"Very badly catches viruses"?

Discussion in 'NOD32 version 2 Forum' started by Mele20, Apr 28, 2004.

Thread Status:
Not open for further replies.
  1. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > In addition to Kav, I use Spysweeper, Trojan Hunter, and ZAPro..
    [...]
    > Sure, Scanning takes about an hour, but then again, it covers a lot more than nod32.

    OK ... here's an experiment for you to try ........

    Scan your HD with NOD32, SpySweeper, and Trojan Hunter.

    Let me know the total time taken, and the detection results.

    (Avoid scannng any of your VX collections of obscure crud ... I'd like valid and pertinent detection figures.)
     
  2. LOL.. I read your posts and replies at a dizzying pace.. But le me answer as many of your replies as I can..

    For your above quote, I hope you're not implying I fell for it LOL... That's what it sounds like.. Besides, however obscure, a virus is a virus, right?

    Well, you're basing that answer on Virus Bulletin, no problem here.. But most of the "nasty" sites I've been to, and even a couple of seemingly harmless ones, don't try to throw a virus, they throw trojans.. At least that is what KAV identifies them as.. Trojan. Dropper... whatever... But I see your point...

    Which ones would those be? TDS.. I tried it, and it mucked up my XP.. I am willing to try it when they become TDS 4.. How many years has that been now.. ... BOClean? No On Demand scanner.. I would prefer to have one.. Everyone else does... Trojan Hunter? That's what I use now.. Okay, but usually KAV kicks in first..
    I gotta go to your other posts now and answer those LOL..
     
  3. norky

    norky Registered Member

    Joined:
    May 1, 2004
    Posts:
    172
    Location:
    Lithia, FL
    I do think this whole thing was just due to Kaspersky trying to take a shot at nod32. If i was selling something and had a chance with a reporter to take a shot at my competitor without directly saying I was, I would. Also, I don't know about Kaspersky updating every 3 hours. I'm trying the demo of KAV5 on one of my boxes and it hasnt had an update since 3:00pm CST.
     
  4. Agreed Rod, but I can't believe Heuristics are THAT Good! That would put the Antivirus industry out of business. LOL...
    Just kidding...
     
  5. Well, that's a diffference of opinion.. Nothing personal.. I suppose the sucker will get caught when it comes out, but I would prefer not to have it in the system to begin with...
     
  6. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > NOD32 has detected Sasser.A worm before KAV.

    NOD32 has been updated to also detect Sasser.B.

    The problem with Sasser and similar "exploit" worms is, unless you have the appropriate Microsoft updates and patches installed, you could have every antivirus program in the world installed and the worm would still get you.

    > I'm agree with rodzilla, many times, NOD add detections to ITW viruses before KAV. I don't understand how, because KAV release updates every 3 hours.

    By default, NOD32 checks for an update every hour while you're connected to the Internet.

    Occasionally you'll see the virus definition base version number increase by two, or even three, since the previous update. This is because two or three updates were released in that hour. (We've had 6 updates in a single (date) day ... eight during a 24-hour period.)

    Kaspersky is usually fast with updates ... but their virus analysts are only human, and humans fall down occasionally. That's life in the antivirus world.
     
    Last edited: May 2, 2004
  7. Okay,, I will download NOD32 right now, uninstall KAV, and I'll run NOD32 for the whole trial period..

    You Got It!

    Who's to say what's obscure? LOL.. See the Problem I have.. Kav detects the kitchen sink.. To Quote Randy Bell.. LOL.. But I will do this now..
    I'll let you know..
    BTW, Do you consider "pornware" obscure crud? KAV with the extended bases detects a lot of that stuff.. Who else would?

    I'm downloading now..
     
  8. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > Agreed Rod, but I can't believe Heuristics are THAT Good!

    No ... they're not perfect ... but 80%+ is better than 0% any day!

    > That would put the Antivirus industry out of business. LOL...

    No ... if heuristics were 100% accurate it would put the VX out of business.

    > Just kidding...

    I know, Jim. :)
     
  9. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > Well, that's a diffference of opinion.. Nothing personal.. I suppose the sucker will get caught when it comes out, but I would prefer not to have it in the system to begin with...

    I download a zipped program because I want to use it. I don't even bother scanning inside the archive, even though NOD32 can do this. (Call me lazy!) If, when I unzip it, AMON flares up with a virus warning, I delete the extracted files and the archive. (I haven't had one of these for months ... I don't usually download from shaky websites.)
     
  10. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > For your above quote, I hope you're not implying I fell for it LOL... That's what it sounds like..

    Sorry ... I thought you were one of those forum users who did fall for the plot. Maybe I'm having a bad Alzheimer's day. :)

    > Besides, however obscure, a virus is a virus, right?

    Sure ... and a plot to rubbish a particular program, however carefully planned, is still a plot, right ?

    > Which ones would those be? TDS.. I tried it, and it mucked up my XP..

    I have a licensed TDS3 on XP. It has never caused me a problem. Why don't you contact the developers and see if they can shed any light on it ... it may be a conflict they've seen before, and can solve easily.

