explored.exe

Quoting spm .....

> While I can appreciate that NOD32 evangelists will stress the VB test results at every opportunity they can (after all, it is of course only human to stress the positives about whatever it is you support),

Hey! Hold the phone a minute!

Don't make the "newbie virus expert" mistake of thinking I praise Virus Bulletin simply because NOD32 is consistently #1 in their tests!

It's not a "new" thing ... I'm on record as rating Virus Bulletin as the world's best and fairest and most credible antivirus testing authority since not long after its birth in July 1989!

I've had a few "political" bitches, public and private, at Virus Bulletin over the years ... but never about their ethics and honesty and integrity, and never about their testing methodology.

My companies distributed ThunderBYTE from 1992 to 2000 and AVP/KAV from 1995 to 2001. Neither program held the world record in VB100 awards, and neither program had a record of detecting 100% of In the Wild viruses in VB100 tests. Through all those years I maintained my unwavering stance on Virus Bulletin ... even though NOD32 was consistently rated higher in detection than both of "my" programs from its very first Virus Bulletin test.

> my point is that there is so much over-reliance on vB test results that is spouted in this forum, to the extent that it gives many people a false sense of security that NOD32 will cure all your A/V needs.

Virus Bulletin is the world's #1 antivirus tester.

Whose tests would you rather rely on ?

> And then, while you also seem to object to my observation that the vB tests are not the be-all-and-end-all, you go on to present the test results in a way that 'demonstrates' NOD32's Apr2002 failure was actually better than other A/Vs results where they passed. It is exactly this kind of manipulation that I take issue with.

Where is the "manipulation" ?

I merely stated the facts!

Unless you consider popping up one false positive a greater "crime" than failing to detect HUNDREDS of live viruses, NOD32's November 2000 (not April 2002) "failure" was better than the others' "win"! (This is one of my bitches at Virus Bulletin. I consider the FP penalty to be borderline ridiculous ... but everyone has to play by the same rules.)

> What most people want is security software that they install and can have sufficient confidence in.

What most uninformed people expect is the hypothetical "detect everything" program I described in an ealier post. Rose colored glasses are available at the door.

> vB tests are but a small fraction of the equation.

When it comes to accurate reporting on virus detection, Virus Bulletin tests are by far the largest fraction of the equasion!

> Usability of the A/V (in this case) software is probably the biggest factor of all: an incorrectly or loosely configured installation is dangerous, and NOD32 IMO fails the test of usability and default installation settings (to be fair KAV 4.5, for instance, is worse in the usability stakes - not so KAV 5.0, though - but its default installation settings are more secure than NOD32's).

OK ... I'll grant you that. I would prefer to see NOD32 set at "maximum everything" by default and advise the user of the slight decrease in scanning speed and the slight increase in the possibility of false positives and let him/her shift down a couple of gears if he/she wanted to.

> Also, the terms 'virus', 'worm', 'trojan' etc., represent arbitrary distinctions that are to the benefit of the vendors alone. Such terms are not understood by the general user, and nor should there be any need for such understanding.

To be fair, shouldn't the wannabe "Professional AV Testers" who include Trojans, backdoors, etc, in their tests of antivirus products test TDS3, Tauscan, etc, against viruses ? Sauce for the goose!

> So to tell people that NOD32's virus detection rate is better than any other A/V (which I do believe) does not tell the whole story -

But it is a fact!

> while its trojan detection levels have improved recently, they still fall far short of some competitors' products.

Sure ... I've never denied this ... but no antivirus program detects the same number of Trojans as the better dedicated antiTrojan programs like (for example) TDS3.

Home users might put up with poorer virus detection in return for better Trojan detection in a single program, but professional IT Security guys and girls want the best protection they can get against all types of malware ... and that means dedicated programs for viruses, Trojans, spyware, spam, etc.

> There are other factors I could also add to this, but I think this all makes my point clear enough. Fine, go ahead and praise NOD32 for its vB test performance, but please don't mislead people by blindly spouting it in every opportunity that presents itself,

I could "spout" the dozens of other awards NOD32 has won over the past six years, but Virus Bulletin's VB100 is the most coveted award in the antivirus world ... the award every antivirus vendor strives to win ... the award every antivirus vendor "spouts" about whenever they do win.

NOD32 has won more VB100s than any other antivirus program in history ... so it's my favorite "spout".

> and in contexts where it is inappropriate (as it was here with Bandicoot's post).

bharath > Can anyone give us a detailed somparision chart in terms of features when compared to Symantec and NOD32.

