Sig detection in nod

Discussion in 'other anti-virus software' started by Nod_lover, Dec 23, 2006.

Thread Status:
Not open for further replies.
  1. Nod_lover

    Nod_lover Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    I have a research and need some information about signature detection of NOD32.

    Can anyone from Eset say me that "the amount of signature detection in Kaspersky 6.0 Antivirus is higher, or in Nod32 2.7" ?

    I know all things regarding nod's A.H. and its magic :D , however I need to now exactly which of above antiviruses can detect more malwares with only their signature database?

    Thanks. ;)
     
  2. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    kaspersky finds more by signatures than nod32, kasperskys heuristics have been pretty poor considering, and it still beats nod32 in detection, but both are very good and have different pros and different cons.
     
  3. Nod_lover

    Nod_lover Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    Thanks,

    It will be very good for my research if anyone from Eset confirm it. :)
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    true but it might change soon with kaspersky's new heristic engine in january.
    also different av's do there sig numbering differently.
    lodore
     
  5. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    oh, i know they number them differently.

    norton might have nod might have 500,000 / drweb has 164,191 and panda might have 384,750

    but they might all detect the same things.

    but im pretty sure kaspersky can detect more by signatures than nod32, IBK needs to give his 2 cents on this, he knows im sure.
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    kaspersky does detect more by Signatures than nod32.
    nod32 relies on heuristics to much IMO.
    as said before heuristics are not a completely developed technlogy and should not be completely relied on.
    lodore
     
  7. ASpace

    ASpace Guest

    It is unknown how many signatures does NOD32 have because the heuristics can detect hundreds of variants with one signature , example generic detection .
    http://www.eset.com/support/faq1.php?id=1112

    And although you may know some number of signatures , this isn't important at all . Do you think that Norton detects more than Panda ?
     
    Last edited by a moderator: Dec 24, 2006
  8. ASpace

    ASpace Guest

    But the reality has proved that the heuristic technologies are successful and reliable for all the NOD32 users all over the world , lodore .
     
  9. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    102953 from the details provided (2001-2006, not including variants or .gen detection).
     
  10. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    do not mix the number of virus records in KAV with their number of signatures or with the number of names in virus list, which is much smaller.
     
  11. Nod_lover

    Nod_lover Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    dear Mr. Clementi,

    Thanks, i need to know which of them can detect more malware, in exact name?

    Nod32 or Kaspersky?
     
  12. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    MAYBE kaspersky (but i am not sure, as while kav may detect 1000s as rbot.gen, nod32 could give to each one e.g. rbot.nkl, rbot.nkm, etc. names), but for knowing for sure i would need to run both on the whole sets of files, and I am sorry but do not have time for doing that (and do not really see the need for knowing this, for the reason gave above).
     
  13. Nod_lover

    Nod_lover Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    Thanks a lot, :)

    In your on-demand test, I see kaspersky rates are higher than nod32. is it mean that kaspersky can detect malwares more than nod32?

    Meanwhile, while on-demand tests, do you use variant detection, emulator & A.H. of nod32 in that tests? or that tests are only subject to "sig detection"?

    Thanks again. ;)
     
  14. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    like described, best possible detection settings (= yes, all enabled).
     
  15. Nod_lover

    Nod_lover Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    Many thanks Mr. Clementi, :)

    Just final question...

    1. On-demand Test: best possible detection settings like signature, heuristics, etc.

    2. Pro-active Test: You remove signature detection. in other words, you use best possible detection settings except signature detection.

    My thoughts are correct? o_O

    I was unable to find above answers in "methodology.pdf" file.
     
  16. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    no, they are wrong. :p

    also in the retrospective test everything is enabled, but the samples are new.
     
  17. Nod_lover

    Nod_lover Registered Member

    Joined:
    Dec 23, 2006
    Posts:
    6
    ohhh... :eek: :ninja:

    So in both of tests you use max features like sig, heuristics, etc.

    Where I can find detailed information about your tests? o_O

    I had a quick look at your "methodology.pdf" file which is 29 pages... but nothing found in this case.

    Many thanks again. ;)
     
  18. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    You can read this info on the retrospective test page.....at the bottom, the signatures are three months old.
     
  19. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    ...or read the test reports. there is not much to say about it, but all required informations should be already contained in it...
     
  20. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    very true but kaspersky still detects more due to large amount of signatures.
    the best defense is great heuristics and fast signature updates.
    i think thats why soon kaspersky with its new heristic engine next year will be the ultimate protection and with pdm as well.
    thats three layers of protection.
    most companys are relising that you need more than one defence.
    thats why kaspersky added pdm and now getting a better heristic engine.
    im guessing eset are adding new defences as well.
    lodore
     
  21. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    420
    Location:
    Honolulu, Hawaii
    Nod_lover,

    The answer to your question is not easily given because you have to understand how signature and heuristic play within the av. In my opinion, how quickly vendors react to outbreak and produce signature/heuristic detection is what you want to rely on. Both Kaspersky and NOD are excellent in terms of their response times. Kaspersky is adding signatures more often than NOD, but NOD has its heuristic engine that already might detect what Kaspersky is adding.

    Kaspersky might classify each variants as one signature, whereas NOD might classify all the variants as one signature.

    Again, how quickly vendors react to outbreak is what you want to rely on, not necessarily relying how many signatures an av has. Plus, most of the dangerous malware is the newer malware. ;)
     
  22. ASpace

    ASpace Guest

    ~removed quote of post directly above....Bubba~

    Very well said , Miyagi !
     
    Last edited by a moderator: Dec 24, 2006
  23. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Sounds impressive, but both have these kinds of detections with regards to detecting multiple variants with one sig, this is not a a Nod32 invention believe it or not ;) ......................................you might think "most of the dangerous malware is the newer malware", but it means very little to the guy/girl being infected with something not doing the rounds aggressively ATM. :)
     
Loading...
Thread Status:
Not open for further replies.