NOD32 number of signatures in database since 18/11/2001

Discussion in 'NOD32 version 2 Forum' started by pykko, Aug 16, 2006.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Thx to Brian N and just for fun and my curiosity (my sick curiosity. :p) I manage today to find how many signatures does NOD32 has in its database. (only from 18/11/2001 since today)

    There are: 93250 signatures.

    I used the NOD32sse.com database for this.

    Enjoy! :D :D
     
    Last edited: Aug 16, 2006
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    LoL,

    U have way too much time on your hands. :D ;) :D




    snowbound
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, yes, some kind... :p :p Do you have a job for me? :D :D
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Well, since u are always here, i'll bet Eset could set u up with something to keep u busy. :shifty: :D



    snowbound
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    AMEN! :D :D
     
  6. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Update: 93545 signatures (v 1.1716 - 20/08/2006)
    73.75 signatures added/day.
    1.75 updates/day
     
    Last edited: Aug 20, 2006
  7. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Nice counting good info.
    I think the Admin shoud change your title bellow your nickname to 'The man who counts'
     
  8. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    lol, or the "statistics man" :D :D
     
  9. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Based on those figures that's an average of 42.14 signatures per update :D
     
  10. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Oops, I forgot this. :'( :blink: :D :D Thanks! :thumb:
     
  11. CyberMew

    CyberMew Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    128
    Now av-comparatives has to enter the amount of signatures in their table
     
  12. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Well, Pykko has only counted the ones that he knows of since 2001 so there will be many more than that in fact.

    Besides since ESET chooses not to add detection for benign, non functional or junk files the total number of signatures will of course be lower than for a product that does add these, and still on top of all that there is no way to count an almost unlimited number of variants :D

    Cheers :)
     
  13. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, you're right NOD32 user! I counted only the available public signatures found on their website. Anyway, as NOD32 rely on heuristics very much their detection rates are much, much bigger then those signatures.

    Perhaps they had about 40.000 defs since 2001 and now they have about 130.000 defs, but that's only a supposition. ;)
    Anyway, a little bird told me the new v.3.0 will have about 390.000 defs. :D :D
     
  14. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    ssshhhh - that's a secret ;):eek::D

    Cheers :)
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If say NOD32 is able to detect 1,000,000 threats I won't be wrong at all :D
     
  16. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    and if there are 1,000,001? :p :D :D You will be wrong and your entire career will be lost. :D
     
  17. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Please keep in mind that the number of signatures in an anti-malware program is not indicative of the total number of malware detected or removed by that product. For example, an anti-malware program may detect a family of viruses with one signature, while a complex multipartite virus may require multiple signatures for each infection vector. Since there isn't a 1:1 correspondence of malware signatures to detected malware, just counting the number of signatures is a poor measure of how well an anti-malware program protects you from threats.

    Regards,

    Aryeh Goretsky
     
  18. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I don't think his intention was to show how many threats are detected, but rather just show us how many sigs there are (from the provided update details 2001-2006).

    I'm also quite sure that 99.9% of us know that NOD32 does indeed detect more than ~93k threats ;)
     
  19. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    That's what I thought - what you said Brian N.
    definately :D
    Marcos, if you say a million or many millions then I will still agree :D

    Cheers :)
     
    Last edited: Aug 22, 2006
  20. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    You're right Brian. I just stated that NOD32 detects much, much more threats. Let's say I count them just for fun and my own curiosity. If it's something wrong I won't update this thread with statistics about how many sigs have been added in a week, how many per day, etc.
     
  21. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    [Edited to fix broken BBCode. AG]

    Hello,

    I was not concerned that anyone participating in this message thread would equate the number of signatures with the level of protection/amount of malware detected. However, many more people read this message thread (600+ views) than post in it (~20 messages) so I wanted to make sure they understood that although these issues are related, e.g., signature-based technology must have signatures in order to operate, there is no correspondence between number of malware signatures and number of detected malware. My apologies for any confusion.

    Regards,

    Aryeh Goretsky
     
    Last edited: Aug 23, 2006
  22. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,000
    That's nice Aryeh, but I find that Eset relies a bit to much on their heuristics. Hardly any updates during every weekend. "Nothing to worry about, our heuristics will catch it..."

    But every Monday the updates start again. It worries a bit...
     
  23. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    perhaps you're right Edwin, but I've seen also weekedns with 3-4 updates. ;)

    Perhaps they should use week-ends to add those "not-so-important" samples which they use to add in very huge updates before a new av-comparatives.org test. :)
     
  24. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    ESET's virus lab operates 7 days a week, 24 hours a day, 365 days a year and releases signatures as needed to update NOD32. While updates may be released several times a day (I believe the record is six in one day) it sometimes is not necessary to do so; sometimes a threat is so low-priority (the rate at which it can successfully spread is low, the potential host population low, et cetera) that a signature update is not needed immediately.

    Regards,

    Aryeh Goretsky
     
  25. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    agoretsky, nice to see you're working so hard everyday, but I just want to say some words too.

    If that sample reached your labs it means is not so low-spreaded and if somebody came across it somebody else could also.
    And if you don't release a signature for it one running it will get infected because you considered it low-priority. You should protect as much as you can everyone and for that user this particular sample is important. ;)

    You can't know for sure whether something is low or high because simply you don't receive all the samples in the world. Others having that sample might have send it to other AV vendors and you receive it only from 1-2 users and others from 100-200 users. You consider it low, others high....

    Regards, pykko
     
Thread Status:
Not open for further replies.