F-Secure vs NOD32

Discussion in 'other anti-virus software' started by Arin, May 1, 2004.

Thread Status:
Not open for further replies.
  1. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    hello everyone, this is my 1st post. i downloaded the latest 29A viruses and scanned it with some AVs. my 29th April updated NOD32 detects 39 viruses and worms including some heuristic warnings. pretty good huh? 25th April F-Prot gets 20 sure shots and 22 heuristic warnings ( i love F-Prot's NN ). Pc-cillin 25th April gets 31 including 2 generic worm detections ( I didn't know pc-cillin has this generic capability ). i wanted to use AVP but i used F-secure instead. well, it detected 62 with its 9th April update. yes i know some of these viruses are not ITW. thats why there are many products which gets VB awards but fails in real life. best example will be Symantec. so what do you people think? is it enough that an AV detects 100% ITW viruses? what if i infect someone's computer with a ZOO one? some AV will be protecting that computer and of course they'll claim their product can stop ALL viruses.

    well to add some more NOD32 failed to detect some batch viruses where the others ( DrWeb, AVP, F-Prot, F-Secure etc ) detected them all.
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Since this is a general Antivirus comparison, this thread has been moved to "Other Antiviruses".

    regards.

    paul
     
  3. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    From time to time it happens that a so called Zoo-Virus gets ITW. And in such case all AV programs that did not detect this malware so far will release signature updates like they do with all other new ITW viruses.

    No AV program can stop "all viruses".

    How do you come to this conclusion? Also the products you mentioned can't detect all batch viruses. And in terms of detecting batch malware: Of how many ITW batch viruses you are aware at the moment?

    wizard
     
  4. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    First i must apologise for my bad English which is creating confusion. i meant that post to be in the NOD32 forum so that ESET people will try to make it THE BEST from ONE OF THE BEST. now for MR. Wizard....

    i] if there is an AV that detects all the ITW viruses does it mean that its good? it should also detect most of the ZOO viruses too. because when i invest my money on some AV i'll expect it to protect it from ITW viruses as well as some ITZ viruses. let me explain why, its because i don't think the ITW list is complete and vulnerability to non ITW viruses is also a NO NO. some AVs like NOD32, Symantec etc. excels in catching ITW viruses. but look at F-Prot's or AVP's database, its also contains non ITW virus signatures. if NOD32 expands its database i think it'll erase all competitions.

    ii] i know no AV can detect "all viruses" i was being sarcastic about their claims.

    iii] i have some batch viruses in my PC. i scanned them with some AVs and found that NOD32 misses most of thems where its counterparts like DrWeb, AVP, F-Prot detects all of them. now when i said ALL OF THEM i meant all of them FROM MY COLLECTION. not all of them from the world. in no point i mentioned that those were ITW batch viruses. though regarding your question if you look at the database of DrWeb or PC-Cillin or Symantec you'll find some batch ones even today.


    Mr. Wizard all i wanted to say that i want my AV to be able to protect my computer from ITW viruses plus ZOO viruses so that no accidents will occur. i just don't want to be the first or the second victim of a ZOO virus on its way to the ITW list. by the time AVs will be dishing out updates my data could be long gone. i know a lot of people will also agree with me.

    So if some ESET official is reading this "Please expand your database".
     
  5. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    Do you have F-prot or F-secure? These are different product. Once you write about f-secure and once about f-prot.
     
  6. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    i have both. well F-secure used F-Prots engine but now they changed it to their own Libra and Orion. now this Orion engine is avilable for the 9x platform too.
     
  7. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    Yes, it used it. But not any more now. So please seperate these 2 programs. I know lot of people who still think that f-sec = f-prot. F-sec was f-prot some 4 years back, but then it became an invidual firm.
     
  8. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    i never merged those products. i tested them seperately. so don't u worry.
     
  9. hokhost

    hokhost Registered Member

    Joined:
    Feb 20, 2004
    Posts:
    25
    Location:
    France, Paris
    OK, now I understand why "F Prot for Dos" database are available both on F Secure and F Prot FTP ...

    Thx
     
  10. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Do you know how often it happens that a zoo malware samples gets ITW and spreads widely? When I look for example at the ITW threats that McAfee reports as the most dangerous malware threats at the moment I could not see one sample that has been a piece of zoo malware before: Sassser, Baggle, Netsky - everything brand new.

    Yes it can happen that a zoo sample gets ITW and starts spreading. But actually I can't remember even when the last big outbreak of a samples was that had been in zoo collections before. I think the bigger threat is to be hit by a brand new piece of malware rather than by a zoo one getting ITW.

    That's what Eset is doing day by day to ensure that you get protected from real threats. :)

    Please remember: There is no difference between a brand new ITW virus and a zoo virus getting ITW: In both cases new signatures will be released asap.

    wizard
     
  11. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    i'm failing to communicate everytime. all i want to say that i don't give a dime about statistics or what Symantec or McAfee thinks about the current threats. for me an ITW virus is dangerous and so is a ZOO virus. i don't want to wait for an antidote while a ZOO virus has infected my system and where the AV guys are waiting for that virus to get WILD before they churn out the antidote. somewhere here in this forum a poor chap complained about his updated NOD32 failing to detect a virus where other products detected it. well that virus probably wasn't an ITW and probably never will be but that chap potentially lost his data.

