NOD32 or Kaspersky 5 or ???

[Morgan Pugh]

Hi,

AVG 7 Pro just let me done when Kaspersky, NOD32 and HouseCall (or
whatever it is called) detected a virus on my system.

I am looking at NOD32 or Kaspersky now but not sure which one to get.
Both seem just as good as each other. Kaspersky 5 is very nice UI wise
but I am a little unsure if they will release a Pro version in a few
weeks/months and I will want/nee to by that for some advanced
features. NOD32 is nice (very fast scan engine, much faster than
Kaspersky) but I am a little unsure, not sure why though.

Which do you lot think it the better option in general?
--
Morgan Pugh

Email (ROT13): (e-mail address removed)
Web: http://mpugh.co.uk

PGP Key at http://www.mpugh.co.uk/pgp.asc

 

[null]

Hi,

AVG 7 Pro just let me done when Kaspersky, NOD32 and HouseCall (or
whatever it is called) detected a virus on my system.

I am looking at NOD32 or Kaspersky now but not sure which one to get.
Both seem just as good as each other. Kaspersky 5 is very nice UI wise
but I am a little unsure if they will release a Pro version in a few
weeks/months and I will want/nee to by that for some advanced
features. NOD32 is nice (very fast scan engine, much faster than
Kaspersky) but I am a little unsure, not sure why though.

Which do you lot think it the better option in general?

For general malware detection, you can't beat the KAV scan engine.
NOD32 is way down the list. You're kind of comparing apples and
oranges in a sense. Depends on what you want and features you consider
important. If you want top notch "zoo" and Trojan and "container"
scanning, choose KAV, or a product that uses the KAV scan engine, of
which there are several.


Art
http://www.epix.net/~artnpeg

 

[Darren J Bisbey]

Microsoft use the NOD32 AV in-house. Enough said...

(e-mail address removed) scribed the following...

 

[Vanguardx]

Hi,

AVG 7 Pro just let me done when Kaspersky, NOD32 and HouseCall (or
whatever it is called) detected a virus on my system.

I am looking at NOD32 or Kaspersky now but not sure which one to get.
Both seem just as good as each other. Kaspersky 5 is very nice UI wise
but I am a little unsure if they will release a Pro version in a few
weeks/months and I will want/nee to by that for some advanced
features. NOD32 is nice (very fast scan engine, much faster than
Kaspersky) but I am a little unsure, not sure why though.

Which do you lot think it the better option in general?

My inclination between NOD32 and Kasperksy is for NOD32. I found out
that Kaspersky adds an alternate data stream (ADS) to files it scans
which contains a hash code or signature of the file so it can simply
check the ADS to see if the file has changed from the last time it
scanned that file to speed up its scan. If the ADS' signature hasn't
changed then it doesn't have to rescan the file or recalculate the
signature. This speeds up scanning but it adds more data to each file.
If you uninstall Kaspersky, all those then superfluous ADS'es are left
behind.

This was reported for Kaspersky by other users (that actually bothered
to check if an ADS was attached to a file and found them from
Kaspersky). I don't have Kaspersky yet but was looking at what
anti-virus product to get when my current Norton subscription expires.
As a result of my research where I asked about AV products checking the
ADS (which apparently they do not), some Kaspersky users noted that
Kaspersky was adding an ADS to many files and that an uninstall did not
have the uninstall program remove the ADS from the files it added it to.

I don't remember for what version they found Kaspersky adding ADS to
scanned files (and not all files got an ADS attached), so it possible it
was for an earlier version and they quit doing that at some later
version. For me, NOD32 has the bigger lead for choosing an anti-virus
product but if Kaspersky has dropped using ADS then it's a close race
with NOD32. On behalf of a NOD32 user who checked and noted later in
the thread for the second link noted below, NOD32 does not use ADS.
They both have trial versions you can download to experience them for
yourself. Even if one did have an edge of the other, you need to pick
the one that you can understand best and will use, manage, and maintain.

