how long it take to add any new virus to database in KAV and nod32 ?

Discussion in 'other anti-virus software' started by makeo%, Nov 24, 2005.

Thread Status:
Not open for further replies.
  1. makeo%

    makeo% Guest

    how long it take to add any new virus to database in KAV and nod32 ?

    ist really nod32 need a week to add ?
    I read alot of replys says they send same new virus to both of them
    just after few hours the kav add it
    but nod32 need a week or more
    is this true ?
    ist true nod32 slow in adding new virus ?
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yeah,thats usually true. Kaspersky Lab is very fast in submissions processing.
    But ESET will also add samples asap if they found them to be well spread or that they might spread well. Although honestly i prefer Kaspersky's policy of samples handling...
     
  3. makeo%

    makeo% Guest



    thank you
    i will buy KAV :)
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well it depends, if you're getting lots of mass mails with worms, then NOD32 might be a better choice (because of heuristics). But if you prefer to have better protection against all sorts of zoo malware out there on webpages, KAV is a better choice. At least at the moment things look like this.
     
  5. makeo%

    makeo% Guest


    heuristics not important if i can send unknown files recvied by email to KAV lab and waiting only 2 hours to reply and add the new virus to database

    i think fast update in kav better than heuristics in nod32

    becuase heuristics not work every time but the (true) definition is the best

    i have seen many time nod32 found virus by heuristics and KAV found the same virus but by defintion

    if nod32 do like what kav do it will be the best AV
    the best in heuristics and the best in fast update
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yup, can't argue with the last line...
     
  7. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Why not try to send some of those infected missed snapshot samples in Jotti's to both of those av-vendors? It's quite hard to find them, but at least you have the names of those missed samples shown in Jotti's, maybe those missed Zip/RAR samples are easier to find via Google!

    In my mind those two best heuristics av:s, NOD with AH and DrWeb, are quite different concerning all kind of infection updates, the other one has done it well and that's not NOD. ;)

    Best regards,
    Firefighter!
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    How long does it take for researchers to find a new virus before they can give it to the Anti-Virus company ?
     
  9. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    You're missing the entire point of heuristics in saying that.
     
  10. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Even if NOD should do those updates as fast as DrWeb, NOD should be clearly better at least in Jotti's than Kaspersky! ;)

    Best regards,
    Firefighter!
     
  11. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
  12. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I guess the zero-time protection didn't work, when the I-Love-You-virus hit many computers world-wide and this virus wasn't the only one, I just don't remember their names.
    Sorry for being sarcastic, I'm in a bad mood. :)
     
  14. TeknO

    TeknO Registered Member

    Joined:
    Feb 18, 2005
    Posts:
    147
    Location:
    Istanbul, TURKEY
  15. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA

    Yes, great that a few of the AVs provided good zero-time protection
    while a lot of other AVs had to wait to provide a signature and then the
    end user having to wait for an update.

    Product - Score
    BitDefender - 6 of 6
    Fortinet - 6 of 6
    Nod32 - 5 of 6
     
  16. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To be honest, this zero our protection is only a high advertized myth. A couple of tens attacks PER YEAR were protected about 2...24 hours faster, what's that compared to those a couple of tens NEW hiding threats PER DAY, which were protected by some other av:s 1...6 weeks earlier? ;)



    Best regards,
    Firefighter!
     
  17. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Heuristics are important, how much seems to depend on you're a nod32 proponent or not......;) :D

    The simple fact is that those zero-hour infections is not going to happen to everybody all time, much will depend an zero-hour infection like the window of opportunity, your ISP, your possible other security software.

    I have for example never been hit with a zero-hour infection, what i have been hit with, but not infected with is trojans and quite a few of them and thats why Kaspersky for me is the better choice, for others who apparantly receive zero-hour stuff all the time, Nod32, DrWeb or BitDefender would perhaps be better if we're talking zero-hour only (& an AV only setup), but to me there is a lot of other things to think about when choosing an AV than heuristics.

    It's quite funny that an Andreas Marx test with no less than a whopping 6 samples is now used to prove how good Nod's heuristics are, when those of us who can still remember how his skills as an tester were being absolutely butchered by everbody including Stan999 if memory serves me correctly when he made tests in the past showing Nod as not so good in overall detection to the point where he was made to be clueless and had a grudge against Eset/Nod32, but now he's suddenly good enough............

    It would be quite interesting btw to know exactly how many users with an updated AV has in fact been infected with zero-hour infection that had a lasting negative impact (like having to reinstall or have someone repair your pc).:)
     
  18. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Not when those zero hour protections were covering the current significant fast moving threats that were infecting a very large number of machines.

    A large number of PCs can be infected while waiting for that "2...24 hours"
    of protection for those types of infections.
     
  19. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Is the Finnish time zone a kind of self protecting mode to zero hour threats, because I have NEVER seen those in my email? :D

    Best regards,
    Firefighter!
     
  20. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Pretty much same for slovenia when i was using avast! and POP3 based email. I always got updates even before i got any mass mail email message into my inbox.
     
