how many virus found in nod32 in On-demand comparative Test by Heuristics ?

Discussion in 'other anti-virus software' started by 12V, Dec 22, 2005.

Thread Status:
Not open for further replies.
  1. 12V

    12V Guest

    how many virus found in nod32 in On-demand comparative Test by Heuristics ?
    if IBK disable the Heuristics from nod32 can this show huge sink detection rate ?
    also KAV and BItfinder
     
  2. peewee

    peewee Guest

    I don't think any AV is detecting the "kitchen sink" so to speak ;-)
     
  3. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    I think the original poster meant "decrease" in the detection rate.
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Why would you want to disable heuristics? In any AV for that matter?
    It gives you better protection, so why disable it?
     
  5. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Because we have different needs. For instance in Jotti's NOD detected 38 % from their own detectings by signature, so at least I'm curious to know how much NOD detected from their own detectings in Av-Comparatives 08-2005 test by signature.

    Best regards,
    Firefighter!
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    You have needs for less protection? Sorry, I don't understand.
    If your AV has heuristics detection, why would you disable it?
    Bacause of your needs to be infected by the new crap that goes undetected every day due to the lack of heuristics?
     
  7. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Sorry that I couldn't follow your thoughts!

    I wrote before in this thread: "For instance in Jotti's NOD detected 38 % from their own detectings by signature, so at least I'm CURIOUS TO KNOW how much NOD detected from their own detectings in Av-Comparatives 08-2005 test by signature." That's all.

    I just can't see any correlation to the detectings/missings of new crap in here, sorry! :rolleyes:

    Best regards,
    Firefighter!
     
    Last edited: Dec 22, 2005
  8. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    I'm sure if IBK tested with heuristics turned off the results would be different. My AV of choice Avast (doesn't have heuristics) would move up the ladder :)

    But whats the point in doing so ? detection is detection, doesn't matter how its achieved, does it ?
     
  9. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Disabling the heuristics engine will lower NOD's detection rate noticeably, possibly due to the fact that the generic unpacker will not be used.....
     
  10. POS

    POS Guest

    Every antivirus has its own way of detecting a threat. NOD32 uses its advanced heurístics to detect variants etc. So what´s the objective of a test using only signatures? In the reallife whe don´t disable NOD´s AH.
     
  11. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Maybe not, if you want clean infections too.

    Best regards,
    Firefighter!
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What does cleaning infections have to do with signatures vs heuristics o_O I'd say more than 99% of today's malware are trojans, dowloaders, backdoors and spyware so there's nothing to clean in such files.
     
  13. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Well said, that's one of the most clever answers I saw around here the last time :D
     
  14. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    It's comforting to know that, although there may be more than those < 1 % room to viruses and worms, when in Jotti's there were about 8 % of those. :) ;)

    Best regards,
    Firefighter!
     
  15. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Unfortunately the main question has got unanswered as many times before, when some of us don't like questions like this in the thread.

    Best regards,
    Firefighter!
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There's no sense in disabling heuristics. It's like performing a crash test of a car without the dummy wearing a seat belt and all security systems deactivated.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    How do you know those 8% were actually functional samples working on win32 platform? Were they actually undetected by NOD32? Did you send them to a qualified analyst to tell whether they should be detected?
     
  18. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    There's no sense to argue about to disable heuristics or not. If someone wants to get answers to his/her questions, whats wrong in it? :mad:

    The second argument you wrote in the post after this quoted one, has no sense, because NOD has always been quite strong againgst worms/viruses, so it detected much more than those < 1 %, 8 % isn't so much wrong in this. Let's forget the hostile attitude at least just now, when it's Xmas becoming ahead and let's joy the holy day of peace! :)

    Btw, Merry Xmas to you all! :-*

    Best regards,
    Firefighter!
     
  19. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    What's the use of an AV when you disable heuristics ? All AV out there are detecting the ITW viri, for the rest of all the malware out there to be detected you need heuristics. Disabling heuristics is as if I were to open the front door during nights and hit the sack, believing nobody has the guts to come in because I have a door... Or do you mean if NOD32 is capable of detecting viri without heuristics, just by definitions ?
     
  20. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    To check how effective NOD's signatures or Heuristics are, I think :)
     
  21. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    So what kind of answer are you looking here? Disable one of the strongest NOD32 points and then test it? Lets test McLaren but with Toyota Camry engine.Why? :)

    Developers spent so much time to produce the state of art heuristics and you want test NOD32 without it. WTF.? So what’s next disable the variant, generic, packers, and spyware and virus detection?

    Or maybe You want to see how powerful AH is? No problem its there at IBK’s web site.

    The original question is pointless and has nothing to do with the detection rate.



    tD
     
  22. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    OK, let's play again. The answer to that question, I can only guess, I think that NOD w AH detected about 8 % of their all detectings by heuristics in the Total without DOS & OtherOS category in the Av-Comparatives 08-2005 test. Why that's so difficult to give answers to a simple question like this? :blink: We just can't have the right to not answer questions like this.

    Best regards,
    Firefighter!
     
  23. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    That’s for the AH detection. What about Classic Heuristics? As far as I know it’s still in use for viruses and I mean REAL viruses (AH targets other Malware). VirusP have NOD32 logs, so you can see it for your self and do the math. :D


    tD
     
  24. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    I'll count those classic heuristics within to that AH category too because I'm using always these both. This 8 % was based on what NOD did against my quite old randomly picked samples collection plus what NOD did in Jotti's against those new nasty ones. So, just an assumption. :) So the rest 92 % were detected by signature.

    Best regards,
    Firefighter!
     
  25. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Silly question, and i didn't expect it from you:eek:
     
Loading...
Thread Status:
Not open for further replies.