NOD32?

Discussion in 'other anti-virus software' started by Comp01, Nov 25, 2003.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    I was wondering, as I am getting a new computer next month, as to if NOD32 is worth buying? As I heard it was one of the best (If not the best0 at finding Viruses/worms/trojan horses? how good is it? I am thinking on right now trialing it..
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Congrats with your new system ;)

    As for ITW viruses: top of the class. IMHO a separate dedicated antitrojan is needed in conjunction (and from a point of layered defense a good thing as well).

    Have a look at the VirusBulletin records - and the NOD32 version 2 forum, especially Paolo Monti's splendid add on (sticky post over there).

    Trailing is always a good thing to do when it comes to making a decision ;)

    regards.

    paul
     
  3. For all around malware coverage, try KAV, McAfee, or NAV.. I personally use KAV and NAV on two separate computers...

    In my opinion, NOD32 was okay, but it doesn't do good with dialers, and some other malware... I simply can't agree with their line of thinking... We could debate this til the cows come home, but I don't agree... With NOD32, you'll DEFINATELY NEED AN AT.. if not for trojans, then to find other threats.. With KAV, and even NAV for that matter... more Trojans are covered, and now with the extended bases from KAV and the expanded threats from NAV, keyleggers, pornware, and other stuff are detected...

    Here is a typical thread that I run into which reinforced my opinion...

    http://www.wilderssecurity.com/showthread.php?t=16716
     
  4. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Don't think that you can put really KAV together in line with NAV when it comes to trojan detection. The detection rate of KAV is compared to NAV outstanding especially due to the first class unpacking engine that comes with KAV. But basically I agree with NOD32 you need a separate AT. Same for NAV as well.

    wizard
     
  5. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Well, here's my little opinion on NOD32 and KAV: The latter of these, KAV, is far and away my first choice for an anti-malware application. Mind you, this is based on the summation of what I've read about it, since I never really come across malware myself (I feel so left out!). None of what follows should be construed as some arrogant proclamation of absolute, irrefutable fact.

    I don't know what company, if any, is truly guilty of it, but I find the philosophy that says "we only combat viruses and worms; dialers and trojans are not our concern" to be utterly repugnant. To me, this is a cop-out that would let a vendor ignore certain threats, reduce their own workload, improve their ratings where they think it counts most, and shrug off the failures of their product by saying "Hey, we don't do trojans!". Again, I am not accusing Eset of this philosophy, but it sure seems like they are more slanted in that direction than Kaspersky is. I freely admit that I do not have enough information to really point the finger, though.

    I own licenses for the latest versions of KAV (Personal) and NOD32. My initial desire was to run the former of these exclusively. However, in practice, I found it to be too problematic. Whenever I ran live backups, my CPU usage would skyrocket, and the backup would slow to a crawl. Whenever I defragged, the same thing would happen.* Even loading the list of outbound-controlled programs in ZoneAlarm Pro was something that KAV severely slowed down. (Which was the proverbial "last straw" for me.)

    The only advice that Kaspersky has been able to offer to me, after admitting the behavior I described as a known issue, is to manually close or disable the KAV monitor when performing file-intensive activities. This is a profoundly lousy answer.** And a disappointing one, since I love practically everything about KAV. The interface is great. The options are thorough, powerful, and sensibly laid out. Profile support is robust and well thought out. I can update the KAV virus definitions with the Task Scheduler (using the /q switch), which I can't do with NOD32. And on and on and on... But if it grinds my system to a halt, I can't use it.

    NOD32 2.0 works much better for me as far as performance impact goes. Defrags pose no problem for it. Most backups don't either, unless I am backing up shortcuts (LNK files). I find that backing up lots of shortcuts is something that NOD32 does severely interfere with. I could remove LNK files from the list of scanned extensions, but again, I'm not very interested in such a workaround. [I think NOD32's performance advantage is due to the fact that it uses a filter driver, but that's just a guess.]

    [hr]
    * The extent of this problem was rather extreme. I run Raxco PerfectDisk 5. When you defrag with PerfectDisk 5, two things happen: An analysis of the partition, and the actual defrag run. The analysis process should take a matter of seconds to complete (and certainly less than one minute). In all the many months I ran PerfectDisk 5 before using KAV, I never had a single issue with a partition analysis. However, I returned to my system one morning to find that the analysis of my C: partition was still in process, after over EIGHT HOURS!. And I did positively trace the cause of that behavior to the KAV monitor.

    ** To me, this advice is like a Lamborghini salesman saying "Sure, the car might burst into flames at any moment. Just wear a fire-retardant suit.
     
