Why is Nod32's scanner so fast?

Discussion in 'NOD32 version 2 Forum' started by neophius, Nov 6, 2004.

Thread Status:
Not open for further replies.
  1. neophius

    neophius Registered Member

    Joined:
    Oct 13, 2004
    Posts:
    3
    Re: Future Changes to Nod32

    I think that NOD32 Scans extremely fast in comparison to other AV and picks up most if not all virus i have ever come accross how is this possible and does it use a different scanning proceedure.
     
  2. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Re: Future Changes to Nod32

    Read my lips - the magic words are assembly language. Plus add couple of brainy geeks...
     
  3. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    A little copy from this page.... http://www.nod32.com/news/awards.htm

    Generally, antivirus products are expected to be either a good virus detector or a fast scanner. In Virus Bulletin's published test results, in addition to unbeatable 100% detection, NOD32 also demonstrated an awesome throughput rate in excess of five million kilobytes per second - a scanning speed 3.7 times faster than the only other perfect-scoring product, and a full 5 times faster when scanning EXE files.

    Also I have a few links from my previous post... https://www.wilderssecurity.com/showthread.php?t=52132&highlight=stinkin
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    one reason it has that kind of speed is it's lack of good compressed file unpacking. Other av programs that do scan deep in compressed files tend to be slower because of all of the files that have to be unpacked so they can be scanned. But with nods hueristics it helps tp detect a few more baddies.
     
  5. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    Humm .... don't know.. but I do know it scans and finds stuff in zipped files.. something that mcafee wouldn't do.... I took a virus and zipped it.... that alone hid it from mcafee.....
    Also nod32 will scan and remove from your restored files...

    One thing that may make it faster... "and maybe someone with some real knowledge can verify or discount"... is that nod will uncompress a file and keep on scanning while the other file is uncompressing.. rather than stop and wait till its uncompressed?
    Seems I read something to that effect somewhere, unless I'm mixing my facts "which is possible!"

    All I know is that I have mine set to scan "all files" , which means compressed too.... and it finishes a scan of my C drive much faster than any other av system I"ve used so far.... and if you feel it doesn't scan as deep...that maybe, but it finds stuff the others have missed?

    Some av's only scan the "most likely" places in a file that the virus hides... according to how aggressive you place your settings.... nod32 is still fast even with everything turned to the max.

    It would be fun to put a virus in a zip, then rar it, then zip it again and see how many levels it took before nod32 wouldn't find it anymore?

    Maybe Ill do that sometimes!..... But somewhere along the line.. its a mute point, because the virus that is zipped and zipped again etc.. cannot hurt you! And as long as your av is "johnny on the spot", if and should you accidently extract it, thats all that really matters!
     
  6. Sisko

    Sisko Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    42
    The speed depends also on :

    1. The number of virus/trojan signature in the database
    2. The way compressed files are scanned

    1. NOD32 limits the size of signature database to "In the Wild" virus/trojan. Some others av use a "full" database inculding rare virus/trojan also.

    2. NOD32 unpack a limited number of self-extracting compressed and "packed exe" formats. Try with a Winzip made self extracting archive (ZIP base). Some other av scan inside many more of these self-extrarting and "packed exe" files.

    Sisko
     
  7. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    This is really insignificant regarding to to the speed
    No. It depends on the speed of unpacking engine and scan engine itself
    This, to say it in a very honest way "does not reflect the reality"

    It unpacks major and important formats.
     
  8. Sisko

    Sisko Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    42
    Then why Eset limits the size of its database then ?

    No ? If the archive or packed exe is not supported by the engine the speed is irrevelant.

    'your' reality is not mine. It depends where you get the files you want to scan.

    Self extracting zip or rar archive are not in major and important formats ?

    I do not want to start a flame here. NOD32 is one of the best AV, but its speed means compromise. ESET are well aware of that.

    Sisko
     
  9. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Are you saying that if you were to unmark the scanning of "compressed files that have to be unpacked" when testing with both NOD and other AVs that NOD's scanning speed will not be any faster then some of the other AVs?
     
  10. Sisko

    Sisko Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    42
    Measuring the speed of an av is so easy. Some factors when doing testing are :
    - Witch files are scanned. Is the scan based on extentions or using a file type recognition. Are the extentions used the same in all AVs ?
    - Is the scan engines using heuristics ?
    - Is the scan engines expand the same packed EXEs ?
    - Is the scan engines scan all the files (are locked files scanned for example) ?
    - Is the scan engine scan inside the same self extarting archives ?
    - Is the database size matter (using different databases like KAV or options to select non viral threat like 'potentialy dangerous applications' in NOD32 and MCAFEE) ?
    - Is the scan engine start with a scan of the object in memory before the file scan ?
    - Is the scan engine use a mecanisme to not scan the files twice with the same virus definition base ?

    I think that NOD32 is probably the fastest scanner. I think also it has one of the best protection againt virus and the most seen trojans.

    But is scanning speed important for an on demand scanner ?
    Is scanning inside self extracting archive important if the on-access scan will scan the files during the extraction process ?

    Sadly one AV does not fit all.

    Is an AV necessary if you are using patched products and act with wisdom when opening files from outside ?

    Is NOD32 or other AVs enought for a novice user who use P2P to download illegal things ?

    Sisko
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,790
    Location:
    Texas
    Not for me. I do like my realtime scanner light and fast.
     
  12. windstrings

    windstrings Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    337
    I do not want to start a flame here. NOD32 is one of the best AV, but its speed means compromise. ESET are well aware of that.

    Sisko[/QUOTE]

    I have found just the opposite.... the proof is in the pudding.. irregardless of how we all think it happens.
     
  13. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Don't mess packers(UPX,ASPack,PE.Compact...) with archives (ZIP,RAR,ACE,7-zip). First are REQUIRED while second one are just a waste of resources (if you want to scan them on-access) IMO.
     
Thread Status:
Not open for further replies.