What's With NOD?

Discussion in 'other anti-virus software' started by JerryM, Apr 23, 2007.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    NOD has been one of the most touted AV on the forums. It has shown up well on various tests. However, it seems to have taken a turn for the worst. I did not even make Advanced + on the last AVC tests.

    What is the cause of the downward trend, and will it recover its place as one of the very top AVs? Despite any arguments I do not consider it one the top Avs at this point in time. I am not a NOD basher, as I like it, and have found it to run flawlessly on both of my machines.

    I know that its heuristics are tops, but that is not enough for me. Avira's are about as good and it has a better detection rate.

    Regards,
    Jerry
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    Nothing. There are some people on this forum (some more than others) who get worked up over the results of one test. If they were the overall winner in 2006 according to av-comparatives, what happened in three and a half months to radically change their status?
     
  3. extratime

    extratime Registered Member

    Joined:
    Oct 14, 2005
    Posts:
    100
    1% more and it would have been Advanced+. Read the report for a better picture.

    People have been waiting to bash NOD32 and now they have let loose. I can think of two posters in particular at this forum who in almost every thread turn the conversation to bashing NOD32 even if that is not being discussed.

    NOD32 is still a good AV solution and still has a lot of positives.

    Yes competition is heating up and one should not dismiss the rise of Avira, but seriously I think the bashing is way overboard considering the slippage (if any) is so minor.

    We now return you to your regular NOD32 bashing.
     
  4. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    IME, I really liked the lightness of NOD when I tried it. But using it in the real world, however, taught me that it's not for me.:doubt:
     
  5. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    If you look at some of the tests being performed two or three years ago you will see that NOD has never been consistently a 'leader' of the pack, in fact it has usually been a little below the top. It's not a case of NOD getting worse in tests, it is more a case of AntiVir getting better (particularly its heuristics).

    http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67

    http://overclockers.com/articles1260/

    http://nepenthes.mwcollect.org/stats:scannertest

    There is a lot of hype about various AVs and it is best to discount that; and be cautious of test results (though no matter how much you knock them, they do at least seem to have similar overall placings when viewed as a whole). If NOD performs well on someone's machine then they will be satisfied, but that does not mean it is, or is not, the best choice for someone else. We must all make up our own minds.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Oh, please do not refer to www.virus.gr when talking about NOD32's detection any more :D You know why :D
     
  7. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    marcos:

    what do you think of pcworlds latest comparision for nod32?
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Of course I know why, I've heard explanations from almost every side of the battlefield about this, all points of view :D
     
  9. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Well surely this cant be me, since I am a licensed customer until October. But wont be after that point. I still feel F-Prot is better, or it will show it is by summer over Eset.
     
  10. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    I can think of more... :D
     
  11. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    I have no intention of bashing NOD, but wonder why, it seems, to me at least, to have taken a downturn. Several very savvy folks have rated it the No 1 AV overall. I wonder if it will remain so in their eyes. It certainly is not in my own view.

    When I have tried NOD it has run without a single problem. However, that is one factor, and I still use an AV for security. The best detection rates are the ones that I want to use normally, and while I seriously considered NOD, I am not well impresssed with it now. I admit to sometimes using Avast Home for a short period.

    Every time one questions a favorite AV it is not bashing. We are here because we desire to learn, explore, and try various security applications. It is somewhat "thin skinned" to be offended when one's favorite is questioned, or when fairly compared to some other applications.

    I agree that there is some bashing of both NOD and Kaspersky, but this thread is not about bashing, and I have not read any so far.

    Regards,
    Jerry
     
  12. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum


    Maybe they are putting too much focus on the security suite getting bugs and what not fixed?
     
  13. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    Totally true in my case as well, which is unfortunate.
     
  14. tsilo

    tsilo Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    376
    Reason, why nod32 isn t world s #1 AV is that their updates are very poor comparing Kaspersky or Avira.
    Each day number of updates produced by ESET are very few, probably they think because nod32 s heuristic is good, they don t need to work hard :rolleyes:
    If you send undetected sample to ESET and if this sample isn t serious virus, they will never add it to signatures... I often send samples to ESET, but they never answer and after 30-40 days this sample is still undetected by nod32, while other AV companys do that in 3-4 days... :shifty:
    Well now we can see how works Avira and ESET:
    1. Go to this link: http://www.avira.com/en/threats/section/vdfhistory/index.html here we can see updates produced by Avira in 23 april, counting them we know that Avira add 2048 signatures to database. :thumb:
    2. Go to this link: http://nod32sse.com/ here we can see updates produced by ESET in 23 april, counting them we see ESET added ONLY 169 signatures to database in the same date! :thumbd:

    So... What's With NOD? There is only 1 reason, very poor updates, ESET must work much harder.

    Sorry for my bad english.
     
  15. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    Over the last couple of months you've stated that NOD32 is better than Avira as well as Avira is better than NOD32. Can we hold you to the above statement?
     
  16. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    When speaking about Antivirus Products you have to keep in mind that a antivirus program is a living product. It's NEVER FINISHED. That's a big difference to a car for example. You don't have to update your car daily.

    And because of that it is pointless to judge based on a few tests how well every program performs. You have to see it in a long term relation. Of course one of the major points is detection. The best GUI design doesn't help if it doesn't find any viruses.

    The real important point is not how many samples Antivirus X doesn't find but how many important samples it didn't find. There are thousends of undetected malware files - detected by NOBODY except of course fortinet since that flags every wet poop anyway.

