Kaspersky versus NOD32

[Timothy McDaniel]

(I'm new to alt.comp.virus,alt.comp.anti-virus -- so please forgive me
if I'm supposed to use one rather than the other, or not cross-post.)

Norton AntiVirus(TM) 2001 had been hassling me about my LiveUpdate(TM)
subscription, and as I posted in alt.comp.virus, I found
contradictions in their Web pages about whether I could renew or not.
(They never did reply to my e-mail listing the pages, by the way.)

I was not concerned about it being cheap or using a lot of memory and
time, as I have money, memory, and a reasonably fast processor. I
wanted good protection. Mostly I process Microsoft Word and Corel
WordPerfect files on disk (my Linux system puts them there), so I
didn't need e-mail or WWW protection, but rather file and especially
macro protection.

I saw good reviews of Kaspersky's products
<http://www.kaspersky.com/>, and I saw a mention of integrity checking
(looking for unauthorized changes infiles or the Windows Registry) and
good heuristics. I was a little baffled because they don't clearly
describe the differences between Kaspersky(R) Anti-Virus Lite,
Personal, and Personal Pro, but I eventually bought Kaspersky Personal
Pro for US$100.

I regretted it quickly. I run Windows under VMWare
(<http://www.vmware.com>), and Kaspersky made VMWare Tools (fairly
useful) stop working under various conditions. If I deinstalled
VMWare Tools and reinstalled them, the next shutdown caused a Windows
kernel stack overflow and reset. There was at least one unexplained
Windows reboot. The first time I tried to get updates, it hung and I
had to reset my Windows virtual machine. Then, after I restarted and
connected to my ISP, I could't do a manual update -- the buttons were
grayed out and would not respond to clicks. Also, it was quite slow:
it took an extra minute or so to reboot. Also, it detected a file as
"corrupted" but the help didn't explain what a "corrupted" file was.
(I had to Goolge for it: it's an invalid Windows executable, probably
with its start point outside the file image.) I tried to look for
help on the Web-based forum, but I found it to be slow and unhelpful
(lots of questions had no answers, I think). I have deinstalled and
asked them for a refund. (They haven't responded yet.)

I backed out my system state to when I was deinstalling Norton
AntiVirus (bless you, VMWare!), and I bought NOD32 Antivirus System
for US$39 (<http://www.nod32.com/>) from Eset s.r.o. It has not shown
any problems. It can dial out to the Internet and get updates. I
didn't find the interface as confusing as Kaspersky. (Ugly and clumsy
I can handle. Confusing I don't like.) The install manual shows and
describes every screen, and which screens you see in typical, express,
and expert installs, and gives some details about why to choose one
thing over another. The other help seems generally better, from what
little I've seen.

Virus Bulletin has their 100% Award
(<http://www.virusbtn.com/vb100/>): they do periodic test of various
products against a suite of "in the wild" viruses. A program gets a
100% rating for detecting all the in-the-wild viruses and no false
positives. NOD32 has more 100% awards historically than any other
product, according to Eset, though several products currently are at
100%.

I'm sticking with NOD32, although it doesn't have the integrity
checking and I don't need its e-mail checking.

 

[Clive]

(I'm new to alt.comp.virus,alt.comp.anti-virus -- so please forgive me
if I'm supposed to use one rather than the other, or not cross-post.)

Norton AntiVirus(TM) 2001 had been hassling me about my LiveUpdate(TM)
subscription, and as I posted in alt.comp.virus, I found
contradictions in their Web pages about whether I could renew or not.
(They never did reply to my e-mail listing the pages, by the way.)

I was not concerned about it being cheap or using a lot of memory and
time, as I have money, memory, and a reasonably fast processor. I
wanted good protection. Mostly I process Microsoft Word and Corel
WordPerfect files on disk (my Linux system puts them there), so I
didn't need e-mail or WWW protection, but rather file and especially
macro protection.

I saw good reviews of Kaspersky's products
<http://www.kaspersky.com/>, and I saw a mention of integrity checking
(looking for unauthorized changes infiles or the Windows Registry) and
good heuristics. I was a little baffled because they don't clearly
describe the differences between Kaspersky(R) Anti-Virus Lite,
Personal, and Personal Pro, but I eventually bought Kaspersky Personal
Pro for US$100.

I regretted it quickly. I run Windows under VMWare
(<http://www.vmware.com>), and Kaspersky made VMWare Tools (fairly
useful) stop working under various conditions. If I deinstalled
VMWare Tools and reinstalled them, the next shutdown caused a Windows
kernel stack overflow and reset. There was at least one unexplained
Windows reboot. The first time I tried to get updates, it hung and I
had to reset my Windows virtual machine. Then, after I restarted and
connected to my ISP, I could't do a manual update -- the buttons were
grayed out and would not respond to clicks. Also, it was quite slow:
it took an extra minute or so to reboot. Also, it detected a file as
"corrupted" but the help didn't explain what a "corrupted" file was.
(I had to Goolge for it: it's an invalid Windows executable, probably
with its start point outside the file image.) I tried to look for
help on the Web-based forum, but I found it to be slow and unhelpful
(lots of questions had no answers, I think). I have deinstalled and
asked them for a refund. (They haven't responded yet.)