Bandicoot > Don't know if this will help but you could have a look here.... http://www.virusbulletin.com/vb100/...ducts.xml?table

Mind pointing out where Bandicoot's post was inappropriate ? (I assume you consider virus detection as a "feature" ?)

 

I disagree.

In my opinion there are only three professional antivirus testing organizations worthy of the name. Virus Bulletin is #1 ... ICSA and Checkmark can fight it out for #2 and #3.

As for the amateurs ... Rokop and VirusP are trying hard to clean the crud out of their test sets and improve their methdology, and I wish them both good luck ... it's not easy to attain professional status and credibility in the antivirus world.

 

Should have clarified myself.

I don't disagree with you Rod. I'm saying that as mentioned many times before, VB results need to be looked at carefully--(ie: the VB100 gained while missing viruses; a lone fp causing failure, etc.)

Sometimes the results (and the AV companies) don't tell the whole truth!

 

Standalone, the VB100 awards are misleading ... and their online presentation is something I bitched about right from Day One. They needed to be looked at in conjunction with the actual tests to impart worthwhile information, but the tests were available only to printed magazine subscribers. After four years of bitching, Virus Bulletin finally started posting magazine content online. Here's what I wrote at the time ..............

=====
Virus Bulletin goes public!
( July 2002 )

It's no secret in the antivirus industry that I've regarded Virus Bulletin as "The Antivirus Industry Bible" ... the world's best and fairest independent antivirus software testing authority ... since not long after its birth.

When the first issue appeared in July 1989, "computer virus" headlines were the flavor of the month. I and many other people in the fledgling antivirus industry figured the publishers were entrepeneurs just cashing in on the hype ... opportunists jumping on the virus bandwagon to make a few quick dollars ... and that such a narrowly-focused magazine would be short-lived ... but we were wrong.

Shills and Snake Oilers ran rampant through the early antivirus scene ... in fact, most "tests reports" and "product evaluations" back then were just thinly disguised touts for their own products from antivirus vendors themselves ... but before the end of the year it had become clear to me that, even though joined at the navel to antivirus vendor Sophos, Virus Bulletin was conducting fair and impartial product tests on a wide range of up-to-date viruses. I had what was arguably the world's most comprehensive live virus suite in those days ... certainly more complete than any single antivirus vendor's collection ... but Virus Bulletin wasn't too far behind, and the accuracy of its published reports and evaluations indicated that the magazine was staffed by professionals who knew what they were doing.

Apart from a few staff changes (and one notable addition in 1998 ... the introduction of the bi-monthly VB100 Award) nothing much has changed at Virus Bulletin over the years. Virus Bulletin still charges nothing for testing and evaluation, has never carried any advertising, still maintains a roll-call of contributors and technical advisors from many different antivirus vendors, and still has a comprehensive and up-to-date live virus suite at its fingertips ... and although the publication is still firmly tied to Sophos its editorial staff still enjoys journalistic independence and studiously avoids any hint of favoritism or bias.

In my opinon, Virus Bulletin is, and has been for more than a dozen years, the definitive antivirus software evaluator ... BUT ... over the past four years or so I've taken numerous potshots at the publication ... for two separate, but related, reasons . . . . .

1. In 1998 Virus Bulletin's (then) editor Nick FitzGerald instituted the VB100 Award ... a bi-monthly award given to those antivirus programs which detected 100% ot the viruses in Joe Wells' WildList. The concept was great ... it showed at a glance which antivirus vendors were currently on the ball, and it provided an historical record of who was keeping up with the game ... but I had a problem with the way the VB100 was presented online right from the very start. Although the printed magazine was crammed with facts and figures, Virus Bulletin's website displayed the VB100 Awards with no facts and figures whatsoever. This was highly misleading to anyone who logged in looking for accurate virus detection comparisons because, without the facts and figures behind the award, the detection rate of every VB100 winner appeared identical ... antivirus programs which missed many hundreds of viruses in categories outside the WildList appeared to rank alongside programs which had missed none. I made no secret of the fact that in my opinion the information contained in Virus Bulletin's online VB100 presentation was worse than useless to the average reader.

