Virus Bulletin 100% Award for November...

> the wildlist viruses are just a small caption of the malware ready to infect a home user, yet it's what vb icsa and checkmark are all about..

This is where you, and Firefighter, and many other forum users, fall off the rails.

Virus Bulletin, Checkmark, and ICSA do not test only against In the Wild viruses ... they also test against "zoo" viruses.

However, the "zoo" viruses used in Virus Bulletin, Checkmark, and ICSA tests have been individually checked and validated as infectious.

VXers and wannabe "virus experts" test antivirus programs against mountains of crud of unknown provenance ... rubbish files which they think are live viruses ... and this makes their test results worthless.

> so what i'm saying is that these tests mentioned by ff represent more the true situation a general home users faces, with trojans and stuff in the testsets,

Even if a collection didn't contain a heap of non-viral crud, and 100% of the samples had been tested and verified as live viruses, where is the "true situation" representation in a test score of 11.77% for TDS3, a highly rated anti-Trojan program, if it is tested against anything except Trojans ?

> that's why they're valuable, there doesn't even have to be a hint of scientific research in them ...

Such tests have zero value in the antivirus world. They invariably produce highly misleading results because the testing methodology itself is fatally flawed and can produce nothing else.

99.67% detection of 50795 malware samples is a very impressive score by anyone's standards ... the kind of score marketroids love to trumpet loudly in promotional material.

Q. Why doesn't F-Secure boast that their product was rated #1 in VirusP's last test ?

A. Because F-Secure knows the test results are worthless, and that they would be ridiculed by every professional AVer in the world if they quoted it.

It's not just me who thinks VX and wannabe "virus expert" tests are worthless, btw ... the whole antivirus industry thinks they're worthless!

You're free to believe whoever and whatever you like. The choice is yours.

 

> In my mind NOD is going to the right way just now despite of that you denied all the other tests than VB, which we have seen in the web.

You have never seen me "deny all the other tests than VB" ... if you care to check you will find that NOD32 has won numerous awards other than the VB100.

What you have seen is me say that Virus Bulletin tests are way ahead of the crap "tests" you persist in ramming down everyone's throats.

As far as "going the right way" ... sure, adding crud detection shut the anti-NOD32 gang up ... but it was the easy way out. I would have preferred to expose the shonky tests for what they were.

 

> ITW viruses are the problem. They present danger to anyone. If you see statistical info you will see where the real deal is.

You're right! Not long ago a check of the millions of infected emails intercepted by MessageLabs revealed that every single virus was an In the Wild virus.

 

> since kazaa and it's clones nowadays account for 70% of ALL network traffic

That's a little misleading. Perhaps with millions of people downloading billions of files several megabytes in size, 70% of all kilochr traffic is down to Kazaa and other P2P networks ... but by far the biggest percentage of individual item traffic is email, with its ugly sister spam running second.

Guess what ... over 95% of all viruses today are email-borne.

 

> Those anti virus companies that dont allow such tests when other "respectable" conpanies do so , will maybe have to pay the price over time , of seeming to be selective to the extent that it may look as if they are afraid of such independant testing .

Please point me to a "respectable" antivirus vendor who allows, quotes, praises, or even acknowledges as being anything other than worthless, an antivirus product test by a VXer.

I've been hearing the "Eset only ever quotes Virus Bulletin because it's the only test in which NOD32 does well" story from a small group of dedicated NOD32 bashers for the past two or three years. It was bullshit the first time I heard it, and it's bullshit now.

NOD32 has won many awards from many sources.

Virus Bulletin happens to be the source with the most "clout" in the IT Security world.

NOD32 holds the world record of 24 x VB100 awards.

Why would we not quote it ?

Do you think that if another antivirus vendor had 24 x VB100s, they wouldn't quote Virus Bulletin instead of ICSA or Checkmark or whoever ?

