NOD32 vs the rest...

I have been always using Norotn for anti-virus and trojan (not the best for trojans) for the past five years. I'm not going to say, "never" had a virus/trojan in my pc, yet I can say that my pc hasn't acted in a way that would hint virus/trojan is in it.

Lately I've been researching and making my own coclusions about this subject and what's best for my pc. Currently I'm evaluating TDS-3 (a week now), have not caught anything. However, reading ur technical background about the program seemed to me the most logical way to go and no one else has matched it yet. As for the NOD32, i haven't dld to evaluate yet.

I would like the experts to please explain or provide links to the difference (technically speaking please) between NOD32 & the rest of the Anti-Virus Programs.

Please note that one main reason I haven't experienced the virus/trojan/hijack/hack on my pc is simply because i research before installing anything and keep my pc to above standards where I have protocols to implement in cases as such. For that reason (one of several), which many pc users these days don't do, is why a virus/trojan etc... spreads quickly and sometimes stays in ppl pc w/o fixing.

 

Hi,
In my opinion NOD32 have the following good things and bad things:
Good:
- The Advance Heuristic engine provides more P2P detection than others AV including dr.web, i check it, also the AH detect many unknown worms. (Mimail.C and many others ITW viruses)
- NOD is very low in CPU usage, the more low usage in the market today.
- IMON (A part of NOD32) scan ftp, http, etc in a winsock level.
- The NOD32 scanner is very quickly scanning. (KAV scan my 30 gb disk in aprox 1 hour 30 min and NOD only in 45 min)

The bad:
- The "bases" aren't the best, for example it detect the 100 % of ITW viruses, however other viruses that are important and less difunded, many times NOD don't detect it and for example KAV detect those.
- NOD32 scanner scan in few autoexecutable files.

Best regards,

 

For me I found www.virusbtn.com after being infected with a virus while having AVG fully up-to-date, and 5 friends with AVG being infected over the following 5 months.

We then started testing Nod32 and found it to be fanbloodytastic, when used on several gaming machines there was no need to turn it off, whereas both McAfee and Norton you had to.

AMON (the resident scanner) picked up a new In The Wild virus on one of our PC's, approximately 2 days before it was written into the Nod virus signature, and a further day before it became available in Norton, we were bloody impressed!!!

We have now placed Nod on almost 400 PC's in less than 18months, and have not found a single infection, the only exception being a customer that was on the internet for 2 minutes at a time, and Nod had not updated for 4 months (we advise EVERY customer to FORCE Nod to update BEFORE they open their Email client, as an extra step of precaution, and had this customer followed our advice, he too would not have been infected). We updated this PC, ran Nod, and cleaned out the infection.

We constantly have PC's brought into the shop with Norton, McAfee, AVG etc fully up-to-date and yet infected. This is a significant part of our business. We disinfect, update Windows, sell Nod32, install Spybot Search and Destroy and install ZoneAlarm on the customers infected PC, and then advise them how to use and maintain their security.

We advise ALL our clients to have and know how to use the following:

Update Windows
Nod32 Anti-virus
ZoneAlarm Firewall
Spybot Search and Destroy
Spyware Guard (currently under evaluation after a web-browser hijacking by Messenger Plus - update - last week)

I wish you all the best with your choices...

Cheers

 

First of all, consider that many of the responses you get on this forum will be from sales people (resellers of NOD32). The previous response from Blackspear is an example. Blackspear sometimes mentions "selling" the product in one way or another in posts (not as a disclaimer, but more in passing). However, many of the others do not mention that they sell the product. If this was an ESET website, it would be expected; here, I believe, many people don't understand that the "advice" or "opinion" they receive comes from sales people. Not what you generally expect from a forum. That is one caveat.

Another problem is that despite interface options not necessarily doing what you would expect them to do (file exclusions still not working properly), despite not being able to kill viruses while still in archives (archive must be unpacked for action to take place), despite a major issue with Win98 users having constant crashes in Kernel32 while running NOD32 v2, etc. etc., and despite NOD32 users having pointed these things out since the program was released, none have been adequately addressed. Unless of course you consider that adequate is "Jan" and others constantly saying, in effect, that they'll get to it, but they are busy now or that the issues are simply not important. Thanking us for our patience a couple of times over the same issues is acceptable; after that it's insulting, condescending, and patronizing. See these threads as a couple (out of many) that illustrate and support my statement:

http://www.wilderssecurity.com/showthread.php?t=10337

The thread above was started in mid-June 2003, and if rife with excuses, it-doesn't-matters, and thank-you-for-your-patiences. It runs five pages long. On a related note see thread below:

http://www.wilderssecurity.com/showthread.php?t=15767

Or try this one:

http://www.wilderssecurity.com/showthread.php?t=15118

All the above are current issues (responses/comments added within the last couple of days); more exist. Dig deeper and you'll get even more.

