Does NOD32 Personnel Agree With (Virus Test by GEGA IT-Solutions)??

Discussion in 'NOD32 version 1 Forum' started by agoretsky, May 1, 2003.

Thread Status:
Not open for further replies.
  1. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    :D I sure have missed your way with words Rod :D ;)
     
  2. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > There must be something wrong with this test, or am i wrong ?

    No, you're not wrong ... there is something wrong with that test.

    All will be revealed in due course.
     
  3. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,017
    Why am i not surprised that his sort of trashing is always done by people posting as guests
     
  4. krazykidjoe

    krazykidjoe Guest

    MTM, I hope you not referring to me as trashing NOD32. If you are, you need to re-read the tread. Most of Rod's comments are answers to a non guest poster.
     
  5. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,017
    No i'm not referring to you, but the bashing has been started by a guest poster.
     
  6. krazykidjoe

    krazykidjoe Guest

    Come on snipped. I posted a question, not a bash you snipped

    insulting language is not tollerated, and there's no need for it anyway. Please stick to common courtesy rules - Forum Admin
     
  7. xor

    xor Guest

    EH EH EH why the hell must it always end in such darn private insultings :mad:

    quote editted - good question, xor. Forum Admin
     
  8. xor

    xor Guest

    LOL sorry i guess i did this quote in the same moment were you did edit it from the poster :D
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Never mind ;)

    regards.

    paul
     
  10. krazykidjoe

    krazykidjoe Guest

    Sorry guys. I had to defend myself from being attacked. LOL...I'm actually registered. I just don't remember what I'm registered under. I made it very clear in my second post in this thread that it was not my intention to "trash" NOD32. I've been a strong support of NOD32. I honestly wanted to only know what their position was and Rod helped me with this. I already installed NOD32 back on my computer. I'm not security expert, try to get learn from here and dsl reports. Thanks for the support. Sorry again for breaking the rules.
     
  11. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > :D I sure have missed your way with words Rod :D ;)

    Welcome to hell! :) :)
     
  12. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > English is not my native language, but I feel certain that my translation "Eset NOD32 can be in a small amount daunting for novice users, but it is by a long distance the best choice of anti-virus for power users." will not impart anything remotely like "you admitted NOD 32 did poorly on the test by PC Magazine May 2003." to anyone who understands basic English.

    I had no problem understanding what you said. My English must be better than I thought. :)

    > It is not possible for me to post a link to a printed magazine. The article may be on-line. I have no idea. Try using a search engine.

    Using a search engine would require thought.

    > I will not return to this forum.

    I'm sorry to hear that. If you do happen to return and read this, I hope you'll reconsider.
     
  13. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > I asked "Vampirefo" to post his or her credentials, what made him or her a "Security Expert", and why he or she has such an obsessive hatred of NOD32.

    > You took it upon yourself as "Administrator" to delete my questions before they were answered.

    I would not have deleted them Grazi ... in my opinion they were valid and pertinent questions ... but I've been away from the forum for the past ten weeks, and LWM did what he thought was the right thing during my absence. It wasn't a personal attack on you ... he was simply trying to keep the peace.

    > I will not be back.

    :oops: :oops: :oops:

    I hope you read this and change your mind.
     
  14. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > I like NOD32. I have tried many other programs, and I came back to NOD32 today to renew my previous license. Thanks to the NOD 32 team for such an effective software program.

    Thanks for the support and vote of confidence Jim.

    > PS: Graciella might just be a woman's name? Comprendes?

    In Spanish, "Graciella" is 100% guaranteed to be a female name. :)
     
  15. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    :D Good to "see" you, Rod. Your absence has been noticeable. ;) Hope you've been doing well.

    I dunno if it's become fashionable to bash the VB, but I've noticed that some VB bashers "know" it's a crappy test and/or "know" that it only tests ITW viruses, but haven't actually looked at the mag's archive contents available online to see what they actually test (more than just ITW viruses) and the detailed results and commentary.