I've regarded Virus Bulletin as the world's best and fairest independent antivirus product tester since 1989 ... long before I became involved with NOD32 ... and I would continue to regard it as such even if NOD32 came dead last in its testing.

I know VB's testing methodology is squeaky-clean. Can you say the same about the "independent tests" to which you refer ?

 

> OK, bear with me, I'm a bit out of the loop. Is NOD32 not particularly good at worm and trojan detection?

Not according to some of the "virus gurus" who flog their "expertise" in security forums.

The terms "worm" and "virus" are to some degree interchangeable, and are often used to describe the same piece of malware. In simplistic terms, a virus infects files on your computer or network, while a worm spreads from your computer to other computers via the Internet. Pedantically, a Trojan is a program which purports to do (and may actually do) one thing while surreptitiously doing something else.

NOD32 specializes in virus detection, but it does detect many (if not most) common Trojans.

Having said that, my personal advice (and the advice of many Wilders regulars who know what they're talking about) is to "layer" your protection by using programs dedicated to detecting Trojans, spyware, backdoors, keyloggers, browser hijackers, etc, in addition to an antivirus program. (Javacool has made several good anti-* programs available on the Wilders Security website.)

 

I think you will find that most anti virus co are taking other tests seriously .



http://www.f-secure.com/news/awards/

I could bore myself by searching thru all the top anti virus home pages and listing the incredible amount of merits and awards from so many various sources but i shant .

>
NOD32 has won many awards from many sources.

Virus Bulletin happens to be the source with the most "clout" in the IT Security world.

NOD32 holds the world record of 24 x VB100 awards.

Why would we not quote it ? <

Possibly because a leading software company can also quote that and more .
> eTrust Antivirus has been certified by ICSA Labs and West Coast Labs, and CA has received a record 33 Virus Bulletin “VB 100%” awards for detecting 100% of viruses “in-the-wild.” http://www3.ca.com/press/PressRelease.asp?CID=51948

and they give it away half the time for free

anyways i do not feel arguments are the way . I shant
be joining http://www.noddy.com/fun/default.asp?NavGID=3

 

> By the way, rodzilla should be less agressive with anyone who says "NOD32 is not the best"

You can say "NOD32 is not the best" all you like, with no risk of me becoming "aggressive", provided you can back up that statement with proof.

The only "proof" of NOD32's inferiority I've ever seen in security forums has been drivel based on the results of demonstrably flawed "tests" conducted by VXers and wannabes and self-touted "professionals" with zero knowledge of proper antivirus testing methodology ... posted by people who will believe anything they read as long as it rubbishes NOD32.

 

> I think you will find that most anti virus co are taking other tests seriously .

> http://www.f-secure.com/news/awards/

Sorry ... I can's see any reference to F-Secure winning VirusP's last "test" ... and that and similar "tests" was what we were discussing.

> I could bore myself by searching thru all the top anti virus home pages and listing the incredible amount of merits and awards from so many various sources but i shant .

I'm sure you could ... but one Virus Bulletin award is woth more than ten "Poopsville Gazette" awards.

> NOD32 holds the world record of 24 x VB100 awards.

> Why would we not quote it ? <

> Possibly because a leading software company can also quote that and more .
>> eTrust Antivirus has been certified by ICSA Labs and West Coast Labs, and CA has received a record 33 Virus Bulletin “VB 100%” awards for detecting 100% of viruses “in-the-wild.” http://www3.ca.com/press/PressRelease.asp?CID=51948

A nice squirt of marketroid snake oil if ever I saw one!

CA's 33 x VB100 are divided between two products ... neither of which comes anywhere near NOD32's 24 x VB100.

I can say, sans snake oil and slippery marketroid fact-tweaking, "NOD32 has been certified by ICSA Labs and West Coast Labs, and Eset has received the world record of 24 Virus Bulletin “VB 100%” awards for detecting 100% of viruses “in-the-wild” with one product."

> and they give it away half the time for free

Go for it if you think the price is right.