    It is also pointless to let a scanner run over millions of samples if you don't know what it is and how much distributed they are. The only way to get accurate testresults is if you (the tester) knows exactly what's going on. You have to know which types of malware are still circulating, which types of backdoors are popular and so on. And that simply doesn't work out if you just scan what you've collected from somewhere.

    There is no "Number 1 AV" and there will be none. NOD32 is a solid antivirus product and from a technical point of view more advanced than the Avira engine. NOD's emulation is top-notch for example. One reason why they are scoring good in heuristic tests without adding generic blacklisted packers.

    You can bring down every antivirus program with stupid tests. It would take a few min to setup a "testset" where kaspersky scores 0.5% for example. Now based on this 500.000 ppl would spam the kaspersky forum how bad they are. And the story would repeat there again: Somebody would try to explain that the used samples are not important, crap or garbage. And they're right! Almost every av program provides enough protection for the average user. You'll never have 100% protection, just keep that in mind. The big thing is of course how fast do vendors react to important things, meaning updating virus definitions. And i think that's not a secret, but Kaspersky is there amongst the fastest.
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Inspector, I have a question for you. And then I will sit down and shut up. A lot of us are by no means able to fathom what you know. But a lot of us do listen to folks like you, Marcos and Stefan. My question is, isnt just as equally as important to be able to clean, as to detect. If your AV cant properly clean the item, is that not considered inadequate from people such as yourself. Or is detecting it and disabling it adequate enough. I only ask, so folks a tad bit less astute as myself can learn and understand. By doing this we can inform others better, instead of misinforming. Thank you.
     
  18. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    You'll keep your promise do you? :D

    If you detect something in the first instance you don't have to clean it since your realtime monitor wouldn't allow to start it. I assume you understand that.

    The problem is if you install a AV on an already infected system - there you have to clean of course. Or - and this is most likely the major case - if the AV updated virus signatures and detects *now* malware what it didn't before.

    There are several different types of "cleaning". The most difficult is parasitic virus cleaning (depending on the virus type) and removing code-injecting trojans (for example code injection into winlogon.exe)

    Normal "stupid" malware you can just terminate and delete. There's no "cleaning" needed except maybe a registry key.

    Next problem is that some viruses (parasitic viruses, that means they attach their code to other existing "innocent" executables) corrupt files. Such files you cannot clean once they are corrupted. Most of the Vendors adding a ".DAM" (for damaged) for such virus samples. You can only delete such samples.

    Next problem is spyware. Usually they add hell a lot of registry keys or change them. Most of the AV programs only restoring the settings when infected by widely known spyware. You can maybe use some generic registry fixer.

    Another problem are heuristic detections. If you detect something via heuristic you might not know which registry key it creates. A simple trick helps there: Remember the executable name (for example WIN32X.EXE) and search the registry for autostarts with this name. If it exists then you can delete it. HOWEVER... Some Malware creates names similar to real applications. For instance the Quicktime Updater is a known victim of this. So you cannot just browse for registry keys in autostart. ( Example: Application X.EXE has a registry autostart and is NOT DETECTED. However, X.EXE loads QTUpdater.Exe and that is the malware file AND detected via Heuristic. If you delete now QTUpdater.EXE from the autostart you just deleted the REAL (non-malicious!) Updater for Quicktime. )

    I think u get the point...
     
  19. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I do sir, and thank you and I will keep my promise.;)
     
  20. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    Last edited by a moderator: Apr 25, 2007
  21. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Interesting. So what is done in such cases by most AVs? Some just do not clean the registry in case of heuristic detection, but some do...And how do they avoid this risk? o_O
     
  22. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I always liked NOD32, and still like, because of its very small usage resources, very good detection and being the first to add some new technology, but I never liked its support.
    They should have more attention and be more friendly with their users.

    I used it for almost 4 years, but now I don't feel the need of it and pay for it...
    We will see in a future...
     
  23. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Top post, this should be stickied or maybe printed on T shirts and handed out to the serial bashers on all sides!!:D
     
  24. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    NOT being a profesional av tester I have probably tested av's as much or more than anyone on this forum. And in my opinion I believe that Nod32 is a very good product. I personally can't and haven't tested it since my computer just doesn't like it and I can't get it to work right. This has nothing to do with the quality of Nod, just that it won't run on my comp due most likely to my software setup. But people that yell and scream that their av program let them down because of one test where it didn't get the higest rating. Those people need a shot of reality, nothing is the best ever. it can be extremely good but will have it's up's and downs. This includes every product made on the planet. So if Nod has run well for you in the past it surely will in the future. And if the higest rating in testing is that important to you just be patient and it will probably get there again. It is still protecting computers very well on many many systems all over the world.

    bigc
     
  25. Big Apple

    Big Apple Frequent Poster

    Joined:
    Aug 22, 2006
    Posts:
    724
    Find this a rather odd statement from a man like you and not being able to run Nod32. Bit strange to kick a product to heaven, not being able to use it yourself. Perhaps one of the many Eset 007 agents? I have notices here before........don't ever dare bashing Nod32. I must say, feel the same thing here reading your story!
    Here on Wilders, there seems to be just one AV product and you may guess......Yes! Nod32! I think there are too many shareholders here and that's what bugs me every time again.
    I absolutely don't agree with you at all!

    Big Apple
     
Loading...
Thread Status:
Not open for further replies.