NOD32 Encyclopedia

Discussion in 'NOD32 version 2 Forum' started by JimmyW, Aug 23, 2007.

Thread Status:
Not open for further replies.
  1. JimmyW

    JimmyW Registered Member

    Joined:
    Aug 23, 2007
    Posts:
    12
    I just began to use NOD32, mainly because my agency decided to adopt it in place of McAfee. So, I scanned a volume and found about 25 threats. However, I need to know whether the threats were deployed and the signs of infection, e.g., registry keys, files, etc. However, it seems that most of the threats are nowhere to be found on NOD's site. For instance, I was notified of Win32/Rootkit.Agent.DW, yet I can't find it in the NOD encyclopedia. I would think that, if they add a definition, they'd be able to describe it. It seemed that McAfee did a much better job of idfentifying and explaining its definitions. If there's something I'm missing or somewere else to look, I'd be grateful for suggestions.
     
  2. ASpace

    ASpace Guest

    Hello!

    ESET doesn't "describe" all threats on their site . As mentioned a few times in the forum , priority is to protect , then educate users . No matter McAfee was able to describe what it has found , it is more than obvious that it has missed a lot (especially when it comes to severe threats like rootkits)
     
  3. JimmyW

    JimmyW Registered Member

    Joined:
    Aug 23, 2007
    Posts:
    12
    Thanks very much for the quick response. I wouldn't call McAfee perfect, either, and I can't speak to which does a better job at overall protection. Obviously, that's the most important thing, but in my particular case, I need to know why NOD declares a threat and how I can determine whether the threat was deployed. If NOD identifies a threat and gives it a name, there should be a means for we users to determine why. Concerning rootkits, I pretty much depend on RootkitRevealer.
     
  4. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    btw, it is not true that McAfee descirbes in its virus library all threats. In fact only very few threats (the most important ones) are described. Most of the descriptions contain just N/A. (e.g. http://vil.nai.com/vil/content/v_143010.htm).
     
  5. sasa843

    sasa843 Registered Member

    Joined:
    Feb 1, 2007
    Posts:
    113
    Location:
    Serbia, Europe
    Hello.

    I would also like to see more virus explanations on NOD32 site. You are true that the protection is on the first place but if there are more virus explanations on Your site it will be oftenly visited. One more thing I don't like on NOD32 site is that the blog page is not easy to find. I am sure that a lot of people haven't found blog page on their website. It should be presented on the main page. Just look at the TrendMicro, Kaspersky or F-Secure website.

    I don't have anything against ESET, uncontrary I think that they are developing one of the best antiviruses out there.

    Thank's for reading.
     
  6. JimmyW

    JimmyW Registered Member

    Joined:
    Aug 23, 2007
    Posts:
    12
    I agree that McAfee does not describe "all threats." However, I disagree that McAfee describes "very few threats." First, can you define what "very few" means? I've received ny share of "N/As," at McAfee, but not to a great extent, and I've used it for years. How can you assert that most of the descriptions are N/A, unless you've checked every threat that McAfee reports.

    I'm just saying that NOD's encyclopedia is woefully lacking in comparison, based upon my first few tries. Maybe I'm premature in my assessment. If a tool reports a threat, it should define it and explain why it's a threat and how to determine infection. I had about 40 named threats reported in my first go with NOD, and could find only 3-4 in their encyclopedia. Am I just supposed to take NOD's word for what constitutes a threat? I just hope it improves.
     
  7. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Just guessing here Jimmy boy. But maybe he's saying that because he a little bit more familiar with antivirus products than you are. ;)
     
  8. JimmyW

    JimmyW Registered Member

    Joined:
    Aug 23, 2007
    Posts:
    12
    This isn't a business in which guesses count. I didn't see his resume, so I'm not going to speculate, as you did, about how his experience compares with mine. If someone asserts that McAfee describes "very few threats," then he or she should define "very few." Is it 100, 500, 5,000? How many threats are there in all? It's quite relative. I have no idea of whether NOD describes or even finds more threats than McAfee, but, for my purposes, any tool that just states that Win32/Rootkit.Agent.DW was in xyz.html, doesn't help me. The best tool is one that accurately identifies and defines the most threats. I'd just like to see NOD complement its threat assessments with an improved encyclopedia.
     
  9. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    "very few" was stated by someone from McAfee in 2005 when I asked about the new improved virus encyclopedia. If I should guess I would say its under 3%.
    Go e.g. on http://vil.nai.com/vil/DATReadme.aspx and click thru the descriptions listed some weeks ago. In most cases you will find N/A as description or a generic description about what a trojan or a generic signature is. Also McAfee does not waste time with providing descriptions of tons of malware and focuses in describing only those threats that are wide-spread or in media attention.
     
  10. JimmyW

    JimmyW Registered Member

    Joined:
    Aug 23, 2007
    Posts:
    12
    Thanks. Your point is well taken. I would guess that over the past 2-3 years, McAfee did list details on about 75% of the trojans/viruses/exploits on which I searched. Unfortunately, with my first go with NOD, I found only 2-3 out of about 25 reported threats. Because I research retrospectively, I'll concede that I may find threats that are longer prevalent. Still, it's a problem for which there may be no ideal solution. As you obviously do know what you're talking about, which tool do you think provides the best coverage with the most complete library?
     
  11. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    none. :oops:
    maybe google, after finding out with vgrep how other vendors maybe name a threat. :p
     
  12. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    A little leeway has been given with the McAfee side discussion but will now ask that any other discussion concerning other programs libraries be done in our other anti-virus forum and not in one of the Official Eset Support Forums Please.

    Thanks,
    Bubba
     
  13. JimmyW

    JimmyW Registered Member

    Joined:
    Aug 23, 2007
    Posts:
    12
    Would you be so kind as to point me to the link where my question would be asked more appropriately? You can't discuss Eset's shortcomings without mentioning another tool or benchmark by which we compare and learn. My question was a natural progression of the conversation. I'm sorry if I mis-posted, as it's you forum and I'll be happy to ask my question eleswhere.
     
  14. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Here you go Jimmy. https://www.wilderssecurity.com/forumdisplay.php?f=32 The Other AV Forum.
     
  15. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Our other anti-virus software forum is where We ask that non Eset Support and\or discussions be posted.
    As mentioned above and is almost always the case....a "little leeway" is given in regards to non Eset Support and\or discussion type posts in the Official ESET Support Forum but the "natural progression" should then be taken to our other anti-virus software forum for continued discussion as a new thread so that all other AV's can then be discussed which could include Eset programs.

    Regards,
    Bubba
     
  16. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi JimmyW,

    You may find it useful to know that there is a search engine available called VGrep into which you can enter the names of threats detected by NOD32.
    You can find it here at Virus Bulletin (free registration required)

    Cheers :)

    EDIT: Although I've just noticed that NOD32 is apparently no longer indexed...
     
Thread Status:
Not open for further replies.