 

Looking at the worldwide Statistics recently ( I have to try and find them but i shall ) , showed that the top 5 big companies worldwide do about 95% of the business in the computer security (anti virus etc)
. 5% is done
by rest ( smaller companies such as Nod etc) . Why would that be ? Do you think they also dont believe in the VB awards . These are very commercial companies and there clients are companies and businesses that surely must take advice from those who are skilled in order to be successful. Maybe they dont believe or subscribe to VB either.

 

> Looking at the worldwide Statistics recently ( I have to try and find them but i shall ) , showed that the top 5 big companies worldwide do about 95% of the business in the computer security (anti virus etc)

More people drive Volkswagens than Ferraris. So what ?

I'm not trying to convince you to buy NOD32 ... or a Ferrari.

 

I hope this thread doesn't turn sour like many 'Nod32 v The World' threads have before.

For me Nod32 hasn't let me down once in all the time I've used it, that means more to me than any tests and reports. If it ever lets me down then I'll look at why it did and maybe look around, but it hasn't.
They say "if it aint broke dont fix it"
Well it 'aint broke'

Just my opinion. And I hope this thread can stay friendly.


Kev

 

Solarpowered Candle, I'm not clear on what your point is with your last comment. But I'd say that a significant percentage of the world's top AV's (in market sales) is represented on the VB's advisory board:

http://www.virusbtn.com/magazine/overview/advisory/

Pavel Baudis, Alwil Software, Czech Republic
Ray Glath, Tavisco Ltd, USA
Sarah Gordon, WildList Organization International, USA
Shimon Gruper, Aladdin Knowledge Systems Ltd, Israel
Dmitry Gryaznov, Network Associates, USA
Joe Hartmann, Trend Micro, USA
Dr Jan Hruska, Sophos Plc, UK
Jakub Kaminski, Computer Associates, Australia
Eugene Kaspersky, Kaspersky Lab, Russia
Jimmy Kuo, Network Associates, USA
Costin Raiu, Kaspersky Lab, Russia
Péter Ször, Symantec Corporation, USA
Roger Thompson, PestPatrol, USA
Joseph Wells, Fortinet, USA

 

For the benefit of those who missed it, note that Eset is not represented in the list sig just posted. Remember this for the next time some know-nothing VX clown whines about Virus Bulletin stacking the deck in favor of NOD32.

 

Actually the thread has nothing really to do with nod so much at all . Perhaps it was taken as such earlier on from a comment from firefighter who was referring to something else ( Vet ).

Sig my point is to Rod and its quite obvious what i was referring to . And I doubt whether actually those you mention are in the catogry that i mentioned . Most are in that 5% catogry from the look at there associations.
The only exception, I believe, is the association with Symantic and CA associates who are in that 95% cata gory . Anyways this thread has gone off on a slight bender and I appologise for maybe having contributed towards that .

 

> I hope this thread doesn't turn sour like many 'Nod32 v The World' threads have before.

This isn't a "NOD32 vs The World" thread, Tinribs ... it's a "Rod vs All The Gullible People Who Believe In The Validity Of Shonky Antivirus Product Tests And Think Virus Bulletin Is A Shill For NOD32" thread.

> For me Nod32 hasn't let me down once in all the time I've used it, that means more to me than any tests and reports.

You may have heard that Australia is in Email Hell thanks to a huge problem Telstra (our main telecomms carrier) had with Swen.A ... a worm which did not infect one single NOD32 user anywhere in the world.

Despite all the negative "NOD32 missed 27356 viruses in my collection" crap you read in security forums, NOD32 seldom lets anyone down in the real world.

NOD32 isn't perfect ... but it's not one tenth of one percent as bad as certain people seem to spend every waking moment trying to convince everyone else it is.

> Just my opinion. And I hope this thread can stay friendly.

It probably won't. I have a low tolerance threshold for people who won't admit they're wrong when presented with irrefutable evidence ... and there are a lot of those around.