    And so far no one has explained to me here or elsewhere why I should be particularly concerned about zoo viruses. ;)
     
  16. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I think NOD32 deserves its great reputation, ITW virus detection is very important. 100% detection is peace of mind :)

    Rod, you can locate this poster if they do not return, as they are in a corporate or was it government position :) Look them up I'm sure they will not be disappointed in NOD32. Ever.

    Edit : Well.. her approach would indicate they will test and already know of NOD32's perfect VB record.. and upon doing their own unbiased testing surely they will agree with VB :D
     
  17. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    I am dying to see comments on the issue by Anton Zajac. If it would by in the style of Cnet bashing i'd ROTFL...
     
  18. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > :D Good to "see" you, Rod. Your absence has been noticeable. ;) Hope you've been doing well.

    Hi sig! Thanks for the "welcome back".

    > I dunno if it's become fashionable to bash the VB,

    I has always been fashionable to bash Virus Bulletin tests ... but history shows that those who do so invariably have an axe to grind or a presonal agenda. Antivirus vendors whose products are the subject of poor reviews or repeatedly fail to win the VB100 (and their shills) rank near the top of the list.

    Take a look at any security forum poster who constantly bashes Virus Bulletin ... you will find that the same poster almost always shills for an antivirus product which hasn't performed well in VB100 tests. We all have our favorites, but these wannabe "experts" are too blinded by their own "expertise" to look at anything else without prejudice.

    > but I've noticed that some VB bashers "know" it's a crappy test and/or "know" that it only tests ITW viruses, but haven't actually looked at the mag's archive contents available online to see what they actually test (more than just ITW viruses) and the detailed results and commentary.

    Those who "know" that Virus Bulletin tests "only ItW viruses" know nothing. Years ago, when the actual test results and figures were available only by expensive subscription to the printed magazine, one might have excused their collective stupidity ... but for the past couple of years Virus Bulletin has made the facts and figures available online, and now there's no excuse for being stupid.

    > And so far no one has explained to me here or elsewhere why I should be particularly concerned about zoo viruses.

    Unfortunately the meaning of the term "Zoo" has been distorted over the past several years. When Joe Wells started his WildList, a "Zoo" virus was "a virus which is not currently In the Wild". Now a "Zoo" can include lab samples and just about everything else. Many of today's "Zoos" contain heaps of "crud" ... broken or corrupted or otherwise "dead" viruses which no decent antivirus program should detect as "live" viruses, although some do.

    Virus Bulletin runs antivirus products against "Zoo" viruses in most (if not all) VB100 tests ... but their interpretation of "Zoo virus" is basically "a virus which has been In the Wild in the past (although not neccessarily in the WildList) but is no longer out and about in large numbers".

    The difference between Virus Bulletin's "Zoo" and most other "Zoos" today is that Virus Bulletin has painstakingly (over many years) weeded out the "crud". Every single "Zoo" virus used in VB100 tests has been verified as "live", and is a real virus which has at some time in the past been detected "In the Wild". Virus Bulletin uses no lab samples which have never seen the light of day, no "simulated" viruses", no broken viruses ... in fact, they use no "crud" at all.

    Conversely, some "Zoos" contain so much "crud" ... genuine "live" viruses which have been rendered inert by having their extensions renamed to "non executable" format, corrupted samples, lab samples, "simulated" pseudoviruses, various other "dead" files, etc ... that they are virtually useless as test sets. The results they produce are so far removed from reality that they impart misleading (and sometimes downright dangerous) information about a tested antivirus product's detection abilities.

    An example of the current ratio of In the Wild viruses to Zoo viruses can be found in MessageLabs' January-March 2003 statistics. Every one of the 3,000,000+ viruses they intercepted during that three month period was an In the Wild virus. No Zoo viruses were detected.

