Discussion in 'NOD32 version 2 Forum' started by Slovak, Jun 8, 2004.
Well said Sandish, very interesting point
There are common rules: providing the test bed used, how the test has been perfomed, Operating System(s) etc. None of these have been revealed.
seems is an essential wording here. In fact, since there's no test bed info revealed, there's no proof in any way, is there? . No log files either - nothing at all of the sort. Statements without any factual back up. Whatever AV involved: just another amateur test.
No offense intended - but your statement is build on a presumption - no more, no less. "miss these" - which ones exactly? No one knows...
It baffles me people don't ask relevant questions in this context. As said: testing is a serious business - up to now, this particular "test" is words only. Who's next?
It does seem like that at times, I agree.
Paul makes a good point. I believe the testbed included worms, trojans, as well as viruses, didn't it? So it seems possible that some of what was missed by NOD32 were NOT viruses. I think it's common knowledge around here (at least from posts I've read) that NOD32 is not that good at detecting Trojans and Worms, but concentrates on Viruses.
Kobra does seem to make a good point about ITW viruses. NOD32 seems to hang their hats on 100% ITW results. Has anyone seen what might be considered a professional (as opposed to amateur) test that shows NOD32 doing a good job at detecting non-ITW viruses?
I don't get it. How did you make a mistake if a drunk driver ran a stop sign and hit you broadside on the driver's side and you were driving under the speed limit, minding your own business? How did something go wrong earlier if your av scanner alerts on a false positive like mine is doing? I haven't done anything wrong. Why would I blame myself if a drunk driver changes my life drastically because he was violating the law or why would I blame myself for my av falsely alerting? Are you saying it is my fault I am using a program that AMON falsely thinks is virus?
I'd be interested in knowing what version of NOD32 Kobra used in testing and if he used Paolo's shell extension and then scanned with AH. I would be especially keen to know how NOD32 performs if he used the beta I have which has AH for AMON and AH as a choice for NOD32 on demand scanning. I wonder if he will test NOD32 once the beta is public or will he avoid this because he doesn't want NOD32 to perform well? All questions I'd like answered.
Whatever the shortcomings of the AV test under discussion, we should be aware that the results obtained were extremely similar to the results obtained by Andreas Clementi at http://www.av-comparatives.org/. I believe those tests have been praised by our moderator. They do show that NOD32 does lag behind some other AV products in terms of raw detection power when it comes to Windows viruses and non-virus threats. Of course, detection is not the only thing one should consider in choosing an AV. Usability, stability, and impact on system performance should all come into play. Nor does the fact that NOD32 had a lower detection rate mean it is a bad product. Indeed, Andreas emphasized that virtually all the products he tested will provide adequate protection when properly updated. Nonetheless, detection and elimination of threats are the basic functions of an AV product and performance in these areas cannot be ignored.
The screenshot below is from Clementi's website...
AVK Pro therefore, was not tested...
However, you're right.. Nod32 had similar results..
Still, I would like to see the scanning logs and or the testbed...
As has been mentioned previously, there are very few viruses out ITW. The most prevalent universal threat (as in email borne "viruses" for example) are in fact worms but they are most often commonly included in the term "viruses." So I don't think it's accurate to say that NOD is not that good at detecting worms and it only concentrates on viruses (of which there are few still ITW). (And just a side note, there are worms that also drop trojans/backdoors on a PC, just to make it a bit more interesting.) The days of the "pure" Antivirus are long gone. Regardless of how people regard NOD, it is not a "pure" AntiVirus. Just look at the ESET updates page to confirm that.
As for non-ITW viruses, most commonly refered to as zoo viruses, VB also has a zoo virus test and NOD often does a clean sweep: 100% on both ITW and zoo viruses in the VB tests. (Again, not including trojans.)
But there's a lot of malware out there: trojans, IRC bots, spyware, etc. in addition to viruses and worms. For users who don't engage in P2P and don't download mystery files from unknown sources but haven't addressed browser security, probably spyware is the most common scourge. And not all AV's deal with spyware to any significant extent (although for example it's difficult for the antispyware experts to keep up with all the new CWS variants, etc.). NOD I think is not one of the AV's that includes much spyware for detection. So if spyware is in a test I'd suspect NOD would be bested by NAV in that area for example. The likelihood of running into a wide variety of threats depends on a large part on one's computing practices/activities.
And there are some critters that some AV's apparently have problems keping up with...for example, IIRC the argobot family has been said to have over 500 variants (and not necessarily related enough so that even generic detection might get them all). I think I read that AV's are having to work hard to keep up with them, with varying degrees of success.