On a positive note: yes, NOD32 is low on CPU and memory usage.
The question remains: is low resource usage the only thing that is important? Maybe responding with fixes to legitimate issues is equally important. Answers like "it doesn't matter" or "we're busy, we'll get to it even though it's been months and months" probably doesn't cut it in the world outside cult software.

 

--------------------------------------

If I understand correctly, the heuristics are what is supposed to be so advanced about NOD32...........so even though the definitions were not up to date, I would have thought the heuristics would have caught it..........why not

 

EDIT: Removing this post from this thread.

 

This may be a little of topic but it seems to be the best place at the moment to ask my question.
sir_carew says Nod32 scans his system in 45 minutes. I often wonder
am I missing something as I can scan in something like 5 mins.30 sec.

I am not disputing sir_carew's post, it's my own I wonder about.
Is there anyone else who can get a scan in my time.
I like to think I am getting the best from my Nod32.

 

My guess is he used the Advanced Heuristics scanning......it would definitely take a while longer to run........

 

Yes I am a reseller, as I stated "We have now placed Nod on almost 400 PC's in less than 18months".

How exactly would I benefit from an unknown person somewhere in the world wanting info about Nod Makes NO sense to me... All I can advise is my own shops experiences in "The Real World", what ACTUALLY walks through my shop door.

The product has gone through a major design upgrade, so any normal human being would expect there to be teething problems, as well as impatient people irritated by those teething problems. This is just part of life. The product works for my clients, that's all that matters, that's all that I care about, I do not want second best.

No, the virus definitions were up to date, AMON picked up a UNKNOWN virus - probably ....... (can't remember what it was now - a few months ago), we were all just damn impressed New virus detection patterns were written for the new ITW virus 2 days later.

Anyway, as pointed out, all are just my experience's with 100's of customers...

Cheers

 

It may just be that you do not have ticked "Scan ALL files (including extensionless files)", Runtime Packers and Archives", these will add time to scanning

Cheers

 

Tech support from Rod in Australia is fantastic, and the same from within this website, that being said, I sent an email to tech support a few months ago and are yet to have a response, think they are probably a little overwhelmed with the new version being released

Cheers

 

For ManofPeace and GuruGuy, I'll try to bring this back on topic eventually (if anyone is really concerned about that) after a couple of opening segue statements:

You cannot compare your system scan time using NOD32 to someone else's if you don't know the number of files scanned or type of files scanned (archives take longer). If you have made sure all scan options are set (advanced heuristcs, scanning archives, all file types scanned (not set by default - you have to set this), etc., then a 5 minute scan simply means you have very few files to scan compared to the other person you mentioned. Here are some examples that I have:

NOD32 v2 takes 17 minutes 38 seconds to scan 104,631 files on drives c, d, e, f, g, & i on my machine; it takes 1 hour, 34 minutes, 50 seconds to scan 388,557 files on drive H on the same machine. The number of files is key, so unless you know settings AND number of files/types, a comparison can't be made.

Here's where we bring the discussion back to NOD vs other AV software:

Note on Drive H that the number of files NOD scanned was 388K. Kaspersky and NAV scan many thousands more files on the same drive (NAV over 450K and Kaspersky scans 527439!). This would account, in part, for the slower scan times that these AVs post - both scan more archives and filetypes and have more definitions in their database. Kaspersky scans all kinds of archives plus it scans for other malware not considered strictly viruses that NOD does not scan for...to make up for this, the recommendation when using NOD32 is to add a Trojan scanner such as TDS-3 to help with these detections. If you have used TDS-3, as I do, you know how slow full system scans can be as it thoroughly searches for trojans.

Also, while several posts from moderators/resellers claim that Outlook *.pst files cannot be scanned because "Microsoft has not released information on it's structure", Kaspersky does indeed scan inside these files:

NOD32 scan of 350MB *.pst file - 1 second scan time, 1 file scanned (meaning no emails were really scanned)

Kaspersky scan of same 350MB *.pst file - 30 minute scan time and it listed each individual email inside the *.pst.

So, once again you can see some differences in ability of scanners and also see another instance of moderators in this forum making excuses as to why NOD32 can't do certain things (scan *.pst files, etc.) when forum users question why NOD32 can't do what it would be expected to do given the options in the setup dialogues.

