NOD32 protection compared to KAV protection

Discussion in 'NOD32 version 2 Forum' started by Defenestration, Oct 24, 2004.

Thread Status:
Not open for further replies.
  1. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    I have to say I've been a fervent supporter of KAV but thought I'd give NOD32 another try because of the slowdown to my system caused by the KAV real-time scanner. NOD, on the other hand, causes minimal slowdown, if any.

    While I didn't like the GUI of NOD before, it's not so bad on second viewing. I also like the fact you can purchase 1, 2 or 3 year licences.

    The main reason I liked KAV was due to the fact you could use extended databases which detects a lot of trojans and malware (diallers, pornware etc.).

    So, if I switch to NOD32 -

    1) Will I still be protected against trojans and malware ?

    2) What won't I be protected against ?

    3) How often are the database updates released ?

    4) By default, how often does NOD check for updates ?
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    There is no doubt that KAV detects more but NOD is starting to catch up

    Nod can be set to check hourly like KAV

    updates are as and when, can be daily can be 2 or 3 days apart or might be 3 in one day
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    NOD32s focus of protection is on what you you will encounter in everyday situations (even if there isn't a signature for it yet), where KAVs focus is 100% detection of everything. NOD32 now has greater heuristics and focus on trojans and 'potentially dangerous apps', but it's probably still not for the avid virus collector who wants to positively identify anything s/he finds. If you aren't a super-duper-extra-high-risk user, or in a business situation where paranoia is an asset, then you won't go wrong with NOD32. If you're still worried about it, or want the best of both worlds, you can get an anti-trojan, even if just a free one.

    NOD checks for updates hourly by default, and like dvk01 said updates can be anywhere from once every few days to several times a day, I think it just depends on what they find/are sent.
     
  4. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    in case you haven't seen this page... its tells lot of features: http://www.nod32.com/news/awards.htm

    Plus, its only the "in the wild" viruses that should concern you.... otherwise, thats kinda like worrying about catching some disease like smallpox that is not longer "in the wild" or something that in a culture dish in some lab in china... its only the ones that are out running loose that matter... and if one of the other ones get out.... then its nod's job to start including them in their "in the wild" list. Having to search database dats for virus's that don't even exist "in the wild" only slows down the av's ability to scan fast that much more.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Anton covered ESET's philosophy earlier this year.

    June 17th, 2004, 03:11 AM
    anton anton is offline
    Eset Moderator

    Join Date: Oct 2002
    Posts: 208
    Default Re: What happend ESET?
    Hi Guys,

    Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.

    Some of the forum participants may recall the Rosenthal Utilities (RU) tests performed by CNET two years ago. All the 'simulated viruses' generated by the RU were benign (non-viral). 100% detection of the RU samples (achieved by some of the products) meant 100% False Alarm Rate. Detection of non-viral samples may lead to a couple of things: excellent results in some 'tests' combined with a false sense of security, a huge 'virus' signature database and 'dinosaur' update files.
    Exponential increase of the number of new malware samples may often lead to a 'path-of-least-resistance' approach: automatic addition of all sample signatures, regardless of their viral nature.

    Eset exchanges samples with several av vendors. Opposite statement is incorrect.

    Speed of update and reaction time is of essence. Eset is fully aware of that. Advanced Heuristics has been developed and implemented with that in mind. The only acceptable reaction time is equal to zero. NOD32 achieves that often, e.g. it detected the infamous Netsky.A and Bagle.A heuristically.

    Once again, I would like to thank you all: for both the samples and your patience :)

    anton
    Last edited by anton : June 17th, 2004 at 04:11 AM.
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Yup! I think what's really missing around here, though, is a good definition of what all that entails. I think NOD32 will still pick up anything that you have just about any chance of getting infected by, including the less common trojans and worms that may be circulating and may, or may not, fall under the catagory of 'in the wild' I guess it would be more precise to say that it will defend against any INTERNET threat that you may encoutner in your daily activities, KAV extends it's protection to include threats that could be brought in through the physical world (ie a hacker in a workplace looking to steal data, etc.) or downloaded intentionally.

    Edit: LOL, well there we have it! :)
     
  7. myluvnttl

    myluvnttl Registered Member

    Joined:
    Aug 23, 2004
    Posts:
    150
    I used both the new version of both, and I think Nod 32 is easy to use and fast scanning, Kav is very built program, I made a test virus, and Kav took care and deleted it before I could open up the file.
     