I think a lot of people want an AV to protect them always, all the time regardless of their computing practices. But I don't think any AV can really provide that kind of protection, frankly. (Especially if someone is active in downloading from areas that are known spawning grounds for malware.) If you find an AV that appears to provide better protection against the various threats that you might likely run into, go with it by all means. I prefer to regard myself as my first layer of defense and my AV is just a backup measure. YMMV.
I'd lay a £ to a penny(british saying!)that if the Kobra test results had shown Nod to be the "best thing since sliced bread"(another british saying!) not one of the people,Paul included,who are criticising his methodology would have bothered about the methods/files used you would have all been accepting the results and making posts/statements like"another test that shows Nod to be the best" without a thought about the methodology used!
I disagree. All one has to do is read the posts he has made. NOD bashing from the get-go.
His posts are all over the net in security and antivirus forums.
He will be discredited soon enough in those forums as he has been here.
I'd bet a "dollar to a donut" (Texas saying) that you would be incorrect.
I didn't realise he was basically a Nod basher,I was under the impression was a genuine test,which if he has set agenda it(to have a go at Nod) cannot be,has he some history here to make him "anti Nod"?
He was posting in the NOD forum and the other antivirus forum anonymously with the sole intent of discrediting NOD. He can no longer post here.
If it were a genuine test, where is the webpage where we can peruse the results? And, who is he and how is he qualified to test antivirus programs?
I could come here and say I have tested programs and give "results". It means nothing if you don't have the credentials.
It must be difficult for antivirus companies to live with bogus testers. That goes for all antivirus companies.
Doesn't need a web page a link to a pdf file with results+methods would be adequate
I would like to see a resume of his experience in computing and antivirus testing in general.
i didn't know Kobra is banned here. anyway there is no point in arguing here steve1955. its not that NOD32 users are blind or something. Sir Carew sent NOD32 some samples and they didn't add those samples. so he started a thread and in the end most of the samples were picked up. thats how things work here. its not that we go blind when NOD32 scores well. there are so many webpages claiming to have 'tested' this product. but tests like AV-test or VB or Checkmark or Clementi's are different. just visit their pages and you'll see the difference between their tests and Kobra's tests.
hey you'll find that in Clementi's NOD32 scored kinda low. but we all accepted it isn't it? but i like the way you are sticking up for Kobra, a rare virtue nowadays.
Hello AMRX. I would like to see these tests. Do you have links?
here they are dear Dazed and Confused.
don't forget to visit this site.
And here are some others:
This sums it up for me.
I'm feeling better about my NOD32 purchase already. Good article, Ronjor. It gives me a whole new perspective on anti-virus tests. And thanks to Kjempen and ARMX for the test sites.
Hi D & C, first of all I am a reseller, so some would say I'm biased, however putting that aside, I have installed over 400+ copies of Nod32, it really is great software, day in and day out I have people with the worlds number one selling AV coming into my shop with infected PC's, I don’t have this with Nod.
Nod is easy to configure and use, though takes a little tweaking to bring it up to maximum strength, and it takes a little more to delve into it and make it do weekly scans etc, though if you have someone helping it is not so hard after all, as we have found And the next version (Beta) to be launched soon is even more impressive
So all in all, you have a great product that works really really well, and together with other security products you can set your system up like a fortress
For the record:
Kobra has not been banned from this board for "NOD32 bashing". At first, we have asked him to refrain from posting on the NOD32 support forum focussing on different AVs - this is the NOD32 Support Forum after all. Kobra apologized in private for doing so - but couldn't live up to his promise. Therefore he was asked to keep out of the NOD32 forum at all.
Reason for banning has been posting over on this board all over the place using different guest names, fairly often in one and the same thread. Since many members/readers got very confused by this, he was asked to refrain from doing so and use his registered user name all the way: "Kobra". Instead of playing by this very reasonable request, he started using even more guest names. After being warned several times not to do so without any result, we did had no choice other then banning him - the second ban ever on this board; we hardly ever ban people.
It could well be, as a result from this ban Kobra started bashing NOD32 elsewhere. Strange move, since as said above, his banning is not related to NOD32 in any way. Anyway, that's not a concern of ours.
That sums it up, and the "Kobra book" has been closed as far as the NOD32 forum goes.
That my friend is a very interesting article to read. It is making me lean more toward purchasing NOD32.
Should be manadatory reading material for AV newbies. Sure makes me see things in a whole new light.
Separate names with a comma.