NOD32 number of signatures in database since 18/11/2001

Thx to Brian N and just for fun and my curiosity (my sick curiosity. ) I manage today to find how many signatures does NOD32 has in its database. (only from 18/11/2001 since today)

There are: 93250 signatures.

I used the NOD32sse.com database for this.

Enjoy!

 

LoL,

U have way too much time on your hands.




snowbound

 

Well, yes, some kind... Do you have a job for me?

 

Well, since u are always here, i'll bet Eset could set u up with something to keep u busy.



snowbound

 

AMEN!

 

Update: 93545 signatures (v 1.1716 - 20/08/2006)
73.75 signatures added/day.
1.75 updates/day

 

Nice counting good info.
I think the Admin shoud change your title bellow your nickname to 'The man who counts'

 

lol, or the "statistics man"

 

Based on those figures that's an average of 42.14 signatures per update

 

Oops, I forgot this. Thanks!

 

Now av-comparatives has to enter the amount of signatures in their table

 

Well, Pykko has only counted the ones that he knows of since 2001 so there will be many more than that in fact.

Besides since ESET chooses not to add detection for benign, non functional or junk files the total number of signatures will of course be lower than for a product that does add these, and still on top of all that there is no way to count an almost unlimited number of variants

Cheers

 

Well, you're right NOD32 user! I counted only the available public signatures found on their website. Anyway, as NOD32 rely on heuristics very much their detection rates are much, much bigger then those signatures.

Perhaps they had about 40.000 defs since 2001 and now they have about 130.000 defs, but that's only a supposition.
Anyway, a little bird told me the new v.3.0 will have about 390.000 defs.

 

ssshhhh - that's a secret

Cheers

 

If say NOD32 is able to detect 1,000,000 threats I won't be wrong at all

 

and if there are 1,000,001? You will be wrong and your entire career will be lost.

 

Hello,

Please keep in mind that the number of signatures in an anti-malware program is not indicative of the total number of malware detected or removed by that product. For example, an anti-malware program may detect a family of viruses with one signature, while a complex multipartite virus may require multiple signatures for each infection vector. Since there isn't a 1:1 correspondence of malware signatures to detected malware, just counting the number of signatures is a poor measure of how well an anti-malware program protects you from threats.

Regards,

Aryeh Goretsky

 

I don't think his intention was to show how many threats are detected, but rather just show us how many sigs there are (from the provided update details 2001-2006).

I'm also quite sure that 99.9% of us know that NOD32 does indeed detect more than ~93k threats

 

That's what I thought - what you said Brian N.

definately

Marcos, if you say a million or many millions then I will still agree

Cheers

 

You're right Brian. I just stated that NOD32 detects much, much more threats. Let's say I count them just for fun and my own curiosity. If it's something wrong I won't update this thread with statistics about how many sigs have been added in a week, how many per day, etc.

 

[Edited to fix broken BBCode. AG]

Hello,

I was not concerned that anyone participating in this message thread would equate the number of signatures with the level of protection/amount of malware detected. However, many more people read this message thread (600+ views) than post in it (~20 messages) so I wanted to make sure they understood that although these issues are related, e.g., signature-based technology must have signatures in order to operate, there is no correspondence between number of malware signatures and number of detected malware. My apologies for any confusion.

Regards,

Aryeh Goretsky

 

That's nice Aryeh, but I find that Eset relies a bit to much on their heuristics. Hardly any updates during every weekend. "Nothing to worry about, our heuristics will catch it..."

But every Monday the updates start again. It worries a bit...

 

perhaps you're right Edwin, but I've seen also weekedns with 3-4 updates.

Perhaps they should use week-ends to add those "not-so-important" samples which they use to add in very huge updates before a new av-comparatives.org test.

 

Hello,

ESET's virus lab operates 7 days a week, 24 hours a day, 365 days a year and releases signatures as needed to update NOD32. While updates may be released several times a day (I believe the record is six in one day) it sometimes is not necessary to do so; sometimes a threat is so low-priority (the rate at which it can successfully spread is low, the potential host population low, et cetera) that a signature update is not needed immediately.

Regards,

Aryeh Goretsky

 

agoretsky, nice to see you're working so hard everyday, but I just want to say some words too.

If that sample reached your labs it means is not so low-spreaded and if somebody came across it somebody else could also.
And if you don't release a signature for it one running it will get infected because you considered it low-priority. You should protect as much as you can everyone and for that user this particular sample is important.

You can't know for sure whether something is low or high because simply you don't receive all the samples in the world. Others having that sample might have send it to other AV vendors and you receive it only from 1-2 users and others from 100-200 users. You consider it low, others high....

Regards, pykko