Any AH comparision between 2.7 and 4?

Discussion in 'ESET NOD32 Antivirus' started by GrammatonCleric, Mar 8, 2009.

Thread Status:
Not open for further replies.
  1. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    With my current troubles with 4.0 I am thinking of going back to 2.7 for the time being, but now my question is:
    What is the detection difference between 2.7 and 4.0?
    The CPU/Resource usage of 4.0 is Huge when compared to 2.7, therefore I am wondering if the detection performance is warranted or can 2.7 suffice?

    Any known comparison tests?
     
  2. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello GrammatonCleric,

    There are no comparison tests. The products are years apart and the detection has been worked on with each newer version to protect customers from the ever changing malware environment.

    Thank you,
    Richard
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    AH in specific is the exact same module in 2.7

    There is nothing wrong with running 2.7, tons of users do it, you are still sufficiently protected.
     
  4. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    So my main question is:
    What has changed in order to allow for better detection?
    If things gets to run in RAM then no matter what hooks you have, you will still see it. The only difference it would be that with extra hooks it might be easier to clean, but even that is a gamble.

    Sidenote:
    AH is still unable to keep up with Antivirus 2009 malware. I have been collecting lots of samples by googling PIFTS.exe and just downloading the crap into my VM box, meanwhile NOD3 V4 sits silently there with AH on.
    But then again in Virustotal only (on average) 3 out of 39 AV's detect it.
     
    Last edited: Mar 10, 2009
  5. Waterfox

    Waterfox Registered Member

    Joined:
    Mar 3, 2008
    Posts:
    118
    Location:
    Sweden

    Well, two days ago NOD32 v.4.0 saved my pc from Antivirus 2009 while my girlfriend was web searching for some songs, everything got deleted and quarantined (20 blocked attacks in total) and all of this was done with default settings.

    Don't know what happened in your case but, to me, this proves that NOD's "real life" protection is really excellent. :thumb:
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Fake av software is really hard for heuristics, because it simply doesn't really do anything. It's like watching a movie on your pc display nonsense then ask you to visit a url.
     
  7. GrammatonCleric

    GrammatonCleric Registered Member

    Joined:
    Jan 8, 2009
    Posts:
    372
    These particular strains were of the:
    Visit a website, Change the website so it looks like "My computer" with fake hard drive icons and red flashing "infection detected" followed by a fake antivirus scan showing very old virus/worm names being detected, followed by a popup stating that "Infection detected, click here to install the full version of Blah Blah Blah", no matter where you click, the site automatically downloads the Antivirus2009.exe file or Defender2009.exe file etc. Inexperienced users freaked out by the recent security breach news would probably install the file thinking that it's real etc.
     
Thread Status:
Not open for further replies.