Musing on NOD32/NAV/KAV...

I usually lurk, but the question of “which AV?” interests me.

NOD32/NAV2004/KAV 4.5, should I choose one of these? Something else?

I’ve followed the threads here (https://www.wilderssecurity.com/showthread.php?t=14902) and elsewhere (http://www.dslreports.com/forum/remark,8201352~root=security,1~mode=flat) on the “X vs. Y” in the AV world. Although many comments made by the contributors may be blasphemy to satisfied customers, I found them useful since I was actually weighing my options and had used the three that I’ve listed. But it’s hard keeping all of our experiences in perspective

If everyone owned identical hardware, had the same set of applications installed, surfed the same sites, and practiced the same level of safe computing, you might be able to identify a best AV program. Last time I looked, this isn’t the world I live in.

Everyone is right and everyone is wrong, at least when it come to me selecting an AV for my platform to cover the scope of my PC usage.

Signatures vs. heuristics? Signatures are best, until you are that mythical patient zero, the first infection of an epidemic. After that, maybe you’ll look at strong heuristics in a new light. That is, until someone deletes a needed file, not realizing that heuristics are fallible. Should I base my decision on patient zero? No. Should I base my decision on the poor fellow who mistook a false positive and paid dearly? No again. But I will listen to both and make a decision that’s right for me.

Bloatware vs light? For those of us who started when PC’s had one floppy (5 1/4 or 8" - take your pick) and 64k of RAM, everything’s bloatware these days. Of course, on the right PC virtually anything will run fast. It’s bloatware if I feel compelled to disable needed features to get acceptable performance. If you have a faster PC, my bloatware may be your speed demon.

Payware vs. free? I generally go the payware route since I can. However, when I was a much poorer college student, freeware would have been my only option and I would have embraced it.

Ability to recognize viruses in a controlled test? This is the toughest and most controversial since it is all too easy to label this as an objective judge of performance. It’s not. The outcome of tests focusing on viruses that will never invade my world make an interesting story that has no relevance to me. The problem is that I can’t discern relevance until after the fact. I try to listen to the victims of virus attacks and those who have experienced the software stopping viruses. You’ve never had a virus get through? Well, first of all, let’s establish that you’ve been attacked in the first place and that the attack was thwarted, then we can discuss specifics.

For me, the only AV that has had to handle attacks was NAV and it performed admirably. By the same token, the only AV that let viruses through was also NAV. I know definitively that this failure was my own fault. I turned off needed features to get “good” performance. For the PC I had at the time, a lighter program would have been a much more appropriate solution – this is where options like NOD32 can absolutely shine.

My eventual decision this year? KAV 4.5 Workstation, although I'll probably augment it with NOD32 on one of my PC's.

Was running NOD32 for a few months. Looked good and still think that it’s an excellent package. It’s probably my preferred AV on anything less than a P4 class PC. Had one false positive – I’m sure no one else will have it, it centered on the uninstall facility of an expensive technical mathematics environment. I liked the speed. Simple to use. Absolutely no problems.

I had upgraded my systems from NAV 2002 to NAV 2004 due to all the positive comments. NAV2002 was solid - no missed viruses and NAV caught many e-mail based samples in the past. Regretted installing NAV2004 from the start. Don’t know the causes of the instability, and didn’t really want to spend time learning. Looked great while working. Would have preferred automated daily updates, though. In my book, this is a significant issue with a typical NAV installation. Received a refund on my purchase.

Tried KAV workstation 4.5. Was aware of the heavy resource usage reputation. Good price on multiple (4) licenses. Very configurable. No resource issues as I’ve set it up on my P4 level PC’s. Do not believe I’ve compromised functionality. Some additional malware types not well covered by NOD32 tipped me in favor of KAV. Very pleased so far. One deficiency seems slated for remedy in version 5 (sounds like the target release is Feb 2004 or so) and there is a bit idiosyncratic behavior in the control center. Noted it while stressing the program, but it’s irrelevant for virtually all of my usage.

Sorry for the length, but I thought that I’d share some of my struggle to put a few of the recent discussions in perspective for a newbie passing through. These threads on which AV to buy are much less definitive than would appear during an initial read, even if you focus only on the "objective" tests.

And with that, I’ll gently walk back to the shadows.

Blue…

 

Porche vs Ferrari
Dolf

 

Well said. One size rarely truly fits all and the same may be said for AV's.

 

Porsche vs Ferrari vs VW Golf. They are all the right answer, but to different questions.

There have been many exchanges over NOD32 missing viruses. An important gap? Maybe. Is it more important than choosing a solution that's so resource intensive that you simply prefer to keep it off most of the time? No. On an older PC, resource consumption may be the key consideration in a decision of which AV to use. On a 3.06 GHz P4, differences in resource utilization could be irrelevent since you will never see the impact and you can look at a different group of product features in making an informed decision.

Focusing on the automobile analogy - some drivers want a Golf, others need a Golf based on their situation. If we suggest that Porsche or Ferrari are the only viable cars for anyone, we've given them inappropriate advice.

Blue

 

Excellent first post BlueZ, and thanks for sharing your observations. It is very refreshing to see someone post objectively in an area that is often viewed from an emotional standpoint.

It is obvious you could contribute much to forums such as this, so please do not stay in the shadows too long.

 

Wich one is VW Golf?

 

Blue,

Come out of the shadows! Your post was one of the most well written, unbiased, and enlightening things I've read in ages! Excellent!

 

I agree,
Excellent post indeed

 

I second or third that. One of the more level headed comparisons that I've read in this forum and you're to be congratulated on not allowing the emotions to rule your intellect.

 

More sanity from an old friend on the Web here:

http://vmyths.com/hoax.cfm?id=235&page=3&cat=Frequently%20Asked%20Questions%20(FAQs)

 

Well, to me it that would be NAV, but in keeping with the analogy, the trends of cars in the US, and not wanting to denigrate the Golf owners out there (I was one once - my favorite car actually) I should really say "Sport Utility AV". Gets the job done, but is a bit unwieldy and lumbering in my hands, consumes lots of CPU cycles.

To all - thanks for the positive comments. If I can contribute to the discussion, I will. If I think I'm just adding to the noise, I'll refrain. I'm a just a user, not an security or AV expert.

Cheers,

Blue