NOD32 vs Kaspersky

Discussion in 'other anti-virus software' started by desk, Sep 13, 2004.

Thread Status:
Not open for further replies.
  1. desk

    desk Guest

    The other day i downloaded a trial of NOD 32. I was impressed at how fast it scanned all the files on the most advanced detection settings I could find or turn on. It scanned about 210k files in like 22 mins. With the standard settinging it took like 9 mins to scan about 60k files. From reading a few other sites and their forums alot of people agree that Kaspersky has a great detection rate. Nod 32 has great detection also but doesnt work so well with trojans. Is Nod 32 just for viruses?
     
  2. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    No, that's just the excuse die hard fans give for the relatively poor trojan detection ;)
     
  3. Qbee&1C

    Qbee&1C Registered Member

    Joined:
    Sep 12, 2004
    Posts:
    3
    Location:
    Van-Canada
    Interesting..........
    I have NOD32, have been having trouble with trojans as we speak........
    Support is good, but getting tired od the trojan bunk!....
     
  4. kairii

    kairii Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    76
    Well yes KAV is good esp version 5. It found viruses and trojans on my comp that other AVs(norton and mcafee) have missed. And yes i do think is better than NOD32 based on it's detection rate.....BUT i bought NOD32 because i didnt like KAV5 very much even tho it is probably the best AV on the market. I don't like KAV5 because, it creates freakn ADS streams (had to copy 400+ gig of stuffs to a fat32 partition, and copy them bak just to rid of those ADS streams) for every freakin files on ur comp, and also it's resource hungry...so yeah if you can live with those just get KAV5.
     
  5. leehigdon3

    leehigdon3 Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    132
    Location:
    Plano, TX USA
    If I'm not mistaken, detecting trojans is quite a bit more involved than detecting viruses and some worms. The signature files for viruses are generally smaller. What you're looking for in detecting viruses is replicating behavior, primarily, and payload, secondarily.

    The main difference between a Trojan and a virus is the inability to replicate. Trojans cause damage, unexpected system behavior, and compromise the security of systems, but do not replicate. If it replicates, then it should be classified as a virus.

    As you can see, there can be more analysis in determining if something is or potentially could be a trojan. I mean, how does one really define "trojaness"?

    I'm no scholar on the differences between Kaspersky's engine and eset's, so I'm not going to pretend I understand why KAV is more efficient at finding trojans, backdoors and zoo malware than is NOD. But, this is true when comparing other AV products to KAV and any product using the KAV engine.

    So, there are some trade-offs to consider.

    1. NOD is a faster scanner than KAV's.
    2. The system overhead is less with NOD
    3. Both are very good at detecting ITW viruses and worms.
    4. KAV is much better at detecting trojans, backdoors, dialers and zoo-type malware. KAV, however, is not perfect. No AV can be expected to detect 100% of malicious code, 100% of the time.

    Here is something to consider:

    The best way to defeat the malware problem is through safe computing behavior. Period. It's good to have an on-board malware detector to scan files and programs you import to your system from the internet, shared drives and removable media. But when all is said and done, if you cannot absolutely trust the source of those files and programs, why would you trust another program to make security decisions based on the limitations all programs have?
     
  6. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    Maybe it has nothing to do with the engine. The people who work at Kaspersky labs just seem to be better at identifying unknown malware and releasing definitions for it than any other AV vendor.
     
  7. leehigdon3

    leehigdon3 Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    132
    Location:
    Plano, TX USA
    The people? That's ridiculous. Just like in any industry, there is cross pollination from company to company. In fact, when new viruses/malware are found, that information is shared amongst vendors, quickly. I'm quite sure that NOD's software engineers know how to write definitions for trojans, just like KAV's.

    What isn't shared is the IP going into the scanning technology. Otherwise, all products would be the same.

    When you scan a files using KAV, it isn't the "people" who are raising a flag when it finds something. It's the detection and cleaning engine giving you alerts.
     
  8. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    If that was true then why do some AVs have definitions for malware that others don't?

    Yes I'm sure they know how, but the fact that NOD32 misses a lot more than KAV would suggest they aren't as good at it.

    The definitions also aren't all shared, or are you saying that NOD32 has the definitions for the trojans it misses but a flaw in the engine means it still fails to identify them?

    Giving you alerts based on definitions that have been supplied by the people in the lab using whatever system they do to identify malware, honeypots etc...
     
  9. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I think KAV is very good for some folks and platforms. I also use F-Secure on one of my machines which uses the KAV engine and has a great detection ability.

    However, from my experence NOD also detects some real world current
    infections prior to KAV or other AVs.
    Example: https://www.wilderssecurity.com/showthread.php?t=42010
    This has occured a number of times on my end with the machine running NOD.

    If you use NOD I feel that you should also have an AT.

