NOD32 virus def updates

Discussion in 'NOD32 version 2 Forum' started by rothko, Apr 5, 2005.

Thread Status:
Not open for further replies.
  1. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hi,

    i've seen a few posts recently relating to eset being slower than other AV vendors at releasing virus definitions for newly discovered threats.

    I always thought eset was very good with their updates. We use McAfee at work and their definitions seem to be updated every few days, sometimes it can be as long as 4-5 days without an update. Compare this to Eset and its not unusual to have new defs every day, sometimes even 2 or 3 times a day!

    that on top of the advanced heuristics and i cant see any room for complaint.

    cheers, lee
     
    Last edited: Apr 5, 2005
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I for one think that "slow" is not the right word given that NOD32 detects almost 100% of new email worms by advanced heuristics compared to other AV products which usually take a couple of hours to add signatures and detect the threats.

    Eset does not add signatures for non-funtional or corrupted files detected by other AV and signatures are picked up on a per-need basis.

    What's more, with the new beta NOD32 is capable of detecting a huge number of not yet known threats generically by the threat family name without using the appropriate signatures.
     
  3. linx05

    linx05 Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    30
    If they are non-functional or corrupted, why do the other anti-virus vendors add them?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Simply because they do not analyse them, or strive for the largest number of "malware" in their database. That's one of the reasons why we say the number of signatures is not that important as efficient and reliable heuristics combined with precisely picked up signatures.
     
    Last edited: Apr 5, 2005
  5. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    But on the other hand,why keep half malware created garbage on PC when it could be detected and removed? Some antiviruses report such files as modified or incomplete malware (Dr.Web and BitDefender for example).
     
  6. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    nod slow with updates?? i have been getting regular updates sometimes two in one day. i know kaspersky does thier oh i dont know 5-10 in one day but come on. i good solid updates per day is more than enough for me. and as marcos said nod has been known to find stuff before anyone else has. just me 2 cents
     
  7. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    just wanna clarify that i wasnt saying they were slow with definitions updates, just something i've seen posted in here a few times, i was in fact stating that they seem to post more updates than the bigger, fatter products.
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    That's what I took your post as in the first place.

    Cheers :D
     
  9. Happy Bytes

    Happy Bytes Guest

    Just for information: numerous of new Mytob worms today - all nailed by heuristics. Most of them we did add with the correct name now. Just returned home. :D
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,791
    Location:
    Texas
  11. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    same here eset has been really good of late gettings these updates out and doing so very quickly as well
    good job eset!!
    keep up the good work happy bytes!!
     
  12. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    I would like to hear or read more about this: can anyone point me to where I could find out more about this new or increased ability of NOD32 as it strikes me as important - nothing too technical mind, I have my limitations :)
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Just a randomly taken portion from my scanner logs:
    C:\''vzorky\test\0006_regular.cab »CAB »istactivex.dll - Win32/TrojanDownloader.IstBar.gen trojan
    C:\''vzorky\test\02.rar »RAR »02\02.html - probably unknown NewHeur_PE virus [7]
    C:\''vzorky\test\05_04_2005.rar »RAR »05_04_2005\system32.exe - Win32/Adware.IESearchToolbar application
    C:\''vzorky\test\089b8258.EXE - probably unknown NewHeur_PE virus [7]
    C:\''vzorky\test\1049832.exe - a variant of Win32/Dialer.Q trojan
    C:\''vzorky\test\1212.rar »RAR »help.txt »CHM »/svchost.exe - a variant of Win32/PSW.Lineage.DN trojan

    C:\''vzorky\test\123.exe - probably unknown NewHeur_PE virus [7]
    C:\''vzorky\test\128307.exe - probably unknown NewHeur_PE virus [7]
    C:\''vzorky\test\15 - a variant of Win32/Rbot trojan
    C:\''vzorky\test\2.exe - probably unknown NewHeur_PE virus [7]

    The files highlighted bold were detected generically. Please bear in mind that the excerpt above was taken randomly and the number of generically detected threats is much much larger.
     
  14. Howard

    Howard Registered Member

    Joined:
    Sep 3, 2004
    Posts:
    313
    Location:
    Wales, UK
    Thank you Marcos. Great stuff, gives me a nice warm secure feeling :)
     
Thread Status:
Not open for further replies.