 

> Actually the thread has nothing really to do with nod so much at all . Perhaps it was taken as such earlier on from a comment from firefighter who was referring to something else ( Vet ).

Read your history and it will become obvious that Firefighter takes potshots at Virus Bulletin for no reason other than the fact that Virus Bulletin tests put NOD32 at the top of the mountain ... and he heaps praise and adulation on any test that doesn't.

> Sig my point is to Rod and its quite obvious what i was referring to . And I doubt whether actually those you mention are in the catogry that i mentioned . Most are in that 5% catogry from the look at there associations.

ROFL

NAI and Symantec between them sell more antivirus product than the rest of the industry combined ... and I don't think Trend Micro, Kaspersky Lab, and your favorite shill Computer Associates would take too kindly to being dumped in your "low 5%" category either.

 

Considering 95% of fortune 500 companies use CA associates and there software i can understand your comment .
I can understand you being defensive over any comments you feel are being directed against some thing you support strongly . however much you have milked this thread for it .
I dont have a problem with any product that helps keep our systems clean and tidy .

 

Lets me just say that fortune 500 Companies is a list of the 500 largest USA corporations. European, Australians, Asian & Middle East companies are not included here. So your info is only for USA and not the rest of world.


tECHNODROME

 

Well CA has various products, not just an AV. So without some info about what quoted numbers represent by product and function, the significance and applicability isn't dead on clear. (And Fortune 500 companies never get hit by viruses? Actually they do and it occasionally makes it into the press although they certainly don't like to publicize it for obvious reasons.)

According to Trend Micro their enterprise solutions have been adopted by over one-third of the Fortune 500 companies. (So CA has 99% of the Fortune 500, according to CA, while TM claims over 33%. Neat numbers.) Network servers and internet gateways seem to be their big thing. TM seems to do rather well in overall market share in those areas. My workplace recently switched to Trend Micro but also outsources email protection.

And interestingly, according to a year old Ernst & Young Study, some of those Fortune 500 companies many not be "world class" when it comes to digital security:
http://www.ey.com/global/content.nsf/US/Media_-_Release_-_07-15-02DC Odd, considering the goliath Fortune 500 security software company they appear to have advising them on digital security.

So while talking about Fortune 500 corps that's all fine and dandy, what does that mean for the average home user? Should people toss their AV and pick up Etrust or PC-Cillin instead just because a lot of Fortune 500 corporations use their companies' products? Home use is a different environment than corporate. And even the top corporations evidently don't always do the best job in securing their operations, although one would think they would given the stakes involved and the funds available for them to do so.

If corporate market share should be our guide, what are we to think when big corporations are victimized by new email viruses that some of our so-called "5%" AV's catch before a definition for the virus/worm is even released? Hmn.....

But this thread is supposed to be about November's VB test results, not about Fortune 500 companies.

 

For a sec I thought this was some Wall-Street forum.

Yup. Let’s stay on topic and leave Wall-Street out of this.


tECHNODROME

 

Most of the USA's big companies and state angencies use Mcaffee
here in the USA, including the company I regretfuly work for IGT.
Both the company and most of the state agencies were hit by all the main last worms. Most of which was caused by their so called IT professionals not updating the SIGs on a regular basis.
and not traning the workers on how to do it themselves.
Most of you know what I think about Mcaffee so I won't go into any of that here again. Now, alot of the state agencies are changing their tune
as to getting a different AV and trying harder to train their employess on safer surfing

 

Firefighter, you know that VB is not the only virus test organisation, but it is the most important one. This is a fact, or how else do you explain the following:

1. Respected AntiVirus Experts write Reviews and Virus Analyses for VB. Even Andreas Marx from AVTEST.ORG writes VB articles. For instance the last false positive review of certain AV programs.

2. All AV Vendors regard the VB Magazine and the results and reviews with respect. Even if ther own program did not score in this month.

