Nod 32 update frequency

Discussion in 'NOD32 version 2 Forum' started by Ledsr40, Jun 20, 2007.

Thread Status:
Not open for further replies.
  1. Ledsr40

    Ledsr40 Registered Member

    Joined:
    Mar 6, 2006
    Posts:
    52
    I often forget to update nod for a couple of days. Does this program need to be updated every day? Not should it, but since I already did forget to in the past, could there have been significant risks? Like very smart viruses going in to my computer and changing the codes for the program so when it is updated it is already too late because the AV got compromised already. Like it's faking it's own updates because it has already been taken over by the virus, and all of the scans I did after the updates are all fake too because the program is under control? Are there any virus out there that can control the security software so that there is nothing you can do because the anti virus programs themselves are compromised?

    But with the updates, the heuristics are supposed to help protect viruses that are not in the signature data base, so even if I updated a few days late it's still ok right?
     
  2. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    As with any other AV program, updates are very important. BUT: it depends upon your surfing habits. If you are a risky surfer, you really should keep it up to date. Besides, NOD32 is set to automatically update every hour. Have you got this disabled? I would recommend leaving it enabled. If you are on a dial-up connection, leave it set anyway, and set up NOD32 so it only searches for updates when a connection is available.

    As for the viruses you describe: I am unaware of any that could do such a thing. Such viruses would need to simulate mouse clicks, and change program components - and such an attack would be highly visible and obvious. File viruses can change the contents of files they infect, but as far as i know, not to the extent of controlling your security programs.

    NOD's heuristics are above and beyond those available from other AV vendors, and yes, they will protect you (from up to 70% according to AV-comparatives) from new threats. However, it is still important that you run at least daily signature updates - to ensure that NOD32 is protecting you as much as possible.

    Edit: You should not be concerned with have threats already running on your machine. AMON, the file system monitor would alert you to any viral activity. If you want to be really sure, run an in-depth analysis and a couple of online scans - such as Kaspersky or Trend Micro HouseCall. (Kaspersky, Trend Micro)
     
  3. Ledsr40

    Ledsr40 Registered Member

    Joined:
    Mar 6, 2006
    Posts:
    52
    Thanks. I do daily updates but I was worried about the times where I forgot for a couple of days. And I was worried about those "super smart" viruses, but that's not realistic as you said. How effective is Nod's heuristics anyways? What do you mean by up to 70 percent?

    I already deep scans already, but I was just worried about if Nod could be "controlled" so the scans will no longer work, so I came here to ask.
     
  4. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    go to http://www.av-comparatives.org and go to the "comparatives" section. Look at the May 2007 Proactive test, and you will see the statistics of which I speak. The exact figure is 68% but it sounds good to round up ;) The tests were done with 3-month-old signatures, simulating threats that had not yet been identified as "in the wild" and therefore not added to sigs.

    Some malware can hide itself from scanners, or simply not be detected by an AV (which is why it is good to run online scans when you suspect infection) - but I am not aware of or ever heard of malware that can actively "take over" your security software. If malware was targeting your software, it would generally be shown by software crashes, and a general failure to run. It is more effective for malware writers to completely disable AVs, rather than try to "fake" their functions. Dont worry :).

    For more information on Malware, you can go to Viruslist, which is Kaspersky's virus information site. There is a lot of information on Virus types, and behaviours - which should help you understand viruses and malware in general, a bit better.

    Hope all this helps. If you have any other questions, please dont hesitate to ask. :)
     
  5. Ledsr40

    Ledsr40 Registered Member

    Joined:
    Mar 6, 2006
    Posts:
    52
    Thanks for the reply.

    I thought that Nod32 had the best heuristics system in the world? It's certification is Advanced+, but why didn't get top spot in anything? And what's the difference between "new" and "in the wild" viruses? And what is the certification level? Those comparative results are totally different from what I originally believed. I didn't know that the commercial version of the Avira Antivir is so good, I just thought that they offered a really good free version. And since Nod32 didn't get the top for any of them, why did it get Advanced+ but not Antivir?
     
  6. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Hi, Did you read the report, or the online results. The report gives you perhaps more answers to your questions. It also explains why Nod32 got Advanced+ Also take a look at “Our sorting and testing methodology and the FAQ's” link. ;)
     
  7. The_Duality

    The_Duality Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    276
    Location:
    Liverpool, UK
    You are welcome :)

    Right, on to the comparatives results. According to that comparative, NOD32 still does have the best heuristics. You have rightly stated that Avira did better in terms of detection, but if you read deeper into the results - you will notice the number of false positives that avira's heuristics flagged. Now what good is a heuristic engine if it flags good files as malware? The Symantec (im sure it was symantec...) incident earlier this year proves just how devastating false positives can be, if they flag the wrong files. So, regardless of Avira's good detection rate, false positives mean it only gets the standard certification.

    NOD isnt the best at catching every type of malware, so it does not get top spot for, say, trojan or backdoor detection, but its overall detection - taking into account all the categories of malware - is better than the others, with a minimum number of false positives. Thus earning it the Advanced+ certification.

    Certification levels in Proactive tests and on-demand tests should not be compared, but both should be taken into consideration. Looking at NOD32 for example, we see that whilst it is not the best at on demand detection, it still has a high detection rate - more than adequate. Fantastic even. If you then take the proactive detection test, you notice that some of the AVs that may have surpassed NOD in on-demand tests do not do so well. For example, Kaspersky (for want of a better comparison... im sorry mods!) does slightly better in on-demand tests, but then only achieves a Standard rating in the pro-active detection test. If you compare the results of both tests for both AVs, KAV may get better on demand - but only ever so slightly. pro-actively, however, KAV cannot compare to NOD in terms of detection. Therefore NOD comes out on top, in that comparative.

    Do remember that results can change with every new comparative, and different test sets can have huge effects on the results. It is easy to track down all the malware that NOD cannot detect, and use it as a test set - putting NOD in a bad light.

    As far as I know, new viruses are literally "new". They have only just been discovered, and most AV vendors have not had time to add signatures for detection. "In the wild" or "ITW" viruses are viruses that are currently "doing the rounds" so to speak. They are the most common, or virulent viruses about.

    I hope I have explained everything to you. I would definitely encourage you to read the .pdf reports for the two most recent tests. They will allow you to understand the results better.

    If you have more questions, or you would like further explanation, again, dont hesitate to ask!
     
Thread Status:
Not open for further replies.