ESET lagging behind KAV?

Discussion in 'NOD32 version 2 Forum' started by john smith, May 16, 2004.

Thread Status:
Not open for further replies.
  1. john smith

    john smith Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    59
    I've used NOD32 for years and been very happy with it; but of late I've been seeing a rash of new baddies on Qwest's (admittedly terrible) news server in
    a number of newsgroups. They are pretty obvious, and I suppose anyone who
    opens a file called topless.scr gotten from a newsgroup deserves to get bit,
    but I'm bothered that it is taking ESET so long to add them to their definitions.

    KAV's online scanner has already identified them as:

    topless._scr - infected by Backdoor.Loony.g

    PamAndersonNude._scr - infected by Backdoor.Hackarmy.n


    but NOD32 still declares them clean even after today's update (v.1.762 (20040516) ).

    I submitted the latter file to ESET two days ago. I suppose they'll catch it in the next set of definitions, or the one after that, but it makes me wonder
    where the heuristics (which I won't pretent to understand) come in.

    All in all, a bit disappointing.

    john s.
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Try to scan those trojans using /ah command.
     
  3. john smith

    john smith Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    59
    Hmmm.... now this is embarrassing. I don't know how to use the /ah command. There. I've admitted it. I'll google around a bit, and check back
    for help if I can't find it.

    john
     
  4. norky

    norky Registered Member

    Joined:
    May 1, 2004
    Posts:
    172
    Location:
    Lithia, FL
  5. john smith

    john smith Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    59
    Thanks, Norky.... I just installed the shell extension and ran the AH scan.
    Unfortunately it still didn't detect a problem.

    I know that many of the folk here use TDS and/or another program for worms,
    but the annoying fact remains that Kaspersky picked these files up, as did
    NAV on my wife's computer. I still think I'm pretty safe with NOD and using
    caution about opening files, but suspect I need to upgrade defense against
    trojans; NOD intercepted one nicely the other week when a web site slipped it into my "Temporary Internet Files." We'll see...

    john
     
  6. gpdev

    gpdev Registered Member

    Joined:
    Jun 22, 2003
    Posts:
    12
    NOD32 already has some detection for several hackarmy trojans, I guess they will add this new variant soon.

    Strange that they don't detect them heuristically though, maybe not much common between variants o_O
     
  7. john smith

    john smith Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    59
    I just got a note from ESET thanking me for the submissions, and stating that they would be adding them soon. Still, the fact remains that they will be at least three days behind other programs in adding them.

    Their heuristics (which are over my head) are probably better designed for viruses than trojans, since that's their specialty. The more I study all this,
    the more I am convinced that I need a good anti-Trojan. I just hate to
    spend $50 above what I'm already paying for an AV.

    john
     
  8. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    NOd32 has never really been that great against trojans. They protect against them but it takes them a while to add the defs for them. Yeah I've experienced what you have just experienced for a while now. First KAV gets them, then NAV and Bitdefender (almost simultenously) and eventually NOD32. Althought NOD32 sometimes gets them before NAV OR BIT, but rarely before KAV.
    I find KAV far superior BUT it slows my system down to a snail :) What KAV needs is a dedicated PC to peform real time scans. :) That's why I use NOD32, it's well mainly becuase of resources and not due to it's scanning record. NOD32 impact my system as much as virtually no AV at al. So if I had a choice between no AV and NOD32, logically I would use NOD32. :) It is a good first line of defense, but not a system shield.
     
  9. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    For a good AT, get BoClean. They have great Memory Scanner, BUT they don't have a system scanner. So if you want to scan a file before you execute it then BoClean is not for you. TDS-3 will scan the file and your system for infection BUT it's resident execution protection is not as rebust as BoClean.
    BoClean is great to install on an clean server while TDS-3 is good to install on a personl system at which you actually use and pay attention to everyday. Since even if TDS-3 finds a nasty it will require your action to remove it. Also if a nasty gets executed and is in your memory but TDS-3 doesn't have the defs for it then it will still be in your memory even after TDS-3 gets the defs for it (Assuming you don't reboot your system...at which point TDS-3 scans the memory). Boclean on the other hand scanns the files during execution and then the memory every few seconds after that. Thus if a nasty gets executed and Boclean does't have defs for it then as soon as BoClean retrieves the newest defs it will kill the nasty. (that is if Nasty doesn't kill Boclean :) ). Also you can set BoClean for set-it-and-forget-it. Meaning that as soon as nasty is detected, it will kill the process and delete the file without user intervention. THe only record would be in the log. :)

    It's up to you to choose.