For a couple of my discussions regarding ADS (related to defragmenting
and viruses and with links to info articles on what is ADS and tools to
detect them), see:
http://groups.google.com/[email protected]
http://groups.google.com/[email protected]&rnum=7

I haven't good info on which anti-virus products, if any, include
scanning the ADS, if used, for files. Ad-Aware's new SE version of
their anti-spyware product just starting scanning the ADS of files
(http://www.lavasoftusa.com/news/20040809.shtml) which means it did not
check the ADS before, and Spybot probably still doesn't check for an ADS
and scan it.

 

[null]

Microsoft use the NOD32 AV in-house. Enough said...

Ya. M$ never will get a clue


Art
http://www.epix.net/~artnpeg

 

[Ceily]

Kav is developing un uninstaller for the streams.

Go to: http://www.av-comparatives.org and check out the online results. And
make your own informed decision.

Ceily

 

[Roy]

For general malware detection, you can't beat the KAV scan engine.
NOD32 is way down the list. You're kind of comparing apples and
oranges in a sense. Depends on what you want and features you consider
important. If you want top notch "zoo" and Trojan and "container"
scanning, choose KAV, or a product that uses the KAV scan engine, of
which there are several.


Art
http://www.epix.net/~artnpeg

Really?

So the following quote is a lie?

"NOD32 expands its record of being the only antivirus system in the world
that has not missed a single ´In The Wild¡ virus, in the comprehensive
testing conducted by the industryÿs leading authority, the Virus Bulletin. 
This record is now over six years old and growing !

"NOD32 for NetWare retains the distinction of functioning as two NLMÿs, a
module for the on-access scanner and one for the on-demand scanner.
On-demand scans are performed via a command-line interface. NOD32 has had
this configuration for a long while and it serves very well as a local
solution on NetWare.

"NOD32 once again had 100% detection, with no false positives, thus earning
its record setting 28th 100% Award. In addition to this outstanding level
of detection,  NOD32ÿs scanning rate of executable files was almost six
times faster than some of the other products tested."

I'm using NOD32 here on XP, so you may say I'm biased if you like, but I
have installed and used Kapersky on another XP machine and I have great
respect for it. In my my book they're both excellent applications, and
since I think that here are now trial versions of both (and the definitions
can be updated) I'd say try them both, and see which suits better.

Cheers,

Roy

 

[Roy]

Ad-Aware's new SE version of
their anti-spyware product just starting scanning the ADS of files
(http://www.lavasoftusa.com/news/20040809.shtml) which means it did not
check the ADS before, and Spybot probably still doesn't check for an ADS
and scan it.

AdAware finds no streams here, whereas TDS-3 does so consistently.

I'd rather believe the latter, which does give me the chance to examine
them, and remove them.

Cheers,

Roy

 

[null]

Really?

So the following quote is a lie?

No. All av scanners aim at ITW viruses. But not all scanners are good
general malware detectors. NOD32 is very weak on Trojans for one
thing. There are other relative weaknesses as well.

"NOD32 expands its record of being the only antivirus system in the world
that has not missed a single ´In The Wild¡ virus, in the comprehensive
testing conducted by the industryÿs leading authority, the Virus Bulletin. 
This record is now over six years old and growing !

"NOD32 for NetWare retains the distinction of functioning as two NLMÿs, a
module for the on-access scanner and one for the on-demand scanner.
On-demand scans are performed via a command-line interface. NOD32 has had
this configuration for a long while and it serves very well as a local
solution on NetWare.

"NOD32 once again had 100% detection, with no false positives, thus earning
its record setting 28th 100% Award. In addition to this outstanding level
of detection,  NOD32ÿs scanning rate of executable files was almost six
times faster than some of the other products tested."

I'm using NOD32 here on XP, so you may say I'm biased if you like, but I
have installed and used Kapersky on another XP machine and I have great
respect for it. In my my book they're both excellent applications, and
since I think that here are now trial versions of both (and the definitions
can be updated) I'd say try them both, and see which suits better.

Art
http://www.epix.net/~artnpeg

 

[Criminal Element]

Microsoft use the NOD32 AV in-house. Enough said...

Not sure how to take that. Is this your idea of an endorsement!? :-D

 

[Name withheld by request]

I use both.........Nod32 runs full time (because it's low on
resources) and I use Kaspersky for "on demand". I have nod32 set
for max. After I download anything from the web (nod32 checks it
automatically), then I right click and let Kaspersky check it. Never
hurts to double check.