    Now do you get my point? sorry if i sound kinda arrogant but everytime someone picks up the wrong idea from my writing. i want NOD32 to expand its database so that it could detect more viruses than the ITW ones. thank you.
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    I believe Nod is adding a tremendous amount of definitions. Look at their update page. It will take time though.
    The person that got infected put himself at risk by downloading questionable programs.
     
  13. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    hello Ronjor, how was your day? well if you look at the virus lists of Symantec or Trend Micro or F-Prot you'll see lots of activities there too. in case of DrWeb and KAV you'll see more. Paul Wilders warned me about something thats why i'm not going to repeat it but if you test thoroughly you'll find that NOD32 database is not at par with F-Secure or KAV for example.

    yes you are right that person in question got himself infected by running a fancy keygen. i don't support those activities. i agree with you on this.
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    I have had at one time or another licenses for KAV, NAV, Etrust, Command, F-Prot, Trend, RAV, Nod and used several free programs.

    It is a fact also that I tried all of them on WinXP.

    In my experience, some programs are almost as bad as a virus. Some try to take over your system, others you can't update without going through hoops, some cause odd behaviour on your system including severe slowdowns and conflicts.

    This is my second license for Nod. The reason is simple, it does not slow my system down and it updates frequently.
    Whether or not Nod is the best of all means nothing to me. It is the best for me.

    It is an endless argument as to who updated definitions first in an outbreak, who has the most definitions, am I protected, is there a program that is better, etc.

    There may be antivirus programs with a larger database but, few would argue against the fact that Nod has the very best heuristic engine out there. That alone makes up for a lot of definitions.

    Good luck to you. :)
     
  15. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    the products that you've mentioned, i've used them all and some more. i agree with you that NOD32 has the best heuristic protection. DrWeb and F-Prot are not less than NOD32 but they generate a lot of false alarms. remember Thunderbyte? In-Defence? good heuristic alone is not enough. it should be backed by good database. thanks i wish you luck too.
     
  16. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    Well, I think F-secure is the best antivirus program found on the market.

    It would be perfect, if it would have better *.zip and *.rar unpacking engine.
     
  17. Bdiamond

    Bdiamond Registered Member

    Joined:
    Apr 26, 2002
    Posts:
    74
    Location:
    N Carolina, USA
    I think I agree with you; however all of the (very substantial) Back Web overhead is annoying and, occasionally, it does interfere with other programs. There must be 9 or 10 of those programs running in the background all the time. Other users have expressed similar feelings about the Back Web aspect of the program and I wonder how many potential users bypass F-secure because of that?

    Aside from that one issue, which is only indirectly associated with the AV function, I have been totally satisfied with F-secure for a little over two years. The KAV (v 5.0) product could provide very serious competition for them since it may provide equivalent performance but with very light "overhead" in terms of resource utilization. Until now, I think the other Kav products had their own problems with resource utilization-so it was pretty much a toss up except for the "simplicity" of the F-secure interface.

    Just curious if you have any thoughts about the Back Web functions? I really do like it otherwise.

    Regards,

    Bdiamond
     
  18. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    i second your thoughts Bdiamond. i think a lot of potential users gets scared by the name of F-Secure. if you check the development histroy you'll see that the F-Secure guys always manages to fix those reported bugs also always manages to introduce some more. but there is one thing i like about F-Secure, they are very honest about it. they document the known problems and the scanning report never hides the errors. yes Kloshar the RAR and ZIP UN-ARCHIVING support could be better. thanks to the KAV engine UNPACKING support is the best in the industry.

    another bad thing about F-Secure that people who have less than 128MB RAM can forget about it. even the 128MB machines crawl with this heavy-duty AV. also the configurability is set to idiot-proof. anyway KAV isn't that heavy on the recourses. on XP machines it occupies 12MB which is equal to NOD32.
     
  19. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    We have 128 mb ram on computers in our school. And there is F-secure 5.41 for workstation installed. It works realy great!
     
  20. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    Please read my messages carefully. "People who have LESS than 128MB RAM can forget about it."
     
  21. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    Yes, I read it carefuly and I found that:

     
  22. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    LOL now you are quoting another line. anyway i meant that F-Secure slows down the 128MB machines. slows down doesn't mean that it becomes useless. machines having less than 128MB RAM will become very slow. if it makes you happy then go on use it.
     
  23. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    OK, it doesn't metter. I agree that it uses lot of resources.
     
  24. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    F-Secure is awesome, its passed any test I can throw at it, including some rebased baddies most progs miss. But I agree, the overhead needs to be lessoned a bit.

    Its a tough call for me.. Norman also seems to suit my needs as well, and its sandbox is powerful. AVK is my last choice, the verdict for me is still out on this one.

    F-Secure is definately to be considered as my next AV. NOD32 has let me down far far too many times.
     
  25. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    IMHO F-Secure was better with F-Prot but now it has three scanning engines with Libra and Orion being F-Secure's own. still it packs a punch. no doubt some big names use this product. hey you have a 3.4GHz, i'm sure F-Secure will pose no threat to you.
     
Loading...
Thread Status:
Not open for further replies.