Let's make NOD32 equal to KAV!

Discussion in 'other anti-virus software' started by Straight Shooter, May 1, 2004.

Thread Status:
Not open for further replies.
  1. I am starting a new thread here to continue a topic I, along with others, seem to want to explore, but should not be discussed in the NOD32 forum.. This is a continuation of this thread here...

    https://www.wilderssecurity.com/showthread.php?t=29889&page=2

    So, let use THIS thread here to continue...

    Plainly stated, I ask,

    What other programs in addition to NOD32 should you have on your computer to be able to detect as much or as close to what KAV detects? In addition to having layered protection, one would also have the advantage of using an AV that scored more wins with VB, and also be able to use Advanced Heuristics if wanted or needed...
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    That is what is funny about VB and other av testing sites. If you don't like the results just go to another site. Nod 32"s test results are not as good when you go to any other site other than VB. I am useing panda and it just depends whose test results you look at as to how good it detects. On most all the sites besides VB panda does very well. Mcafee has just as good trojan detection as KAV And their virus detection is excellent. But then again it depends whose test you look at.There is no best AV not Nod Not Kav and not mcafee. The best AV is the one that works the best for you on your system.


    bigc
     
  3. Well, you're saying it yourself, that NOD32 scores well ONLY (for the most part) at Virus Bulletin, which is a serious Deficiency, IMHO...
    And I agree with that..Still, some users want as much protection as possible, and still want to use NOD32... My point in this thread, is, what other programs should be combined with NOD32 to cover those weak spots...
     
  4. norky

    norky Registered Member

    Joined:
    May 1, 2004
    Posts:
    172
    Location:
    Lithia, FL
    as i said in the other thread:

    I've also just discovered a squared (http://www.emsisoft.com/en/) and am going to see how it handles the malware aspect of my security for a bit. then i'll try ewido and tds-3. i think somewhere in there i'll find a good setup.
     
  5. happy man

    happy man Guest

    1 KAV 5
    2 F-secure 2004
    3 NOD32 v2
     
  6. Well, I know from what I read that it hasn't been updated in a while.. I wonder if Andreas still works for ESET? Just out of curiousity..

    But, here is the problem. Through extended definitions KAV covers something called "pornware".. Anyone else cover that? I am trying to find different prorams that handle aspects of KAV, so if someone wanted to, they could use those programs...
     
  7. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Let's get to the paranoid dicussion. :D First let's go to the facts: NOD32 performes extremely well on all malware that is currently spreading - the so called ITW (in-the-wild) malware. It doesn't matter at which test I am looking, take for example VB or AV-Test.org: NOD32 is scoring 100%.

    The key difference comes when looking at test that uses zoo-malware. Zoo Malware is existing malware that is not spreading. So the chance to get infected with such zoo-malware comes close to 0. And also if such zoo-malware starts spreading NOD32 will update their signatures as they do with any other new viruses as well.

    But coming back to the paranoid part: If somebody wants also first class detection for zoo-malware than the solution is quiet simple: Take KAV or any other product that is using the KAV engine as an additional av and you are set. KAV is the reference product in the industry when it comes to zoo-malware.

    wizard
     
  8. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > The key difference comes when looking at test that uses zoo-malware. Zoo Malware is existing malware that is not spreading. So the chance to get infected with such zoo-malware comes close to 0. And also if such zoo-malware starts spreading NOD32 will update their signatures as they do with any other new viruses as well.

    Exactly Mr Wiz! You hit the nail right on the head!

    As I'm sure you will have seen for yourself, the continual wail from most amateur "virus experts" is "Virus Bulletin only tests antivirus products against In the Wild viruses!" ... which goes to show that they don't have the faintest idea what they're talking about right off the bat.

    The plain and simple fact is that Virus Bulletin routinely tests antivirus products against many viruses that are not in the current WildList ... but the difference between Virus Bulletin's test sets and the poorly assembled and maintained "zoo" collections used by amateur wannabes is that Virus Bulletin's test sets are 100% crud-free ... at some time every sample used by Virus Bulletin has infected someone's computer during the normal course of everyday operations.

    Let's face it ... if Virus Bulletin's tests really were as crappy as some self-appointed "virus experts" would have us believe then it would not have survived in the IT Security marketplace for fifteen years, let alone kept its reputation as "The Bible of The Antivirus Industry" for fifteen years ... it would have been rated down alongside amateur and university and computer magazine and other wannabe tests years ago, and ICSA and Checkmark would be fightng for the #1 spot in professional antivirus product testing.