  6. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Nameless and StraightShooter,

    I am not offering up the following question to refute either of your posts re; NOD32, but I wonder:

    Does the roster of recently added signatures to NOD32's base indicate to either of you that ESET is making considerable headway towards improving trojan detection?

    http://nod32.com/support/info.htm#CurVersion

    It seems to me that a high percentage of new definitions are trojans. To really know the answer to my question, one would need a point of reference, which I do not have (i.e., Are these exceptionally large and/or trojan-oriented updates for a typical AV?)

    Regards
    Optigrab
     
  7. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I appreciate the question, but I don't know... I do always glance at the new additions, whenever an update is released. I am always glad and encouraged to see that they always seem to include new trojan droppers.

    However, I have no way of knowing how well NOD32 covers trojans as a result of this, or in general. For me, anti-malware concerns are essentially religious... it's all based on faith, and not much else!
     
  8. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    I noticed that over the last month or so, they must be trying to catch up trojan-wise.
     
  9. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    My GrandMother always told me to pick one thing to do with my life and be the best I can possibly be at it .
    Isn't that why most doctors are specializing these dayso_O?

    PS
    I never did figure out what the devil i'm good at , I hope my grandMother doesn't know. :D :D :D

    Just an opinion .
    Frank
     
  10. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    But if some doctors were very good at many different things, wouldn't that make you question the ones who weren't?
     
  11. Grasshopper

    Grasshopper Registered Member

    Joined:
    Sep 30, 2002
    Posts:
    77
    Hi Nameless,
    I believe there are some really good AntiVirus programs like KAV out there that can protect you , but are they as good as a layered set up where each program specializes in one thing o_O? I'm not at this stuff long enough to know for sure but there are so many people in these forums that believe what Paul stated above is the best way to go.

    Comp01
    The best advice is to try a few products out and you chose what is best for you , what you feel comfortable with and trust . If you do go with Nod 32 use one of the trojan programs with it and you will be well protected .
    Good Luck .
    Frank
     
  12. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I wasn't suggesting that a dedicated anti-trojan application should not also be used. In fact, the approach you suggest--where each application specializes in one thing--is not "layered" at all. Quite the opposite, only if you use something like KAV alongside an anti-trojan scanner are you using layered protection. If you use an anti-virus scanner that (essentially) only deals with viruses, and an anti-trojan scan that only deals with trojans, you're not layered at all.

    I'm still not saying that NOD32 isn't good at handling trojans. I get the impression that it is not, from reading forums like this, but I am still not totally convinced.

    In any event, it is pretty hard to argue that it's better for an anti-virus utility to be poor at detecting trojans than for it to be good at it, as long as it is also good at handling true viruses. If I had a cardiologist, I'd still rather have a primary care physician who was also well versed in cardiac care--as long as his cardiac knowledge didn't make him lag behind in other general care.

    I do hasten to add that even if KAV is better than NOD32 at trojan detection, I find its performance hit too severe a trade-off to put up with. Hopefully the doctor analogy isn't too tired yet... But for me, KAV is like a physician who is great at many things, but who is so hard to get an appointment with, he's just not worth sticking with. I'll go with the doctor who may not be as well-rounded, but at least I can get in to see him!
     
  13. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I use KAV without much of a performance hit except during system scans. As for NOD32, it's an innovative product that I think will get better. I'm waiting to see what happens - I'll know NOD32 is ok when I see more of a consensus.
     
  14. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Assuming that KAV is running real-time and is monitoring your C: partition, run a defrag of C:. Then look at the CPU usage of the AvpM.exe process as it's running. If it's not in the 60-90% range constantly, I'd really love to know what's going on.

    A Kaspersky rep told me "Yes, it is recommended that you unload or pause KAV Monitor before performing defragmentation or doing back-up. This can significantly slow down your PC."

    I guess if you never defrag or back up, or do much of anything else that is file intensive (such as view the program list in ZoneAlarm, search for files, run programs, use Explorer, etcetera), you won't have any problems.
     
  15. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Yes, I see what you mean. I don't defrag that often, though.
     
  16. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    IMO disabling of any AV software is recommended when defragging etc

    i trialed nod v2 a while ago, scanned a cdrw with 1000 trojan servers( 250 trojans, 4 different versions of each), nod detected 383 of them, kav 986, trojan hunter 1000, (46 as possible/warnigs)tds( trialing it too) 1000 with 52 as possible/ warning/ heuristic. submitted some files to kav and same evening kav detected a full 1000
     
  17. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    There was a time I also shared this opinion.

