Confusion About the Need to Run Nod32 with Another AV Product

Discussion in 'NOD32 version 2 Forum' started by Taz, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. Taz

    Taz Registered Member

    Joined:
    Feb 11, 2005
    Posts:
    16
    I have done some searching and a ton of reading here on the forum, but I’m still a bit confused on what’s the best way to protect my systems while using Nod32. I’m looking to finally break free from “Symantec Bloat’ and like the idea of Nod32’s small use of resources.

    While I’m not sure I understand all of what Nod32 is about, my research has told me that if properly implemented Nod32 offers some of the best protection that’s available. However, it’s the “properly implemented” qualifier that’s got me stumped right now.

    The “Extra Settings” post by Blackspear looks like a great guide for setting up Nod32, and I’m sure that will be of great help if and when I decide to install it. However, I’m confused by several posts from folks indicating that they run Nod32 as their resident monitor, and then use something else (e.g., Kaspersky) as their on demand AV utility.

    What I’m wondering is…isn’t Nod32 enough? Why do others find the need for a second product? Please understand…I don’t mean my question to be argumentative or to challenge Nod32’s effectiveness in any way. I suppose my question really goes to the purpose or, perhaps, the philosophy of what Nod32 is about.

    In other words, can I look to Nod32 as my all-around AV protection, or do I need to run it with something else for it to be fully effective? Is Nod32’s on demand scanning really that weak?

    I know the answer most will give is that not every package can catch everything. However I was hoping that I could get away with running just one product and still be reasonably protected. I’m a photographer with a modicum of computer tech knowledge, but my assistant (with whom I’m networked) is the total artiste type who hasn’t a clue about technical details. It would be painful enough to train her to properly use one AV package let alone two.

    Thanks,

    -Taz
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    Taz

    Welcome!

    You will get a hundred different opinions on this question.

    As for me personally, NOD is all I need. That said, I keep another program around to deal with my neurosis. :D I always like a second opinion.

    NOD continues to get better and better dealing with trojans, spyware, and viruses. They shouldn't even make it to your hard drive. Thus, no cleanup.

    I don't use the command line settings myself.
     
  3. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    NOD32 is sufficient in my opinion, spending money on two antivir is a bit overkill. If you have a habit of surfin on dubious warez or porn sites or you click on every attachment in emails (tho NOD32 would most likely stop the viruses in attachments), you might wanna be a bit paranoid and use multiple firewalls and antivir.
    But for an average user NOD32 is enough imho. The important thing isn´t how many antivirus products you got - important is that you have any and updated. And NOD32 does it´s job good. Once it´s configured it´s all set and forget, you´ll forget about it until the day comes it finds something. That´s my experience after using it for two and a half years (ah..well was a little problem a couple of days when SP2 for win xp came)
     
  4. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    We also only run ONE anti-virus solution - NOD32 is it.

    On the spyware/malware/adware front, have a LOT of tools we call upon, but as NOD32 gets more and more adept at spotting these, I'm feeling more and more at home with NOD32 and I haven't found anything apart from dodgy cookies on a single machine in weeks!

    hth

    GHL
     
  5. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    Like mentioned I think it has a lot to do with your surfing habits. If you are not a high risk user than NOD should be fine, if you are then you may want to look into something like KAV for on demand scanning. I personally think that an anti Trojan alongside NOD would be better than KAV as a backup scanner.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Agreed, or you could use Process Guard 3 which stops a Trojans .dll injection full stop.

    As stated above several times it depends on your surfing habits and your security setup, for the average person yes Nod32 as a sole AV amongst a layered defence is all they will ever need.

    You may want to take a look HERE. As well there are discussions HERE and even more HERE.

    Hope this helps...

    Cheers :D
     
    Last edited: Feb 13, 2005
  7. Taz

    Taz Registered Member

    Joined:
    Feb 11, 2005
    Posts:
    16
    My thanks to all who've responded. I must say I'm encouraged by the enthusiasm displayed.

    Our computers are used mainly for processing photos and doing some graphic design, but we do have a lot of incomming email that often has large jpg attachements...normally not something to worry about. However, because we do get so much mail with attachments, we're not always careful about what we click on to open. From all accounts, it sounds like NOD32 should screen out the bad stuff with no problem.

    As far as surfing is concerned, I do my share...but it's mostly mainstream stuff and (lately) computer security sites. I also browse other photographer's individual sites as well as those of aspiring models. Now my assistant, on the other hand, is all over the place. However, about the closest she gets to porn sites are the sites for various fashion designers around the world...some of whom's work is so downright ugly that it could easily be classified as "not within community standards". :D

    Once again, thanks all for your views. I think if NOD32 can indeed be a set and forget it type of app, then it is definately the one for me.