    At the end of the day, "who to believe" is up to the individual reader ... but readers would be wise to give credence to tests that are rated highly by IT Security professionals rather than to tests touted by know-it-all "Forum Virus Experts".
     
    Last edited: May 2, 2004
  9. Godzilla

    Godzilla AV Expert

    Joined:
    Nov 1, 2003
    Posts:
    63
    I second that.

    First you have to know WHAT TYPES OF MALWARE ( Name + Variant ) are really common issues for the users. And i count here _NOT_ a patched single Backdoor, because if _THIS_PATCHED_ Backdoor becomes more popular it attracts the attention of other AV companies as well.

    First you have to protect the users / customers against the wild spreading malware. ItW ( In the Wild ) is the name for this. Detection of a large range of zoo viruses is a NICE TO HAVE FEATURE but the protection ( A VERY FAST PROTECTION, WITHIN A FEW MIN. AFTER THE WORM/VIRUS WAS FOUND ITW ) is much more important. It is also important to prevent such spreading in advance with a good heuristics, based on experience of the _NEWER_ malware samples.

    In both cases - NOD32 does it very well.

    Just consider this: What would you choose if you know that AV program XYZ is very good with zoo malware but it (would) sucks with new ItW malware ?
    The chance, that you get such a ItW worm is much more highter than the chance that you pickup a old zoo malware sample. (However, KAV is also very good with ItW malware, not that somebody missunderstands me here)

    Every AV program has it strengths and weekness. KAV as well. Take a few thousends of replicated (and executable) uruguay viruses and try to detect them with KAV. ;) But who cares ? Some types of the uruguay viruses are very difficult to detect and they are dead. So no problem at all.

    Regards,
    Godzilla
     
  10. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    There you go SS. You just learned a valuable lesson. Never ever try to suggest NOD is not the equal of ANY other AV. Once you start that, no matter how diplomatic you try to be they will come out with their defence's up. Another thing to note is that it is IMPOSSIBLE for them to put more than two sentences together without the words Virus bulletin or the initials VB. Yes this looks distincly like a nod user bashing thread. Well actually it's not. It's the view that you are all so obsessed with THAT test site, that you honestly believe(whether it's right or wrong) that if you get a good score there, then your AV is the best.

    Lets look at the facts based on a multitude of tests and user experience. When it comes to ITW viruses then NOD is consistantly up to date and providing it's users with protection. It could be said with some accuracy that in this regard it is the lead product. The other fact is that when it comes to overall protection then it is not the lead product. NOD has always been an AV that you need to use with an Anti-Trojan and also an anti-spyware application. If you are prepared to use NOD with these two other forms of protection then you will have an outstanding defence. What you DO have to consider is that if you use it on it's own then you are under threat of being infected by a trojan or/and spyware. AV's like NAV, KAV and McAfee offer a stronger defence overall and include plenty of protection from 'other' malware than viruses.

    So SS, back to your question. When it comes to viruses, NOD is already the equal of KAV if not better. But to make NOD the equal of KAV 'in overall protection' you would need an AT like TDS3 and an anti-spyware app like Adaware Pro. But tbh if you had those running with NOD then i'm sure that set-up would exceed KAV. It would certainly match it.

    muf
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    muf,

    I'll disregard the "diplomatic" phrase if you don't mind. As for the rest of your comment: please read godzilla's post right above once more. FYI: he's an AV expert indeed - but not in anyway related to Eset/NOD32; on the contrary. Thus: take it as an independed and very to the point statement.

    That's the overall consensus - not restricted to this board - indeed ;)

    Indeed the major strenght from NOD32 is ITW viruses; no arguement here.

    It's called layered defense - highly recommend by many in the field, and for very good reasons ;)

    ...one more reason for layered defense. Apart from the fact, there is no software available taking care of all - question is: would such an "grab it all" software be the one to go for? Many nasties do target many security softwares nowadays (visible or hidden). In case the installed "grab it all"software is targetted sucessfully, results will be catastrophic: one would have lost not only his/hers Antivirus, but Antitrojan (and others, like Antspyware for example as well). Count your blessings if such a scenario comes true...

    ...and that's in effect putting all eggs in just one basket. Tricky business IMO.

