NOD32 or KIS 2006?

I heard KAV2006 stopped those latest Beagles with Proactive Defense...

 

So what do you say about this one? Never submitted and only NOD32 picked it up... don't show only cases when KAV succeed and NOD32 failed...

 

Propably you didn't read the quote in that post you was writing about. I meant to show only the reaction time against those common trojanlike nasties scanned in Jotti's and VT. That Kaspersky example was only there because it's true that they are the quickiest to add all kind of signatures overall.

Btw, does anybody know if BitDefender has done some changes to the heuristics engine lately just because of my scanning results?

Best regards,
Firefighter!

 

Well, maybe you think that adding several thousands signatures incoming every day is a doddle. I wouldn't be surprised if the file dropped would be picked up by NOD32. In my opinion, it's much more important to detect dropped files rather than the dropper itself.

I'm enclosing another example which is not a dropper but a trojan itself. It's detected only by 3 AVs, including NOD32.

Please remember that signatures are picked up on a per-need basis which means not everything is added immediately. It's a matter of fact that no AV will detect every malicious file. However, some of them pose bigger threats than the others (e.g. trojans vs droppers).

 

Just now this race is going to even more strange direction. Look at QuickHeal now.

Best regards,
Firefighter!

 

I heard that KAV may improve its file heuristics (not the proactive defense) in the coming year.

 

I would say that both are very good antivirus's. But because Kaspersky I believe probably has more signatures in it, its more likely to find an old virus or kind of malware than to rely on advanced heuristics which NOD32 has which is a 50/50 chance on catching anything. Advanced heuristics are helpful yes... but not as helpful as signatures + quickness in responding to new threats.

Does anyone agree?

 

No I don't agree. I think heuristics would be based on previously seen behaviour and would be just as likely catch something that has not been seen for eons before a updated signature could be introduced.

 

And now even one more av capable to detect this. But AntiVir seemed to change the name of this nasty.

Best regards,
Firefighter!

 

I'll hope this helps a bit. After 13 days I've submitted this sample to certain av-vendor, it was capable to detect this on 17:th November 2005. Unfortunately I've got any feedback of that infection yet from that av-vendor.

PS. I didn't submit this sample to McAfee, but it was able to detect this one day later than the one av mentioned above.

Best regards,
Firefighter!