2. In a letter published in the November 1999 issue, Symantec's Eric Chien proposed that an antivirus program which produced one false positive (ie: tagged a file as virus-infected when it wasn't) should be disqualified from winning the VB100 award, regardless of its detection performance. I didn't really pay much attention to this at the time ... an occasional false positive is trivial when stacked up alongside a heap of missed viruses, and I didn't think Virus Bulletin's technical guys would go along with such a daft proposal ... but I was wrong. The "one false positive equals disqualification" rule was introduced, making the online presentation of the VB100 Award even more misleading than before ... in fact it put a whole new meaning on the word "misleading" ... in November 2000, although NOD32 was the only antivirus program in the world which made a clean sweep of 100% detection of every virus in every category, it was disqualified from winning the VB100 due to a false positive, while Symantec's Norton AntiVirus failed to detect a whopping 299 viruses but still won the VB100.

Now for the Good News!

I don't know whether my four years of sniping finally paid off or if it was an independent corporate decision, but for whatever reason, Virus Bulletin posted electronic versions of its magazine online this month, with archives dating back to the very first issue.

Some of the early articles have been omitted due to Copyright restrictions, but even so, the archives contain a wealth of historical virus and antivirus information which has never been seen online before.

Check it out on http://www.virusbtn.com/magazine/archives/index.xml

You'll only be able to read a few excerpts from current issues ... you'll have to subscribe to the printed magazine for immediate access to the rest of the content ... but each month you'll be able to read last month's issue online, complete with the facts and figures behind the VB100 Award ... and that basically takes care of both my gripes.

Good move, Virus Bulletin!

The best just got better![/i]
=====

Yep ... one particular antivirus vendor trumpets that he has more VB100 awards than any other vendor (NOD32 is the only antivirus vendor in the world who can legitimately make such a claim!) ... but he's quoting the combined VB100 total of two products ... neither of which comes anywhere close to NOD32's 26 x VB100s.

Legal ? Probably.

Snake Oil ? You decide.

 

A Wilders reader reminded me a few minutes ago of something that had slipped my mind ... ie: that I blasted Virus Bulletin over the November 2000 VB100 on my ThunderBYTE and AVP websites in November 2000, saying that I thought it was ridiculously unfair that NOD32 (an opposition antivirus program at the time!) should be failed on a single false positive while being the only product with genuine 100% virus detection in the test.

I guess you could say I "manipulate" the facts surrounding that failure to my own advantage now that I'm a NOD32 distributor ... why shouldn't I ? ... but my bitch in November 2000 was about the rule itself ... not about NOD32 being disqualified.

It would probably be in my best interests (as a NOD32 distributor) to shut up about it, because NOD32 has been disqualified only once for producing a false positive in six years of Virus Bulletin testing, while some other "big name" antivirus programs are repeatedly disqualified under the same rule ... but as an AVer I thought Eric Chien's "false positive" proposal was daft when he made it, and I still do.

 

Rodzilla:

First ...

This kind of tactic is un-called for, and I suggest that you stop attempting to discredit me just because my views don't agree with yours. There is a lot in your posts that I could use to discredit you, but my desire to discuss issues on a respectful level prevent me from doing this.

... and overall ...

OK, OK, there's obviously no point in pursuing this with you. Your latest posts in this thread serve only to confirm my points more clearly than I ever could. While you prefer to see the vB tests as so crucial and overriding, I prefer to put them into what I see as the proper context, and it is this considered view that I will continue to take when advising our many clients in their network and desktop security needs.

 

> This kind of tactic is un-called for, and I suggest that you stop attempting to discredit me just because my views don't agree with yours.

Awwwww .... gee ... I thought my command of the English language was much better than that.

Newbie/wannabe "virus experts" (and shills from antivirus companies whose products rate poorly in VB100 tests) invariably wail "Rod only likes Virus Bulletin because NOD32 is its star performer!" I didn't attempt to discredit you at all ... I was simply warning you not to make the same mistake.

> There is a lot in your posts that I could use to discredit you,

If you've got it, use it!

> but my desire to discuss issues on a respectful level prevent me from doing this.

Where have I been "disrespectful" towards you ?

> OK, OK, there's obviously no point in pursuing this with you. Your latest posts in this thread serve only to confirm my points more clearly than I ever could.

Don't wimp out now! If you have valid rebuttals, post them!

> While you prefer to see the vB tests as so crucial and overriding, I prefer to put them into what I see as the proper context, and it is this considered view that I will continue to take when advising our many clients in their network and desktop security needs.