    I run NOD and BOClean on a P4 2.8 machine that is used for gaming.
    To me that is a great combination and no noticable effect with the real time
    protection running on both NOD and BOClean.
     
  10. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    I have moved this "Nod vs KAV" thread to "other AVs" where it belongs (along with the other 5 million other "Nod vs KAV" threads).
     
  11. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Is it only me that thinks most of these type of threads are started just to "wind up" and "get a reaction" from both sets of "die hard" fans? Or am I being cynical? Both Nod and Kav are good products but with different strengths :-Nod speed,lightness on resources Kav:-overall detection
    You just pays your money and takes your choice
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,755
    Location:
    Texas
    It's not just you that thinks that way. It's pretty evident why posts like that are made in the NOD forum.
     
  13. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    That's exactly the reason why I've stopped reacting to these "my software is better than yours" topics long ago. They're such a huge waste of time and energy...
     
  14. sard

    sard Registered Member

    Joined:
    Apr 18, 2004
    Posts:
    175
    Location:
    UK
    Maybe I should have mentioned that I'm a paid up NOD32 user, so I'm not criticising it for fun. It's just that it has missed and had trouble removing several trojans and worms over the last year on my PC.
     
  15. leehigdon3

    leehigdon3 Registered Member

    Joined:
    Jun 26, 2004
    Posts:
    132
    Location:
    Plano, TX USA
    Maybe to you. To me, it suggests the engine isn't as robust at detecting trojans. If you think NOD isn't adding signatures for trojans, check their web-site. They detail what is included in each sig file update. Trojans are a healthy proportion of what gets added.

    Anyway, I'm not here to defend NOD against KAV. My point is, they are different products. Without question. What you are implying is the difference is in the work ethic or smarts of the people. Why not commit your position to paper and submit it to VB for comment? They ought to be able to sort to the truth.
     
  16. Desk

    Desk Guest

    Hi, again. This was the original poster of this thread. I did not have the intention of starting an arguement. I was trying to decide on which product to purchase. I was very pleased with the speed of NOD32. Upon reading other forums etc., there have been comments that KAV takes longer to scan but does a good job. Since i found the support area of NOD32, I decided to ask the "horse's mouth" to get a straight answer from the source. From the comments that I have read since the thread was started, it seems Nod32 is specific on viruses. One of the most compelling items was that Microsoft was using it as one of their antivirus products. Thanks for you comments on you experiences with both products if you left a reply.
     
  17. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    I don't think that NOD32 is specific to viruses only.
    AH (Advanced Heuristic) is the best heuristic in the market today making NOD32 able to detect new yet unknown trojans (downloaders, backdoors) and mass-mailing worms. I collect malware, and I can comment that AH was able to detect proactively: Win32/Prorat, Win32/Bagle, Win32/Mydoom, Win32/Beast, Win32/OptixPro, Win32/Munstre, Win32/Randon, Win32/Spybot (many), Win32/Netangel, and many others. The samples that I mentionated, wasn't detected proactively by KAV, in others words, KAV was able to detect them recently when KL updated the bases, NOD was able to detect them without the any update.


     
  18. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I recommend KAV, but KAV isn't perfect. On an infected site I tested with, KAV 4.5's on-access scanner (with archives scanned) let a zip archive with the ByteVerify trojan/exploit go right by. NOD32 and NAV did not.
     
  19. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    With both (either)of these products the configuration is just(possibly more)as important as which one you choose
    Steve
     
  20. Malcom

    Malcom Guest

    If NOD has such advanced heuristics then why does it have such poor detection compared to KAV and McAfee, If the heuristics were so capable they would be picking almost everything the signatures miss, Most of the time i come across a system that is infected it's usually a Trojan of some sort, I have personal experience of this as my one of my systems was trialling NOD and then once finished i put KAV back on and it picked up THREE trojans that NOD missed even with Advanced heuristics on and this is real life experience not using some Testbed. So without a comprehensive Trojan detection it makes using NOD a little
    difficult, You could say well you could use TDS alongside NOD but nowadays thats a poor excuse AV have AT detection you shouldn't need to run an extra program if the product is so great.

    KAV has it's flaws too heuristics, ADS, Slow, and so on, But with it's detection rates with just signatures it's a monster, AV companies need to catch onto heuristics being the way foward (or they'll be left behind) with signatures not being the underpin, And not advertising heuristics when realy they rearly do much.

    I mean why do we buy AV products? So we don't get infected, So if you can finish a system scan in seven minutes and have a detection rate of 90% or finish a system scan in an Hour and have 99% it kind of awnsers itself. If your looking for an AV product that doesn't slow down your system then F-Prot is the current awnser.

    "AH (Advanced Heuristic) is the best heuristic in the market today"

    Thats a wide statement, Particually with MKS_Vir looking better by the week.
     
Loading...
Thread Status:
Not open for further replies.