why no updates?

i've read before that eset only supply updates to signature definitions when there is a need, ie new outbreak, etc. but why on the days when there are no updates released, and so presumably no new threats, dont they work through the back log of FPs or submitted files that nod32 misses that other AVs identify as genuine threats? I know they have them because i submit quite a lot and never seem to see anything done with them - FPs i have are still FPs, files identified as threats are still not flagged by nod.

i'm not saying that they are sitting around doing nothing on the slow days where no new threats are released, but i'd expect to see some sort of update daily, even if it is just clearing through the files that users are submitting to them.

 

Hmmm no daily updates? Well I just installed the trail so I guess that was a waste. I want soemthing that keeps up to date every day. Looks like it`s gonna be Kaspersky or Avast!

 

yeah i read the sticky thread before posting, i should have mentioned that. it just seems odd to me that on days when other AVs are posting several updates in a day, eset doesnt deem any of the threats these AV companies are issuing signatures important enough to do anything about.
I only worry because i decided to do an online scan with KAV and it found 3 files that NOD32 didnt detect (ie block from getting on my pc or find during an on-demand scan). submitting the files to jotti and another online virus scan service proved them to be a mx of trojans and diallers, which the main AVs all identified - the same AVs that update frequently during the day.
Yes, these files have been submitted to Eset and i scan the folder i have stored them in after each NOD32 update to see if they have been included...nothing yet, and yesterday and so far today there has been no updates to the database.

 

Please drop an email to support@eset.com with the content of the email you submitted, along with a link to this thread.

 

hi, the files were submitted using the facility in the Quarantine section, i added some comments about what the other AVs identified the threats as.

suppose i'm just rehashing what has already been said there arent I! thanks for the link

 

i wouldnt be too hasty with this decision. the NOD32 product is excellent (i've been a user for about 4 years) and the Eset way seems to work very well. Just take a look at some of the independent reviews and customer testimonials.

I must admit that i've had moments of doubt when i see no updates for a day, or just a couple of signatures added in the one daily update, but similarly i'd have doubts if i was using a product that relied mainly on massive databases alone, and not the heuristics that NOD32 employs so well.

lee

 

Is not the quantity but the quality. Some days we have more than two updates per day, sometimes once per day. No sense to judge an av with this kind of cretiria.

 

further to above, you can always take a look at the updates page to see what has been included in the updates and when: http://www.nod32.com/scriptless/support/info.htm#CurVersion and there's just been an update today too

 

Ej...Just received an update....

Time Module Event User
13/06/2005 18:05:17 Kernel The virus signature database has been successfully updated to version 1.1137 (20050613).



Feeling Better?

 

Yeah you`re right about the way it works and it does have great reviews. I think I`ll keep it on and see how it works out...I can over look the updates with their good program record.

Thanks for the advice.

 

And a second one today:

NOD32 antivirus system information
Virus signature database version: 1.1138 (20050613)
Dated: Monday, June 13, 2005
Virus signature database build: 5746

http://www.nod32.com/scriptless/sup....htm#CurVersion

 

Nod32 has such great heuristics that a constant 'feel good' download of 'updates' is unnecessary.

Viral threat increases and decreases day by day, if Eset guys detect a threat then they will cover it, but you can bet your life the heuristic engine will have already grabbed the nasty!

 

Please send me a personal message with details I can use to identify your sample.

 

Yes NOD32 has updated twice today for me as well. Im satisfied with the amt of updates that Eset provides.

 

I sedn samples to ESET, but I disagree that heuristic improvement is independent of a good database. Many files that I receive by mail are detected by Kaspersky Labs and are not detected by NOD32.
I send the samples to ESET, but days after the file isn't added to database while toher AV companies added.
Many times I feel myself dull and sad, therefore I strengthen myself to find infected files and to send them to ESET immediately, but great part of the files seems to be ignored. In fact, it's very harmful archives to the user (and no false-positives or benign files), as "Trojan bankers" and "Trojan downloaders". As well as I receive the files, other users receive them later and the data base OR the heuristic will only protects if recognizes the infections, what it not occurring in time with the NOD32.
I see this as very bad thing, therefore the NOD32 could come to be the best antivirus if it invests in database as it invests in the heuristical.
However, while ESET ignores the necessity to unite both things this is improbable. Beyond this, currently a good data base does not mean big update files or a big problem. Kaspersky is a very good example of it.

 

I'm sure you checked that the files Kaspersky found were actually working samples, correct?

 

Yes... If people that use NOD32 execute the files, be infected...

Two samples example (Kaspersky database name):

Trojan-Spy.Win32.Banker.anv (Detection added Dec 16 2005)
Trojan-Spy.Win32.Banker.ark (Detection added Jan 27 2006)

More:

Virus Top Twenty for January 2006:
9. Trojan-Spy.Win32.Banker.anv 0.96


The second set of ratings is interesting, as it gives us a fuller picture of malware distribution. This is in contrast to the standard Top Twenty, which is based on mail traffic data.

The Online Top Twenty this month mostly contains Trojan programs. The majority of these programs are from the Trojan-Spy and Trojan-Downloader class. Feebs and Nyxem, which are mentioned above, but which didn't make it into the mail traffic Top Twenty, are also present.

(http://www.viruslist.com/en/analysis?pubid=178957283)