 

Said by Blackspear:
"No, the virus definitions were up to date, AMON picked up a UNKNOWN virus - probably ....... (can't remember what it was now - a few months ago), we were all just damn impressed New virus detection patterns were written for the new ITW virus 2 days later."

Sorry, but here :

"and have not found a single infection, the only exception being a customer that was on the internet for 2 minutes at a time, and Nod had not updated for 4 months (we advise EVERY customer to FORCE Nod to update BEFORE they open their Email client, as an extra step of precaution, and had this customer followed our advice, he too would not have been infected). We updated this PC, ran Nod, and cleaned out the infection."

you said that they were NOT up to date and this person was infected......thus my question about the heuristics...........even though the definitions were not up to date, why didn't the heuristics catch this "bug" before it infected the pc?

 

Blackspear tried to pull one over with this:

You can't figure out how defending/promoting a product on a forum available worldwide, including your selling area, benefits you? Well, the rest of us can. And I think the rest of us know you've really got it figured out, too, despite your lame attempt to feign ignorance.

Blackspear joins her confederates in making excuses:

Any normal human having paid for the software will not put up with excuses about "new design" and "teething" problems. That is part of life, sometimes, but an unacceptable part of life. Making excuses like that is also unacceptable.

You have now proven beyond a doubt that your opinion is strictly of the "used-car-salesman selling-a-car" variety. Thanks for clarifying that for the rest of us normal humans.

 

Hi NewNOD,

I'm under the impression that this is "Official Eset NOD32 Antivirus Forum".

The links you provide are many pages of threads; I scanned all of them and did find a lot of "thank-you-for-your-patiences", mostly directed at radicalb21, but I could not find anything that that was "insulting, condescending, and patronizing". Nor could I find any posts in those threads that implied hurt or incensed feelings. Alleging an insulting, condescending, or patronizing attitude is pretty serious, so as a NOD32 user I'd appreciate it if you could be more specific than an invitation to fish through 7 or 8 pages of threads.

The person that started this thread asked "the experts to please explain or provide links to the difference (technically speaking please) between NOD32 & the rest of the Anti-Virus Programs." As a newbie hobbyist, the request is something I'm interested in too, but I don't think that the majority of your post addressed this request in the manner it was intended. In comparison, sir_carew's post was right on the money; it seems like he succinctly captured (to my knowledge) the current state of 'technical' pros and cons to using NOD32.

You do make some valid points:
>file exclusions not working properly since V2 released
>not being able to kill viruses while still in archives
>an issue with crashing Win98 Kernel32
>timeliness of bug fixes

Your case would be more compelling if you highlighted these technical points dispassionately instead of glossing over them to concentrate on intangibles like attitudes and self-interests.

Just my two cents, offered cordially.

Regards,
Optigrab

 

optigrab cordially wrote (despite his name's reference to "The Jerk"):

Using the term "Official" in the name of a website where I come from does not automatically constitute official sanctioning. If you are slightly familiar with the world of www, you'd know that many celebrity fan sites, for instance, may call themselves the "Official Joe Bob Site" but Joe Bob will disclaim any dealings or connection with said site. The only way this would be an official "Official" website that everyone would understand was connected to Eset and its partners would be for its pages to be part of the www.eset.com (if it existed), or part of the www.nod32.com domain. As far as I can tell, there is not even a link to this site from the Eset site, so how "official" is one supposed to believe this is? I prefer an independent forum (as I thought this site might be due to it's lack of connection to Eset's domain). It's only after hanging out here for a while that one gets the impression that this forum is possibly: 1) Eset's only support system (disguised as a forum); and 2) that many of the "moderators" and participants are actually resellers of the product. Kind of cheesy, really.

Secondly, you quoted me as saying that "after that it's insulting, condescending, and patronizing." Then you acknowledge that the thread links I provided included what I said they would include, but that you didn't find it "insulting, condescending, and patronizing." Problem with all that is you misunderstood my statement and perpetuated that misunderstanding by leaving out the first part of the sentence from which the quote was taken. Here is the entire quote:

"Thanking us for our patience a couple of times over the same issues is acceptable; after that it's insulting, condescending, and patronizing."

What I meant was someone can thank another for patience a couple of times in sincerity or as a stalling tactic, but after a couple of times (remember a lot of these issues have been on the table for six months), thanking someone for patience rather than answering the problem becomes as I said, insulting, condescending, and patronizing. If you went to a car shop to pick up your car (when your car was supposed to be ready) after having repairs made and all you got for the next six months was "thank you for your patience, but we're busy. we'll get to it soon" (regardless of how politely it was said), you would find that the person was insulting your intelligence, condescending and patronizing. You'd probably do something about it, too.