  8. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    I am testing NOD32 as a companion/alternative to KAV 4.5.104. I have been bitten once to many times by viruses that got by NAV so I do not mind spending a little bit extra to avoid the problems caused by viruses, trojans, and spyware. In fact, I have at least two of each in order to provide confirmation.

    I was wondering whether NOD32's heuristics were ever put to the test. For example, test NOD32 and its database as it existed at lets say Time - 1 week. And use this version to test against all viruses that appeared up until Time (one week later). Such a test would allow users to confirm that the heuristics were adequate for handling viruses that were in the wild yet not identified with signatures. Has such a test - or something similar been tried by anyone? I imagine Eset performs such tests in its own labs, but how about outside testers? Thanks for the info.

    Rich
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Rich, in regards to Heuristics, there is a post here about Nod32 picking up Netsky.A and Bagle.A heuristically before any signatures were written.

    Hope this helps...

    Cheers :D
     
  10. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Last edited: Oct 25, 2004
  11. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Rich,

    Check out the retrospective test at www.av-comparatives.org, it's basically the test you wish to see. Click on the Comparatives link and select test number 2, May 2004. NOD32 and a number of other AV's examined

    Blue
     
  12. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi all,

    Thanks for the link. It really is a difficult choice between NOD32, McAfee, and KAV. I just switched KAV into on-demand and put NOD32 in real-time to see how things behave. It's too bad that I can't have two of the AVs running side-by-side. That I think would be optimal since each approaches the problem in a slightly different way, so that one fills in the holes that the other one may have.

    Thanks again,
    Rich
     
  13. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Too bad that test is outdated. It would be nice to see version 2.12.3 since it handles more malware. 2.000.9 was a good step forward, but 2.12.3 is even further. ;)

     
  14. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Humm... well unless I missed something.... like my earlier post,... its the "in the wild" that will get you!!! and Nod32 took the prize in that area!

    you get good enough heruistics.... you don't even need dat files!..... other than you don't really know what to call em when you find them, because they haven't been labeled yet?

    Some day.... it will be all about heuistics.... and those that make new viruses will have the challenge to try and make a virus thats different than any ever made before... otherwise they will be detected!

    Most are not that smart... the idiots that make viruses and release them are "wanta be's" that play off of other idiots hard work!

    We are in little danger of people doing what has never been done before..... and when that happens... news will get around fast enough, that then It will be included in the heuristics character database and someone else will have an even harder challenge...... to do it again!

    I prefer strong heuistics and a smaller database that focuses on the "viruses at hand that I can really catch with lightening speed! Good for nod32!!!

    Let me ask you this.... which is a better anti-terroists system for a country?... to "trust" that we have every name of every terroists and can identify them before they reveal their identity? OR have a comprehesive analysis on character issues of terroist to be able to find them "before" they strike or reveal themselves? We learn what they are likely to be wearing, what the look like, how they act, who they hang with, and whether they travel with family members ... etc etc..... then we use are database to catch the ones that we have "already learned about", and combine both!....

    It doesn't do me much good if my countrys security system can detect "al capone" if hes long gone dead!
    It's the terroists or "viruses" you "don't know about" that are the dangerous ones!!!!!!
     
    Last edited: Oct 25, 2004
  15. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi windstrings,

    Using this analogy, apparently both are necessary - which is probably why our Intelligence services use both. This is the quandry: Positive ID vs. Probable. Complete retrospective (who knows if the virus has really been eliminated) or most likely current. These are the design issues that, I believe, every vendor must weigh against each other and compromise as they wish.

    I think every solution has its pros and its cons, which is why, I believe, having both on a machine is somewhat more optimal. Right now I am playing with KAV on-demand and NOD in real-time and I will see how things go. I can switch back also. It is a difficult decision. Comments are welcome.

    Rich
     
  16. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    The next retrospective is slated for November and should appear on the website December 1. Hopefully, they will use 2.12.3 for NOD32. While the test may be a bit dated given the year-end engine updates by many vendors, I don't recall seeing any other recent alternative examples of this style of examination.

    No one is standing still. NOD32 has made enormous strides over the past 6 months, but everyone else is (I hope!) improving as well.

    Cheers,

    Blue
     
  17. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    I think what your doing is an excellent idea "if" you are super paranoid that someone will sneak into your room and "plant" a virus into your computer from some disk somewhere. Maybe you work at an office with sensitive information and your machine is vulnerable to tampering?
    but if you are on a network and your system is either "read only" or off limits, then you have nothing to fear in running only nod32... like I said.. its the "in the wild" is what its all about!...and nod32 beats kav in that area!

