NOD32 v2 concerns

Discussion in 'NOD32 version 2 Forum' started by n8chavez, Aug 4, 2003.

Thread Status:
Not open for further replies.
  1. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    I have purchased NOD32 v2 about two months ago. I have to say that I like NOD very much since v2's release, big fan of the interface (no more taskbar clutter!!!!) However, there are a couple of concerns I have with NOD.

    1. Everyone says that NOD's trojan detecion/cleaning rates are not that good. NOD ever admits that it is not meant to catch trojans.

    2. The scanning engine on NOD can't scan inside very mmany archived files (cab, dat, exe...etc.)

    3. Somewhat trivial..is there a way to turn of what is displayed in the log file as you are scanning (password protected files)?

    I would like to know if this is true about NOD and its lack of ability to detect trojans. If it is are there any future plans to improve this. Also are there plans to improve NOD's unpacking engine? Thanks.
     
  2. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    ;) IMHO, no AV vendor does a great job when it comes to trojan detection or removal. That is (apparently) a widely held view that I have seen many places recently and have adopted it as mine, too.
    Nor do they do a good job removing or preventing spyware, hence this forum's existance for improvement in the field of security on the web. As recently as April, 2003, the "Whatsnew.txt" that came with the updates for Symantec's NAV update included -deletion- of "adware" products from their list of definitions. 'Not sure what's going on with them...I had previously thought their definition files were cumulative - not so, I guess.
    - There are many "generalists" in the business, but if you want the best coverage for the "specifics" regarding trojans, may I recommend a post made shortly after your last one:
    https://www.wilderssecurity.com/showthread.php?t=12080;start=msg77695#msg77695
     
  3. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    Actually what I meant if there was going to be improvements in NOD's engine that might improve trojan detection and unpacking of archieves...much like kaspersky. NOD has the speed, interface, and low resource consumption going for it. But lacks these features (or at least they are not as good as KAV.) I was just wondering if there were improvements planned for these areas.
     
  4. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    NODv2 has shown big improvements in this area, but probably KAV is the only AV where you may not need a AT program to run alongside to adequately protect against trojans.

    Its horses for courses and NOD is at the present time the best ITW virus detector in the business.

    As regards unpacking abilities, again NOD has shown big improvements over version 1, but there seems to be an association between scanning speed and unpacking ability. It is difficult to have both in the same package.

    For example, NOD and F-Prot for Windows have very fast scanners with a relatively small/ minor effect on system resources but their unpacking ability needs improvement. Whereas, KAV which is the king of the unpackers has a slow scanner speed and a much bigger hit on system resources.

    I am sure that NOD will improve in these areas in the future but Eset have concentrated on a very fast scan speed with top-notch ITW virus detection. Not a bad combination ;).

    If you are worried about trojan detection run a AT together with NOD for layered protection.
     
  5. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    Bingo, that says it all. In my opinion, EVERYONE, with the POSSIBLE exception of KAV users, should run both an AV and an AT.

    Acadia
     
  6. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    >Bingo, that says it all. In my opinion, EVERYONE, with the POSSIBLE exception of KAV users, should run both an AV and an AT.

    Ummm..I think McAfee and F-Secure are probably ok also without a trojan cleaner. I know that if I had XP I would likely be using Kaspersky although I wouldn't like the tech support so who knows.
     
  7. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    But if you read Schouw's comments further down in the same post, this is still only a small number of unpackers.

    NOD is good but its unpacking engine is below that of the Kaspersky one.

    It will need to sacrifice some of it's scanning speed to approach the unpacking ability of KAV.

    No AV is perfect, not even KAV.

    And as mentioned previously, Eset have concentrated on scanner speed and ITW detection for NOD.
     
  9. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Well, I hope Eset continues to concentrate on scanner speed and ITW detection for NOD.

    I wouldn't like to see NOD start sacrificing the scanning speed and causing a slow down on a system by trying to do everything KAV does.

    I think NOD and a good AT is a great combination as for as speed, system impact, and protection.

    Just my personal opinion.
     
  10. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Completely agree ;).

    No arguments from me there!
     
  11. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I think that I have this thing figured out. I have NOD as my monitor and do scans once a week. I also have KAV Lite 4071 and use only the scanner which I plan to use once or twice a month. I disable AMON temp. then scan. I also have BOClean. I just like to play.
     
  12. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    You seem to be well protected there, William ;).

    You have a lean, mean virus and trojan- eating machine!!!!!
     
Thread Status:
Not open for further replies.