NOD or DrWeb, quicker against new nasties?

Discussion in 'other anti-virus software' started by Firefighter, Aug 6, 2005.

Thread Status:
Not open for further replies.
  1. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    This kind of things has been seen too often.

    Best regards,
    Firefighter!
     

    Attached Files:

  2. Atomic_Ed

    Atomic_Ed Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    389
    I am running nod32 trial right now after running avast for the past week or so and one thing I also noticed was avast gave me a warning on a web site I had visited previously as having a trojan and today I was surfing around and accidentily selected from cache that same site and nod32 gave no warning at all. So either the site has since had the trojan removed since a few days ago or avast was falsely deteting the trojan or nod32 did not catch it at all. I am not sure which of these it was but based on your post I am starting to wonder if nod32 is catching trojans on web sites as good as avast did. From the reviews I have read, nod32 is supposedly like super compared to the others so it is a bit confusing.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,792
    Location:
    Texas
    Nod has that trojan in the definitions.

    NOD32 - v.1.1158 (20050629)
    Virus signature database updates:
    JS/TrojanClicker.Linker.L, JS/TrojanClicker.Linker.NB, JS/TrojanDownloader.Small.NAG, VBS/Exploit.Phel.I, VBS/TrojanDownloader.Phel.I, Win32/Bifrose.BP, Win32/Delf.NAP, Win32/Delf.NAQ, Win32/Kelvir.CQ, Win32/Lewor, Win32/Lewor.D, Win32/Mytob.GO, Win32/PSW.Gamania, Win32/Rbot.DUZ, Win32/Robobot.NAD, Win32/Spy.Banker.NEX, Win32/Spy.Banker.NEY, Win32/Spy.Harvester.02, Win32/TrojanClicker.Small.NAI, Win32/TrojanDownloader.Dadobra.AX, Win32/TrojanDownloader.Dadobra.CJ, Win32/TrojanDownloader.Dadobra.DB, Win32/TrojanDownloader.IstBar.JA, Win32/TrojanDownloader.Tiny.NAA, Win32/TrojanDownloader.VB.NAT
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
  5. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I like this alot better :D
     

    Attached Files:

  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Kaspersky has covered several "Trojan-Downloader.Win32.IstBar.ja":s which have actually several variants in it. My sample really did this in my former post 21.

    https://www.wilderssecurity.com/showthread.php?p=513694#post513694

    So I think that it is also valid and really in the wild one. I've also tested that sample against NOD 2.51.3 Beta but with no detections.

    Best regards,
    Firefighter!
     
  7. Patrician

    Patrician Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    132

    NOD32 does not detect trojans and/or malware very well at all when comared to some of it's rivals. I use a certain web-site for testing AV software (I know exactly what and how it tries to put on your system) and NOD just sits there letting everything through without a wimper. Even using the tweaking guid here at Wilders makes no difference, NOD completely ignores everything this site installs. Even AVG catches one of them and Avast Home gets 3, KAV gets them all (5)as does Panda Titanium and Platinum, along with any AV running the KAV engine.

    At the moment I am running NOD as I have a licence until September and am running Windows x64 so doen't have a lot of choice, but I will not be renewing NOD's licence after it has expired, I'm not at all impressed with it. Looks like if you are runnning NOD32 you really need to have a backup to catch what it misse. Advanced Hueristics? My eye!
     
  8. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA

    But then it could - since as has been mentioned (aside from Jotti's own other warnings/qualifications) a few times before - Jotti's is on Linux :eek:
     
  9. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yeah that might also be another factor...
    Ragrding backdoors and trojans. With latest 2.5x.x release of NOD32 they really improved it alot. Check my screenshots and you'll notice string "a variant of" which means that NOD32 didn't exactly matched the malware with signatures,but it has found similarities and flagged a probably modified version of malware stored in signature database. And you'll see such detections quiet often. They never appeared in 2.1x.x versions of NOD32.
     
  10. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    yeah - and it also seems (according to my recollection) that Firefighter keeps showing screenies of the same "istbar trojan" (probably a self-installer archive) over and over - why don't you send it to Eset if it's so dangerous? I asked them about it and they say he has not to date.


    edited to fix a missing parenthesis - Detox
     
    Last edited: Aug 7, 2005
  11. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I share the same opinion with Detox...
     
  12. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  13. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Nod must depend on heuristics for weekend protection.
    Very rare weekend updates,where as ,even free ones usally update.Antivir has updated twice today up to now.Dr web has also updated this weekend.
     
