...

Well, you would be surprised if you saw how many variants of known threats NOD32 detects and that are not picked by any other AV, including other "big players". There are thousands of unique samples coming every day so striving for adding every nonITW sample detected by AH would be like tilting with windmills.

 

Re: I think NOD should work on adding more signatures...

Well I said I love the AH because it does help, but it doesnt work for every virus is what im saying. I know how AH has helped detect many new viruses before anyone even knew about them, but that doesnt mean you should use it as an excuse not to add signatures...

 

Re: I think NOD should work on adding more signatures...

Hi Mike,

Are you running an anti-trojan? If not, you may want to consider installing one. Even with KAV, I have an AT running, though KAV has always caught everything. I like the idea of an insurance backup for my AV. Would an AT put too much pressure on your machine?

Rich

 

Re: I think NOD should work on adding more signatures...

Nobody said Eset does not add signatures. A proof is available here: http://www.eset.com/support/info.htm#CurVersion

 

Re: I think NOD should work on adding more signatures...

To tell the truth I dont care about trojans on my computer. I would rather have a smooth running computer. I have tried TDS which didnt detect anything, but the computers that need an AT cant really handle that much... p3 128mb ram laptop. By the way I dont think out of all the malware detected by NOD or any other AV I have ever gotten a "virus" it has always been keyloggers and trojans I believe.

 

Re: I think NOD should work on adding more signatures...

NOD32 - v.1.1152 (20050623)... the current version is now 1.1153 by the way and I know you guys add signatures and I check there often when I see that few AV detected a virus on Jotti and wanted to see when it was added by NOD but I think you should work on adding more which I stated in my post. I am not trying to put down NOD but I think you guys should work on signatures more. I am still satisfeid with the product and own a liscence for it. I just found when AH is needed shown here. This is why I love NOD but I feel it lacks on the addition of new signatures. But why cant you have a nice mix of AH and good signatures?

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender BehavesLike:Win32.IRC-Backdoor
ClamAV X
Dr.Web Win32.HLLW.ForBot.based
F-Prot Antivirus unknown virus
Fortinet Possible_MyTob.H
Kaspersky Anti-Virus X
NOD32 a variant of IRC/SdBot
Norman Virus Control Sandbox: W32/Malware
VBA32 X

 

Re: I think NOD should work on adding more signatures...

http://www.nod32.com/support/info.htm

 

Re: I think NOD should work on adding more signatures...

I have actually read both of those posts... But for the first one he says his results are flawed but its a coincidence that both the NOD on my system with maxed out settings missed the same viruses (trojans) as on his site when others picked it up. For the second link they say they work on keepong a clean database. Im saying I think they take too long to add new signatures and also I think they take it too far when they say they dont just add all samples. Because it seems like if they worked harder with exchanging samples with other places they could do a better job of adding signatures. When they also say they dont want to add harmless malware to the database I think that they skip over a lot of malware or are just slow to add them. Or with trojan downloaders they say they dont need to block them because they block the real trojans they download. Whats wrong with just blocking the downloader because it wouldnt be very hard to do that rather then the downloader trying to download abunch of different programs tht might not be "Malware" but might still mess up your computer

 

Re: I think NOD should work on adding more signatures...

If you have a sample not picked up by NOD32, why not to submit it to samples@eset.com (or, in more urgent cases, directly to support@eset.com) ? I'm just wondering how you know that NOD32 has missed something that other AVs detected and that it was actually a file that should have been picked up. Please bear in mind that most of other AVs, unlike NOD32, report also corrupted and nonfuntional files as infected.

 

Re: I think NOD should work on adding more signatures...

I submit samples to samples@nod32.comyou guys through email, I upload them on virustotal and jotti. In one case it was picked up 2 definitions later which im am sort of pleased about. Anyways just curious what is the negatives of adding signatures that other AV add? Would it slow down scanning times or add to the resources used? JW, I dont think you should just drop a file because it isnt very bad. I dont know what your definition of harmless is whether its actually does nothing, or maybe only keeps you from updating other AV programs and doesnt effect NOD32 (Which is something I think should be detected) Or a downloader that downloads programs already detected by NOD

 

Re: I think NOD should work on adding more signatures...

