Discussion in 'ESET NOD32 Antivirus v4 Beta Forum' started by unknown8, Jan 19, 2009.
Disappointing result for NOD32!
thanks, way to go F-Secure.
More results based after re-calculation by one of the members at DSLR.
There are several problems with this test. Here's a very simple/basic one:
While adware/spyware accounts for only ~12% of the samples, they just added the the percent of malware detected and the percent of adware/spyware detected and divided by 2 to get the overall percentage detected.
What they should have done is multiplied the percent of malware detected by ~88% and the percent of adware/spyware detected by ~12% and added the two together to get the overall value.
Not even doing basic math makes me a little concerned about the validity of the test.
Here are the results, if calculated as listed above (i.e., (88% x malware)+(12% x adware/spyware):
Product - Total
G DATA - 99.56%
AntiVir - 99.38%
a-squared - 99.29%
Avast! - 99.08%
F-Secure - 98.92%
Kaspersky - 98.72%
Norton - 98.14%
BitDefender - 97.94%
Sophos - 96.97%
Norman - 95.76%
Nod32 - 95.62%
AVG - 95.17%
Comodo - 91.23%
Dr.Web - 88.94%
ClamAV - 85.23%
Woot Woot! one above a free offering by AVG, how low can we go?
If someone comes in to say that NOD32 is ANtiVirus and not Anti-spyware or Anti-trojans then I will personally find them and shoot them.
It's time for NOD32 to join 2009 and be what everyone else is, get their arse in gear and actually up their detection rate.
5% is huge if you are the one who got the 5%, and today's strains are massive, once they hit you, you might as well reformat since most of the times you are not 100% sure that the computer is still yours.
I mean look at Norton 2009, a past pariah among security enthusiasts and now such a great offering, you got detection rate, zero-day detection rate and amazing very very low resource usage...something that I can't honestly say about 3.0 and 4.0 beta when AH is turned on (But something that I can say about 2.7...but alas 2.7 will miss even more strains since apparently it's detection is not up to par when compared to 3 or 4).
You know Norton bashing was NEVER down to it's detection but it's resource usage. It's detection has always been ample.
It looks bad when you compare to other AV's, but look at the big picture, most AV's did 95%+ which is brilliant.
Keep in mind ESET is a company that relies more on heuristic detection than signature to avoid the bloated DBs that all other AV's have, it's all down to perfecting the heuristics which are often updated.
Looks like I was not the only one, Wilders to the rescue!!!!
I contacted the website admin about the results and I just got his reply.
"Thank you from contacting Malware Research Group, the problem you are referring to has been solved, the group is about to issue a official statement regarding the problem.
Malware Research Group"
I have some problems with this thread:
At first, what shall I expect, where the thread-starter obviously missed to read before (s)he wrote. This sub-forum is about NOD v4, the malware test mentions v3. Is there perhaps a personal aversion against NOD? This would be IMHO an important aspect.
Than I read, that somebody argues out of the result to go F-Secure. Mh, either those "results" have really a meaning, than they can only lead to the leader of the pack, not to no.5. Or those "results" have in reality no meaning, because there is to few known about the "testing methodology". In this case the whole thread is nonsense.
I personally have been asked for help just today because of virus attacks, whose computer was protected by the no.2 in the result list. So, what conclusion do we pull out of this? (I think, it is a coincidence.) I say, there are more conditions, which make the one pc get infected and the other not. (The LUA attempt is a crucial one IMHO, therefor I have a special view at this. And, btw, some time ago we had here a discussion, if NOD may have a warning about Windows updates, also an important aspect, and some people said: No, not even if the warning can get disabled.) I personally have not noticed an infection on all the machines I have protected with NOD.
There is a famous word saying, that "I only believe the statistics, which I have faked myself". Or in other words: Who tests the testers? I would trust in a statistic which tells, how many percent of all PCs with a given AV product get infected. As it seems impossible to give this value in a reliable way, I believe in what I see on my machines. There is no reason for me to complain NOD about this aspect.
and you belive that even clamwin is better than nod32?
It doesn't say it is. Any test that did is most definitely wrong I guarantee you.
And why wouldn't such test reflect real world results?
They won't reflect, as much as any other testing wouldn't.
One thing I noticed, is that those guys do not take any money from vendors, rather donations from visitors and ads.
Personally, I don't care about those or any other tests. But, if I had to believe in any test, I would rather believe in one not paid by security vendors.
But, according to many tests (paid or not) (and again I do not care) Eset does not do that well lately, now does it? True? Lie?
Even lately I reported a FP about DefenseWall HIPS 4.26 and Eset couldn't reproduce it, while other users could. So, how far from reality are those tests?
Are Eset guys falling asleep? If yes, it is time to wake up.
It is a good thing these sort of tests exist. It will make people question about the quality of the product they paid for, and make the security vendor wake up, if that's the case.
(I'm a NOD32 user, so this is not to bash Eset. Don't take it that way.)
Bottom line: It is a good thing people complaint.
In the first place, I'm sorry that my English is not so good.
I tested today ESET in actual danger. Did not recognize the virus during the on-demand scan. I have decided to start it and give NOD32 last chance. So, is passed. I remain with ESET, my faith has been restored. Here are some Screenshots. On virustotal or on-demand scan NOD32 does not see danger. But when I try to run the file, see whats happens.This is test in the real world.
Second test. VirusTotal - NOD32 does not recognize the danger. But during the download, see what happens. My NOD32 thinks differently than the one on Virustotal. And have the same version of virus signature database.
~Virus Total links removed per Policy.~
Such examples are many, but I do not want to spamm. Best regards.
Since you allowed the strain to run you system might still be infected!
NOD32 cought a portion of the strain but it doesn't mean it cought it all. Never test live strains on your system unless you are running a VM box.
You see a strain could infect your system, go unoticed then hit the web to download an update, new strain, other strain etc and that strain is detected by the AV. Or sometimes the strain might contain many mutexes and only 1 out of x is actually detected while the rest reside unoticed. Or it installs a rootkit along with a visible strain, the visible strain is detected while the rootkit just takes hold and stays there.
NEVER TEST A STRAIN ON A LIVE SYSTEM THAT YOU ARE WILLING TO USE.
Believe me, I am careful. I back up the whole system. But if my system still infected, it would be seen. After these tests, I have no problem at all. Simply, NOD32 stopped the virus but the first step. Although it did not know.
After this, I scan my system with more applications. Neither has found nothing. The thing is, NOD32 really stops unknown danger. Test like this, I do every day. In the real world.
Once again, forgive me in bad English. Best regards.
As you can see Comodo is better that Dr.Web 5. Strange .
Separate names with a comma.