Losing faith with NOD32 shocker!

But do not the tests, even though there are thousands of malware samples that the user will never get, demonstrate the ability of the AV to detect the samples? Is that worth nothing?

Although I realize that most of the malware samples will never be encountered by me, I am not sure which ones will. Accordingly, if the higher detection rated AVs run well for me, then I would prefer to use one of them.

If AntiVir or Kaspersky run well for me, I cannot think of any reason that I would use Dr Web or F-Prot, even though they might run well for me, and F-Prot did.
There is no disadvantage to that, and might be a definite advantage to the use of the higher rated AV if I encounter malware that is not normally encountered.

So if NOD misses more samples than KL why would I use NOD when the only reason I use an AV is protection from malware? This assumes that both run equally well for me. That is not always the case, of course, and might cause one to use a lesser AV due to conflicts.

Best,
Jerry

 

Wow, I'm really surprised by how many people seem to think that NOD32 perhaps isn't as 'good' as it used to be.

The whole principle here, for me at least, is the fact that yes, I downloaded a threat deliberately that I would never ever use - but that doesn't mean that my 16 year-old step brother who is frighteningly knowledgeable about how to find his way around a PC, might deliberately download the same threat I mentioned above, for Roboform, using P2P.

Under NOD32, it goes unnoticed, so he's installed this backdoor on my machine, and I'm happily using my legit copy of Roboform, entering my passwords, all the while unaware that my passwords could well be being stolen/seen or whatever - and all because NOD32 hasn't even warned me about something four other AVs recognise to be the same thing - a trojan.

I would rather get a false positive than no warning at all that there could be a chance of a threat.

I rely on my AV to tell me of anything suspicious - NOD32, at the moment, doesn't appear to be doing this as well as I thought it was.

 

Do you have any evidence to back this up? Most tests (even the crap ones that use honeypots etc...) collect malware from ITW. Do you think that antivirus testers are creating malware in the lab just for the sake of testing?

The malware used in av-comparatives is all ITW, AFAIK. They had 497,000 samples in the last test, each piece of malware in there will probably have infected a user somewhere, so the net is 'that bad'.

 

Personally, I am not "Shocked".

 

nor am i trjam, kaspersky has a far greater strength in different packers and formats than nod32, but then again ... nod32 still might have detected them, if the user tried to execute it, but personally, i wouldnt like to leave it to this chance.

 

For me at least the sky isn't falling. I use Nod and have no plans to change anytime soon although I won't say never.

 

This would be the case if the on-demand and on-access scanners used different engines and/or signature databases that would cause them to have different scan results. AFAIK, this is not the case.

Unless you're talking about dropped files when the malware executes, that is. Would still be a poor show on NOD32's part, though.

 

Basically, I am not performing my own tests, because if I had, then we'd have another virus.gr type test right here. I am just narrating what I have seen personally. Again, I must say that I do not think NOD32's detection rate is bad, I just remarked that in my experience it isn't as good as some others (i.e. the 4 other AVs I tried it on).

However, a bit of a problem is that Eset is a bit slow to virus submissions. Its not that they don't add, but sometmes it takes time for them to add. It doesn't put a very nice feeling for me, but what Eset wants to do in this regard is entirely their decision.

As such I think AV-comparatives is a credible testing organization, and to be fair, my own experience has been pretty consistent with what AV-comparatives says about detection rates, with the exception of a few switching of places (i.e. minor differences).

@CSJ: NOD32's generic unpacker unpacks a lot of files. Sure, its unpack engine may not be as good as KAV or BitDefender (for example), but its not very weak either (IMO). I think the unpack engine will be improved in NOD32 v3 as time passes.

 

with ten tousand of samples not detected by KAV and 16 tousands not detected by NOD32, what does the miss of 1 sample mean? You may find tousands occassions where one AV catches something while the other don't.