3. VB works together with many other organizations such as wildlist.org. Did you ever hear about a alliance between wildlist.org and other self proclaimed antivirus testers such as ex VX'ers ? I did not.

There is much more knowledge needed than just reading the results and complaining about it. Much more. You have to understand the importance of a missed sample - missing an important sample is much worse than not detecting a bunch of old garbage viruses.

Or speaking about false positives - in a corporate environment you risk a lot of data with false positives. Just think about this - how should a normal user know that this file that is "infected" is clean ? He hits the delete button and your monthly company report is gone, even if it was not infected.

Judging an AntiVirus program's value is not a job for amateurs.

Regards,
Godzilla

 

Rodzilla, Godzilla, what's next--Modzilla?

I don't understand this 95%/5% crap being thrown around. What difference does the size and popularity of a company have to do with the quality and efficacy of its products? I doubt many big-name corporations run BOClean, but that doesn't mean I'm in a rush to uninstall it.

The big-name AV vendors have correspondingly big marketing, advertising, and sales budgets. Mystery solved.

 

To Rodzilla from Firefighter!

Because my name was quoted too many times I had to react.

You said. > Name one test that, in your "expert" opinion, is conducted with the same bulletproof methodology to the same exacting standards with the same degree of professionalism as the VB100 ... and this time try to come up with something valid ... to date, all your quoted facts and figures have been from tests by VXers and low-credibility wannabes using "virus" samples of doubtful provenance.

Thanks to you calling me "expert" even thus it was in parenthesis but I think that I am only among the common people and customers!

More important than rank av-testers is to find the consensus behind those different tests. Because the capability of av-products is hidden inside all independent tester's results and VB is the one which measures that what it's name is, VIRUSBulletin.

But when you asked, here are some that are including more (malwares too) to detect than VB in alphabetical order.

av-test.org
checkvir.com
Rokop
Virus Test Center; University of Hamburg, Computer Science Department


> Where does Computer Associates say "the 100% VB Award has lost it's purpose, when the real detecting rate has nothing to do with the Award."?

You missed the point. I meant that AWARDING ONLY clean in the Wild detectings with no false positives in the clean file test isn't fair to those very good performers overall.


> Your anti-NOD32 arguments are, and always have been, sheer puffery anyway. In addition to holding the world record in VB100 awards, NOD32 is also ISCA-certified ... and NOD32 is the first (and to date, the only) antivirus program in the world with Checkmark certification for Windows 2003 Server.

Be happy with it. But why you even reply to those sheer puffery makers?


Illukka wrote: "the wildlist viruses are just a small caption of the malware ready to infect a home user, yet it's what vb icsa and checkmark are all about.."


> This is where you, and Firefighter, and many other forum users, fall off the rails.

I have used several av:s and hardly ever have infected with a virus. How I know that? I have scanned my PC with NOD periodically and it hasn't found a single virus! Still I have got several bad things like trojans, worms or exploits etc, by using something else primary av than KAV engined ones. By the way, do you know what does it cost to an average dial-up modem user to update fully your WinXP to make those exploits harmless?


> Firefighter, you go out of your way to seek out shonky tests in which NOD32 performed badly ... then you tout those tests as Gospel Truths and blindly refuse to accept that they have little or no standing in the antivirus industry.

I have not said NOD is the worst available av in the market, I am not a NOD basher if you think so! The only that I tried to say that without KAV engined av, you are in trouble, use KAV at least with your backup because KAV is still the best against trojans and other malware.


> Virus Bulletin, Checkmark, and ICSA do not test only against In the Wild viruses ... they also test against "zoo" viruses

Where Ckeckmark testers use 6 000 different viruses and VB some 1 600 different virus names.


> where is the "true situation" representation in a test score of 11.77% for TDS3, a highly rated anti-Trojan program, if it is tested against anything except Trojans?

