Nod32 Problems!

Discussion in 'NOD32 version 2 Forum' started by koshthetrekkie, Aug 17, 2005.

Thread Status:
Not open for further replies.
  1. koshthetrekkie

    koshthetrekkie Registered Member

    Joined:
    Aug 17, 2005
    Posts:
    17
    Location:
    Bushmills
    Hi, My current AV subscription to norton has expired and I'm considering changing to either KAV or nod32. I heard all the hype about nod32 but I've been doign my homework have have found a lot of problems with it and was hoping someone here could resolve my queries.

    The advanced user interface of nod32 would not bother me as I am a computer professional and get annoyed at "lovely" gui's that dont let you do what you want. And the resource usage of norton or KAV doesn't really bother me as my desktop can handle it although it can be annoying on my older test PCs. Still my main concern is protection and compatibility and therefore would be extremely grateful if anyone can answer my questions below.

    (1) Nod32 seems to show a lot of locked(4) messages when scanning files on other users computers. I've read this is because they are either locekd system files or active and running in memory and so it can't access them. However are other scanners like KAV and norton not able to scan files like this? and if this is the case is it a serious limitation of nod32's effectiveness as being unable to scan these type of files?

    (2) I've read that nod32 is excellant at finding "in the wild" viruses that aren't known yet but isn't as good as KAV, norton, or mcafee to detect viruses that are already known, and especially with spyware, trojans, exploits and similar malware types. I would rather have a program that has the best detection rate on virus, trojans, backdoors and the like and it seems that on known malware threats of all types KAV, mcafee, norton always faired better that nod32 in the tests. Is this true cos as I said I want a good scanner not necessary the fastest scanner? I don't want to compromise speed for efficiency!!

    (3) I've heard that the advance heuristics can give a lot of false positives, is this really the case cos I don't want to be deleting system files or needed program files?

    (4) I've heard that nod32 has a problem dealign with an infection once its found it. Basically that the options to clean or delete the file are not available when it detects some things. Can anyone explain this a bit more to me as I don't want an AV where I have to go and delete a lot of files manually when other AV's can clean or delete the files themselves.

    (5) I've heard there are a lot of compatibility issues with nod32 and other programs like Apache. This worries me a lot and wondering if anyone could fill me in exactly on the programs involved and issues experienced?

    (6) I've heard that nod32 doesn't handle packed files very well. Unlike KAV for example which is very good in this area. So if there are multiple levels of packing or rare packing types then nod32 is useless. is this accurate?

    (7) Apparently nod32's updates aren't as good as advertised. Kaspersky updates many times a day or at least daily however apparently nod32 which is suppossed to release updates every day often does not release updates for days at a time and often not at all on weekends. This seriously worries me. Can anyone confirm or deny this?

    (8 ) Apparently there is a problem with websites not showing in "higher efficiency mode", but they do in higher compatibility mode. This seriously bothers me as well as I have never had to reduce security settings to access a web site with any AV program i've had? I would never consider having to lower my AV settings just to make it more compatible with other programs and access web pages.

    (9) "If a scheduled scan is running in the background, there is no by-design way to pause or stop it!" Is this really true that you can only stop a scan if you start one manually?

    (10) "There is no way to be notified if NOD32 failed to obtain updates except for sending an e-mail via SMTP." Really is this true that the program doesn't tell you if it fails to update?

    (11) I've even heard it said that part of the reason nod32 is fast is that it doesn't scan as many files as other AVs do. Possibly for reasons outlined in points (1) and (6). Not being able to scan as many files as other AVs leaves quite a hole in your security!

    LOL, So anyway I think those are all my gripes, well those I can remember anyway. So basically in comparrison it seems like KAV personal (and pro) is far superior to nod32 in every way except for resource usage which for most computers these days isn't much of an issue. I got really excited when I saw nod32 and these questions seem to make we want to go buy KAV personal, or maybe even the pro version, although I know its almost double the price, because it seems to be far superior to nod32 in every way. nod32 doesnt even have outgoing e-mail scan but norton and KAV both do.

    I've searched for the answers to all these questions for many hours over many late nights, so please can anyone help me out on these issues once and for all and restore my faith in nod32? :cool:
     
    Last edited: Aug 17, 2005
  2. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    All i can suggest is that you donwload the trial version of nod and try it out for a week. Then download the trial version of kav and try it for a week. Then honestly compare the two and make your decision that way.

    R
     
  3. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Locked files: all scanners hit locked files - the fact the NOD32 shows you them give you a chance to work out if they are significant or not - in most cases, they are not - but at least you KNOW about them... if the list grows, it's worth investigating... if you don't get told about them, how will you know if a new bogus locked file appears?

