test antivirus 2006

Discussion in 'NOD32 version 2 Forum' started by duca bianco, Sep 20, 2006.

Thread Status:
Not open for further replies.
  1. duca bianco

    duca bianco Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    77
    Location:
    Italy
  2. covaro

    covaro Registered Member

    Joined:
    Jul 4, 2006
    Posts:
    149
    Location:
    Abingdon, MD, USA
    Well, besides the fact that even using a google translation of the page I can hardly understand the point they are trying to make as some of the words probably don't come off as intended.

    Nor can I find anything regarding the methodology of exactly how this test was performed, nor based off a quick scan does it seem like all the tests were performed precisely.

    Check out: http://www.av-comparatives.org/ for a well defined a well regarded series of tests.

    As far as the reviewer goes, tell him to uninstall NOD32, and then follow the steps found here: https://www.wilderssecurity.com/showthread.php?t=37509

    -Cov
     
  3. rumpstah

    rumpstah Registered Member

    Joined:
    Mar 19, 2003
    Posts:
    486
    Hi duca:

    I can tell that NOD32 is not setup properly to perform the automatic cleaning/deleting that appears to be desired... It is set to the default of prompt, which is not what most users would desire.

    Maybe being pointed to the setup tutorial would help. ;)

    Quote translated "I found myself forced to confirm, virus after virus, the operation to complete."

     
  4. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    I will admit that my knowledge of Italian is fairly limited (though I can understand much of the article from my knowledge of Spanish). However, it seems to me that the reviewer does not have a good understanding of how NOD32 works.

    For example, he complains that "409 threats were found, but only 82 files were cleaned." The most common reason for this is when there are files inside .zip files, and the files do not get deleted from within the .zip file. Also, in a previous screenshot, he actually showed a file with multiplie infiltrations. If there is 1 file with 10 threats inside of it, how many files does he actually think will get deleted? :rolleyes:

    Something else he pointed out was how the memory and CPU utilization for "nod32kui.exe" remained almost constant during the entire virus scan, with the CPU at 0%. Well, duh. "nod32kui.exe" is the "NOD32 2.5 Control Center" user interface. Does he actually expect that to do anything while he is doing an on-demand virus scan? "nod32.exe" is what does all the work during an on-demand scan, as evidenced by the high memory usage and CPU usage.

    It appears to me that he took a pre-infected computer, installed NOD32 on it, and then ran it with its default settings to see how it would do. After running it, he complained that Winsock was broken. However, was it really NOD32 that broke it, or was it one of the pre-installed viruses?

    However critical I may be of the reviewer, it does show one thing: NOD32 is not foolproof. It is quite possible that an experienced user of NOD32 could have achieved much better results than he did, but most people are not experienced users. There is something to be said for that.
     
  5. duca bianco

    duca bianco Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    77
    Location:
    Italy

    :thumb: :thumb: :thumb: :)

    Thanks to all for the answers .:D :D
     
  6. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Version 3 of NOD32 will have an advanced & basic user mode, so that might help too :)
     
  7. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,220
    I think the guy who did the test doesn't have a clue how to test Nod. I understand Italian very well and his language was of the type ' ... it doesn't convince me', he doesn't give any info on how it is set up in the first place.

    We all know how results can vary if the tester is biased or hasn't set up the parameters properly. My opinion anyway.
     
  8. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
  9. covaro

    covaro Registered Member

    Joined:
    Jul 4, 2006
    Posts:
    149
    Location:
    Abingdon, MD, USA
    Ok... so as far as I can tell from the google tranlation... Everything is based of the Kaspersky online results of an already infected machine? So there was no before baseline, and no after changed files list?

    Not exactly a well rounded test I would say. But yes, I do agree, that the NOD32 default settings should reflect Blackspears settings. Let's face it, the n00b user, needs as much protection as possible, while the advanced user is going to do as he pleases. So lets cater to the LCD, and let the people who know what they are doing do their thing.

    Me... PDA detection isn't a good thing. I have too many *.exe's installed that NOD32 would pick up if I had PDA enabled on my PC.

    -Cov
     
  10. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
  11. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I have had one other examples where virsutotal has shown no detection of an email borne threat for NOD32 but on my own PC it was detected and cleaned by EMON before it could even get to my inbox... It's possible that my NOD32 was updated before VirusTotal, but I don't think that this was the cause.
    If NOD32 detects it then it does...

    Cheers :)
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  13. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well, pc-support, NOD32 often detects threats like this only with the proper extension: ".vbs". Perhaps the file inside the archive was extnesionless...or perhaps NOD32 user is right. It happened to me also.

    And another thing...I remmember posting here about another VBS worm not detected by NOD and detected by all other AVs. See it here: https://www.wilderssecurity.com/showthread.php?t=124510
    It was just a garbage file. :)
     
  14. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    Pykko and Marco's are correct.

    My observation is that loveletter is a very old virus and should have been detected but as Pykko says, it may have been a corrupt file.

    :D
     
  15. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    16th June 2006
     
  16. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Correct! The sixth month of the year is June. :D
     
  17. duca bianco

    duca bianco Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    77
    Location:
    Italy
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Apparently they are not familiar with how NOD32 handles archives. For security reasons, the only option available is Leave, otherwise NOD32 would delete the whole archive. However, if the user is aware of that risk he/she can enable automatic deletion of archives on the Action tab.
     
Thread Status:
Not open for further replies.