TDS3 detecting rate in VirusP 5-2003 against Trojans and Backdoors was 55,17%, not 11.77%, by the way, NOD has 59,70% detecting rate against Trojans and Backdoors in VirusP 5-2003.


> if you care to check you will find that NOD32 has won numerous awards other than the VB100.

Even I can learn something. Now I know where to find other than "Poopsville Gazette" tests!


> but it was the easy way out. I would have preferred to expose the shonky tests for what they were.

My vocabulary in english is growing thank's to you Rod!


> NOD32 specializes in virus detection, but it does detect many (if not most) common Trojans.

And even YOU admit that!!!


> More people drive Volkswagens than Ferraris. So what?

> I'm not trying to convince you to buy NOD32 ... or a Ferrari.

Are you sure about that? By the way, using Ferrari here in Finland during winter time is the greatest joke ever! Does it have a correlation with NOD too in difficult circumtances?


> This isn't a "NOD32 vs The World" thread, Tinribs ... it's a "Rod vs All The Gullible People Who Believe In The Validity Of Shonky Antivirus Product Tests And Think Virus Bulletin Is A Shill For NOD32" thread.

Unfortunately it was only your opininion about those gullible people!


> Despite all the negative "NOD32 missed 27 356 viruses in my collection" crap you read in security forums, NOD32 seldom lets anyone down in the real world.

I can only say that you know a source, from where it is easy to make a false positive test with 27 356 files, the winner we know of course, but let's think that NOD is a reference prog in there. I can help you a bit more, 5 671 clean files from av-test.org 2-2003 and 13 058 clean files from VirusP 5-2003 checked by NOD!


> NOD32 isn't perfect ... but it's not one tenth of one percent as bad as certain people seem to spend every waking moment trying to convince everyone else it is.

It's nice to see that from your keyboard.


> It probably won't. I have a low tolerance threshold for people who won't admit they're wrong when presented with irrefutable evidence ... and there are a lot of those around.

I totally agree the low tolerance! Are you sure that it's a valuable character feature?


> Read your history and it will become obvious that Firefighter takes potshots at Virus Bulletin for no reason other than the fact that Virus Bulletin tests put NOD32 at the top of the mountain ... and he heaps praise and adulation on any test that doesn't.

It's your opinion, unfortunately! Don't you see the correlation between that arrogance of some NOD folks and the reaction of so called NOD bashers as you called them?


> NAI and Symantec between them sell more antivirus product than the rest of the industry combined.... and I don't think Trend Micro, Kaspersky Lab, and YOUR FAVORITE SHILL Computer Associates would take too kindly to being dumped in your "low 5%" category either.

Shill; according to: http://dictionary.reference.com/search?q=shill&r=67

shill ( P ) Pronunciation Key (shl) Slang

n.

One who poses as a satisfied customer or an enthusiastic gambler to dupe bystanders into participating in a swindle.

v. shilled, shill·ing, shills
v. intr.
To act as a shill.

v. tr.
To act as a shill for (a deceitful enterprise).
To lure (a person) into a swindle.

Interesting viewpoint about CA & SHILL in my mind!


To Godzilla> Firefighter, you know that VB is not the only virus test organisation, but it is the most important one. This is a fact, or how else do you explain the following:

You said it, VIRUS tester, not antivirus program tester because the very many av-producers think a bit different way about that what an antivirus product have to detect.


To Godzilla too> 1. Respected AntiVirus Experts write Reviews and Virus Analyses for VB. Even Andreas Marx from AV-TEST.ORG writes VB articles. For instance the last false positive review of certain AV programs.

VB is also a forum where av-producers meet together, it's a good thing. The other testers are complementing the work what VB leaves behind.


I don't classify people to GOOD or BAD here at Wilders but they are either customers or salesmen. Obviously you Rod are not a customer in here!

By the way, do you know where I can open my own bank account to collect my share of that the amount of members here at Wilders is growing rapidly everytime you and me have a debate?


Best regards,
Firefighter!