    -Taz

    [Edit] I was typing the above message while you were posting yours, Blackspear. Thank you very much for the links. Yes...over the last couple of months I have come to understand how important a layered defense is. Some really great advice here especially. I'm learning and applying all the tips I've been picking up. Once again...my thanks.
     
  8. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    You have a good question there, from reading posts both here at wilders and others you will encounter people that strongly suggest that NOD is weak in the area of Trojans and worms, and has a reputation for "only" catching 80-90% of malware. Part of this perception is taken from tests and reviews of AV software from sites such as www.virus.gr and www.av-comparatives.org, What most people are forgetting is that these sites test AV products against a database of known ZOO malware which are not released and out here "In The Wild" so to speak. That is where this perceived weakness of NOD comes from, Eset tries to keep NOD's signature database small to keep the preformance up as that is one of the things NOD is known for,having a light footprint and not hindering performance of your system as well as having a heuristic based scanner to detect unknown malware. Where as KAV relies mostly on signatures ( yes KAV does use heuristics but they are not as effective as NOD's IMHO) and has delevolped a huge database of almost ALL known malware of both Zoo and in the wild malware. The other factor is people like to think they are using the BEST product, why would you say KAV is the ultimate AV but I use NOD? So some of it just plain old pride in their chosen AV solution. I use NOD as my real time protection and my license is set to expire in just over a month and I intend to renew, for the last 3 months or so I have been one of those that back up NOD with KAV so to speak, ie. I use KAV for scheduled scans and NOD real time, KAV has never caught anything so I removed it last week and feel that NOD is more than adequate and I have no intention of renewing KAV as I can't run it real time with out significant slowing and stuttering of both our computers. Some people say that KAV doesn't impact their systems and has no noticeable impact but at least on my systems ( one a ancient PII desktop and on new P4 laptop KAV causes all sorts of slowdowns even when set to max performance. NOD on the other hand even when set to Blackspears Extra settings causes no problems. This brings us to another preceived problem some people have with NOD and this one I agree with, in it's default settings NOD leaves a lot to be desired in my opinion and quite a few of us have written Eset to suggest that out of the box NOD should have it's maximum settings set and people can decrease those if they wish not the other way around as it currently is set up. Enough rambling from my soap box, what it all boils down to is YOU and YOUR SYSTEMS, what YOU are comfortable with and what works for you. Hope this helps, best of luck.
     
  9. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    I totally agree with this statement. In today's world, having the highest level of protection in necessary imho. I think your suggestion would be an awesome thing to have on a go forward basis with future versions of NOD.
     
  10. nonmirecordo

    nonmirecordo Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    145
    Location:
    Cambridgeshire, UK
    Flyrfan111: Please take these comments in the spirit in which they are given. No personal offence is intended.

    I found it very difficult to read your last post (yesterday: 10.46pm) because it was one huge paragraph. I did read it (as I do all the posts in which I'm interested) but I found it hard work. Had it not been you posting I would probably not have bothered.

    With text formatted like this it's very easy to mis-read.

    William
     
  11. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Thanks for the comments. Sorry for the poor format I will try to use your suggestion.

    Why did you read it just because it was my post?

    Thanks for the comments. We can only get better if people have the guts to tell us our faults.
     
  12. Gauthreau

    Gauthreau Guest

    NOD is an excellent AV. They do have the best AH in the business, however, they do not have the best detection in the business. It is very true that EVERY AV scanner will miss a few, but when we compair KAV to NOD in pure detection rates, I believe the hat must be tipped to KAV. KAV also rivals many Anti-Trojan programs in detection of those as well (I don't believe it beats them, just that it comes extremely close in detection). At the same time, NOD does provide one with an extremely light footprint and fast scanning times, not to mention the ablity to detect ITW viruses through AH. Because you state that you are a fairly safe surfer, you will be sufficiently covered by NOD so no worries.

    The main thing is that you are running at least SOME kind of AV, regardless of what it may be.

    Neil
     
  13. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I believe that if you install NOD and configure as suggested in Blackspears excellent config guide you have excellent cover. People seem to prefer two products with the logic that what one misses the other will get, and that sounds reasonable. In Nod's case they have an unparalleled record for 'in the wild' detection. As I understand it they are clearly head and shoulders ahead of their competitors and have previously been reliably documented with twice the scanning speed of its competitors. Depending on your exact requirement it's quite likely you would also benefit from some 'other malicous malware' real-time protection - for anything nasty that falls outside the category of a virus. Personally I use AdAware SE Plus and have found it an outstanding companion to the protection offered by NOD and a firewall.
    I'm not qualified to decide for you what will fulfill your need and provide all the protection you desire, but I can tell you that in my opinion NOD provides the most robust, reliable and fastest protection you can put your money towards today. And I love its on demand scanner.

