ESET should work on adding more signatures...

Discussion in 'other anti-virus software' started by Mike415, Jun 24, 2005.

Thread Status:
Not open for further replies.
  1. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    I know they say that they try to keep a clean database but I really think they should work on creating a bigger database. I am thinking of switching to KAV because I think they do a much better job at detecting viruses, but I love NOD because of its quick scanning, ease of use, and it doesnt slow my comp. And I like the Advanced Heuristics because it does save your butt.
    Lately I have noticed that NOD misses a lot of viruses on jotti's site that others detect and im not talking just about trojan downloaders or malware. Things like variants of other viruses that should be picked up. I know its not easy just to add all the signatures but I think that they should work on gathering more signatures from different places and add them quickly. Even if it means getting more help to do so. I dont think they should really go to KAV and take in everything they can find but they shouldnt just let some submitted samples through that people submit to them. I also think they should start to improve on all kinds of trojan detection because most of the viruses these days are trojans and I know that trojans could end up being worse than regular viruses (you can always restore your computer, but you cant always get your identity back without consequences) So for all the people saying its not an AT its an AV trojans are the new viruses IMO. Just something to think about. I know I have downloaded a few viruses that I had to upload to Jotti to find out they were trojans which upsets me.
    NOD32 still hasnt let a virus or anything through that KAV has detected so I will continue to use NOD(in part because a few of our computers are old and NOD is the best choice for protection and resources) Also with the new KAV coming out soon it looks like I might be switching over to it. I will probably get flamed for this post but Im just giving you guys something to think about.
     
    Last edited: Jun 24, 2005
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: I think NOD should work on adding more signatures...

    Well, you would be surprised if you saw how many variants of known threats NOD32 detects and that are not picked by any other AV, including other "big players". There are thousands of unique samples coming every day so striving for adding every nonITW sample detected by AH would be like tilting with windmills.
     
  3. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    Re: I think NOD should work on adding more signatures...

    Well I said I love the AH because it does help, but it doesnt work for every virus is what im saying. I know how AH has helped detect many new viruses before anyone even knew about them, but that doesnt mean you should use it as an excuse not to add signatures...
     
  4. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Re: I think NOD should work on adding more signatures...

    Hi Mike,

    Are you running an anti-trojan? If not, you may want to consider installing one. Even with KAV, I have an AT running, though KAV has always caught everything. I like the idea of an insurance backup for my AV. Would an AT put too much pressure on your machine?

    Rich
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  6. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    Re: I think NOD should work on adding more signatures...

    To tell the truth I dont care about trojans on my computer. I would rather have a smooth running computer. I have tried TDS which didnt detect anything, but the computers that need an AT cant really handle that much... p3 128mb ram laptop. By the way I dont think out of all the malware detected by NOD or any other AV I have ever gotten a "virus" it has always been keyloggers and trojans I believe.
     
  7. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    Re: I think NOD should work on adding more signatures...

    NOD32 - v.1.1152 (20050623)... the current version is now 1.1153 by the way and I know you guys add signatures and I check there often when I see that few AV detected a virus on Jotti and wanted to see when it was added by NOD but I think you should work on adding more which I stated in my post. I am not trying to put down NOD but I think you guys should work on signatures more. I am still satisfeid with the product and own a liscence for it. I just found when AH is needed shown here. This is why I love NOD but I feel it lacks on the addition of new signatures. But why cant you have a nice mix of AH and good signatures?

    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender BehavesLike:Win32.IRC-Backdoor
    ClamAV X
    Dr.Web Win32.HLLW.ForBot.based
    F-Prot Antivirus unknown virus
    Fortinet Possible_MyTob.H
    Kaspersky Anti-Virus X
    NOD32 a variant of IRC/SdBot
    Norman Virus Control Sandbox: W32/Malware
    VBA32 X
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
  9. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
  10. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    Re: I think NOD should work on adding more signatures...

    I have actually read both of those posts... But for the first one he says his results are flawed but its a coincidence that both the NOD on my system with maxed out settings missed the same viruses (trojans) as on his site when others picked it up. For the second link they say they work on keepong a clean database. Im saying I think they take too long to add new signatures and also I think they take it too far when they say they dont just add all samples. Because it seems like if they worked harder with exchanging samples with other places they could do a better job of adding signatures. When they also say they dont want to add harmless malware to the database I think that they skip over a lot of malware or are just slow to add them. Or with trojan downloaders they say they dont need to block them because they block the real trojans they download. Whats wrong with just blocking the downloader because it wouldnt be very hard to do that rather then the downloader trying to download abunch of different programs tht might not be "Malware" but might still mess up your computer
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: I think NOD should work on adding more signatures...

    If you have a sample not picked up by NOD32, why not to submit it to samples@eset.com (or, in more urgent cases, directly to support@eset.com) ? I'm just wondering how you know that NOD32 has missed something that other AVs detected and that it was actually a file that should have been picked up. Please bear in mind that most of other AVs, unlike NOD32, report also corrupted and nonfuntional files as infected.
     
  12. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    Re: I think NOD should work on adding more signatures...

    I submit samples to samples@nod32.comyou guys through email, I upload them on virustotal and jotti. In one case it was picked up 2 definitions later which im am sort of pleased about. Anyways just curious what is the negatives of adding signatures that other AV add? Would it slow down scanning times or add to the resources used? JW, I dont think you should just drop a file because it isnt very bad. I dont know what your definition of harmless is whether its actually does nothing, or maybe only keeps you from updating other AV programs and doesnt effect NOD32 (Which is something I think should be detected) Or a downloader that downloads programs already detected by NOD
     
  13. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    Re: I think NOD should work on adding more signatures...