As far as the question of whether I provided an answer to the original poster: yes, I did. The posts I made provide much information and insight because they warn the person: to read carefully all the material; to not take at face value the stock answers; to understand by reading through the threads, without taking my word for it, that many issues exist with this software; and that support for getting them fixed is slow to non-existant. That is much more valuable than:

NAV is slow
Kaspersky is slow
Advanced Heuristics is great

The original poster seemed to seriously want to know about differences, and I'm pointing out that the differences noted in the usual answers posted will not give him a full understanding of whether he wants to use this software. He will have to look through a lot of other posts to build up an opinion...it is not a simple matter of listing things, especially if there is a concern that those answering have ulterior motives for praising NOD32. The ulterior motives are harder to disguise over a length of time and through many different posts, and thus my suggestion to read through them to fully understand.

I also provided him with useful specifics regarding the abilities of the scanner and compared that to the results I got with NAV and Kaspersky.

What did you provide other than a critique of me?

 

Clearly, I offered:
>support of the points made in sir_carew's post
>support of several points in your post

..and further noted that my participation in this thread was closer the role of the thread's originator (someone trying to gain addition technical insight) rather than as an expert on the merits of the above technical points.

Thank you for taking the time to explain your position on the issues in my post.

Cordially, as before,
Optigrab

p.s. As a fan of The Jerk, I'd expect you understand that the reference is self-deprecating, both here and in the movie. Hopefully the moniker is never an indication of the tone of my remarks.

 

As cordial as ever (no sarcasm intended), OptiGrab wrote:

Just wanted to let you know in a semi-funny (maybe not?) way that
I caught the reference. Your cordial ("non-jerky" tone) does not escape me.

 

Ok here is mine (I swear I should create an account here but am too lazy).
Nod32 support sometimes is slow even when virii is send to them. 85% of the time they update it within a week or couple of days when the new code is sent but 15% of the time they never do. I had many cases when after I've send a virii or a trojan, I've waited two weeks, scanned the files I've send with Norton, Bitdefender, KAV and got detections (yes I've send the files to them too thus they added the files within a week). Then I scan them with NOd32 and still no detection (Except on occasions when I scan with /ah then I get the generic newHEUR code). So I resend the code to Nod32 asking them What's up with that...it's only then that they add it. AT which point I come to the conclusion that some of the mails NOD gets are deleted (probably by mistake but still).
Nod32 still can't scan IMAP files, even after I fetch the file to my computer...well of course when I open the file it might get detected by AMON but I want the /AH capability of IMON and not AMON to scan it...since what if the stuff I am openning is a worm? and AMON doesn't have the defs and regular Heuritics are not strong enough to catch it?
So if you are using IMAP as your mail client then get an additional mail scanner (I use Norton 2k4) in addition to Nod32. (Nod32 is my real time scanner due to it's lower resources but Norton 2k4 is my backup scanner).

Try Nod32 for the 30 days and test a few files BUT as with all AV/AT programs DON'T FULLY TRUST IT. Since your AV/AT is as good as the definitions, some companies get their detection sooner others later. The only good defense is haveing one real time scanner and a few different backup scanners...but that requires $$$. Thus if you want high performance then you can use NOD32 due to it's low impact on resources but DON'T TRUST the fact that you might be virii free. As a backup visit a free Net scanner and scan yourself every few weeks. Ex.
www.Bitdefender.com www.pandasoftware.com www.antivirus.com www.symantec.com

Cheers,

 

Our PC's were fully up to date, and hueristic's picked up the new virus that wasn't written into the virus definitions as an "Unknown virus, probably...."

My customers PC was 4 months out of date, and became infected (mildly), with an update to Nod and the latest definitions the virus was deleted.

All I'm telling you is experiences...

Cheers

 

[quote author......However, many of the others do not mention that they sell the product. If this was an ESET website, it would be expected; here, I believe, many people don't understand that the "advice" or "opinion" they receive comes from sales people. Not what you generally expect from a forum. That is one caveat.

......despite a major issue with Win98 users having constant crashes in Kernel32 while running NOD32 v2, etc. etc., and despite NOD32 users having pointed these things out since the program was released, none have been adequately addressed. I am not a reseller.
My first AV was_____ then I went to Norton which I dumped and happily for for NOD32. I am a home user not a reseller who will pay more for the better product when more is not that much considering what is at stake.

