NOD32 vs. Avast4

Discussion in 'other anti-virus software' started by minacross, Sep 12, 2003.

Thread Status:
Not open for further replies.
  1. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    I have both NOD32 v.2 and Avast 4.1.260 on my system, but I am not sure which to be used as on-access scanner and which as a backup one (Currently I use NOD32 as the on-access scanner and Acast4 as the backup one).
    NOD32 have earned the award a record 23 times and Avast only 7 times, but in these tests
    http://www.rokop-security.de/main/article.php?sid=494
    http://www.rokop-security.de/main/article.php?sid=632&mode=thread&order=0
    Nod32 is not doing that good (in the 1st one Avast is doing better than NOD32 but it was not tested in the 2nd one)o_O o_O

    What do you think guys?
     
  2. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To minacross from Firefighter!

    Before the last test, I would say Avast 4 as your primary and NOD 2 as your backup! That's because of Avast is much better Trojans detection than the (old) NOD's in that av-test.org test 02-2003.

    But now, when we have seen the last Rokop test, I would say that use NOD 2 as you primary and Avast as you backup! Why that chance of opinion? In my mind, NOD 2 is one of the best unpackers nowadays, without an unpacker you are in trouble too!

    Personally, I don't think the virusinfections are the most probable situations anymore. I don't even remember, when my PC was infected by a virus last time, but all the time when I used some other primary AV than KAV engined AV or McAfee, there have been lots of trojan, worm and exploit infections on my PC!

    Remember this, in Rokop last av-test, there were some 712 different samples to detect, but in VirusBulletin test WinXP 6-2003, there were no more than 1 598 different VIRUSES in some 20 000 samples, otherwise I counted wrong again, but you can check it from here!

    http://www.virusbtn.com/old/comparatives/WinXP/2003/test_sets.html

    If DeWeb's online scan (not very widely known I presume) had detected 1 600 different viruses (= according to DrWeb, they include also trojans, worms and so on to viruses) during last year, 12/09/2002-12/09/2003, I don't think that 1 598 different viruses in VB is that very much! By the way, why that number is so difficult to detect from VB?

    After all this, in my mind VB does not seem to show so wide detection skill of av-program by measuring only VIRUSES than for excample Rokop, even that Rokop does measure a bit less objects than VB but also other stuff than pure VIRUSES!

    Use so many different av-tests as possible to determine which av is the best choice for you!


    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!
     
  3. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    How is that o_O? get my pc infected :D :D ?
    Do you any other sites for AV tests? :rolleyes: :rolleyes:

    thanx in advance.. :) :)
     
  4. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    AV-Test.org should not be consulted for trojan testings. They include in their testset files that are no real trojans (like edit servers or clients).

    NOD32 2 improved heavily on trojans and unpackers but I would still recommand in addition an AT program like TDS-3 or Trojan Hunter. Same recommandation is also if you use AVAST.

    I agree worms and trojans are today more common than 'real' viruses but there are still some viruses out that are dropped by worms.

    Rokop is focusing more on minor topics that the big tests like VB not consider (trojans, unpackers, etc.) That's why it is sometimes hard to compare and understand the results.

    wizard
     
  5. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To minacross from Firefighter!

    I'm sorry about my bug! Of course I meant that READ as many av-tests as possible to determine which av-program is the best for you!

    Best Regards,
    Firefighter!
     
  6. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    I hate to disagree with FireFighter as he has helped me out in the past. In fact NOD32 is not at all a very good unpacker. ESET has abandoned that way of thinking in order to improve the scanning speed(s) of NOD. There are also trojan detection/cleaning abilities to consider. I use dr web as a way of eliminating a need for bith a AV and AT. Back on topic... NOD's trojan abilities and unpacking engines need work. That is not to say it is not a good AV, it's the best ITW AV there is. As far as Avast in concerned... RUN!!!.... No, not really I just do not happen to be a very big Avast fan. Assuming your using the pro version...you do get a lot more configurability with Pro vs home. However the resources required for the on-demand scanner are off the charts. Avast in decent. There are querks you are going to have to get used to if you intent to use that as your primary. Although in all fairness I haven't tried the brand new 4.1
    I'd like to do the unthinkable right now and suggest your switch from Avast to AVG 7.0. I know what everyone reading this is thinking. You might ever be getting the tar and feathers ready. However, I think AVG 7 is greatly improved over 6 in all areas including a rather impressive unpacking engine. Detection (and cleaning has also been improved) Ideally if you wanted to continue to use NOD and a free AV.. Use NOD as your on-access and AVG 7.0 as your on-demand. And, if you insist on using Avast used Avast as your on-access and NOD32 as your on-demand (with daily scans).

    Hope this helped
     
  7. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To n8chavez from Firefighter!

    I don't exactly understand what do you mean about "unpacking". What I think now you are trying to say is that you mean the archives scanning capability. I have studied that with several av:s and in my mind NOD is still below average in this section. I linked then together archives scanning and unpacking when I started my writings some months ago.

    I have read several unpacking tests from Rokop sites and Scheinsicherheit and the result was always that the best unpackers were KAV engined av:s, Mcafee, RAV, BitDefender and DrWeb. NOD was one of the worst in the beginning, even worse than AVG 6. But now in the latest Rokop av-test NOD v.2 was very close to DrWeb and RAV, so I have to believe that it is among the heavy unpackers, because all those other good performers were almost at the same rankings as before!


    "The truth is out there, but it hurts!"

    Best Regards,
    Firefighter!    
     
  8. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Where are you getting all this info about AVGs unpacking engine? I was not impress with 7 version at all.

    Try pack something with common and uncommn packers and test it with AVG7.


    tECHNODROME
     
  9. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Wrong!
    Try run NOD32 in "advanced heuristic" mode.


    tECHNODROME
     
  10. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    That's okay guess I deserve this...

    NOD's advanced hueristics are only available in EVERY module via downloading NOD32 shell power at:

    http://www.nod32.it/tools/NODSE.ZIP

    At even with that NOD's ability to scan within compressed archieves is not very good; althought it has improved with version 2. This just comes from using NODv2. Even with advanced hueristics enabled it is impossible to scan with a *.cab archieve... not to mention *.exe. But that ability was not the intent of ESET. Their focus was on scanning speed.

    Also this is a fact (as I have just verified it right now with optimal settings) NOD32 cannot scan inside of an archive via their on-access scanner.

    As for AVG, I have nothing to go by but my own expierences. With it I wa able to scan withing every compressed archieve I threw at it
     
  11. minacross

    minacross Registered Member

    Joined:
    May 12, 2002
    Posts:
    657
    So, what about using eTrust promo 7 as the main on-access scanner and NOD32 as the backup on-demand scanner (or viceversa). o_O
     
  12. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    I am sorry if I hurt your feelings in any way. It wasn't my intention at all. :oops:

    I gather that you didn't even try v 2? There has been some major improvement over v1.

    Advanced Heuristics is available in IMON (incorporate in GUI) and On Demand thru command line -AH.

    True. But this is something that it’s not important. Since archives are not immediate threat.

    I am not quite sure if we are talking about the same thing. I meant runtime packers such as UPX, ASPack, CEexe, Neolite etc.


    tECHNODROME


    tECHNODROME
     
Loading...
Thread Status:
Not open for further replies.