NOD32 vs. KAV

Discussion in 'other anti-virus software' started by Iztok, Nov 27, 2003.

Thread Status:
Not open for further replies.
  1. Iztok

    Iztok Guest

    HI!

    I have NOD32 and Kaspersky Anti-Virus (KAV). Could someone tell me why is NOD32 better than KAV.
    My opinion:
    - KAV (4.5.0.49) use less resorses than NOD32
    - KAV have biger antvirus databases than NOD32
    - KAV reconize almost all trojans and backdoors, NOD32 reconize less than KAV (i have around 1000 viruses - KAV recognize all, NOD32 around 800).
    - NOD have advances heuristics - here is NOD better than KAV.

    Could someone from ESET tell me why is NOD32 better than KAV?

    Bye
     
  2. Madsen DK

    Madsen DK Registered Member

    Joined:
    Nov 23, 2002
    Posts:
    324
    Location:
    Denmark
    Heh lol, another NOD versus X Y Z AV thread :rolleyes:
    KAV uses less ressources than NODo_O
    Really, i dont think so.
    Best regards
    Ole
     
  3. Iztok

    Iztok Guest

    Instal KAV, you will be surprised. Link: ftp://ftp.kaspersky.com/products/release/english/businessoptimal/workstations/kavwinworkstation/kavwinws4.5.0.94eng.exe
    OK, than tell me why you're using NOD32 (advantage)?

    Bye
     
  4. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    You're so incorrect, KAV use many resource that NOD32 NOT!. Also NOD have these pro that KAV not:
    Scan more quickly that KAV (many);
    The viruses decrypt are more "professional" at eset;
    The updates are more light;
    the GUI are more better and easy to understand;
    the heuristic (AH and the normal heuristic) are much better than kav;
    IMON scan in any or the most mail clients, kav only scan the bases of the mail clients, in other words if you want to remove a virus, yo need to disable the kav monitor (some exceptions are the bat, outlook, oe).
    The only good of KAV in comparison to nod is the unpackers engine and the detection engine (not heuristic).
    PS: I've the same version of you, and NOD use lower resources.
     
  5. RJ100

    RJ100 Registered Member

    Joined:
    May 22, 2003
    Posts:
    111
    Location:
    Alberta, Canada
  6. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    I too would dispute that. I use KAV Pro 4.5.0.49 as well as NOD32v2 and though I think that KAV gets a false rep for taking too much resources it does take significantly more than NOD. NOD scans much much faster. With regard to trojan detection, that is a widely held view that KAV has better trojan detection but I personally would not trust any AV as a primary AT. I use TDS as a primary AT and KAV (And NOD) as secondary.

    NOD has significantly better email protection then KAV. It has been a widely known issue for some time that KAV will lock up Outlook everytime a SMIME-signed email comes through when KAV email protection is enabled and they have been way too slow in resolving it.

    I have a great respect for KAV but I wouldn't do without my NOD either.
     
  7. 8 more minutes? Nod32 used to scan my drive in 8 minutes, KAV Personal Pro in 16? For the extra malware covered I'll take KAV anyday...

    Where did you get THAT from, <snip>


    The light updates, yes I agree with that.. But KAV DOES DETECT MORE!
    The GUI is easy for me in both cases (They are BOTH confusing,. LOL...)
    Heuristics are a "Las Vegas" gamble for me... Nice to have, but I wouldn't bet my life to it..
    Resources? Well., if my computer can handle it, I would rather have MAXIMUM Protection...
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    NOD32 is an antivirus par excellence - VirusBulletin records proof this time after time - beating KAV.

    Since layered defense is commonly accepted as the most preferred way to go, an adittional stand alone antitrojan is recommended. This goes for NOD32 - and surprisingly for all other antiviruses as well, KAV included.

    Common sense is not putting all eggs in one basket. Having just one app coping with all leaves one's system helpless in case it has been killed or compromised.

    As for heuristics: KAV's script checker uses heuristics as well, Dr.Webb relies on strong heuristics, etc. So far as heuristics is concerned.

    regards.

    paul
     
  9. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Yah, but let's never let facts get in the way of a "mine's better than yours" discussion... ;)

    Agreed. Not to mention the possible fp's, and detection of dubious "threats" of little to no consequence. ;)

    (Jim plants tongue firmly in cheek...)
     