    You can't dismiss Zoo viruses completely ... but you don't need to lose any sleep over them. :)
     
  19. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > I think NOD32 deserves its great reputation, ITW virus detection is very important. 100% detection is peace of mind :)

    Yep ... detection of current ItW viruses is definitely the most important ... but NOD32 also often makes a 100% "clean sweep" of Virus Bulletin's Zoo virus test ... and very few antivirus programs ever accomplish this. (Bear in mind that all Virus Bulletin's "Zoo" viruses are real live viruses ... there are none of the "crud" files which seem all too prevalent in some of the other testers' "Zoos".)

    > Rod, you can locate this poster if they do not return, as they are in a corporate or was it government position :) Look them up I'm sure they will not be disappointed in NOD32. Ever.

    Government of Uruguay by the look of it.

    > Edit : Well.. her approach would indicate they will test and already know of NOD32's perfect VB record.. and upon doing their own unbiased testing surely they will agree with VB :D

    Yep ... she seemed to have her head screwed down tight as far as antivirus evaluation goes. It's a shame she misunderstood LWM's intentions and bolted. :(
     
  20. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Ah, yes my impression of what are now termed 'zoo" viruses included lab rats and the kinds of crud you mention. Which is why generally an AV's claims of detection for them in itself didn't mean all that much to me.

    Good to know that the VB tests for functional viruses that at least at one point were in circulation. So the detection results are more worth a look than it would be otherwise. Still in terms of risk management and the odds of a potential threat, obviously the ITW stuff is of more immediate concern to me. Thanks for the info. :)
     
  21. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > I am dying to see comments on the issue by Anton Zajac. If it would by in the style of Cnet bashing i'd ROTFL...

    I wrote the CNet stuff. (Didn't you recognize my vicious streak ?) :)

    Actually it was a combined effort. Anton wrote the "nice" version, then I proofread it and created the "rodzilla" version you see online.

    (We weren't bashing them btw ... we were simply making them look at themselves through our eyes.) :)

    No doubt Anton will be making an official statement about the GEGA IT test in due course ... the record needs to be set straight ... but it won't be a "bashing".
     
  22. anton

    anton Eset Management

    Joined:
    Oct 25, 2002
    Posts:
    210
    Dear Clients,
    Dear Participants,


    Eset has received many thousands of inquiries and calls from concerned users across the globe since the results of a recent antivirus test performed by GEGA IT-Solutions GbR were published in PC World (Italy) and PC Welt and PC Welt–Special (Germany) magazines. These results have been widely publicized and discussed on the Internet.

    Eset’s reaction comes delayed due to the time required to complete our research into all the related issues involved in the tests and their interpretation. Our lab technicians have performed exhaustive tests on the viruses reported by GEGA IT as “missed” by NOD32, and not one test confirmed the negative results on which the PC Welt and PC World articles were based. The NOD32 version released immediately before the test, the actual version tested by GEGA IT, and the version released immediately after the test, produced detection rates an order of magnitude higher than the detection rate on the allegedly “missed” .BAT viruses reported in the magazine articles. These findings have been presented to all the parties involved, and Eset fully expects complete retractions of the flawed test results and reviews.

    NOD32 continues to provide as close to 100% reliable protection as possible, and is the only system in the world which has not missed a single In the Wild virus in the past five years of testing by the world’s #1 antivirus product evaluator, Virus Bulletin. No other antivirus product in the world, past or present, comes close to this record.

    (A current “hot topic” in security forums is the number of “unpacking engines” found in various antivirus programs. “More is better” according to the amateur “virus experts” who persistently try to trash NOD32’s detection rating - but most current ItW viruses are “packed” with one of the many available runtime compressors, and NOD32 consistently detects 100% of these viruses in independent professional tests.)

    =====

    The following comments do not represent a complete and thorough analysis of antivirus product testing - they are simply a brief outline of the facts, and an attempt to stress the key aspects.

    Two very important elements are essential to ensure the proper testing of any antivirus program . . . . .