    A very sound and recommendable approach for reasons as mentioned above!

    regards.

    paul
     
  12. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    To have Kav detect all the things Adaware detects you have to update Kav from the "updates_x" bases,something that kaspersky labs recommend AGAINST for home users:possibility of too many false +ves so even kaspersky dont advice using Kav to try and detect everything!
     
  13. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > Another thing to note is that it is IMPOSSIBLE for them to put more than two sentences together without the words Virus bulletin or the initials VB.

    Could that perbaps be because most NOD32 bashers also bash Virus Bulletin ?.?.? :)

    > Yes this looks distincly like a nod user bashing thread. Well actually it's not. It's the view that you are all so obsessed with THAT test site, that you honestly believe(whether it's right or wrong) that if you get a good score there, then your AV is the best.

    I'm not obsessed with Virus Bulletin's tests ... I could quote any of dozens of "other" intenational awards NOD32 holds, including ICSA and Checkmark Certifications ... but Virus Bulletin is regarded by most IT Security professionals as the world's #1 antivirus product testing authority and is the award every antivirus vendor strives to win and is the test most often put down by wannabe "virus experts" in these forums ... so consequently the need to defend it arises with monotonous regularity.

    Note that I have been defending Virus Bulletin almost from its inception fifteen years ago ... through years of distributong "other" antivirus programs which were not Virus Bulletin's "star performer".

    It's not a "NOD32 thing" with me ... it's a "Virus Bulletin" thing.

    No doubt professional IT Security guys and girls would go for a product with "do everything" protection if the product provided the same level of protection as a set of dedicated antivirus, anti-Trojan, anti-spyware, etc, programs ... but ask any professional mechanic why he spent a small fortune on sets of sockets and ring and open-ended spanners to suit metric nuts and bolts and second sets to suit imperial nuts and bolts rather than just a few dollars on a single adjustable "do everything" wrench and he'll tell you "Adjustable wrenches are for amateurs. They have no place in a professional toolkit." :)
     
  14. Well, frankly, even with my using KAV, I also have Spysweeper and Trojan Hunter and ZAPro running for "layered" protection..LOL..
    Well, Ive always considered myself to be a fair person.. So, I installed NOD32 and will be using that EXCLUSIVELY, along with TH and Spysweeper... I will NOT practice Safe computing habits..LOL.. Admittedly, my laptop runs faster now with NOD32 than with KAV 5.... and that's important to me.. My concern is, with my new "layered approach", will I get infected? Time will tell.. In fairness, however, NOD32 caught an HTML Exploit this morning.. "heuristically". I could not save the file. I lost it... If I duplicate my steps and get it back, I'll send it to you, Rod..
     
  15. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Some interesting points made here. I would agree with Paul's comment about layered defense. Any scanner is limited by its signature file and if you think you have a good chance of encountering something not covered in the file (e.g. if you download from "warez" sites, Usenet, IRC or P2P) then using software to detect and block suspicious behaviour is a far more sensible approach than running a second scanner (which is going to duplicate the work of the first to a large extent).

    Trojans almost invariably require Internet access so a firewall offering strong control over outgoing traffic is a must (and a firewall should be used for other reasons anyway). However virtually all malware tries to make alterations to the Windows Registry and system files (to ensure they are run on startup at least) so an application that monitors these is a good idea - as well as one that can detect any attempt to compromise other running processes. Diamond's Process Guard should do a good job at process protection and System Safety Monitor (free download) can detect Registry/system file changes (via a plugin that you need to enable) as well as intercepting program calls and DLL injection. These should make a better choice than a second scanner for most people (although SSM is better suited for advanced users - expect a blizzard of popups when you first install it).
     
  16. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    There is absolutly no doubt that a strong layered defense is going to protect your computer better than depending on a single application. That has always been a very good practice and will more than likely remain so well into the future. with all of the malware that is being written it would probably be impossible for a single app or security suite to detect it all and have impunity against deactivation by some of the nastier malware out there.
     
  17. Shelb

    Shelb Registered Member

    Joined:
    Dec 3, 2003
    Posts:
    76
    Hope you do not mind a novice inputing his opinion, but I am not sure I really want NOD32 to equal KAV.....I chose NOD purely on its sexy good looks :D :D :D

    In all seriousness, I chose NOD because of its efficiency in doing its job. It effectively protects my systems while using the least rescources. AH is also a nice feature that has saved me from infection a few times now in the ~three months that I have owned a license.