  10. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Jim,

    In case that's the purpose from a discussion: fully agreed. Personally: there is no mine; we have them all - although we do have favorite ones ;)

    I've been there - don't do that for more then an hour; I ended up visiting a medic :D

    regards.

    paul
     
  11. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    >Where did you get THAT from, <snip>
    My opinions are based on my own experience.
    months ago, I sended many viruses that KAV don't detect, including Trojans, Worms, etc.
    All the time Aleks Gostev reply my messages, but a day Aleks Gostev write me:
    Stop sending crap to I.
    Is for it reason that I believe that all the team at Kaspersky (The virus decrypt team) are ignorant (except Eugene Kaspersky and Costin Raiu).
    I will never send other sample to this "company".
    Best Regards.
     
  12. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    A combination of KAV&NOD32 is quiet a good choice. Not really cheap but nearly a "perfect fit". :)

    wizard
     
  13. Iztok

    Iztok Guest

    For sir_carew

    Could you please send me viruses that KAV didn't recognize?

    Bye
     
  14. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    1) I only send viruses to people that I know, sorry :D
    2) KAV now detect these viruses.
    3) KAV isn't perfect, if a new virus is uploaded to a web page, the most AV not detect it.
    4) Each time that I look at the symantec research web page, and I found new decriptions, if a P2P Worm, I search it in Kazaa, Edonkey, WinMX, etc.
    Thank to this, I found many new worm (Like Bereb,a,b; Logpole a,c; etc) and the only AV that detect those proactively is NOD32 using AH and McAfee. Obviously now KAV has added these worms to the databases like others AV. KAV detect more "know" viruses, trojans, worms, etc that NOD32, however the heuristic of KAV is bad.
    I personally think that is more important the heuristic than the bases.
    KAV isn't the best AV, In a AV, the only important isn't the bases, is important the heuristic, support, GUI, resources, compatibility, languaje interface, and many others factors. (Obviously all the factors not have the same importance).
    Best regards.
     
  15. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    Did they really tell you to stop sending things KAV didn't detect?
     
  16. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Exactly no, when I send a new virus to Kaspersky, I don't receive reply, but at the other daily update, KAV detect it.
    However Alexander Gostev send me mails like: Stop sending crap. I will not detect nothing of you, and things like that.
    I will never submit samples to it "company".
     
  17. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To sir_carew from Firefighter!

    I agree that strong heuristics with few false alarms is important but I don't think that even NOD is capable to detect the majority of NEW viruses. In some test lately NOD missed about 9860 File, MS-DOS, Windows, Macro, Malware and Script infections that McAfee 7.0.3 detected, and McAfee is not the worst to make false alarms.

    Most of them were not even new. How could NOD miss to detect them with heuristics if it is that good?


    "The truth is out there, but it hurts!"

    Best regards,
    Firefighter!
     
  18. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Could you provide proof for this statement?

    Which tests, performed by who? Can you provide the test beds?

    Without any backup this is merely a statement; no more.

    regards.

    paul
     
  19. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To Paul Wilders from Firefighter!

    I don't want to start a new war again, but I think that u already know what I'm refering just now, at least many of members from this forum in my mind.

    Those test beds are not public yet, but I don't think that it is so important, otherwise McAfee is "the mother of all false alarms" what I can't believe in the first place!

    Besides, NOD was not alone that missed quite many infections in that test, but it missed.


    "The truth is out there, but it hurts!"

    Best regards,
    Firefighter!
     
  20. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    >I agree that strong heuristics with few false alarms is important but I don't think that even NOD is capable to detect the majority of NEW viruses.
    All the time, I'm downloading new virus, especially Worm, P2P, mass mailing, etc. Is true that McAfee detect many of these new worms, however in some cases NOD detect P2P Worm that McAfee no. Indeed NOD is able to detect using the AH about the 77% of the in-the-wild viruses without an update. NOD was the only in detect the Swen without an update. McAfee detect more BAT and mIRC viruses using the heuristic, but NOD detect more P2P, mass mailing worms.
    This is my list:
    1) NOD32 = Is excellent to detect new Boot viruses, encrypted viruses, Worms (except irc worms), scripts (except bat).
    2) mcafee is excellent detecting bat, irc worms, and scripts like Dr.Web.
     
  21. Godzilla

    Godzilla AV Expert

    Joined:
    Nov 1, 2003
    Posts:
    63
    FireFighter, can you please stay on facts with references ?

    I tell you something.
    Speaking about heuristics KAV has not even a minimal chance against NOD32.
    It starts with generic Win32 Fileinfector viruses and it ends with worm detection.
    Ok, ESET has to improve the heuristic for script based IRC things but at least they have a very well working binary heuristic.