    > I am willing to try it when they become TDS 4.. How many years has that been now.. ... BOClean? No On Demand scanner.. I would prefer to have one.. Everyone else does... Trojan Hunter? That's what I use now.. Okay, but usually KAV kicks in first..

    "Usually". :)
     
    Last edited: May 2, 2004
  11. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    > Okay,, I will download NOD32 right now, uninstall KAV, and I'll run NOD32 for the whole trial period..

    I thoght you had a NOD32 license ?.?.?

    > Who's to say what's obscure? LOL.. See the Problem I have.. Kav detects the kitchen sink.. To Quote Randy Bell..

    A large percentage of VX collections is what the antivirus industry colloquially refers to as "crud" ... wannabe viruses, broken samples, lab samples that have never seen the light of day, and assorted non-viral junk labelled viral "because three scanners said so".

    According to Nick FitzGerald, an independent, well known, and well respected figure in the antivirus world (and former technical editor of Virus Bulletin), KAV is the undisputed king of "crud" detection ... ergo, accepting a file as a live virus merely on KAV's say-so is no guarantee that it is a live virus.

    > I'll let you know..

    I await with bated breath. :)

    (I'm very interested in the times.)
     
  12. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Isn' this getting a little repetetive(and just a bit silly!)somebody has to have the last word in any disagreement so lets let it drop and just agree to disagree as to which is best,as in reality its just down to the opinion of the individual and no amount of argument is ever likely to change that!
     
  13. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Aloha!

    Here is 'crud' file. KAV detect this 'crud' file as a virus, NOD32 doesn't. I send this file to samples@nod32.com, but they didn't add to database. I don't know why? Rename file to .exe. Yes, KAV detect only crud!!!!o_Oo_O All files which NOD32 doesn't recognize as virus are 'crud'. o_O

    Bye
     
  14. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    I removed the uploaded file. This one is a variant of the Agobot Backdoor. NOD32 detects with Advanced Heuristics as "probably unknown NewHeur_PE virus".

    Please don't upload malicious files here. Thanks.

    wizard
     
  15. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,473
    Location:
    The Netherlands
    Ladies and gents,

    This thread does have a very outspoken subject line. Seems like some way or another the subject has changed into a different one: Antivirus X vs Antivirus Y. As for now, please stick to the original subject: NOD32. If not, this thread will be closed.

    Feel free to jump over the the Other Antiviruses Forum to discuss all sorts of Antiviruses.

    regards.

    paul
     
  16. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,208
    Location:
    Fayetteville, Ga
    I would like to put my 2 cents in. I am not on a level of computer savy with a lot of you guys. I had NAV 2002. It gave me all kinds of trouble. So I did some researching and settled on NOD. I wanted a good AT so I did some more researching and settled on BoClean. All was well till Boclean came out with the new version. Everything locked up. I went to TDS3 and all is well again. I like it that way. I know that KAV is very good and if for some reason I have problems with NOD I will probably go to it. It is kind of a waste of time talking about which one is the best. It can be somewhat informative. But some combinations of software will not work on some computers. I like the idea of layered protection. Thats my 2 cents!
     
  17. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Paul
    Is this a quadratic equation where:-
    X=Nod Y=Kav
    and the answer is indeterminate??!!
    Steve
     
  18. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,473
    Location:
    The Netherlands

    Steve,

    Ahh...a mathimacal approach :D

    X=NOD Y=All Other Antivirus
    and the answer is "X only"

    (mmm...where my old math books :rolleyes: :) )

    regards.

    paul
     
  19. Hatsikidee

    Hatsikidee Registered Member

    Joined:
    Apr 3, 2004
    Posts:
    13
    Location:
    Netherlands
    What is a 'crud' file?
     
  20. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    The one that Wizard removed. ;)


    snowbound
     
  21. Hatsikidee

    Hatsikidee Registered Member

    Joined:
    Apr 3, 2004
    Posts:
    13
    Location:
    Netherlands
    Yeah ok.. I understand.. but what does is mean? o_O
     
  22. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I have no intention of knocking any antivirus but neither of them have found and caught the files in this log
    https://www.wilderssecurity.com/showthread.php?t=30246

    The point is are the files viral/trojan or just adware and if spyware/adware why do they use viral/troajn behavoiour to get on and resist removal

    The answer is not depend on any single malware control but use a layered approach
     
  23. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    From some posts by Nick Fitzgerald at the alt.comp.virus newsgroup:

    http://groups.google.com/groups?q=N...-8&oe=UTF-8&selm=3c78a386@clear.net.nz&rnum=6


    http://groups.google.com/groups?q=N...=01bfac05$f11bad00$0500000a@mobilenick&rnum=7
     
  24. Hatsikidee

    Hatsikidee Registered Member

    Joined:
    Apr 3, 2004
    Posts:
    13
    Location:
    Netherlands
    Thank you Sig for giving me a handle to explore further ! Always eager to learn more! :D
     
  25. BKK Aussie

    BKK Aussie Guest

    Have a look at your posts. You ARE a **** refrain from personal remarks - paul.
     
    Last edited by a moderator: May 3, 2004
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.