I backed out my system state to when I was deinstalling Norton
AntiVirus (bless you, VMWare!), and I bought NOD32 Antivirus System
for US$39 (<http://www.nod32.com/>) from Eset s.r.o. It has not shown
any problems. It can dial out to the Internet and get updates. I
didn't find the interface as confusing as Kaspersky. (Ugly and clumsy
I can handle. Confusing I don't like.) The install manual shows and
describes every screen, and which screens you see in typical, express,
and expert installs, and gives some details about why to choose one
thing over another. The other help seems generally better, from what
little I've seen.

Virus Bulletin has their 100% Award
(<http://www.virusbtn.com/vb100/>): they do periodic test of various
products against a suite of "in the wild" viruses. A program gets a
100% rating for detecting all the in-the-wild viruses and no false
positives. NOD32 has more 100% awards historically than any other
product, according to Eset, though several products currently are at
100%.

I'm sticking with NOD32, although it doesn't have the integrity
checking and I don't need its e-mail checking.

On a similar note. My subscription ran out for NOD32 and I happened to 'Win'
in a competition McaFee v8.

Installed it and boy oh boy, slow or what! My system took 11 minutes to boot
from cold (restarts took 1 minute). With Nod32 it was always less than 1
minute.

Needless to say I have now paid another year for NOD32 (Ver 2) and I'm
sticking with it!
clive

 

[optikl]

I'm sticking with NOD32, although it doesn't have the integrity
checking and I don't need its e-mail checking.

You can get 3rd party integrity checkers. Do a google and you'll see what's
available.
Hope you get a refund. If they give you a hassle, see if you can get a
multi-year license ( 5 years) for KAV lite.
KAV really blew it when they decided to add all that overhead to a really
good application (version 3.5).

 

[Gerhard Beulke]

(I'm new to alt.comp.virus,alt.comp.anti-virus -- so please forgive me
if I'm supposed to use one rather than the other, or not cross-post.)

Spam...

It seems that Eset needs money/customers otherwise there wouldn't be
this blatant spam above.

 

[Timothy McDaniel]

It seems that Eset needs money/customers otherwise there wouldn't be
this blatant spam above.

Er, no.

I have been employed by IBM for about 7 years. I have no financial
connection I know of with Eset, except that I've been an Eset customer
to the tune of $30 since about 10 PM yesterday.

I am a real person with Usenet history. I've been posting at
(e-mail address removed) since August 2002, (e-mail address removed) about May 1999-August
2002, (e-mail address removed) about April 1995-May 1999, and so on. My earliest
article that Google Groups has is from uiucdcs!mcdaniel on 1982-06-14.
"References upon request."?

I was confused about anti-virus software. I used Google to find Web
sites with comparisons and didn't find much. I used Google Groups to
find more information in these newsgroups and didn't find all that
much either. So I thought I'd help people a little.

All I can do is offer my own experience. Someone else's experiences
may differ. Many other people seem to be happy with Kaspersky, and if
it works for them, good for them. And I see a drawback to NOD32: the
lack of integrity checking. I also haven't used NOD32 much yet (just
one update), so maybe I'll see serious problems in the future. I'll
let folks know.

 

[M Greene]

One very serious problems with NOD32 is that v. 1 doesn't come with a way to
exclude files or directories, and v. 2 does...but v2 apparently requires
that one enter the exclusions in DOS language, in Caps with ~ signs, etc.,
and there is absolutely no documentation to this effect anywhere in the Help
file or on ESET's website.

The problem came to light when my Thinkpad wouldn't go into standby anymore.
Seems that BOClean 4.11 and NOD32 (vi and v2) can't operate together without
defeating power management.

I spent about ten+ hours troubleshooting this issue, which included a
lengthy correspondence and phone conversation with ESET executive staff.
While I like the speed and small footprint of NOD32, I was appalled by the
company's ignorance of their own software's behavior (they didn't even know
about their exclusion feature requiring DOS entries, for example).

My NOD32 license is expiring next month. Suffice it to say that I am looking
for another AV program.

Regards,

MG
Change antispam 2k to 2000 in replying

 

[TX2]

It seems that Eset needs money/customers otherwise there wouldn't be
this blatant spam above.

duh!

 

[Gerhard Beulke]

One very serious problems with NOD32 is that v. 1 doesn't come with a way to
exclude files or directories, and v. 2 does...but v2 apparently requires
that one enter the exclusions in DOS language, in Caps with ~ signs, etc.,
and there is absolutely no documentation to this effect anywhere in the Help
file or on ESET's website.

The problem came to light when my Thinkpad wouldn't go into standby anymore.
Seems that BOClean 4.11 and NOD32 (vi and v2) can't operate together without
defeating power management.