    BoClean is at www.nsclean.com
    TDS-3 is at http://tds.diamondcs.com.au/
     
  10. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    ok i know this post is going to launch an all-out attack on me by NOD32 lovers. but its true that KAV is better than NOD32 when it comes to protecting your system. yes i know NOD32 heuristic is the best specially with the /AH switch but lets admit something, good heuristic should be supported by good database. if i get a heuristic alarm, i'll submit the file and wait, if i don't get response i'll think that its a false alarm. how many of us debugs and disects to see what it is for ourselves? KAV heuristic might not be the best but there is no doubt that its database is the best. i used KAV and NOD32 on my Celeron 850MHz machine with 256MB SDRAM running XP and both were gobbling same amount of RAM and the machine was running good.
     
  11. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA
    Does anyone know if the KAV heuristic has been changed significantly in 5.0?
     
  12. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    BOClean *DOES* have a file scanning system built in. Simply drag and drop a file over the BOClean menu after you open the program, and it will deepscan it for any Trojans/Malware.

    Undocumented feature I think, and it works perfectly. =)

    I highly recommend BOClean as well, its slick as heck!

     
  13. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    Sorry No.. NOD32 has the best VB record out there, despite what Kaspersky tells you, just look at the numbers. KAV might detect a few things better, but the fact remains, KAV is bloatware to the core - by the very definition of Bloatware.

    NOD32 isn't perfect, and it DOES require a good Trojan backup, but honestly, the NOD32+BOClean setup to me seems way better anyway, and takes zero resources.

    KAV on the other hand, brings the best systems to their KNEES with its horrid programming and lagtastic scanning engine. Kaspersky might be good at writing detection algorithms, but the guy needs to head back to school and learn to program interfaces and assembler code for scanning.

     
  14. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I'm angree. KAV analyzers lacks in many things: For example, Aleks, a script analyzer of KL can't analyze JS/Cassa polymorphic virus!. KAV analyzers ***many*** time classified a trojan as virus, a worm as trojan, etc. And some KAV analyzers are very rude. ESET virus analyzers are more professional.

     
  15. john smith

    john smith Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    59
    My concern, of course, is my own system's security, and that looks like it
    will be better with a separate anti-Trojan to take care of the trojans. Now...
    off to another forum to see how timely the vendors are at updates.

    Thanks all who have commented,

    john, not even thinking about worms yet... much
     
  16. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    BoClean has no trial. That rules it out totally IMO. Plus, their web site is selling PC-Cillin 2002!!! Bit behind the times aren't theyo_O They also say they only do tech support via email. Again a no-no in my book.

    If I were to ever get a dedicated Trojan detection application there is only one I would consider and it is hardly ever mentioned here and that is TrojanHunter. I trialled it about a year ago and it works perfectly with NOD32. I trialled all of them (except BoClean that you cannot trial) and the only one I was even half way impressed by was TrojanHunter. But I don't believe for one second that I should need to fork out twice the amount of money I would if I had KAV, NAV, or McAfee in order to have NOD32. NOD32 is currently the most expensive of the AVs since the recommendation is that you should get a dedicated trojan detector also.

    I think a lot of users feel as I do and will go to other AV that cover trojans better than NOD32 does. I don't want a layered approach. That is usually recommended by people who think users have unlimited funds for software and also like to run tons of applications. Only if other AV will not work properly with my particular set up would I then consider NOD32 plus a separate Trojan application. At the moment, I'm ok with just NOD32 but what I will do in the future remains to be seen as it remains to be seen if and when NOD32 will live up to its hype on its web page regarding its ability to be a fine trojan detector.
     
