NOD32's AV DB Secret

Discussion in 'ESET NOD32 Antivirus' started by secured2k, Apr 28, 2009.

Thread Status:
Not open for further replies.
  1. secured2k

    secured2k Registered Member

    Joined:
    Apr 22, 2009
    Posts:
    5
    I was looking at the size of all the EM###_32.DAT files and found them to be just about 22MB in size. Furthermore, it seems 2MB EM009_32 is used for SysInspector.

    ~20 MB for the full AV DB? how does ESET do it? Other major antivirus vendors seem to be passing 50-60MB!

    I'm not looking for specific codde explaining how, but a general explanation would be nice (ie we use 'generalized method' and 'xxxyyy compression').
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    AV vendors use different techniques for detecting malware. One may use much less signatures to cover much more threats than AVs with large databases. This also reduces memory consumption as the whole db must be loaded in memory on the AV program's startup.
     
  3. secured2k

    secured2k Registered Member

    Joined:
    Apr 22, 2009
    Posts:
    5
    I see your title is ESET moderator. I appreciate the response, but is there any official answer to some techniques used? I am curious to the inner workings of the NOD32 system.

    I've been stuck with corporate Symantec and McAfee and they work fine in business, but for all my home/small business users I've been pointing to ESET. One of my clients asked me this same question... what makes NOD so different... as today, all of the major AV researchers and programmers should have the $ and resources to improve their product into 'next generation' tech.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's advanced heuristics that emulates the code and thus enables the researchers to create effective generic signatures which can cover thousands of similar variants.
     
Thread Status:
Not open for further replies.