The reason for these facts.

Discussion in 'ESET NOD32 Antivirus' started by niceTyp, Jul 21, 2008.

Thread Status:
Not open for further replies.
  1. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
    In the last week I have a problem with a virus and I was curios that NOD32 don't found this virus but over 50% of the Scanner in Virustotal found the virus.
    I send a sample to samples@eset.com and it takes over 5 days that eset include the virus in the virus database of Nod32.
    I try a similar thing few days ago. and send some rootkits to samples@eset.com 30% of the scanner found the rootkits. But I'm sure that eset needs again 5 or more day to include it in the database.
    Why take this sooo many time?

    Also this fact make me thing about the quality of Nod32.

    http://mtc.sri.com/live_data/av_rankings/

    and

    http://www.av-comparatives.org

    Edit: www.av-comparatives.org only allows posting links to their main website
     
    Last edited by a moderator: Jul 21, 2008
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I take liberty to inform you that ESET reserves the right to choose the appropriate priority to submitted samples. Taking into account that thousands of new threats are created on a daily basis, there must be certain priority assigned to each sample based on specific ciriteria. People who submit samples from their systems and enclose additional information are dealt with almost immediately and detection is usually added to one of the upcoming updates.

    When refering to a certain test, you should always consider the methodology used. It's important to know the source (ie. samples from honeypots are often corrupt and thus non-functional), what settings were used for testing, what version was used for testing, etc. Each vendor should have a chance to test the samples their AV missed - this would allow us to analyse the files and count the number of non-functional files used in the test.
     
    Last edited: Jul 21, 2008
  3. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
    Re: AV2009 infection?

    undetected by Nod32, I have here also 9 rootkits since 5 days and 30% of the scanner detect this files except Nod32 because of the lower priority of such files that often change itself.
     
  4. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    Re: AV2009 infection?

    And you know for sure those files are infected? Virustotal doesn't always give the correct answer and i have seen a lot of false positives when using virustotal. If only 30% detect a threat i guess nod32 is not alone when not detecting the threat. Certain type of files is often detected as a threat even if that might not be the case.
    I'm not necessarily saying those nine samples are clean, but how do you know for sure they are infected?
     
  5. niceTyp

    niceTyp Registered Member

    Joined:
    Jul 15, 2008
    Posts:
    11
    now are 15/35 (42.86%) I can send you the files if you want to try.
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    We do not share malware at this site and suggest you
    re-read what Marcos wrote above. Also, Support in this forum is not about posting %'s on a daily basis of who's found what.
     
Thread Status:
Not open for further replies.