 

[Vanguardx]

Kav is developing un uninstaller for the streams.

Go to: http://www.av-comparatives.org and check out the online
results. And make your own informed decision.

Actually, to me, it seemed inappropriate to be using the alternate data
streams of files to record KAV's signature or, at least, to do so
without informing KAV users about its use. Although the ADS is somewhat
separate of the file, it is still part of the file, and *modifying* the
files you are scanning for viruses just seems very much against the
end-user intent of any AV product. Of course, the fact the Microsoft
never provided any end-user tools, like showing an ADS is attached to a
file in Explorer, was also an inexcusable security and usability blunder
by Microsoft.

Thanks for the link for some more info for comparing anti-virus
products.

 

[Vanguardx]

AdAware finds no streams here, whereas TDS-3 does so consistently.

I'd rather believe the latter, which does give me the chance to
examine them, and remove them.

Cheers,

Roy

To clarify, is it that Ad-Aware *SE* finds no alternate data streams?
Or is it that it found no *malware* in those alternate data streams?
There is a difference. From your statement, you make it sound like
Ad-Aware should alert the user if ANY alternate data streams are found
(and there are many used by Windows itself).

I would NOT expect Ad-Aware to tell you anything just because it found
files that used ADS. Nothing else, not even Windows, provides you any
tools or alerts that ADS is used on file(s). However, if you are saying
that you knew there was an ADS that contained malware but Ad-Aware did
not detect it (but Ad-Aware WOULD detect the malware in the normal file
stream) then that is a definite problem because Ad-Aware is not doing
what they claim in finding malware in alternate data streams.

As I recall from a brief glimpse of TDS-3, it reports if a file has an
alternate data stream but that's just saying the ADS exists, not that it
has malware in it. In my post, you could also use those tools to inform
you which files use ADS but, again, that is separate of actually telling
you which ones, if any, have malware in them.

 

[Tx2]

Go to: http://www.av-comparatives.org and check out the online results. And
make your own informed decision.

Yep, i'm decided. That site (or at least the comparatives) doesn't work
correctly in Firefox so it's not worth considering ...

 

[Tx2]

NOD32 is very weak on Trojans for one
thing. There are other relative weaknesses as well

Cite.

 

[Jari Lehtonen]

I use both.........Nod32 runs full time (because it's low on
resources) and I use Kaspersky for "on demand". I have nod32 set
for max. After I download anything from the web (nod32 checks it
automatically), then I right click and let Kaspersky check it. Never
hurts to double check.

Why not install a free download manager like Download Express where
you can configure KAV to start automatically when download is complete
and check the downloaded file immediately? And there are also other
benefits when using a dl-manager.
Jari

 

[Howard Harris]

I use both.........Nod32 runs full time (because it's low on
resources) and I use Kaspersky for "on demand". I have nod32 set
for max.

Could you explain what you mean by max here? Do you mean you have changed
the heuristic sensitivity from standard to deep level? I am asking
because, as a new user of NOD32, I noted in the help file the following
with respect to Amon and, as a result, I have not made such a change:

"The NOD32 heuristic sensitivity has been carefully optimized and the
Standard level should be used. Selection of the Deep level may result in an
increased number of false alarms. "

 

[bobas007]

Go to: http://www.av-comparatives.org

That site (or at least the comparatives) doesn't work
correctly in Firefox so it's not worth considering ...

??? I have no probs with this site.
Powered by Firefox

 

[Tx2]

??? I have no probs with this site.
Powered by Firefox

Using FF 0.9.3, when trying to view the "comparatives" page's 'online
results', it appears as a jumbled mess.

http://www.av-comparatives.org/seiten/ergebnisse_2004_08zz.php

The page loads fine in IE6 ...

 

[Jari Lehtonen]

"The NOD32 heuristic sensitivity has been carefully optimized and the
Standard level should be used. Selection of the Deep level may result in an
increased number of false alarms. "

You could download the newest 2.12.2 version, where you can select
also advanced heuristics. And max certainly means scanning all files.
Jari