    Heres an example from Jotti...
    AntiVir TR/Abwiz.1
    ArcaVir Trojan.Dropper.Small.Oo
    Avast Win32:LdPinch-L
    AVG Antivirus PSW.Ldpinch.9.AS
    BitDefender Trojan.PWS.LdPinch.OS
    ClamAV Trojan.LdPinch-19
    Dr.Web Trojan.PWS.LDPinch.419
    F-Prot Antivirus W32/Spybot.KJP
    Fortinet W32/LdPinch.OS-tr
    Kaspersky Anti-Virus Trojan-PSW.Win32.LdPinch.os
    NOD32 X
    Norman Virus Control W32/LdPinch.OS
    VBA32 TR.Abwiz.1

    Every AV picked it up but NOD32. I looked it up and it seems like it steals passwords and sends them out... This makes me wanna switch out of NOD32. Maybe NOD didnt think it was harmful but every other one did.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Re: I think NOD should work on adding more signatures...

    I cannot comment on it right now as I'm no longer in the office (it's almost midnight here). I will check it as soon as I make it there, however, if it was actually a working LDPinch trojan, it should have been detected generically.
     
  15. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Re: I think NOD should work on adding more signatures...

    Mike415, don't forget that Jotti service runs in a Linux, and some AV's doesn't have all their features on these OS's, like for example NOD32.

    So the Jotti's statistics are not real in a Microsoft OS... ;)

    Moreover, the ESET team are working a lot to improve the NOD32 in all the domains...
     
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Re: I think NOD should work on adding more signatures...

    I had a working LDPinch trojan that was intercepted through IMON as I was downloading email and NOD dealt with it.
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Re: I think NOD should work on adding more signatures...

    Mike check your previous post #7 in this thread. You show there that NOD detected something that KAV missed. Also your contradicting yourself when in one post you say that you are considering switching to KAV because of dissatisfaction with NOD. Then you say later that your satisfied with NOD.
     
  18. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Re: I think NOD should work on adding more signatures...

    I presume that an X means a miss Mike?
     
  19. leehigdon3

    leehigdon3 Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    132
    Location:
    Plano, TX USA
    You might want to check www.AV-comparatives.org

    ~snipped link to pdf file~

    You might be surprised what you find.


    I'm afraid you are only allowed to post a link to av-comparatives main page - to access test results/documents, etc., click on the "on-line results" link on the main page. - snap
     
    Last edited by a moderator: Jun 24, 2005
  20. tony64

    tony64 Registered Member

    Joined:
    Dec 11, 2004
    Posts:
    98
    Location:
    Milan, Italy
    I've tried many different AV and there's no way to drop Nod 32.

    That's the best one I've seen around and I don't need tests and benchmarks ..I just see it from my PC health...

    Tony
     
  21. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Doesn't Jotti's online scanner still have a problem that occassionally messes up the file in the NOD32 scan, scanning an essentially blank file (0 bytes)? This has accounted for a lot of files missed there that I have seen (things picked up on my machine that were not detected on Jotti's)

    Jotti's site is great, but not the best measure of NOD32's performance (specifically) by any means, last I knew. Not to mention that it could be packed differently than before, which may evade the file scanner until it's run. There's a lot of different possibilities.
     
    Last edited: Jun 25, 2005
  22. Mike415

    Mike415 Registered Member

    Joined:
    Mar 13, 2005
    Posts:
    42
    I did say I was thinking of switching to KAV because thier new product is looking like it ill be very good. That doesnt mean I dont like NOD because I have actually gotten a lot of people to switch to it. Also I guess if its true that Jottis site comes up with different results in NOD32 thats a valid point of why NOD misses a lot of viruses here. I bleieve I heard it only picks up about 56% on his site and KAV around 80% I believe. Im not sure if thats correct though. Bottom line is I think NOD lacks on definitions but it is still a good AV because of the Advanced Heuristics which KAV doesnt have yet. I think if they just worked on adding more Defs they could have a top notch AV tht could kill any other AV.
     
  23. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    In the end, you'll make the decision that's right for you - (most) folks will respect that - however, there are many factors which makes NOD32 stand out ahead of the "rest" in my opinion... not least, they actually publish their definition updates - many AV providers (not all) refuse to do so - or make the information almost impossible to find.

    The advanced heuristics means that many variants have zero day protection - something not true of many other solutions.

    I don't doubt you have other criteria for determining which is the best choice for you - but everyone needs to worry about their own criteria, not someone else's list of must haves...

    regards

    Greg

    ps - I was trying to find KAV's list of viruses - now I know they're probably busy, but today - 25th June 2005 - their viruslist.com website hadn't had any "news" added to it since 30th May 2005 - my own virus news system gets updated almost daily - and until recently, I was the ONLY person updating it! ;)
     
  24. Ludow

    Ludow Guest

    Hi!

    Why you guys are so tense, relax please. Mike has his opinions, no need to flame him. Well, we have sorta fanatic forum here.
     
  25. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Hi - and welcome to Wilders. I see no tenseness or flaming going on myself, but in the case that you do spot flaming on this "fanatical" forum of ours do use the little button with an exclamation point in it on the top right of a post in order to report it to all administrators and moderators right away! Flaming is definitely against our TOS.
     
Loading...
Thread Status:
Not open for further replies.