Sig detection in nod

I have a research and need some information about signature detection of NOD32.

Can anyone from Eset say me that "the amount of signature detection in Kaspersky 6.0 Antivirus is higher, or in Nod32 2.7" ?

I know all things regarding nod's A.H. and its magic , however I need to now exactly which of above antiviruses can detect more malwares with only their signature database?

Thanks.

 

kaspersky finds more by signatures than nod32, kasperskys heuristics have been pretty poor considering, and it still beats nod32 in detection, but both are very good and have different pros and different cons.

 

Thanks,

It will be very good for my research if anyone from Eset confirm it.

 

true but it might change soon with kaspersky's new heristic engine in january.
also different av's do there sig numbering differently.
lodore

 

oh, i know they number them differently.

norton might have nod might have 500,000 / drweb has 164,191 and panda might have 384,750

but they might all detect the same things.

but im pretty sure kaspersky can detect more by signatures than nod32, IBK needs to give his 2 cents on this, he knows im sure.

 

kaspersky does detect more by Signatures than nod32.
nod32 relies on heuristics to much IMO.
as said before heuristics are not a completely developed technlogy and should not be completely relied on.
lodore

 

It is unknown how many signatures does NOD32 have because the heuristics can detect hundreds of variants with one signature , example generic detection .
http://www.eset.com/support/faq1.php?id=1112

And although you may know some number of signatures , this isn't important at all . Do you think that Norton detects more than Panda ?

 

But the reality has proved that the heuristic technologies are successful and reliable for all the NOD32 users all over the world , lodore .

 

102953 from the details provided (2001-2006, not including variants or .gen detection).

 

do not mix the number of virus records in KAV with their number of signatures or with the number of names in virus list, which is much smaller.

 

dear Mr. Clementi,

Thanks, i need to know which of them can detect more malware, in exact name?

Nod32 or Kaspersky?

 

MAYBE kaspersky (but i am not sure, as while kav may detect 1000s as rbot.gen, nod32 could give to each one e.g. rbot.nkl, rbot.nkm, etc. names), but for knowing for sure i would need to run both on the whole sets of files, and I am sorry but do not have time for doing that (and do not really see the need for knowing this, for the reason gave above).

 

Thanks a lot,

In your on-demand test, I see kaspersky rates are higher than nod32. is it mean that kaspersky can detect malwares more than nod32?

Meanwhile, while on-demand tests, do you use variant detection, emulator & A.H. of nod32 in that tests? or that tests are only subject to "sig detection"?

Thanks again.

 

like described, best possible detection settings (= yes, all enabled).

 

Many thanks Mr. Clementi,

Just final question...

1. On-demand Test: best possible detection settings like signature, heuristics, etc.

2. Pro-active Test: You remove signature detection. in other words, you use best possible detection settings except signature detection.

My thoughts are correct?

I was unable to find above answers in "methodology.pdf" file.

 

no, they are wrong.

also in the retrospective test everything is enabled, but the samples are new.

 

ohhh...

So in both of tests you use max features like sig, heuristics, etc.

Where I can find detailed information about your tests?

I had a quick look at your "methodology.pdf" file which is 29 pages... but nothing found in this case.

Many thanks again.

 

You can read this info on the retrospective test page.....at the bottom, the signatures are three months old.

 

...or read the test reports. there is not much to say about it, but all required informations should be already contained in it...

 

very true but kaspersky still detects more due to large amount of signatures.
the best defense is great heuristics and fast signature updates.
i think thats why soon kaspersky with its new heristic engine next year will be the ultimate protection and with pdm as well.
thats three layers of protection.
most companys are relising that you need more than one defence.
thats why kaspersky added pdm and now getting a better heristic engine.
im guessing eset are adding new defences as well.
lodore

 

Nod_lover,

The answer to your question is not easily given because you have to understand how signature and heuristic play within the av. In my opinion, how quickly vendors react to outbreak and produce signature/heuristic detection is what you want to rely on. Both Kaspersky and NOD are excellent in terms of their response times. Kaspersky is adding signatures more often than NOD, but NOD has its heuristic engine that already might detect what Kaspersky is adding.

Kaspersky might classify each variants as one signature, whereas NOD might classify all the variants as one signature.

Again, how quickly vendors react to outbreak is what you want to rely on, not necessarily relying how many signatures an av has. Plus, most of the dangerous malware is the newer malware.

 

~removed quote of post directly above....Bubba~

Very well said , Miyagi !

 

Sounds impressive, but both have these kinds of detections with regards to detecting multiple variants with one sig, this is not a a Nod32 invention believe it or not ......................................you might think "most of the dangerous malware is the newer malware", but it means very little to the guy/girl being infected with something not doing the rounds aggressively ATM.