NOD32 or Kaspersky 5 or ???

[Roy]

Can't you see many of them for yourself in the comparative Ceily
posted in this thread? Not that that test is the best by any means but
the results aren't dissimilar to results I've seen in the past done by
av-test.org (and results I get myself). It's also known to exhibit a
unusually high false positive rate. It too often gives a lame
heuristic report rather than a exact identification like KAV does.
Not good for cleanup and disinfection when it can't ID a specific
malware and variant. In my old DOS virus collection it still misses
most virus droppers on-demand while scanners like KAV, F-Prot and
McAfee have no problem with them. And there's no av that handles
"containers" the way KAV can. For example, various oddball runtime
packers designed to defeat scanners, sometimes multiply packed with
different packers. And KAV scans "within" many archives including many
SFX better than any scanner I've ever tested.

I've snipped the rest of your post for brevity, but I do have to say that I
personally have experienced none of the problems described. Maybe I've been
lucky, but that's my experience as a user, not an expert. The only
disadvantage to Kaspersky which you mention is its tendency to bog down
some systems. That can be a big problem for those with slower systems, and
a significant consideration. I don't think I've seen the same criticism
levelled at NOD32, but I'm open to correection. I also seem to recall,
although it was some time ago, that Kaspersky was very prone to false alarm
on the merest trace of something which might at one time have contained
traces of viral code. I did, at that time have a small zoo of sample for
examination.

I'm not quite sure whether you've actually used NOD32 yourself 'for real',
but given your antipathy to XP, it certainly would not have been with that
OS, as it is here. Results of AVs can vary, as you well know, depending on
the OS being used.

As I think I've already indicated, I'm not a NOD32 'worshipper' (and I
don't think you're calling me one) simply a user of both that and Kaspersky
at various times, currently using NOD32, but prepared to recommend
either/both to those looking for an excellent AV, which is what started off
this discussion. Since trial versions of both are available, the advice to
try both for oneself and see what suits best still stands.

Cheers,

Roy

 

[null]

I also seem to recall,
although it was some time ago, that Kaspersky was very prone to false alarm
on the merest trace of something which might at one time have contained
traces of viral code.

Remnants of botched virus disinfections? So far as I know, most av
might alert on those.

I'm not quite sure whether you've actually used NOD32 yourself 'for real',

I've evaluated the DOS version several times over the years, and
recently a Windows version for home users.

but given your antipathy to XP, it certainly would not have been with that
OS, as it is here. Results of AVs can vary, as you well know, depending on
the OS being used.

You can test the basic on-demand scan engine capabilities using DOS
versions. Testing Windows versions mainly gives you insight into the
characteristics of the realtime monitors. Depends on exactly what you
have in mind when you say "results can vary depending on the OS".
Even DOS versions alert on malware aimed only at (and which can only
run on) NT based OS.

As I think I've already indicated, I'm not a NOD32 'worshipper' (and I
don't think you're calling me one)

Of course not. The ones I have in mind sometimes come in here like
vicious attack dogs posting through anonymous remailers. Damn buncha
idiots

simply a user of both that and Kaspersky
at various times, currently using NOD32, but prepared to recommend
either/both to those looking for an excellent AV, which is what started off
this discussion. Since trial versions of both are available, the advice to
try both for oneself and see what suits best still stands.

Which sidesteps and ignores the very questions and issues you were
pressing me to elaborate on. Choosing a av is more than just picking
some GUI that turns you on. Most people use a realtime monitor as
their first and main line of defense. To me, it makes sense to choose
one that offers the best detection in a variety of categories,
including backdoors and Trojans, as well as zoo malware. That's why I
recommend KAV or a product that uses the KAV scan engine.

There are a few other av that are doing well now as general purpose
malware detectors. I see Panda has come a long way. McAfee, which is
based on the former Dr Solomon scan engine, is very good. F-Prot also
has long done very well. Too bad it doesn't attempt to pinpoint many
non-virus malwares by name. Instead, it often reports heuristically as
"destructive program", or "possibly backdoor", etc.


Art
http://www.epix.net/~artnpeg

 

[Roy Coorne]

Using FF 0.9.3, when trying to view the "comparatives" page's 'online
results', it appears as a jumbled mess.

http://www.av-comparatives.org/seiten/ergebnisse_2004_08zz.php

The page loads fine in IE6 ...

....and shows what we (all?) know: Kaspersky 5.0 is the best!

Roy