The vast majority of professional IT Security guys and girls regard Virus Bulletin as the #1 antivirus product tester in the world. Mega-corporations and governments annually spend many thousands of dollars on airfares and accommodation sending their representatives to attend Virus Bulletin's conferences ... and they've been spending those dollars for going on fifteen years. Have they all been sucked in by hype and snake oil ? If you believe so then what, in your considered view, is Virus Bulletin's "proper context" ?

 

Well, you live and learn.

You obviously don't read or understand my words. I will not enter into a slanging match with you - go back and read my words. Then try to understand, if you are willing and able.

Err ... read my words (there seems to be a pattern, here, doesn't there?).

Oh for goodness' sake, READ.

So what?? I do, too. But I don't have the vested interest in NOD32 sales that you obviously do. I am independent of NOD32 (or any competing product), and I understand the practical issues that face real users on a day to day basis. When I assist clients, I consider their skills, their needs, their expectations, and the time they have available to do battle with A/V products, and many other factors. Sure, I could blindly and loudly pound them with endless statistics about vB tests (or any other tests) and, sure, I could defend NOD32's (or some other product's) failures in the tests. The only result of that would be loss of credibility.

I prefer to give our clients the solutions that best fit them - is it such an alien concept to you that telling someone to buy and install NOD32 ('cos it passes most the vB tests) will actually end up giving them less protection against viruses (and other nasties) than some competing products will give? I can assure you this is the case, because for a lot of users NOD32 fails in comparison with some other A/Vs in terms of coverage and usability. These are *essential* factors in the overall equation, and in many cases far outweigh the results of some testing authorities.

Now, what 'context' is it you are asking about ...?

Clearly, no amount of reasoned arguments will convince you of wider considerations. I'm not surprised, given your commercial interests. Let us agree to disagree. Others can make up their own minds - hopefully this thread will serve to educate people more.

 

See that’s funny. NOD32 gave me everything I ever wanted and maybe even more. It was ( still is)able to protect my machines with no problems. Maybe I should knock on the wood...

Sure KAV has better Trojan capabilities (no doubt) but NOD32 is way ahead when it comes to new viruses. When it comes to clients, you are right. You need to know their needs.
Are they looking for?
1. Better Trojan Protection or
2. Better virus detection before outbreaks.

I’d personally go with the second option, which could save them a load of $$$. But thats just me...


tECHNODROME

 

I had explored.exe appear on my system, AMON pounced on it and cleaned it by giving me the option to delete. The only way I can see how this got through and on to my system was by opening Outlook Express to view my Hotmail account (I only have webmail), as the file (explored.exe) downloaded itself to where I last downloaded a file to while using Outlook Express.

Nod was up-to-date and handled it just as expected.

SPM, I set my clients up with Nod32 - fully tweaked to the max; deep heuristic's, auto update of "Program Components" (because I've had clients say "No", as they did not understand what they were being asked), scan all files etc, etc.

Zone Alarm
Spyware Guard
Spyware Blaster
Spybot Search and Destroy

And with all of the above installed, give them instructions on their use and what is required of the client, as in what they have to do to maintain protection... It is at a stage now where driving down the country road is no longer the case, and no longer an excuse, reality is they (the client) are now in the city on a major multi-lane highway, and need to proceed with caution and be proactive, not reactive, as it costs more "after the fact"...

Cheers

 

> I will not enter into a slanging match with you

Kinda touchy, aren't you ?

I haven't even come close to "slanging"!!!

You stated "There is a lot in your posts that I could use to discredit you". I'm challenging you to use it ... because I don't think there is anything in my posts that you can use to discredit me!

> is it such an alien concept to you that telling someone to buy and install NOD32 ('cos it passes most the vB tests) will actually end up giving them less protection against viruses (and other nasties) than some competing products will give?

Given your vast understanding of the practical issues that face real users on a day to day basis, what competing product do you consider will give them more protection against viruses than NOD32 ?

(Keep in mind that this whole thread is now about the accuracy and real world relevance of Virus Bulletin's tests ... and to date Virus Bulletin has tested products only against viruses.)

> I could defend NOD32's (or some other product's) failures in the tests. The only result of that would be loss of credibility.

I must be missing something here. How would showing the fact that NOD32 detected 100% of the viruses in every category used in the November 2000 VB100 test but was disqualified because of a false positive result in you losing credibility ? That "failure" should be explained and defended ... and I explained and defended it long before I became involved with NOD32.

> Clearly, no amount of reasoned arguments will convince you of wider considerations.