    ITW/New threats: I don't care about zoo viruses - they don't end up passing through my mailservers - worms/trojans and other REAL WORLD viruses do... it was one of those that got past Norton and trashed half my machine in 2004... exit Norton as quickly as you like...

    AH: I've never had a false positive - there are actually surprisingly few reported here - but they do happen... it's inevitable - with or without AH, it's possible to get a false positive from ANY AV solution.

    Cleanup vs Delete: If NOD32 finds it - it offers to delete it - that's fine by me. I just want to get rid of the problem - if it's caused damage, I'll work that out on my own.. if you need a one-stop cleanup/repair agent - you'll look for that perfect piece of software for ever I think... it doesn't exist! I use a number of tools - actually, WebRoot's SpySweeper does some of the best spyware cleanup - and the trial does it equally well... if the damage is severe - you're probaby in for a re-install anyway...

    Apache: I run apache and php development tools on my nod32 protected machines - and I've NEVER had a problem... what can I say - some people have problems - I'm (thankfully) not one of them) and I have hundreds of programs on each of my machines in the program files directory... LOADS of them!

    Packed files: new packers are added as required - I don't know if it manages to unpack all of them, but I've not seen a complaint that it couldn't unpack an archive in months - when it did, it was fixed in a week.

    updates: I'd like to see more frequent smaller updates, more like when I first got NOD32 - that's my preference...

    compatibility vs efficiency mode: use compatibility as the default - it works for me

    Stopping scheduled scan: if you opt to have the scan visible, you can stop it - if you make it invisible, you can't... to my knowledge.

    failure to update: there is the logfile, email and it can use the Windows® messaging system for notifications too - that's three ways to detect a failure - what else did you have in mind?

    hth

    Greg
     
  4. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    If you really want to stop a silent scan, you can kill the task in the task manager (nod32.exe) ...
     
  5. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    1 - I don't know how you can scan inside system or password locked files
    2 - it mostly depends too on how AV count the file scanned
    3 - Nod32 is well know to not have false positives :)
    4 - not all files can be deleted when a threat is detected. It depends where the file is located (in ie or java cache, memory...)
    5 - I never heard this ... and I trust Webyourbusiness on this point :D
    7 - if you don't have heuristic to detect threat, you really need to update a very often to have a not too bad detection time ... I prefer a zero detection time :)
    8 - reduce security compares to what ? Are you sure that others AV offer the possibility to can files before it is really on your computer (efficiency). And i never had a problem with Higher efficiency settings
    9 - see my past post.
    10 - see post #3
    11 - if you setup Nod32 to scan all files, it will scan all, all depends af your settings. And see point #2.
    About outgoing email, I personnaly don't know why it is needed, because when you put an attachment, it is acanned by AMON as it is read from your disk. If somebody know a good reason, tell me this ;)

    But really, try it ...
    and have a look here : http://www.nod32.co.nz/comparetable.php
     
  6. koshthetrekkie

    koshthetrekkie Registered Member

    Joined:
    Aug 17, 2005
    Posts:
    17
    Location:
    Bushmills
    PC-SUPPORT

    Thanks but installing both and testing them is really no good to me. As I've said resources and gui don't bother me and I am quite a safe web user so really in terms of detection rates I cannot adequately test these 2 programs. It would allow me to evaluate some of the other issues but to be honest I don't have the time or the patence to start soak testing both programs on my machines to evaluate if they work. I was hoping for others to share their experiences to help me decide if the problems I've been told about have been fixed or are just from people who don't know how to configure the program properly. :D

    webyourbusiness

    Thankyou for answering some of my questions. Norton is mostly a Joke I know but I got special on the price. :D and it has gotten better detection rates that nod32 especially involving trojans, backdoors and other malware from official test i've seen. With regards to the update failure notification, having to check e-mail for a program alert is a pain, having to constantly check the logfile is even more of a pain, and with regards to windows messaging system I turn it off as a lot of exploits use it cos I am in computer support and have had to clear up the remnants of many such systems. I would rather that the program simply just opens a window itself and tell me the way the rest of the AV's do.

    I didn't realise that progs like norton and kav also could not scan locked files (not meaning password protected ones here, sorry if I wasn't clear) but I thought they could scan programs running in memory, which I have been told nod32 can't.

    With unpacking I was told that nod32 just unpacked some files but that with files that are say zipped over and over using different programs (multilayer packed), I heard KAV was the only real scanner that was fit to unpack files fully.

    And with regards to higher compatibily and efficiency modes, can anyone tell me what the differences are and why really you shouldnt put your scanner on its highest security mode?