    KAV is an excellent solution for those who want their AV to catch as many things as possible. However, as a customer, I appreciate NOD's approach, and do not wish for them to change this philosophy. I have taken other steps to layer my defense against the threats of trojans, spyware, etc. I have tested KAV for the full trial period, and found it to be to computationally expensive on all but my newest pc's. Keep in mind this is a subjective judgement, as I am impatient! :)
     
  18. Sandish

    Sandish Registered Member

    Joined:
    Apr 29, 2004
    Posts:
    51
    Making it equal wont work i guess - but try this recipe:

    Take some NOD-like speed and heuristic (not too much and not from the advanced one) and put it in the blender, now put some of the detection rate and archive/packer - support of KAV to it and shake it a bit - what comes out is a little green spider that gets up to 10 updates a day, doesn´t eat too much memory and works pretty reliable. But it needs some care (wise settings) - or it will get some nasty taste.

    If you don´t like to prepare it yourself you can get it as an instant-product from www.dials.ru

    Just to give this discussion some new "spice". ;)
     
  19. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > KAV is an excellent solution for those who want their AV to catch as many things as possible.

    Yes, it's great at detecting a wide range of malware ... but as you're obviously aware, dedicated detectors for specific malware offer better protection than any single "do everything" program.

    > However, as a customer, I appreciate NOD's approach, and do not wish for them to change this philosophy.

    As an AV "purist", I would prefer that NOD32 detected only viruses and left other malware detection to the specialists ... but that's only my personal view. Unfortunately, a product's features are dictated by consumer wish lists. What the customer wants, the customer gets ... or he buys something else. Trojan detection in antivirus programs is on many consumers' (particularly home users') wish lists ... so we have to detect Trojans too.

    I guess I'm just old-fashioned ... the argument for including Trojan detection in antivirus programs is valid ... but some "wish list" features are (imo) poinless time-and-resource-wasting flim-flam hyped into "desirable features" by ad men and snake oil marketroids ... for example: I see very little value in scanning inside archives, and no value at all in scanning outgong email.

    > I have taken other steps to layer my defense against the threats of trojans, spyware, etc.

    In my opinion, and it seems in the opinions of most informed members of this forum, that is the best way to go.
     
  20. Shelb

    Shelb Registered Member

    Joined:
    Dec 3, 2003
    Posts:
    76
    I agree 100%! Cut out the fluff and detect viral files to the best of your abilitiy. I like NOD because it lacks the bloat that is turning so many of the AV's into full blown CPU hogging security suites of sorts. The few true trojans that I have run across were caught by NOD. I was kind of disapointed....I wanted to see TDS in action! Oh well, a layered defense comes through, providing a safety net :)
     
  21. How about cleaning viruses in archives?

    NOD32 won't even clean the Eicar test file zipped once, let alone twice.. Is there a way to do it?

    I don't know... I am trying hard to like NOD32, and beleive me, in all my spare time today, I have been throwing stuff at it. Yup, I did notice Trojan detection is much better.. Probably due to the "Andreas Haak" factor..LOL.. But not to delete a virus off a zipped folder.. ?
     
  22. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Given the problems in getting the "typical" home user to pay for just ONE security program, making that program cover as many bases as possible would seem a better choice. Also it would make sense to run just one scanner with a comprehensive signature file and use other software to provide different types of protection (file/registry/process checks, network access control, etc).
    I beg to differ here. Most downloads are compressed and any incoming file should be scanned as soon as it lands on your system. Having an AV scanner that can deal with archives makes this far easier (I use GetRight for downloads and configure it to kick off a virus scan on each one). Outgoing emails/instant messages should be scanned to stop viruses from spreading to others (especially important for business users who may face liability claims) - after all a system may be infected by other means than incoming email (and Outlook*cough*).
     
  23. Well, I didn't catch Rodzilla's post about scanning archives being unnecessary.. and if the answer to a feature that is lacking in a product is .."It's not needed..."... That is not my way of seeing the answer..
     
  24. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Shooter,

    Sounds fair enough. The confusing part here is, someone pointed me to your statement elsewhere you won't do so at all and dropped NOD32 o_O No doubt that's your perogative! Then again stating X over here and the opposite shortly after elsewhere is at the least...ehh "strange". But of course: it's your system ;).

    Archives are harmless as such - that's common knowlegde ;).

    regards.

    paul
     
  25. BKK Aussie

    BKK Aussie Guest

    Are you saying you don't believe all the BS about Kaspersky finding more trojans than Trojan Hunter? :)
     
Loading...
Thread Status:
Not open for further replies.