 

You have a point there, and again that may not really be the problem. The strange thing is that I find NOD32 missing more than I expect it to. If it scored around the same level as BitDefender (for example), then I would expect it to miss roughly equal number of samples as BD (specifics of the samples don't matter). Maybe its just something with my samples.

Anyway, I wouldn't be really concerned about this at all if it weren't for the fact that Eset is slow in adding signatures sometimes. I respect their priorities and it isn't my place to comment on that, but in the end I do not feel very good to see that my samples continue to remain undetected for a while.

 

I don't think so,many days ago,nod32 Couldn't detect two nspacks,many people found it and used the way to keep nod32 from detecting,now nod32 can detect two nspacks,I am so happy.

 

I don't think eset is a very good company,I have sent many samples to eset,but they can't reply to me.I am too disappointed.

 

Never thought I would say it, but I would take Bitdefender in a heartbeat over what Nod has become. My license, thrown out the window.

 

Not that they cannot reply to you but it is their policy not to reply emails with malware samples

 

No offense HiTech, but why would you not reply, because of the samples themselves.

 

I have emailed to eset,they said they were too busy to reply.

 

Some antiviruses (e.g. kaspersky) add every malicious sample you send them asap, and they tell you that (and the name the malware will be detected as) in their email reply. Eset's policy is to add malware on a 'priority basis', sometimes days, weeks or months after submission - by replying to emails confirming receipt of malware, they would put themselves in the position of having to add every malware they receive, or state that the file you have submitted is not malicious - by not replying to the emails, they are under less pressure to add the sample quickly.

 

well now, that is a strong statement. You are saying that THEY contacted you back and said they were to busy to reply, or, they never answered you ,and you assume that meant they were to busy. Because if it is the second part, then that is just your opinion and in all fairness to Eset, well, isnt right.

 

That isnt good from a customers stand point and if true, how are they still in buisness and selling such a product to customers. But yet you folks rave on, and on, and on. I really find this hard to understand, but I am not questioning your statement either. But damn, if true, I would be one pissed off customer looking to go elsewhere.

 

It's the former.

Not that he worded it exactly, but I've seen a copy of the email ESET sent to this guy, and that was pretty much the gist of it.

EDIT: trjam, if you're a regular submitter of undetected samples to malware vendors, you'll find out quite soon that ESET pretty much ranks right at the bottom with Alwil in terms of response time. Contrast that with Grisoft, who don't send individual replies to their customers either, but do add the detection signatures promptly within 1-3 days after submission.

 

Not that it depends on me and I can't be 100% sure but I think they don't reply because of their Policy to add samples on priority bases . They cannot reply you like Kaspersky does tell you that the sample will be soon added if they are not sure when they are going to add it . I myself like this policy , it is perfect to keep the bases clean with no unneed stuff . Most often they have undetected trojan downloaders , no problem with other malware .
I am not a malware collector and my words are based on my experiece , real life and I had issues once or twice only with a trojan downloader (all the additional payload was detected) . After I submitted the sample , they added it in a few hours . I myself have no problem with detected/undetected samples and NOD32 is a perfect security solution for me and my clients . If you don't like it , well , no problem

 

I think this is an excuse.

 

No problem indeed my friend and now I understand. Some malware is more important then others. Meaning on a scale of 1-10, well a 10 gets added quickly and a 1, well, see you in a month. Curious though as to what or how, malware gets identified as a TOP threat or, bottom of the pit one. But I see your point.

 

No sir, not an excuse, but a clarification. Big difference.

 

It makes all the difference when the sample you sent wasn't just something you tested in an isolated environment, but something that had infected your computer.

Hats off indeed to the Kaspersky team in this regard, even though they're not likely to see my praise to them here. Regardless of whatever policies or clarifications other malware vendors deem necessary to adopt when it comes to adding detection signatures, Kaspersky gives you none of that bull, only a speedy update within hours (sometimes minutes) after submission. And the best part is, they don't even advertise this as a feature on their website - really gives you the warm fuzzy feeling that they're sincere about their job, not just about the marketing aspect of it.