  14. jlo

    jlo Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    475
    Location:
    UK
    Hi,

    Well I have to stick by Nod32 I find a lot of new malware on the internet and usually Nod detects with Advanced Heuristics. I do admit its not the best AV on Signitures but in my humble experiance its the best with Heuristics, althrough Norman Sandbox, Bitdefender, Mcaffee, Antivir, Dr Web, VBA and Arcavir are also very good.

    I am more than happy with NOd but no AV is perfect. I happen to have 2 licences, use KAV personal on my main computer (more of a resource hog but excellent detection) and Nod32 on my Wife's laptop, runs very light and she is not a heavy websurfer.

    I have trialed Dr Web and always submit nasties to them. I like Dr Web and would be happy running Nod32 (which I already do) or I would be more than happy to run Dr Web. Dr Web aways replie back once they detect the submitted nasty where as Nod do not reply back normally.

    Dr Web updates more regularly but not quite as regularly as KAV yet!!

    Cheers

    Jlo
     
  15. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Bit Defender 8.0 "ain"t" bad either.

    Jerry
     
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Ditto.
     
  17. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Same here.

    Besides, how many here depend solely on an AV, and nothing else, to secure their systems?
     
  18. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Me :D No problems for 6 years since i'm on true PC scene.
     
  19. Atomic_Ed

    Atomic_Ed Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    389
    Well, after running nod32 for a short time on my x64 machine and having previously tested Avast! Pro, I ended up uninstalling nod32 and puchasing the Avast license tonight. While nod32 seemed to run pretty quickly on my system, it was using more memory in the processes than Avast did which was puzzling. That wasn't any issue for me however since nod32 ran fast regardless. What I did not like about nod32 was it not reporting the web sites I had been with avast that did report trojans. In fact while using nod32 I only received one warning out of many sites. Don't get me wrong as I thing nod32 is a very good antivirus program, I just don't believe it is as good at detecting web sites with trojans as avast does. The script blocker in avast is really good too. The only other thing I really didn't care for with nod32 was the interface which to me had no polish whatsoever. I think with such a robust program they could put a bit more work into the interface. Now on the other hand I think Avast is just the oposite with its overdone interface. Anyway after running them both I felt more comfortable running Avast which is why I bought the license. All in all I think they are both really terrific programs I just personally felt like Avast was the better choice overall especially fro surfing web sites that may contain nasties. Avast also appears to run pretty light as well and is using less memory overall. I say if you choose either of them you can't go wrong, but if I were to have kept nod32 then I would have been looking for another supplemental trojan protection app as well in order for me to feel protected better while surfing.
     
  20. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Yeah in latest revisions avast! lowered memory usage significantly.
    But NOD32 usage is also very low. And interface is also quiet good,you just have to get used to it as with any other interface. Anyway,i hope avast! will serve you well ;)
     
  21. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    You said Avast! had detected trojans which NOD32 hadn't. Have you tried www.virustotal.com if that trojans hadnt been only false positives?
     
  22. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Not necessary.

    AntiVir TR/Agent.P.2
    ArcaVir Trojan.Agent.P
    Avast Win32:Adware-gen.
    AVG Antivirus X
    BitDefender Trojan.Agent.P
    ClamAV X
    Dr.Web not a virus Adware.Aomi
    F-Prot Antivirus W32/Agent.PV
    Fortinet X
    Kaspersky Anti-Virus not-a-virus:AdWare.Gratis.b
    NOD32 X
    Norman Virus Control W32/Agent.DSI
    UNA Trojan.Win32.Agent
    VBA32 Trojan.Win32.Agent.p

    This one is more likely to be seen on webpage. avast! detects it,NOD32 doesn't. As you can see it's certanly not a false positive.
    But this one detects this and misses something else. It's the same for every AV...
     
  23. Patrician

    Patrician Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    132
    Obviously I cannot speak for Atomic_Ed but I know the site I use for testing puts real nasties, not false positives, on your system.. Quite simply NOD does not catch them coming down through your web browser as well as some of it's rivals, including Avast Home edition.
     
  24. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    Why not looking directly at av-comparatives proactive test to get an idea on how the answer could be? ;)
     
  25. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    My purpose was actually to discuss about the signature scanning capability of those two av:s, not just heuristics. Several samples of new Trojan-Downloaders, AdWare and Exploits are actually detected by defs only, not by heuristics, as we can see here in those other examples too.

    Best regards,
    Firefighter!
     
Loading...
Thread Status:
Not open for further replies.