    The first requirement is a verified set of virus-infected files which are representative of current real world infiltrations – those viruses referred to in the antivirus industry as “In the Wild” (“ItW”) viruses. Non-ItW viruses (lab samples and viruses which pose little or no real world threat) are called “Zoo” viruses, and many testers include a selection of these in their tests – but even Zoo viruses must be verified if they are to be used in a test.

    The second requirement is bulletproof testing methodology which guarantees consistent procedures and produces reliable (and replicable) results.

    THE SET OF TEST VIRUSES:
    Selection of the viruses used in the test set is crucial. There is a wide variation in the degree of clear and present danger posed by different viruses and different types of virus. Zoo viruses are way down near the bottom of the list, and there is NO place in antivirus product testing for crippled/broken/inactive/corrupted/simulated or otherwise non-viral files – files referred to as “crud” in the antivirus industry. Detection of “crud” might be good for boosting “detected virus” numbers in advertising, but it has ZERO importance in the real world.

    Antivirus experts treat any test or review which places high importance on the detection of Zoo viruses and/or simulated viruses with derision – detection of In the Wild viruses is infinitely more important - but the average computer user is not an antivirus expert, and the skewed results of tests which include thousands of Zoo viruses and “crud” are highly misleading when presented to general public as relevant decision-making criteria.

    AntiVirus Product Development (AVPD) consortium members, under the auspices of International Computer Security Association (ICSA) Labs, have agreed that certain types of older viruses will be phased out of professional test sets, as these no longer represent a real world threat.

    The most important feature of a modern antivirus program is the consistent accurate detection of ItW viruses. A quick look at MessageLabs’ detection statistics from January 2003 through March 2003 reveals that, of the almost 3 million viruses intercepted during that period, ALL were In the Wild viruses. NO Zoo viruses were detected.

    Educated end users should demand the best available protection against current and future real world threats from their antivirus vendor – not detection of thousands of obscure Zoo viruses and “crud” files which will never see the light of day.

    THE TEST PROCEDURE MUST BE BULLETPROOF:
    To avoid errors, a test center should allow antivirus vendors to verify the test results. This requires disclosure of the list of real, undetected viruses – and both the actual virus test set and the tested product version should be archived for future reference.

    Test centers should be available to answer vendor’s questions and provide evidence of 100% compliance with proper testing methodology. Based on a clear description of the test methodology used, an expert in the field should be able to duplicate a particular test with 100% accuracy and, if the test was valid, produce identical results.

    Simple oversights or procedural errors in testing (like rendering viruses inert by changing their file extensions to “non executable”, thereby converting them to “crud”, as happened with the recent GEGA IT test set) will always produce false “misses” and inaccurate results.

    By design, NOD32 ignores “crud” files because they are NOT live viruses – but in the case of the GEGA IT test, if the extensions are changed back to “executable” then NOD32 detects them as viruses.


    INTERPRETATION OF THE TESTS:
    Not all tested criteria are equally important and relevant. Statistical significance of the tested parameters should be presented to avoid misleading interpretation of the results and misrepresentation of the product’s value. (DOS viruses, for example - regarded today as trivial by antivirus experts - are regarded as “just as bad as the latest Win32 worms” by the less-informed end user - yet detection is largely unnecessary, since such viruses are usually found “live” only in a lab.)

    A participant in this forum recently said that NOD32 is successful only in “easy Virus Bulletin tests”. Perhaps he would like to tell us why, if the VB100% test is so “easy”, so many of the “big boys” have failed to pass it so many times?

    The fact is, winning the VB100% award is far from easy. Virus Bulletin charges no fee to participate in these tests - and unlike testing organizations which charge a fee and give antivirus vendors a chance to rectify their mistakes, Virus Bulletin gives each tested product one chance and one chance only.

    The list of In the Wild viruses is published monthly and is always publicly available shortly before each VB100% test is performed. This allows Virus Bulletin to check the flexibility of a particular vendor to fine-tune his product to detect the latest and the most dangerous infiltrations written only ‘hours’ earlier.

