NOD32 virus def updates

hi,

i've seen a few posts recently relating to eset being slower than other AV vendors at releasing virus definitions for newly discovered threats.

I always thought eset was very good with their updates. We use McAfee at work and their definitions seem to be updated every few days, sometimes it can be as long as 4-5 days without an update. Compare this to Eset and its not unusual to have new defs every day, sometimes even 2 or 3 times a day!

that on top of the advanced heuristics and i cant see any room for complaint.

cheers, lee

 

I for one think that "slow" is not the right word given that NOD32 detects almost 100% of new email worms by advanced heuristics compared to other AV products which usually take a couple of hours to add signatures and detect the threats.

Eset does not add signatures for non-funtional or corrupted files detected by other AV and signatures are picked up on a per-need basis.

What's more, with the new beta NOD32 is capable of detecting a huge number of not yet known threats generically by the threat family name without using the appropriate signatures.

 

If they are non-functional or corrupted, why do the other anti-virus vendors add them?

 

Simply because they do not analyse them, or strive for the largest number of "malware" in their database. That's one of the reasons why we say the number of signatures is not that important as efficient and reliable heuristics combined with precisely picked up signatures.

 

But on the other hand,why keep half malware created garbage on PC when it could be detected and removed? Some antiviruses report such files as modified or incomplete malware (Dr.Web and BitDefender for example).

 

nod slow with updates?? i have been getting regular updates sometimes two in one day. i know kaspersky does thier oh i dont know 5-10 in one day but come on. i good solid updates per day is more than enough for me. and as marcos said nod has been known to find stuff before anyone else has. just me 2 cents

 

just wanna clarify that i wasnt saying they were slow with definitions updates, just something i've seen posted in here a few times, i was in fact stating that they seem to post more updates than the bigger, fatter products.

 

That's what I took your post as in the first place.

Cheers

 

Just for information: numerous of new Mytob worms today - all nailed by heuristics. Most of them we did add with the correct name now. Just returned home.

 

same here eset has been really good of late gettings these updates out and doing so very quickly as well
good job eset!!
keep up the good work happy bytes!!

 

I would like to hear or read more about this: can anyone point me to where I could find out more about this new or increased ability of NOD32 as it strikes me as important - nothing too technical mind, I have my limitations

 

Just a randomly taken portion from my scanner logs:
C:\''vzorky\test\0006_regular.cab »CAB »istactivex.dll - Win32/TrojanDownloader.IstBar.gen trojan
C:\''vzorky\test\02.rar »RAR »02\02.html - probably unknown NewHeur_PE virus [7]
C:\''vzorky\test\05_04_2005.rar »RAR »05_04_2005\system32.exe - Win32/Adware.IESearchToolbar application
C:\''vzorky\test\089b8258.EXE - probably unknown NewHeur_PE virus [7]
C:\''vzorky\test\1049832.exe - a variant of Win32/Dialer.Q trojan
C:\''vzorky\test\1212.rar »RAR »help.txt »CHM »/svchost.exe - a variant of Win32/PSW.Lineage.DN trojan
C:\''vzorky\test\123.exe - probably unknown NewHeur_PE virus [7]
C:\''vzorky\test\128307.exe - probably unknown NewHeur_PE virus [7]
C:\''vzorky\test\15 - a variant of Win32/Rbot trojan
C:\''vzorky\test\2.exe - probably unknown NewHeur_PE virus [7]

The files highlighted bold were detected generically. Please bear in mind that the excerpt above was taken randomly and the number of generically detected threats is much much larger.

 

Thank you Marcos. Great stuff, gives me a nice warm secure feeling