    If you ask why not just have both to be safe?, well its an efficiency issue.... first of all kav causes your machine to be much slower... especially if your running both at once! If you enjoy spending lots of money on fast processors etc, and love to have a fast machine, then you will probrably be pissed that one program "your av" slows you down? I really like the fact that I can't even tell nod32 is one my system, yet I feel very secure.

    Lets face it....
    We are all "babes in the woods" when we are playing on the internet right?
    If we never get online and never stick any disks in our system we have nothing to worry.. correct?
    Even so.. if you lay in the woods and go to sleep... its not the bear in some zoo that will ever hurt you.... its only "those in the wild" you need to fear?

    Even so... I don't feel I am exposed to any viruses other than those in the wild?

    If this still doesn't comfort you, then you could install the top 5 antivirus programs at once?.. but then you would really choke yourself?

    The fact of the matter is... there is no "perfect" security for your car, your home, or your computer... so do you build your home inside steel barriers or do you put up good doors and good locks and count your blessings?

    Whats the worst that could happen?... you get a virus!
    If nod doesn't catch it first out of the bag.. it will only be a few days before it does!

    I'm not so terrified..... I never get virus's.. but I am behind a cable router too!.. Dialup folks are the most vulnerable.

    I guess if you do what you do and your system still has satifactory speed, and the little loss you feel in speed doesn't bother you... then you may have a good solution for yourself!

    I'm sure it would be very easy for nod32 to include all the definitions from kav and rav, but then they would loose speed and agility for an extremely small advantage!
    Its a business decision on their part... you have have to make a business decision on your part!
     
  18. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi Windstrings,

    I have been stung by viruses on my machine and my son's despite our best efforts to surf conservatively. I guess it goes with the territory. The time required to recover, for me, costs much more than the software that protects. I guess you might say I am living in the post-9/11 era.

    On my machine, I see no difference between real-time NOD32 and real-time KAV. On-demand scanning is of course longer using KAV 4.5. 104 - but I accept this. I am in no rush in any case. For me, it is simply a matter of keeping the bad guys out. It is like having a single or double lock on the door. Here where I live, double locks are considered a better solution.

    In any case, both products are excellent. I am glad that they are both available (I would hate to rely on Microsoft which is the company that is basically causing most of these problems to begin with), and we will see where it goes. Thanks for your help and comments.

    Rich
     
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Further discussions on having a layered defence can be found here and here

    Hope this helps...

    Cheers :D
     
  20. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    I understand your caution if your have been burnt so much...... enough is enough... I guess one approach is to to put two locks on the door and if no one gets in... then your safe, but it takes longer for you to get through the door!
    Then you will wonder if one lock would have worked?

    the other approach is to put one lock on the door and enjoy the speed to exit, and then if you still get broke into, then put on the second conceeding that you just need two locks?

    Its a free country "so far" to each his own!
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I prefer the 3rd option, a layered defence, using locks, deadbolts, alarm system, back to base monitoring, CCTV and security screens. When it comes to personal security I don't think you can ever be too safe ;)

    My defence includes the following:

    Windows SP2 full up-to-date
    Nod32
    Prevx
    Spyware Blaster
    Spyware Guard
    Spybot Search and Destroy
    AdAware
    ZoneAlarm - version 4.5.594
    Script Defender
    Proxomitron
    Kye U's filters for Proxomitron
    Ewido - without file monitoring
    IE Spyad
    Fire Fox 1.0 PR
    File Checker
    Security Patches
    Netgear 328S ProSafe Firewall

    I am about to look at Process Guard 3.0

    All this should keep me fairly safe ;) :D

    Cheers :D
     
  22. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    I too am layered "but not as much as you!!!" only in the area of spyware/anti trogan, because I don't feel it slows me down.

    But I don't see even you, using "two or more" antivirus systems?, becuase it usually chokes the system too much?
     
  23. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    blackspear, you sure you just aren't a "demo" tester?
    At what point do you feel you are comprimising performance?, or is that an issue for you?
     
  24. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Thanks for the links Blackspear.

    Rich
     
  25. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    We are really getting a little of topic here, these sort of things should be discussed in the 2 links that I provided... Most of these programs do not effect performance at all. I do have a nice system though, P4 3.0GHz Hyperthreaded CPU with 512MB 400MHz DDR RAM, 2 x 200GB HDDrives.

    I will not tolerate anything that slows down my machine, that's why I don't run live file monitoring of Ewido...

    Cheers :D
     
Thread Status:
Not open for further replies.