I use Win98.
Initially, I had to uninstall and install Nod32 V2 when it first came out. Consider, in comparison, the issues I had with Norton and 1 re install for NOD is not big deal.

NOD32 is the best AV. No infections. My email gets as many worm variants as there are out there and Nod32 has caught every single one every time.

Support issues will always exist for yahoos like me. This forum and the people/experts/professionals who post in it can help people like me in their time of need. The kind souls who take their persoanl time to help people like me are exceptionally knowledgable about Nod32 and if they are resellers more power to them in selling the best product. Seems like selling the best product makes them smarter then the folks selling the number 2 and 3 AV's.

Folks like Jan help tons of people all the time and I wish they would get a commish from esset for every post they answer as they deserve it. Who needs to contact Esset when a forum like this exists? I did not install the V2 beta until it V2 was released to the public.

A quick story about Esset and support. I am not very computer literate but can click a mouse which makes me dangerous. I live in Los Angeles and noted on my NOD32 invoice a San Diego phone number for Esset.

Not being the shy type when I had a brain fart in making Nod32 V1 work with Netscape email I called the San Diego Esset phone number looking for help. It was after 4:00 PM on a Friday afternoon and I figured to get voice mail. Nope. Got a VP for Esset who was all ears and who went beyond what I expected in his effort to help me. A heckofa nice guy.

It ends up that Mickey the Man helped me configure my Netscape email. Mickey is another kind soul who helps many clueless folks like me. Mickey responded to my query I posted that Friday night in a (different) Nod32 forum and before this forum existed. Mickey responded to me on Saturday and by that night I was good to go. Very cool of him. Esset support was all over me the Monday morning that followed and as a result of my Friday afternoon phone call but by then my issue was moot.

This forum is the best place on the web to get info about Nod32 apart from having a phone numeber for the Esset home office in Europe. Will every issue get resolved every time but then again that expectation is unreasonable in my humble opinion since there are issues more likely that are in the user bucket of issues and not program issues.

I have found that 99% of all web based email mail support does not meet my needs. I rely on the old fashioned method of a phone call not email.

In my effort to be honest about Nod32 V2 performance and or issues since my initial install-uninstall-install here goes. Negative issues or performance problems. None, zip and or zero. Good issues are no infections, tons of nasties in quarantine and or deleted.

Sorry, I forgot one thing others have mentioned in this forum in reagrds to Win98 OS. After I boot to desktop and on the initial NOD scan and also when Nod is doing the auto update my mouse will bounce around a little for 20 -30 seconds at which time I scratch my... head and or pet my dogs and give them a snack. My dogs like the fact my mouse bounces now and again and they look forward to it for sure. (I have Nod set for auto update every hour and at boot completion as I am paranoid.) Then again my mouse is at least 4 years old too so.....

I have received no form of compensation from Esset for the postive remarks about their program. It is now time for me to give my dogs a snack.
regards,
zappa, augie and buddy

 

Actually NO it does NOT benefit me in any manner or form, this person just wanted info, I gave him my personal and business experience.

If you look at my gender symbol you will see I'm of the male species Same with what my profile reads

I'm not making excuses for anyone, just saying with a major design upgrade, teething problems are expected. So get over it.

You seem to have a real problem with Nod, so why are you still here I offered an opinion of what I personally have experienced and what 100's of clients walking through my door have experienced.

I used to sell an AV that was fairly good here in Australia, tech support though, even for dealers was abismil, they went through a major design upgrade, then made an update over a long weekend and managed to crash EVERY single PC that I had sold with XP on it, they didn't do this once, but at least 3 times over the coming months. In the first instance I put it down to teething problems, the second and third instance was just incompetance. I stopped selling the product and started trialling AVG, when I got infected, it just pissed me off, at which point I went looking for testing sites and found www.virusbtn.com We have used McAfee and Norton and were not impressed. We then started trialling Nod and ended up selling the product many months later. Our clients just want their PC's to work and be protected.

Cheers

 

Well said Zappa. Like I said, support from Rod here in Australia is fantastic, and the guys on this site that take time out of ther own lives to help people like you and me, my hat off to them

Email support does have to be improved, even an auto-responder to advise that the email is being looked at and someone will reply shortly, would be a start...

Cheers

 

Eset support has always been exceptional when I was an NOD32 user. Rod, Jan and others always provided excellent support. c

 

NOD32 has a hueristic scanner that does NOT depend on the definition database! It does quite well without it but the definition database is an enhancement to it.