    I know i'm probably being a real pain here but I just can't find anyone to really explain these issues perfectly. In terms for detection rates KAV seems to be "unconditionally the best", to quote one review, but I really like the idea of nod32 and want to be ablt to trust it but I need to make sure it's protection is just as good as KAV.
     
  7. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    Of course Nod32 scan memory. And when you launch a scan, it is the first thing made by Nopd32
    this is from the help file :
     
  8. koshthetrekkie

    koshthetrekkie Registered Member

    Joined:
    Aug 17, 2005
    Posts:
    17
    Location:
    Bushmills
    Great Zashita, thank you very much for the info. That just leaves 2 questions left.

    Basically is nod32s trojan detection really up to the levels of mcafee and KAV, cos accoring to this report for example http://www.av-comparatives.org/seiten/ergebnisse/report05.pdf the nod32 at this time wasn't as good.

    And lastly can nod32 deal with archive files as well as the rest, (especially KAV on this one). I know some can only go one or two levels deep and anything extra is hidden from the scanner, so malware zipped and rared many times wouldnt be detected. Just wondering what's nod32s take on this?

    Thanks Again
     
  9. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I tried scanning an archive that contains the eicar test file.
    Zipped 10 times and finally put in an rar archive - NOD still found it.
     

    Attached Files:

  10. koshthetrekkie

    koshthetrekkie Registered Member

    Joined:
    Aug 17, 2005
    Posts:
    17
    Location:
    Bushmills
    Outstanding, thanks alot. Still not conviced that nod32 is up there with KAV on detection of some malware types, but it whips KAV on many other things, especially for the price. And of course it's only getting better!!

    So thanks to all for your advice! I think nod32 is now at the stage to rival all the other AV's. And while most are going downhill, norton etc, nod32 seems to be getting better and better. So cheers everyone for your advice. I have seen the light and both myself and my pc thank you! :cool:
     
  11. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Its according to what makes you feel "warm and fuzzy?"
    If knowing that every virus known to man is being scanned for, then KAV is good... howbeit it is still slower...

    But if all you are concerned about are the viruses you can catch, then NOD is supreme.

    I don't think there are any of us that take antibiotics, or vaccinations for us or our kids against germs and viruses we can't catch... because they are not in the wild, but in some lab in some far off country? Have you had a smallpox vaccination lately?

    That would be very costly and inconveinent...even so. why slow your computer down scanning for stuff you can't catch?

    You may ask then.. if KAV only scanned for "in the wild" viruses would it be as fast or faster?... the answer is still no, because it lacks the new assembly code that NOD uses... the only way other AV's can match the speed is to start from scratch and rewrite all thier programming... basically start another company.... I bet that really scratches their craw?

    Its more cost effective for them to keep their company intact and milk it till it dies?

    The proof is in the pudding... like someone else said.... you can read forums that move pro and con either way... try it your self and see if you are not amazed at the speed and efficiency!..

    By the way.. I run my efficiency settings at default, but turn everything else up to the max... I have lightening speeds and no virus ever finds its way to my system!...

    I even browse some risky sites at times and it still catches the scripts and worms before they even have a chance to get downloaded to my system...
    thanks to "Imon"!.... thats the part of nod that scans the web pages before you get to download them yourself!
    "amon" is always there just in case something got through also.
    Its like a guard outside your door, as well as inside the door of your house!

    I pesonally have tried Mcafee, NOrton, KAV, AVG, mks_vir, bitdefender, panda, and pc-cillin.... NOD is my preference... your computer will run as if you have no AV at all!... yet protects as if you have them all at once!.. thats at least my opinion!

    NOd should cost alot more for what it does without affecting computer performance!... *most of the other AV's that cost the most, work the worst!!!

    Their sell price is based on image, advertizing and political clout.... NOT necessarily based on quality at all!!!.... just keep that in mind... ignore price!!!! consider everything else! Most of the companies that are the worst now.. used to be the best in their day, but new technology has passed them up and they now live off their name.... they are "has beens", and still use their skill and use of past endroads to fool the public into thinking they "are all that".. I'm sorry but they are not... I would almost rather take my chances and run unprotected than use some of them!.. "one in particular which I won't name", but you can figure it out if you have any experience at all with AV's.

    NOD is not perfect, thats why it continues to upgrade, but its the best.. "all things considered" in my mind!
     
  12. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    Me too - and I consider myself more than your average user - with 25 years PC, and about 20 years professional computing experience - if there was a better solution in my eyes, I'd:

    a. use it on my machine
    b. sell it

    and price would NOT matter to me on either aspect.

    regards

    Greg
     
Thread Status:
Not open for further replies.