Heres an example from Jotti...
AntiVir TR/Abwiz.1
ArcaVir Trojan.Dropper.Small.Oo
Avast Win32:LdPinch-L
AVG Antivirus PSW.Ldpinch.9.AS
BitDefender Trojan.PWS.LdPinch.OS
ClamAV Trojan.LdPinch-19
Dr.Web Trojan.PWS.LDPinch.419
F-Prot Antivirus W32/Spybot.KJP
Fortinet W32/LdPinch.OS-tr
Kaspersky Anti-Virus Trojan-PSW.Win32.LdPinch.os
NOD32 X
Norman Virus Control W32/LdPinch.OS
VBA32 TR.Abwiz.1

Every AV picked it up but NOD32. I looked it up and it seems like it steals passwords and sends them out... This makes me wanna switch out of NOD32. Maybe NOD didnt think it was harmful but every other one did.

 

Re: I think NOD should work on adding more signatures...

I cannot comment on it right now as I'm no longer in the office (it's almost midnight here). I will check it as soon as I make it there, however, if it was actually a working LDPinch trojan, it should have been detected generically.

 

Re: I think NOD should work on adding more signatures...

Mike415, don't forget that Jotti service runs in a Linux, and some AV's doesn't have all their features on these OS's, like for example NOD32.

So the Jotti's statistics are not real in a Microsoft OS...

Moreover, the ESET team are working a lot to improve the NOD32 in all the domains...

 

Re: I think NOD should work on adding more signatures...

I had a working LDPinch trojan that was intercepted through IMON as I was downloading email and NOD dealt with it.

 

Re: I think NOD should work on adding more signatures...

Mike check your previous post #7 in this thread. You show there that NOD detected something that KAV missed. Also your contradicting yourself when in one post you say that you are considering switching to KAV because of dissatisfaction with NOD. Then you say later that your satisfied with NOD.

 

Re: I think NOD should work on adding more signatures...

I presume that an X means a miss Mike?

 

You might want to check www.AV-comparatives.org

~snipped link to pdf file~

You might be surprised what you find.


I'm afraid you are only allowed to post a link to av-comparatives main page - to access test results/documents, etc., click on the "on-line results" link on the main page. - snap

 

I've tried many different AV and there's no way to drop Nod 32.

That's the best one I've seen around and I don't need tests and benchmarks ..I just see it from my PC health...

Tony

 

Doesn't Jotti's online scanner still have a problem that occassionally messes up the file in the NOD32 scan, scanning an essentially blank file (0 bytes)? This has accounted for a lot of files missed there that I have seen (things picked up on my machine that were not detected on Jotti's)

Jotti's site is great, but not the best measure of NOD32's performance (specifically) by any means, last I knew. Not to mention that it could be packed differently than before, which may evade the file scanner until it's run. There's a lot of different possibilities.

 

I did say I was thinking of switching to KAV because thier new product is looking like it ill be very good. That doesnt mean I dont like NOD because I have actually gotten a lot of people to switch to it. Also I guess if its true that Jottis site comes up with different results in NOD32 thats a valid point of why NOD misses a lot of viruses here. I bleieve I heard it only picks up about 56% on his site and KAV around 80% I believe. Im not sure if thats correct though. Bottom line is I think NOD lacks on definitions but it is still a good AV because of the Advanced Heuristics which KAV doesnt have yet. I think if they just worked on adding more Defs they could have a top notch AV tht could kill any other AV.

 

In the end, you'll make the decision that's right for you - (most) folks will respect that - however, there are many factors which makes NOD32 stand out ahead of the "rest" in my opinion... not least, they actually publish their definition updates - many AV providers (not all) refuse to do so - or make the information almost impossible to find.

The advanced heuristics means that many variants have zero day protection - something not true of many other solutions.

I don't doubt you have other criteria for determining which is the best choice for you - but everyone needs to worry about their own criteria, not someone else's list of must haves...

regards

Greg

ps - I was trying to find KAV's list of viruses - now I know they're probably busy, but today - 25th June 2005 - their viruslist.com website hadn't had any "news" added to it since 30th May 2005 - my own virus news system gets updated almost daily - and until recently, I was the ONLY person updating it!

 

Hi!

Why you guys are so tense, relax please. Mike has his opinions, no need to flame him. Well, we have sorta fanatic forum here.

 

Hi - and welcome to Wilders. I see no tenseness or flaming going on myself, but in the case that you do spot flaming on this "fanatical" forum of ours do use the little button with an exclamation point in it on the top right of a post in order to report it to all administrators and moderators right away! Flaming is definitely against our TOS.