I have yet to see a "reasoned argument" from you when talking about virus detection. Throwing red herrings like "other nasties" into the pot isn't "reasoned argument" ... it's going off on a tangent ... but, playing your game, again given your vast understanding of the practical issues that face real users on a day to day basis, what competing product do you consider will give them more protection against viruses and Trojans than a combination of NOD32 and (say) TDS3 ?

You just don't see the whole picture, do you ? Your "I'm not surprised, given your commercial interests" statement drops you neatly in the middle of the "Rod only praises Virus Bulletin because NOD32 is its star performer" crowd ... but history shows that I was praising Virus Bulletin for twelve years before I became involved with NOD32 ... and if I was distributing PoopScan instead of NOD32 then I would still be praising Virus Bulletin. I've always rated Virus Bulletin's tests on their merit, not on who wins or loses!

If you can carry on a "reasoned argument" with facts to back it up then I'm all ears ... but if you continue being obtuse and over-sensitive and supercilious and keep trying to impress me with your limitless knowledge of the antivirus world then color me gone!

 

BTW could some kind person tell me what the "AH" is all about and what, if anything, I should be doing about it?

 

Ah the thrashing of a man 'dead in the water'. Reducing your case to a string of insults and attempts to discredit serves only to expose you for not posessing logical or valid arguments. I find it disappointing that a person who claims to be quite the expert that you do is unable to maintain a professional attitude and to be gracious when faced with others who dare to stand up to your narrow perceptions.

Do you have the mental capacity to appreciate that such a statement, taken in its entirely, might go some way to explain why the tests might not be as relevant as *you* claim for the real world?

You don't say...

Do you mean PoopScan or Poop?

 

There is another alternative to 2., which is better than NOD32 or any other A/V product: common sense.

If you never open an e-mail attachment from an unknown source or which you cannot otherwise be sure of, NOD32's heuristics become largely irrelevant. Indeed, by practising a sufficient level of common sense, it can be argued that the internet can be used safely without the need for an A/V at all (not that I'd recommend this for the less skilled or experienced or nervous users ).

The same argument does not apply to some other types of security software (such as firewalls, or anti-spyware apps for users of IE in particular).

 

AH is "Advanced Heuristics". This is a feature of NOD32 that adds an additional level of virus detection over and above its other capabilities. It is available for use in IMON (and EMON, I believe), but is not in AMON and it is only available for use by the command-line scanner (used, for instance, via Explorer's right-click context menu) via an undocumented switch.

Paoulo Monti's shell extension for NOD32 goes some way to making it available via Explorer's right-click context menu.

In any case, you already have a much more powerful tool than NOD32's AH: your own common sense. Simply do not open an e-mail attachment (or file from another source) received from a source you don't trust sufficiently. Also, if you are running Outlook 2002 or earlier, do not use Outlook's HTML preview facility - use plain text previews only. This restriction is not necessary for Outlook 2003.

 

Agreed. But this could apply to 1 as well. Common sense is very powerful tool. No doubt. But try to apply "common sense" to companies with hundreds of employees.


tECHNODROME

 

> Ah the thrashing of a man 'dead in the water'. Reducing your case to a string of insults and attempts to discredit serves only to expose you for not posessing logical or valid arguments.

Where are the "insults" ?

Where are the "attempts to discredit" ?

Where do you get all this childish claptrap ?

> I find it disappointing that a person who claims to be quite the expert that you do is unable to maintain a professional attitude and to be gracious when faced with others who dare to stand up to your narrow perceptions.

Grow up, Dimbulb!

[EOT]

 

Oh dear, oh dear, oh dear. I couldn't have been more right, could I?

 

I switched from KAV to NOD32 several years ago. NOD's IMON, with the default settings, has caught several infected emails on mine before the definitions were out.

Had I been using some of the other AV's, including KAV, they would not have been detected at the time. Because of that I prefer NOD over KAV and some of the others.

While KAV makes a good attempt at covering everything I still prefer the layered approach like Ad-aware, etc..

This is just my personal experence with NOD over the last 3 years, YMMV.

 

I see no insults nor attempts to discredit you nor lack of grace in any of "rodzilla's" exchanges with you, but I see plenty of ungracious personal swipes at HIM from YOU.

I do see some SARCASM from "rodzilla", but you brought that on yourself with your obnoxious attitude.

~snip~ some personal comments removed - Let's try to lower the heat a little, okay? No need to fire things up even further. - LowWaterMark

 

Dear Glenncc,

I fixed my comuter from explored.exe with you suggestion.

Thank you

Gangadhar