    But more and more I started seeing the other side (with the help of others here ;) ). And I started thinking that maybe it is necessary that a line be drawn at some point. I mean, with this philosophy, why not ask anti trojan developers to address virii, spyware, and worms as well? They are all threats too are they not? Or are they all trying to reduce their workload as well? Are AVs singled out for the right reasons?

    So I do not really think it is a cop-out. Each AV analyzes malware in their own way and addresses it their own way. They analyze what they have and consider what kind of risk it poses in the wild. I guess a certain amount of trust has to go into what the developers consider a threat or not. But they are the experts.

    I do see you point though, and as I mentioned, I too shared your feelings at one time.

    I have not noticed the problems you have had with KAV on my test computer either. Even with Control Centre installed, AvpM running, writing this reply, and defragging, I do not notice CPU going any higher than 10% in AvpM or any other associated KAV process. Normally it is at 0-5%. Have you checked any additional settings in KAV Monitor's object scan?
     
  18. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    But why, if the AV doesn't interfere to any problematic extent? I haven't had any other real-time monitor interfere like KAV's does. So there is absolutely no need to disable the rest of them.

    But in any event, that trojan test you carried out is impressive, and interesting. Maybe I should give KAV another shot, and put up with disabling it. (Just hope I don't forget to re-enable it! :eek:)
     
  19. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    I think that the AV vendors are singled out because it was their general failure to handle trojans well that created a market niche for the AT vendors in the first place. I would liken the situation to how Microsoft packages a lame defragger with Windows; I use a third-party defragger as a result, but I don't criticize the third-party defrag vendor for not having their own OS.

    But the clincher for me where AT performance is concerned is the fact that some AV tools do it very well. If some do it very well, what excuse do the others have? The people who defend those others tend to have an agenda, it seems.

    I've screwed aroung extensively with KAV's monitor settings, and I've tried backing off many of its settings--to no avail. What I know is that when I defrag (or scan with TDS-3, what have you) with KAV running, my system bogs down, no matter how KAV is configured. With NOD32 or PC-cillin running, everything is fine.
     
  20. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    scanning with tds is very resource consuming itself, when you combine that with kav's realtime scan at the same time it is overwhelming.. there's also the danger of a conflict there... what if a trojan is found?
    generally when i scan with an anti-trojan with kav rtm running kav always nails them when the at scans the file, reproducing errors with the at. kav locks the file, preventing the at from scanning it... you get error messages saying: unable to scan file... or even crashes
    nevertheless, when you scan your system with an antitrojan i STRONGLY suggest to disable kav, or any other av while doing it. i mean there's no need to double scan them.
     
  21. Bdiamond

    Bdiamond Registered Member

    Joined:
    Apr 26, 2002
    Posts:
    74
    Location:
    N Carolina, USA
    Illuka, I was wondering if you might have any experience about the performance of F-Secure in such a test?

    I have been very pleased with its AV performance and have heard "rumors" that it is reasonably effective at Trojan detection. However, I have never seen any data regarding its ability in thid respect.

    Bdiamond
     
  22. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Rerun2 sed:

    Nameless sed:
    Apples and oranges.

    If the AV concerned does good job with VIRUSES--which is what it (and fe: NOD) claims to do--and the defragger does a crappy job at defragging--which is obviously not what it's designed to do--where is the similarity?

    In another vein: If the AV does it's job very well, but can't be used on your system because of drag/performance/no workee-no likey w/others--what good is it?

    It's precisely that kind of thing that has to be weighed when companies start adding things for unpacking this, and scanning that, and decrypting this, etc. There's a balance--and a trade-off that sometimes has to be lived with.

    ;)
     
  23. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    The similarity is that the WinXP defragger does do a good job defragging--but it is limited in some of its feature set, like scheduling, what have you. Or, if you want a different analogy, there is the native way that WinXP handles ZIP files. It handles them just fine, but it is totally ignorant of other formats like RAR. Or the native CD burning... it works fine, but it won't burn ISO files.

    That's exactly what I've been getting at! I love KAV, I trust KAV, but it tends to be too much of a drag on my system to use.
     
  24. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Well, when I was de-fragmenting, even though CPU usage spiked, I could generally still surf ok.
     
  25. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    The cool thing is that we all have a choice. All the products we've been discussing have their own strong and weak points. They all involve trade-offs (I love that term).

    I didn't mean to try to turn anyone away from KAV. Most people probably won't have as much trouble with it as I did, because most people aren't as neurotic as I am about defragging and everything else.

    Right now, forget what AV you run--the most important thing is to not run with administrative privileges during normal use, and to disable active scripting.
     
Loading...
Thread Status:
Not open for further replies.