I spent about ten+ hours troubleshooting this issue, which included a
lengthy correspondence and phone conversation with ESET executive staff.
While I like the speed and small footprint of NOD32, I was appalled by the
company's ignorance of their own software's behavior (they didn't even know
about their exclusion feature requiring DOS entries, for example).

My NOD32 license is expiring next month. Suffice it to say that I am looking
for another AV program.

Regards,

MG

Not only this, some Email clients like Eudora are not supported for mail
checking.
Here is the mail:

"At 06:44 PM 28/05/2001 +0200, you wrote:
hi,

I've now spent some time browsing eudora's configuration dialog and I
haven't been able to figure out how to set the port number there. it
means
that pop3 scanner cannot be configured with multiple accounts.

palo luka
eset software

Hello Palo,

Thanks for your reply.
You claim, that NOD32 is able to work with Eudora.
Would it be possible in the near future?
Thanks.

Kind Regards
Gerhard Beulke"

I did not get an answer back so kiss good bye.

PS: Is it supported now?

 

[cquirke]

On Fri, 19 Sep 2003 21:43:41 +1000, Gerhard Beulke

Not only this, some Email clients like Eudora are not supported for mail
checking.

That's not as crucial for Eudora as for some, given that:

1) Eudora is not attacked by message "text" (HTML)
2) Eudora does not hide attachments in mailboxes

http://users.iafrica.com/c/cq/cquirke/empath.htm refers.

For (1) to be 100% true, you should go Tools, Options, Viewing Mail
and DISable "Use Microsoft Viewer".

On (2); as Eudora storaes incoming attachments as files, these will be
scanned upon creation by the resident av. No need for desperate
patch-ins into the POP3 axis, as there would be otherwise.

Is that requirement from NOD32 or the ISP? It certainly isn't from
Eudora, which supports multiple Internet email accounts in two ways:

1) Use different shortcuts pointing to different data sets
- each account appears in a separate instance of Eudora
- no settings overlap
- can run both at once
- works in Lite, Sponsored and Paid modes

The key to this approach is the shortcut used to run Eudora, which can
point to different mail data locations - e.g.:

"C:\Program Files\EUDORA\EUDORA.EXE"
= "Run Eudora.exe with data in the same base directory"

"C:\Program Files\EUDORA\EUDORA.EXE" D:\E-MAIL
= "Run Eudora.exe with data in D:\E-MAIL"

"C:\Program Files\EUDORA\EUDORA.EXE" D:\ABSAMAIL
= "Run Eudora.exe with data in D:\ABSAMAIL"

Items in the mail data set include:
- Eudora.ini (holds the settings and mail account details)
- NNDBase.txt and NNDBase.toc (the address book)
- *.MBX and matching *.toc (the mailboxes)
- directories with names ending in .FOL (mail folders)
- other directories and files

By creating multiple shortcuts that run with different email data
locations, you can run Eudora with completely different mail account
settings (and can do this at the same time). Each will act
independently of the others. The Eudora.ini in each will hold not
only the account's server settings etc. but also the location for
attachments (set with care!)

General strategy:
- locate email data within the backed-up data set (e.g. D:\DATA)
- locate attachments OUTSIDE this
- use a suspect subtree (e.g. E:\SUSPECT\ATTACH)
- don't mix with attachments from other mail accounts
- ALWAYS specify a mail data location (else merges with code files)
- ALWAYS set the attachment location (else pollutes mail data set)

2) Use the Personalities feature
- accounts appear in the same instance of Eudora
- may be some settings overlap
- both run at once
- works in Sponsored and Paid modes only (not Lite)

Personalities are accessed via the last tab of the Mailbox pane to the
left of Eudora's window. The facility is not available in Lite mode.

You can set different mail account settings for each personality, i.e.
different server names etc. When Eudora operates using mail data set
up in this way, all personalities can be used and accessed via the
same Eudora window - a nice way to manage multiple email accounts as
if they were one (e.g. old vs. new).


You can mix these strategies. For example, two pll sharing a PC may
use approach (1) to have separate data sets, so that each does not
trip over the other's mail. One user may be in Lite mode, the other
in Sponsored - allowing the latter user to also access multiple email
accounts using the Personalities feature.

I've now spent some time browsing eudora's configuration dialog and I
haven't been able to figure out how to set the port number there. it
means that pop3 scanner cannot be configured with multiple accounts.

Eudora's an Internet email app, meaning that (unlike Pegasus) it won't
work as a LAN email client on anything other than TCP/IP. That isn't
what's involved here, by the sound of it... I'd look in Eudora.ini
(which is where the settings are) as well as Eudora's support forums;
I found good answers to odd questions from FAQs there.

------------------------- ---- --- -- - - - -

Loneliness is a priviledge, not a right

 

[Gerhard Beulke]

Is that requirement from NOD32 or the ISP?

That's the email I sent to Eset.
I have 30 different email accounts set up in Eudora.
The answer from Eset was posted below my email.

Cheers