  21. Rush_

    Rush_ Guest

    You guys are forgetting that NOD32 has almost the same level of detection than KAV, according to AV-comparatives.

    Its true that KAV was superior than NOD32 in the test, but like IBK said, in real life, the superiority of KAV result is practically none... you guys talks like NOD32 has a poor detection rate of zoo viruses, but according to av-comparatives, its not true.

    In the other hand, NOD32 proactive defence is really superior than KAv´s

    1. NOD32 on demand is very close to KAV´s on demand (almost the same level in real life)
    2. NOD32 heurístics is by far better then KAV´s
     
  22. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    However, a number of folks are as indicated by the various virus radars and other reports that track that type of information. Folks get infected and pass it on which causes the overall count to increase very fast over a very short time span.
     
  23. Rush_

    Rush_ Guest

    another day I´ve got an e-mail with a trojan that nod32 heurístics detected it... but KAV didn´t...
     
  24. Sm0kie

    Sm0kie Registered Member

    Joined:
    Nov 24, 2005
    Posts:
    12
    well look at this then:

    Sober.X Virus Spoofs CIA
    A newly discovered Sober variant, dubbed Sober.X by some antivirus vendors, is using scare tactics to trick users into opening its infected attachment. The Sober.X worm pretends to be from the CIA and the body of the message warns.

    But worse, listing only those three implies they were the first three responders. In fact, for this particular threat, McAfee, Symantec, and F-Secure all took 5+ hours to provide protection. Conversely, five vendors (Dr. Web, QuickHeal, eSafe, Nod32, and Fortinet) detected heuristically - i.e. without requiring specific updates. And of those detections that did require updates, several vendors responded far more quickly than Symantec, McAfee, or F-Secure, including:

    BitDefender 2005-10-06 00:54
    ClamAV 2005-10-06 01:00
    AntiVir 2005-10-06 01:13
    Kaspersky 2005-10-06 01:26
    F-Prot 2005-10-06 01:50
    Sophos 2005-10-06 03:07
    Command 2005-10-06 03:42
    Panda 2005-10-06 03:53
    McAfee 2005-10-06 at 05:13
    Symantec 2005-10-06 at 06:36
    F-Secure 2005-10-06 06:45

    --------------------------------------------------------------------------------------------------------------

    and now the info:
    Press Release Source: BitDefender


    Second Variant of Sony DRM Trojan Detected and Protected by BitDefender
    Thursday November 10, 7:03 pm ET
    Company's HiVE Technology Enables Detection of New Variation Before Competing AntiVirus Solutions


    FORT LAUDERDALE, Fla.--(BUSINESS WIRE)--Nov. 10, 2005--BitDefender(TM), an award-winning provider of antivirus software and data security solutions, announced today that its HiVE technology enabled the detection of a new, second variation of the Sony DRM backdoor Trojan, named Backdoor.IRC.Synd.B. This new variation of the highly publicized Trojan was proactively detected by BitDefender's Labs through behavioral detection made possible through the HiVE virtual environment.
    Similar to the first Trojan found earlier today but written with a new digital signature to get past anti-virus defenses, this new version also uses the cover provided by the Sony DRM component to hide itself. Changes found by BitDefender in this new variant include reparation of the bugs from the first version, a change of the file name to "$sys$xp.exe", change of the IRC channel name, as well as some additional minor technical changes.

    "BitDefender's HiVE technology enabled us to detect the second variant of the virus without any need for additional signatures," commented Viorel Canja, head of BitDefender Labs. "While this new strain is also in the wild, BitDefender will continue to monitor for any additional variations of the Sony DRM Trojan. BitDefender is committed to being one step ahead of virus writers, so that our customers can feel confident that they are always protected."

    According to BitDefender Labs, this new Trojan installs an IRC backdoor on the affected system and may have other functions. BitDefender is currently conducting further analysis on the Trojan and will publish further analysis to its corporate website, http://www.bitdefender.com.

    About BitDefender(TM)

    BitDefender is a leading provider of security solutions that satisfy the protection requirements of today's computing environment. The company offers the industry's fastest and most effective line of anti-virus and email security defense, setting new standards for timely threat detection and for simple installation, use and updates. BitDefender delivers effective threat management for over 41 million home and corporate users in more than 100 countries. BitDefender is a division of SOFTWIN and is headquartered in Bucharest, Romania, with offices in Fort Lauderdale, Florida; Tettnang, Germany; and Barcelona, Spain. Further information about BitDefender can be obtained by visiting: BitDefender http://www.bitdefender.com/site/home
     
    Last edited: Nov 24, 2005
  25. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    But, again whether you or i get infected depends on a number of things and to just depend on good heuristics is by no means a guarantee of not getting infected.
    I'm not saying Heuristics aren't important, i'm just saying balance in your security armor is more important than relying on Heuristics to catch what isn't in your AV's bases yet, because it just won't.
    I'm sure thats true, but then again how times have Kav detected trojans that Nod didn't..............:D
     
Loading...
Thread Status:
Not open for further replies.