    Speaking about generic detections (such as Spybot Worms or generic SDBot Backdoor Detections) KAV sucks as well.
    Unpacking is not all in AV Business. I own hundreds of undetected SDBot Backdoors within KAV. And now the suprise:
    NOD32 finds them all :D KAV is beable to unpack all these samples (just attach a debugger such as SoftICE) and verify this via memory dumps. What tells us this ? The generic detection of this backdoor is weak. very weak in my opinion.
    But based on this fact i do not say that KAV isn't a good AV, but it lacks also in detection where other programs scoring better. And Kaspersky has false positives as well because they are including a lot of useless stuff such as a batch files that only copies a backdoor into the win32 system directory. THIS BATCH FILE COULD BE A LEGAL USER BATCH FILE even if it copies a exe file into system32.

    Feel free to reply ;)
    Regards,
    Godzilla :D
     
  22. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To sir _carew from Firefighter!

    According to this what Schouw wrote, NOD was not alone to detect Swen heuristically,

    http://www.dslreports.com/forum/remark,8050123~root=security,1~mode=flat;start=0

    I'm using eXtendia AVK Pro (actually my kids are using that, I use eTrust 7.0.142 Inoculate), so if that was true, eXtendia detected that also.

    Besides advanced heuristics is not a normal option in all scanning modes with NOD. So it is only an add characteristics, the normal is deep heuristics.

    And to Godzilla, my refered source is not acceptable in this forum, I have seen that so many times, that's why no more facts, but u'll find that from other forums if u like.

    My simple asumption of any av:s heuristics is that, if they are so good, there can't be situations like that, McAfee detected 98.57% other than trojan infections and NOD 77.31% from the same list. NOD used deep heuristics if I remember right in this case but it doesn't matter.

    And if those about 9 860 files that NOD missed more than McAfee were junk files, after that VirusBulletin has no value because not using that kind of clean files source, VB isn't recognising the value of true misses in real clean file tests.

    "The truth is out there, but it hurts!"

    Best regards,
    Firefighter!
     
  23. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Firefighter, I put an interview of Richard Marko, the developer of ESET's heuristic:
    Basically, I tried to create an algorithm that followed the process normal of analysis of code of an expert antivirus. It knew that basically there were two forms to do this in the real world: one of them was to use a special computer in which to execute the file suspicious and to analyze the changes that this one carries out in the computer and others. The other form is to take the suspicious program, to desensamblar it and to study the code by one same one.
    -------------------------------------------------------------------------
    For that reason, I tested against virus real, really in activity. The results were very good, since the heuristic one detected 90 % of them by itself, without counting on the base of companies of the antivirus.
     
  24. Godzilla

    Godzilla AV Expert

    Joined:
    Nov 1, 2003
    Posts:
    63
    The question is here HOW IMPORTANT is it to detect older stuff via heuristic.
    And numbers doesn't count here. You can scan a lot of old malware (maybe malware which doesnt even run anymore) if a heuristic detects such things this is fine, but it is not really a threat.
    But missing actual samples (like the SDBot Backdoor) this _IS_ a problem. a serious one.
    Because many people are infected day for day with such open source variants.

    And now ? You are going to tell me that it is importanter for you to detect a half million of old viruses (which may not even seen for the last 5 years) instand of performing a outstanding detection of all new viruses ? LOL!
    And this outstanding detection of NEW MALWARE does include a first class heuristic. To prevent infections before the virus is even analysed by a human virus researcher.
    And as you may know, not all types having the same basis on binary formats. Who needs today a heuristic for new Dos viruses ? Nobody.
    But you need a heuristic for the ACTUAL THREATS. And the goal is not to detect as much as possible out of a mixed virus collection - the goal is to focus at the new ITW malware. And this Malware can have other flags (heuristical flags) than some old malware. Instand of working on detection for already "out of date" viruses the virus companies working on improvements for the actual threats. So does ESET. And this is the right way to protect home users and business consumers. ONLY THIS.
    You can trust me here about this facts i am also from the AV business and _NO_ i am not aliated with ESET.

    Regards,
    Godzilla
     
  25. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    I'm agree with Godzilla. Old viruses for DOS, Win16, etc aren't important. Maybe the KAV heuristic is much good than nod detecting old viruses, but NOD heuristic detect much new viruses like p2p, mass mailing than NAV, KAV, AVG, Panda, etc.
     
Loading...
Thread Status:
Not open for further replies.