KAV as backup to NOD32

I use the ADS by preference, but it is nice to have the uninstall option in 5.0.325 And it seems to do a pretty good job of getting rid of them.

 

Hello,

Just giving my point of view. I'm not what technically you call a professional, as I'm still a student. But I'm quite interested in computer security, and especially in antivirus software, so I ran accross various websites about security, comapratives, and so on.

Well, NOD32 and Kaspersky are two great pieces of software. Both of them provide reliable protection against viruses. I've ran my own tests on two separate machines,

• Athlon 1.5 Ghz, 768 MB RAM
• Compaq laptop, Athlon XP-M 3000+, 1GB RAM

The fact is they both detect all the viruses we can find nowadays on the internet or via p2p networks, provide an accurate protection. But there are a few differences :
As it was said before, there are differences in the principles. Nod32 uses advanced heuristics, and also 'standard' heuristics, to dtect new viruses, as KAV relies less on heuristics and more on regular AV Base Update. But, again as said before, what is important is the efficience of these two procedures in the case of a major outbeak.
It's useless to update the AV Base every hour or so, if no really dangerous threat is released in the wild. What's important is the ability to respond quickly to these outbreaks.

Now for performance impacts, I have used both products on the two of my systems, and it's obvious that Nod32 is lighter. Not that it uses significantly less RAM, but the scanning time is less than KAV's. That last product still has much improved from version 4.5 to 5, but still Nod scans, on the tower, up to six times faster, on the laptop, up to three times, running an on demand HD scan. On acces (real-time) it's not that significant, but nod32 still is quicker, even on my new system.
I don't wanna argue here, that are just facts, which I've experienced, and so I add here my experience to this debate.

The fact is, two AV protections are safer than one, and that's simple : one system has its failures, another has his other failures, by using both, the leaks of one will be covered by the other. That's the idea, anyway. But, what we should not forget, is that an antivirus software is not the complete portection. Without a firewall and regular system updates, this would be pointless to have even the best AV protection in the world. And I'm not talking about spyware, adware, etc.
The more important part in computer security, or at least I think so, is for me to educate users, to not only they buy this-or-that software, but know why and how to use it, and how to avoid certain sites, mails, and so on.

Hoping my post was inetersting / useful to you,

Ice.

 

Releasing updates every hour is not useless to the guy (or girl) who gets infected by malware not considered ITW, and there is quite a lot of that around the net.

These are the fact's that i've experienced, my system seems pretty similar to yours (3200 Athlon, 1gb ram) the fastest i've seen Nod32 do an on-demand is 4m55s, the fastest Kav has scanned is 6m55s, both times are with every option enabled.

The fact is that running two AV's would only really cover each others deficiencies if they could be used together in real-time mode and catching the malware as it enters your pc, this is not generally possible (unless you use a twin-engined AV). Using one AV as real-time & one as on-demand is possible with tweaking, but that way if the AV who is running in real-time misses the malware and you for example doesn't do an on-demand scan everyday, then when you on-demand scan with the other AV and it finds it and clean/delete it (most likely delete nowadays) it will of course be gone, but the damage that it has done may not be.

It was, IcePanther.

 

Well, CLRAV is faster scanner but you won't think of it as antivirus software

Main cause for KAV longer scanning is fact that it scans MORE files, enetring into much more archives than NOD - and it takes time.

As you do not need to scan complete PC every day if you run realtime protecion on max, than this time difference is not significant compared to ability of detection during that particular scan.

And scanning just Local Settings folder after visiting "suspicious" sites is not such time consuming with KAV, so...

 

Yup, but you understand I couldn't perform test with thousands of nearly unknown viruses, because they're difficult to find, and also few spread, so individually, there's a little probability tou encounter one. But as a group of them, you're right.

Once again, I can only agree. But nowadays, most of malware is not, to talk properly, viruses. It's most worms (eMail, P2P) trojans, and spyware. These types of malware mostly do not damage files on the computer, so even if the real-time scanner doesn't catch them, no great damage will be done until the second scanner (backup / on-demand) finds it and deletes it. But, that will only be true if you have a reliable firewall protection, which will prevent them form spreading / transmitting your personal info.
That's something in the general case anyway, there still are viruses out there, but tend to be few versus these new malware types. What doesn't mean you're wrong, a twin engine based AV should be safer, provided it use two good engines.

