NOD32 falling behind in definitions?

Discussion in 'NOD32 version 2 Forum' started by Coolio10, Jul 6, 2007.

Thread Status:
Not open for further replies.
  1. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
  2. Don johnson

    Don johnson Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    77
    I think fit you will be the best,I don't like to read any test reports.
     
  3. psych1610

    psych1610 Registered Member

    Joined:
    Jun 16, 2007
    Posts:
    62
    Location:
    Redneckville, FL .. originally Newburgh, NY!!!!
    Thanks for this information, I find it somewhat useful as I am debating whether I should upgrade from the trial copy to an actual licensed copy. If Eset is indeed falling behind here, it does make me wonder. Sure, I know about the advanced heuristics (or at least have heard about them), nevertheless the things about taking a while to add updates once some threats are known about and now this does make me wonder.

    Sorry to ramble. Anyway, thanks.

    psych1610
     
  4. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    personally, i dont find it very useful at all.

    the first two links are for the results of the same test, 'AV-Test' and the third is for the much ridiculed 'Malware-test'.

    See the 'Other Anti-virus software' forum for threads on both tests.

    you can believe all or some of the results from all or some of the tests, it's entirely up to you. i myself prefer av-comparatives, but even those i take with a pinch or so of salt.

    i find nod32 fairs better in the real world that it does in tests, which i believe is down to the way eset keep the signature database lean and mean and dont add every corrupt and non-functioning sample that comes their way, which many other AVs do.

    as a final response to the links posted: http://www.infoworld.com/article/07/06/26/accuracy-of-AV-tests_1.html
     
  5. ASpace

    ASpace Guest

  6. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
  7. codpet

    codpet Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    28
    I think they are starting to slow down with updates.

    My corporate network was hit by some W32/Spybot.Worm virus that NOD32 couldn't pick up. I had everything enabled, including "advanced" heuristics.

    The worm spread across several clients, and many of our data servers. I was up to 1:00 AM in the morning in our NOC cleaning the infection off with Symantec.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's a matter of fact that no AV is perfect. We are still improving the heuristics so that it's able to catch much more threats without update. When comparing two products, bear in mind that what one misses may be easily detected by the other and vice-versa. So resorting to changing the AV just because it has missed a threat is not wise, I could give you tons of examples where NOD32 detects a threat whilst the other big AV players miss it. Please always submit any undetected threat to samples[at]eset.com or email support[at]eset.com in urgent cases.
     
  9. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I understand what Marcos is saying, but most tests have indicated a slight decline in overall detection from NOD32 lately. I just think most posters want Eset to stay on the ball. They aren't saying that it's impossible to be infected with a different AV.

    And if someone's network was infected, I'd say sorry that happened.
     
  10. codpet

    codpet Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    28
    I think the development of new products by ESET is causing them to reduce support on definitions. This is the same reason why I stay away from most Symantec products when I can. They are juggling so many products, they are no longer specialists.

    It's best not to turn into a jack of all trades, master of nothing.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Eset keeps adding signatures and, according to the statistics from Virus Total, more and more samples are detected when those non-functional are removed from the statistics.
     
  12. codpet

    codpet Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    28
    The virus we are currently fighting is hardly "benign."

    It's a new variant of the W32.SpyBot.Worm virus. It spreads fast, and tries to communicate back to a server in the Czech repulic.

    All technician's just spent 9+ hours in overtime mode trying to stop this thing. We have only slowed it.

    I keep sending samples to ESET, but they seem to think it's a non-threat. I haven't heard anything back, and this is why I can't convince the executives to switch to such a product from say something more mainstream.

    This incident doesn't help ESET's product any.
     
  13. ASpace

    ASpace Guest

    Hello !
    There is a sticky thread here explaining how Eset deals with samples . In short here . I already wrote you something in a newly started by you thread here :thumb:
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    In urgent cases you can drop an email to support[at]eset.com. We receive thousands of samples on a daily basis (most of them via ThreatSense which means they are detected heuristically) so we must set some priorities for analyzing samples and adding detection. In urgent cases your samples would be prioritized, but you must notify us at the aforementioned email address. If you do, also enclose the suspicious file (zipped in an archive protected with the password "infected") and as much information about the threat as possible (e.g. its location and file name, results from Virus Total, etc.)
     
  15. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    Yet here it is July 11th and I just counted the number of updates to the signature database since the 1st; 28 to be exact as of the time of this message.

    So, if they're reducing support, it's certainly not evident by the update frequency.
     
  16. codpet

    codpet Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    28
    You can add all the definitions you want; as many have said, including mods, the number of definitions does not correlate to a products ability to perform.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's right, you can repack a particular sample with tons of packers and calculate/add a crc signature for each of the files automatically. Taking into account the number of current threats, you would easily end up with several million signatures in the database.
     
  18. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    I think I might have attributed the wrong quote earlier. You previously stated that you thought they are 'starting to slow down with updates'. My point was that, based upon the number and frequency I've been getting, that does not, at all, appear to be the case.
     
  19. joel406

    joel406 Registered Member

    Joined:
    Aug 21, 2006
    Posts:
    43
    I get updates at least once a day. If there is a really bad bug running around ESET seems to respond in plenty of time. Long post, a little longer. I see no problem with their updateing program at all.
     
  20. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I'll second that. I get regular updates starting with bootup.;)
     
  21. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Has anything come of this yet?
     
  22. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
  23. Abeltje

    Abeltje Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    156
    Location:
    Netherlands
    Update frequency does not say anything about additional number of threats found. So I don't think this is too relevant.
     
  24. Abeltje

    Abeltje Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    156
    Location:
    Netherlands
    The sheer fact that Eset has to "prioritize" shows that there are some ressource problems. How come that you can send almost anything to e.g. Kaspersky Labs and it will be added within 2 hours while sending to Eset sometimes shows no addition even after weeks (this is based on what I read in forums like Wilders)?

    Evidently, Kaspersky puts more effort in the administration of their signature database. I wonder if a small company like Eset will be able to keep up with the big players. Kaspersky licenses its technology to so many other vendors, surely they have more ressources at hand. On the other hand, what about Avira, which shows constantly highest detection rates and yet is also only a fairly small company.

    Anyway, I wish Eset would keep up with the rest as Nod is by far the most "easy-going" anti-virus program. But all you read from Eset fanbase and officials is that there is nothing wrong at all with the way it is currently. Don't know if this is the right approach. You should always strive to improve, unless you're detecting 100%.
     
  25. danieleb

    danieleb Registered Member

    Joined:
    Dec 11, 2006
    Posts:
    111
    Again? From the FAQ: https://www.wilderssecurity.com/showpost.php?p=198429&postcount=18 and https://www.wilderssecurity.com/showpost.php?p=1028952
     
Thread Status:
Not open for further replies.