    Virus Bulletin’s “pass” criteria are very simple and straightforward - “Detect 100% of the current ItW virus test set in both on-demand and on-access tests without producing a false alarm and you’ll be awarded VB100% certification for that test.” Everyone plays by the same rules, and the tests are equally fair to all participants.

    =====

    Computer magazines, professional test centers, and antivirus vendors each share a portion of the collective responsibility to end users. Vendors should deliver an efficient antivirus system. Test centers should perform rigorous and verifiable tests on validated viruses. When offering advice and making recommendations, computer magazines should provide information which takes into account the significance of real world virus threats and each product’s consistent track record in protecting computers against such threats. Doing all this properly and ethically is the only way to provide the best service and advice to consumers.

    The real value of an antivirus product lies in its ability to consistently and accurately detect real world virus infiltrations and, ideally, to detect the newest viruses by means of heuristics – and Eset’s primary focus is to provide our clients with a state-of-the-art antivirus system capable of heuristically detecting present and future threats in real time with the least consumption of system resources.

    The soon-to-be-released NOD32 Version 2.0 features an exclusive advanced heuristics engine which breaks new ground in virus detection technology. Anyone who would like to test drive this heuristics engine can do so via IMON, or by command line execution of the on-demand scanner using the switch /AH (Advanced Heuristics). Beta 5 is available for download from http://www.nod32.com/download/download.htm

    Anton Zajac

    CEO
    Eset Software
     
  23. Kay Tiger

    Kay Tiger Guest

    Hello,

    I was just checking the Virus Bulletin web site to see what does the VB100% sign show. It shows, that the program was able to detect ALL in-the-wild viruses. Both on-demand and on-access without causing false positives.

    And what did I see? Nod was indeed missing three VB100% seals:
    http://www.virusbtn.com/vb100/archives/products.xml?eset.xml


    And if I check the PC-WELT test, what does it tells in the first line? Nod32 detected all in-the-wild viruses, both on-demand and on-access.

    Therefore, both the GEGA-IT results AND the VB100% results are identical. Both tell the reader that Nod32 was detecting all common viruses. That's fine.

    -- Kay Tigger
     
  24. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    This sounds well very but really very siplified.

    They are not. Really believe me. VB test procedure is public, everyone can check it. All VB saples are real viruses. Apparently, there is some "crud" in Gega-it test set.....
     
  25. Hello!

    This is the Nod32 log file from the test. As you can see, they have detected *8* viruses, and therefore 2% of our testset:

    Report
    NOD32 1.329 (20021115)
    Prüfung Arbeitsspeicher auf Viren: OK
    Prüfe NOD32.EXE
    Datum: 21.11.2001 Zeit: 13:30:58
    Prüfe Laufwerke und Ordner: V:\SCR_BAT
    V:\SCR_BAT\!\_A_\VIR94458\VG_56206.BAT - BAT/Stormbringer.2097.B Virus
    V:\SCR_BAT\!\_A_\VIR94458\VG_56208.BAT - BAT/Stormbringer.2097.B Virus
    V:\SCR_BAT\!\_A_\VIR94458\15E6CF.BAT - BAT/Stormbringer.2097.B Virus
    V:\SCR_BAT\!\_A_\ZOP_B\VG_24520.BAT - BAT/Zop.B Virus
    V:\SCR_BAT\!\_A_\ZOP_B\VG_56236.BAT - BAT/Zop.B Virus
    V:\SCR_BAT\!\_A_\ZOP_B\VG_56237.BAT - BAT/Zop.B Virus
    V:\SCR_BAT\!\_A_\ZOP_B\VG_56238.BAT - BAT/Zop.B Virus
    V:\SCR_BAT\M\MYPICS\A\MYPICS.BAT - Win32/MyPics.A Wurm
    Anzahl geprüfter Dateien: 382
    Anzahl infizierter Objekte: 8
    Verbliebene Viren: 8
    Beendet um: 13:31:26 Uhr Benötigte Zeit: 28 sec (00:00:2:cool:

    cheers,
    Andreas
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.