  17. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    Well personal experiance on my machine, NOD32 has proven to be completely inadequate for Trojans. This is why I use BOCLean, plus, BOClean is also amazingly good at stopping malicious spyware and adware as well. You know, those trojan downloaders like N-Case, Roings, etc. NOD32 doesn't even bother to watch for these and its quite annoying!

    BOClean has no demo, because they don't want it pirated probably. They use a digitally signed download system that sends you a personal, signed file, and you click that, and it downloads and installs the product. As a result, I don't think BOClean has ever been pirated.

    As for support, Kevin at BOClean answers emails sometimes hourly, i've recieved responses as a rule, within 6 hours of emailing him and his support is exceptional. Updates are daily as well. I want to stop trojans BEFORE they get to my box, and BOClean has been 100% for me so far. I have it set on auto, and completely ignore it, and check the logs once a week and to my surprise, i'm always finding things that slip past NOD32 that BOClean picks up.

    Personally, I love NOD32, i've probably been responsible for selling several thousand copies of it (yes, I can prove this lol). But honestly, lately, i've begun to question NOD32. Its internet filtering seems lacking, and its lack of solid trojan protection is absolutely rediculous! Add to that, it doesn't bother stopping or detecting malicious spyware/adware, which sometimes, is more of a threat than a virus!

    NOD32 peeps better get on the ball, and soon!
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    If you are not comfortable with NOD, why do you use it? o_O
     
  19. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Yes, I have assumed that the desire to keep it from being pirated was the reason for no demo. Still, that has to be weighed against the users who will just dismiss it from consideration when they learn there is no demo. The only reason I ended up using PC-Cillin (which is crippleware for their trial) is because someone at dslreports had a bunch of licenses and a friend there got one for me free. PC-cillin is a fine AV (has one very nasty bug but otherwise is really good) but I would never have known that if it hadn't been for being given a free license as I would never have bought it without first being able to trial it. As it was, the nasty bug forced me to get rid of it ( after several months of using it and racking my brains to figure out my weird, awful symptoms...not knowing it was a bug from PCC ). Now, if I had paid for that application sight unseen and used it for several months and then been one of the first to discover the bug...I don't think I would have gotten my money back. The Trend engineer admitted that there was a major bug but said I could just stop using part of the application and that would solve it. So with that lousy attitude, I don't think refunds would be easy. So, I want to trial any application first to hopefully avoid major headaches down the road.
     
  20. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    My license has six months to go. :)

    Plus, who knows....it may turn out to be the lessor of all evils when I do trial AVs on this XP box (all earlier trials were on the W98SE box and NOD32 is undisputed to be the lesser of all evils on W98SE).
    All AV are drawbacks to the use of your box. I don't know which will be least drawback coupled with the best returns in exchange for the drawbacks on this box yet. The only AV I have had on this box besides NOD32 was NAV 2003 that came on it. The drawback there is the most horrible support of all AV probably and DRM.
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,770
    Location:
    Texas
    I've said this before and I'll say it again, I have tried ALL the antivirus programs availible for XP on my machine, All. Nothing runs better than NOD. Nothing.
    I started with Win 3.1 and went through W95. W98, W98se, and XP.
    NOD is improving trojan protection while at the same time, you see no loss in speed in your computer. Plus, they update several times a day now. I think most of that is due to the trojan definitions they are adding.
    Let us know how your trials go. :)
     
  22. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I'll be sure to report my findings. As I have said, I am particularly curious to see what KAV and McAfee do on this box. I'm holding off trialling KAV because 5.0 is so new and there have been reports that it trashes any computer that has NVidia with nView Desktop Manager running which I have. So, I think I'll wait a bit.
     
  23. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Ladies and gents,

    Once and for all: this is the NOD32 support forum. In case anyone feels the need to discuss KAV, BOClean, PC-Cillin in etc. in specific: by all means feel free to start a thread over on "other antitrojans or/and "other antiviruses" over on this board.

    This hasn't been the first polite request for doing so - it for sure is the last. any post going off topic this way will be removed, permantly from now on. Not open for discussion, so please stick to the rules.

    regards.

    paul
     
Thread Status:
Not open for further replies.