An alternative solution is the products based on 'comportemental monitoring' who block specific actions, such a creating startup registry keys, modifying executables, and using the white-list principle to allow 'safe' apps (provided they're not modified by hashing them) to do such things. That kind of protection is more general, and may be used in tandem with classic (signature-based) solution(s). The problem with these, is they require more user knowledge, as it's the user who decides if an app should, for example modify an exe (true if it's an updater, false if it's a virus). It's an interesting solution, anyway, but, as an AV and a firewall are useless without the other, this is a 'plus' and can't be used alone.

 

Tried to install Kav as an on demand scanner a week or so ago with Nod my realtime scanner.Had all sorts of probs and where I was going wrong I was trying to shutdown Nod before the installation of Kav.
After reading the latest AV tests here https://www.wilderssecurity.com/showthread.php?t=83323 decided to try installing Kav again.This time I left Nod running and ignored Kav's warning that I should unistall my current AV.
Everthing is fine with Nod in realtime and Kav on demand.Or so it seems at the moment.

 

I'm running the personal version and deselected ADS during install.

 

I haven't done a full system scan comparison in speed but context menu adhoc file scans are definitely faster on my PC. I was surprised also. It is only faster since upgrading to 5.0.325 though. An example, I scanned a zip file with 170 files inside (approx 8MB total) it took 14 secs usng NOD32 with everything cranked up - KAV, also with everything cranked up did it in 9 secs. With multiple zips and file context scans KAV was usually around a third quicker.

When I get chance I'll run a test on a full system scan to compare on a larger scale.

 

Full system scan times :

On my old machine (desktop) : Nod32 - 2h40m, KAV - 5h30m (~800 000 files for nod, 1 000 000 for KAV)
On my new laptop : Nod32 - 1h42m, KAV 2h11m (~700 000 files for nod, ~900 000 for KAV)

(for machine quick dscriptions see my post above)

 

On your faster machine it looks like scan times are very similar. A quick calc on your figures shows NOD scanning (rounded up) to about 80% of the number of files that KAV scans and does it in about 80% of the time. Very comparable.

 

Scan times on my 3ghz 1gig ram machine,both Avs at highest settings-

Nod 2,5 beta,88,736-4mins56secs.

Kav latest,no ads,92,496-14mins14secs.

 

why is there a difference in the number of files scanned?

 

ADS could make a difference in KAV's speed (it might be faster with ADS).....

 

Don't really know but Nod says certain system files are locked or it could be the unpacking capabilities of zip files.

 

Probably because KAV is more thorough!!

 

...here we go agan, {sigh}...

 

No we don't...KAV can enter into more archive types and therefore it check more files within archive than NOD

 

I dont think lee1276 was diputing the fact that KAV has great unpacking abilities. I think lee1276 was just foreseeing the future of a possible flamewar. Maybe I'm wrong...

 

...no, you're correct, NAMOR!

 

You mean to say the unpack engine? If yes, I agree - KAV is VERY good at unpacking files.

 

I think you're right. NOD baiting is fun tho !!

 

I don't think that the file count summary at the end of an antivirus scan can be used as an accurate gauge as to the way the antivirus program is scanning files or the quality of the unpacking engine in whether it is properly unpacking files.

I have on my system NOD32 as resident on access scanner, and also GDATA (using KAV and Bitdefender engines) as reserve on demand scanner. I have both programs set for scan all files and all other boxes ticked for maximum protection.
When I do an on demand full system scan with NOD32 the result file scan is 175,000 files and when I do a full system scan with GDATA the result file scan is 39,000 (I have rounded both figures to nearest thousand for clear comparison).

How these figures come about seems to be illustrated by the following example.

In my download folder I have the zipped OpenOffice downloaded compressed file. When each of these antivirus programs is scanning this file, both spend some time unpacking and scanning and the the following is the file count:

NOD32 Openoffice.zip file count 21,282
GDATA Openoffice.zip file count 1

It seems obvious that Nod32 is counting the individual components of the compressed file while GDATA is treating the whole file as 1 file, but both programs have thoroughly scanned the file.

It does not seem to me then that we can say "this program shows more files scanned therefore it must be better of more thorough than that program"

Hollingwood

 

interesting, hollingwood. thanks for the info