    Learn how to smell AV software 'Snake Oil'? Editorial --> HERE
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My pleasure Taz, glad to see I could be of assistance, and yes a layered defence is the best solution...

    Cheers :D
     
  15. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Agree. Perhaps in the past, NOD had some catching up to do on the trojan front. ESET has, and continues to address this strongly, and it's no longer a weakness, IMO. I would also suggest that NOD32 is VERY strong at snaring most of the drive by trojans you are likely to encounter just "surfin' around". And as for e-mail protection--there is no AV better, IMO.

    OP, with the specs you mention, I believe NOD32 will be a fine choice.
     
  16. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I tend to agree with Jim's assessment here.

    I still have BOClean at the ready with NOD32, but the frequency of events that BOClean intercepts these days has been dropping, confirming Jim's general view. It is important to bear a few points in mind:
    • All, save one, of the events that BOClean has handled on my machine to date have occurred during purposeful challenge infection events in which I visited a known infectious link, allowed any downloads indicated to occur, used IE with Active-X enabled, and allowed any pop-up install that was initiated to proceed. I did not inhibit my security programs from responding, but obviously I had suspended the normal checks/balances that I generally provide. I did this for the purposes of testing and had taken additional pre-emptive measures to contain and eliminate any infection if it took hold. None did.
    • What are we (most users that is) really guarding against? I'd suggest that it isn't the weekly or monthly incident. Based on past personal experience, it seems to be the once every 3-5 year event for me. Depending on your habits, it could be somewhat longer or shorter than this. However, either way it is an infrequent occurrence. If my secondary/tertiary layers intercept things at this frequency, I'd say they have served their function and are well worth the added cost to me. If you've never suffered a major inconvenience due to one of these incidents, I realize that it might be hard to appreciate the benefits which these added layers provide, given this incidence frequency.
    • Does everyone need these layers? Although the question here is regarding NOD32, it applies to every program. Well, how valuable is the data on your PC? How valuable is your time? How serious would a short term outage feel? What other contingencies have you instituted? There are a number of distinct ways to address the problem, layered defenses is just one of them. Current images are another way. Each approach has unique benefits and shortcomings.
    • Finally, as flyrfan111 questions
      Actually, if people ask, I do say this. The answer is simple and as flyrfan111 notes later - detection performance with speed. Detection rate is important, but it's not the only criterion. Within limits, I will explicitly trade detection vulnerability for processing performance and I believe that ESET has struck an exceptionally appropriate balance in these traits within their product.
    Blue
     
  17. nonmirecordo

    nonmirecordo Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    145
    Location:
    Cambridgeshire, UK
    Because I value your opinion, amongst others.
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    As do I :D
     
  19. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Thanks guys, and again sorry for the format of that post I didn't intend it to be so long winded it just kind of rambled on. Thanks again, and good to hear from you Craig, it's been awhile, glad to see you are still lurking about.
     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LOL, I haven't been anywhere, just wandering up and down the halls of Wilders, being the new Mod on the block they get me to walk Pixel quite often ;) :D
     
  21. nod

    nod Guest

    if you would actually know antivirus you would also know that nod32 has most virus bulletin awards and never missed a virus unlike kav.
     
  22. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Hope you take a virtual scoop with you...don't wanna step in anything... :D
     
  23. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    I would like to know how many of these 'misses' by KAV is due to false positives ;)
     
  24. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    nod,

    I thought that I did know AV's, at least at a user level. I also view NOD32's record as exceptional, but it's not the only strong showing in that test protocol, or others for that matter.

    Please keep in mind, I don't think that it's necessary for every other AV to be viewed as bad for Eset's NOD32 to be rated as excellent. It's not a zero-sum situation. As for the other AV player you mention, my impression was that their fails tended to be tied to false positives on clean files rather than missed samples - at least that's the case in recent test synopses I've read myself.

    Cheers,

    Blue
     
  25. Gauthreau

    Gauthreau Guest

    There is no arguing the effectivness of NOD's AH, but the VB test's are very limited. In the real world, NOD does not catch them all. No AV can do that (we've all seen the posts here about NOD missing a few). I agree with the others in KAV's assessment. Most 'missed' viruses in VB tests are due to a false positive.

    It is also very true that NOD has one of, if not the fastest scanner in the Biz, the difference between it and KAV, is that KAV performs a much deeper scan. And I recognize NOD's recent improvements in the Trojan department as a positive thing, but NOD still has a fair amount of work ahead of them. If they continue on this path, they surely will provide us users with the top all-in-one anti-crap program

    Neil
     
Thread Status:
Not open for further replies.