why no updates?

Discussion in 'NOD32 version 2 Forum' started by chrismorris, Jun 13, 2005.

Thread Status:
Not open for further replies.
  1. chrismorris

    chrismorris Guest

    i've read before that eset only supply updates to signature definitions when there is a need, ie new outbreak, etc. but why on the days when there are no updates released, and so presumably no new threats, dont they work through the back log of FPs or submitted files that nod32 misses that other AVs identify as genuine threats? I know they have them because i submit quite a lot and never seem to see anything done with them - FPs i have are still FPs, files identified as threats are still not flagged by nod.

    i'm not saying that they are sitting around doing nothing on the slow days where no new threats are released, but i'd expect to see some sort of update daily, even if it is just clearing through the files that users are submitting to them.
     
  2. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Hmmm no daily updates? Well I just installed the trail so I guess that was a waste. I want soemthing that keeps up to date every day. Looks like it`s gonna be Kaspersky or Avast!
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
  4. chrismorris

    chrismorris Guest

    yeah i read the sticky thread before posting, i should have mentioned that. it just seems odd to me that on days when other AVs are posting several updates in a day, eset doesnt deem any of the threats these AV companies are issuing signatures important enough to do anything about.
    I only worry because i decided to do an online scan with KAV and it found 3 files that NOD32 didnt detect (ie block from getting on my pc or find during an on-demand scan). submitting the files to jotti and another online virus scan service proved them to be a mx of trojans and diallers, which the main AVs all identified - the same AVs that update frequently during the day.
    Yes, these files have been submitted to Eset and i scan the folder i have stored them in after each NOD32 update to see if they have been included...nothing yet, and yesterday and so far today there has been no updates to the database.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please drop an email to support@eset.com with the content of the email you submitted, along with a link to this thread.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
  7. chrismorris

    chrismorris Guest

    hi, the files were submitted using the facility in the Quarantine section, i added some comments about what the other AVs identified the threats as.

    suppose i'm just rehashing what has already been said there arent I! thanks for the link
     
  8. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    i wouldnt be too hasty with this decision. the NOD32 product is excellent (i've been a user for about 4 years) and the Eset way seems to work very well. Just take a look at some of the independent reviews and customer testimonials.

    I must admit that i've had moments of doubt when i see no updates for a day, or just a couple of signatures added in the one daily update, but similarly i'd have doubts if i was using a product that relied mainly on massive databases alone, and not the heuristics that NOD32 employs so well.

    lee
     
  9. Stephanos G.

    Stephanos G. Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    720
    Location:
    Cyprus
    Is not the quantity but the quality. Some days we have more than two updates per day, sometimes once per day. No sense to judge an av with this kind of cretiria.
     
  10. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
  11. DON23

    DON23 Registered Member

    Joined:
    May 24, 2005
    Posts:
    34
    Location:
    ATLANTIS
    Ej...Just received an update....

    Time Module Event User
    13/06/2005 18:05:17 Kernel The virus signature database has been successfully updated to version 1.1137 (20050613).



    Feeling Better?

    :cool:
     
  12. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Yeah you`re right about the way it works and it does have great reviews. I think I`ll keep it on and see how it works out...I can over look the updates with their good program record.

    Thanks for the advice.
     
  13. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    And a second one today:

    NOD32 antivirus system information
    Virus signature database version: 1.1138 (20050613)
    Dated: Monday, June 13, 2005
    Virus signature database build: 5746

    http://www.nod32.com/scriptless/sup....htm#CurVersion

    :D
     
  14. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Nod32 has such great heuristics that a constant 'feel good' download of 'updates' is unnecessary.

    Viral threat increases and decreases day by day, if Eset guys detect a threat then they will cover it, but you can bet your life the heuristic engine will have already grabbed the nasty!
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please send me a personal message with details I can use to identify your sample.
     
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Yes NOD32 has updated twice today for me as well. Im satisfied with the amt of updates that Eset provides. :D
     
  17. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    I sedn samples to ESET, but I disagree that heuristic improvement is independent of a good database. Many files that I receive by mail are detected by Kaspersky Labs and are not detected by NOD32.
    I send the samples to ESET, but days after the file isn't added to database while toher AV companies added.
    Many times I feel myself dull and sad, therefore I strengthen myself to find infected files and to send them to ESET immediately, but great part of the files seems to be ignored. In fact, it's very harmful archives to the user (and no false-positives or benign files), as "Trojan bankers" and "Trojan downloaders". As well as I receive the files, other users receive them later and the data base OR the heuristic will only protects if recognizes the infections, what it not occurring in time with the NOD32.
    I see this as very bad thing, therefore the NOD32 could come to be the best antivirus if it invests in database as it invests in the heuristical.
    However, while ESET ignores the necessity to unite both things this is improbable. Beyond this, currently a good data base does not mean big update files or a big problem. Kaspersky is a very good example of it.
    :doubt:
     
  18. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    I'm sure you checked that the files Kaspersky found were actually working samples, correct?
     
  19. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    Yes... If people that use NOD32 execute the files, be infected...

    Two samples example (Kaspersky database name):

    Trojan-Spy.Win32.Banker.anv (Detection added Dec 16 2005)
    Trojan-Spy.Win32.Banker.ark (Detection added Jan 27 2006)

    More:

    Virus Top Twenty for January 2006:
    9. Trojan-Spy.Win32.Banker.anv 0.96


    The second set of ratings is interesting, as it gives us a fuller picture of malware distribution. This is in contrast to the standard Top Twenty, which is based on mail traffic data.

    The Online Top Twenty this month mostly contains Trojan programs. The majority of these programs are from the Trojan-Spy and Trojan-Downloader class. Feebs and Nyxem, which are mentioned above, but which didn't make it into the mail traffic Top Twenty, are also present.

    (http://www.viruslist.com/en/analysis?pubid=178957283)
     
Thread Status:
Not open for further replies.