NOD32 or Kaspersky 5 or ???

[Howard Harris]

You could download the newest 2.12.2 version, where you can select
also advanced heuristics. And max certainly means scanning all files.
Jari

Thanks for replying. I have the latest version and advanced heuristics is
the default for Amon. I have now checked in the extension editor, the box
to scan all files - it is unclear to me what files are being scanned if
this is not checked, i.e., the default setting

 

[Howard Harris]

Using FF 0.9.3, when trying to view the "comparatives" page's 'online
results', it appears as a jumbled mess.

http://www.av-comparatives.org/seiten/ergebnisse_2004_08zz.php

The page loads fine in IE6 ...

It also appears as a mess in Mozilla 1.7.2

 

[kurt wismer]

It also appears as a mess in Mozilla 1.7.2

i must be lucky - i use the same version of moz and it looks perfectly
fine to me...

 

[null]

It also appears as a mess in Mozilla 1.7.2

I downloaded the PDF which reads ok in Adobe Acrobat 6


Art
http://www.epix.net/~artnpeg

 

[Howard Harris]

Using FF 0.9.3, when trying to view the "comparatives" page's 'online
results', it appears as a jumbled mess.

http://www.av-comparatives.org/seiten/ergebnisse_2004_08zz.php

The page loads fine in IE6 ...

BTW, if you think that looks bad, you should see the mess I get in Mozilla
1.7.2 with http://www.av-comparatives.org/seiten/ergebnisse_2004_02zz.php

 

[Howard Harris]

Thanks for replying. I have the latest version and advanced heuristics is
the default for Amon. I have now checked in the extension editor, the box
to scan all files - it is unclear to me what files are being scanned if
this is not checked, i.e., the default setting

Um, it's okay, just worked it out - fairly obvious really

 

[Rick]

i must be lucky - i use the same version of moz and it looks perfectly
fine to me...

When I first looked at it this morning with Moz 1.7, the table was
scrambled pretty badly. It now looks good. If I had to guess, I'd say
somebody with edit permissions for that web page also monitors this
newsgroup. <<smile>>

 

[SC]

No. All av scanners aim at ITW viruses. But not all scanners are good
general malware detectors. NOD32 is very weak on Trojans for one
thing. There are other relative weaknesses as well.

Yeah, and my washing machine is shite at baked potatoes, that's why I have
a microwave...

 

[null]

Yeah, and my washing machine is shite at baked potatoes, that's why I have
a microwave...

Which entirely misses the important point that many av scanners have
become quite good general malware detectors, while others have not.
And a couple of them are probably still better at Trojan detection
than most (or maybe all) anti-Trojan products.


Art
http://www.epix.net/~artnpeg

 

[null]

Thanks for the link for some more info for comparing anti-virus
products.

Here's an example of a test I'd like to see redone in 2004 for
comparison, and this time with about 12,000 Trojans:

http://www.claymania.com/tests-trojan.html


Art
http://www.epix.net/~artnpeg

 

[bobas007]

Using FF 0.9.3, when trying to view the "comparatives" page's 'online

results', it appears as a jumbled mess.

http://www.av-comparatives.org/seiten/ergebnisse_2004_08zz.php

The page loads fine in IE6 ...

In FF 0.9.2 PL no problems with THIS page
http://www.rifs.neostrada.pl/pic.jpg
But old "online results"... mess.

 

[Roy]

Which entirely misses the important point that many av scanners have
become quite good general malware detectors, while others have not.
And a couple of them are probably still better at Trojan detection
than most (or maybe all) anti-Trojan products.

Can't you just come out with it and tell us all just what these relative
weaknesses in NOD32 are? As a user I would like to know.

And are you also implying that Kaspersky has no relative weaknesses? It
would be unique bit of software if that were true!

Cheers,

Roy

 

[Roy]

No. All av scanners aim at ITW viruses. But not all scanners are good
general malware detectors. NOD32 is very weak on Trojans for one
thing. There are other relative weaknesses as well.

I don't think it has ever claimed to be a trojan hunter, but I'd think its
heuristics would find a number of them, but you'll need to expand the
second sentence in that quote if you wish to make your case.

Cheers,

Roy

 

[Roy]

Using FF 0.9.3, when trying to view the "comparatives" page's 'online
results', it appears as a jumbled mess.

http://www.av-comparatives.org/seiten/ergebnisse_2004_08zz.php

The page loads fine in IE6 ...

It loads fine here in Firefox 0.9.3.

I suggest that Tx2 needs to adjust the size of text being used by his
browser.

Cheers,

Roy

 

[Roy]

To clarify, is it that Ad-Aware *SE* finds no alternate data streams?
Or is it that it found no *malware* in those alternate data streams?

It simply doesn't see them here, and I know the applications producing them
and I've examined the contents, so it obviously doesn't alert on them.

Even if it managed to detect them, I don't think an alert would be
appropriate. It's surely enough just to show the user that they are
present?

TDS-3 does more than tell you they're present, you can capture the stream
and/or delete it. I've not yet found anything detrimental happening as a
result of my experimental deletions. I'm also pretty certain that they are
benign, but I would expect TDS-3 to alert on, and deal with, any malicious
content.

I was puzzled when I first discovered these streams, so I raised the matter
in a private forum and received what I believe to be information from some
experts. I can't claim that I understood it all though!

Cheers,

Roy

 

[Howard Harris]

It loads fine here in Firefox 0.9.3.

I suggest that Tx2 needs to adjust the size of text being used by his
browser.

I have the same difficulties with that page as Tx2 only using Mozilla 1.7.2
I tried, of course, changing the font size, but it would not reduce in size
at all, only increase, amplifying the mess. Ah well, time to move on ...

 

[kurt wismer]

@news20.bellglobal.com:




When I first looked at it this morning with Moz 1.7, the table was
scrambled pretty badly. It now looks good. If I had to guess, I'd say
somebody with edit permissions for that web page also monitors this
newsgroup. <<smile>>

except that i've seen that table ages ago (well, long enough ago that i
don't remember exactly how long ago it was) and it was perfectly fine
then too...

 

[null]

Can't you just come out with it and tell us all just what these relative
weaknesses in NOD32 are? As a user I would like to know.

Can't you see many of them for yourself in the comparative Ceily
posted in this thread? Not that that test is the best by any means but
the results aren't dissimilar to results I've seen in the past done by
av-test.org (and results I get myself). It's also known to exhibit a
unusually high false positive rate. It too often gives a lame
heuristic report rather than a exact identification like KAV does.
Not good for cleanup and disinfection when it can't ID a specific
malware and variant. In my old DOS virus collection it still misses
most virus droppers on-demand while scanners like KAV, F-Prot and
McAfee have no problem with them. And there's no av that handles
"containers" the way KAV can. For example, various oddball runtime
packers designed to defeat scanners, sometimes multiply packed with
different packers. And KAV scans "within" many archives including many
SFX better than any scanner I've ever tested.

And are you also implying that Kaspersky has no relative weaknesses?

Well since you put in terms of relativity (to other scanners) I'm hard
pressed to think of any off hand other than the fact that its realtime
monitor has been reported to bog down some systems. Of course, when
you get away from the technical aspects to the subjective, I can't
guess anyone's preferences. Some people are fascinated with scanning
email while to me it's absolutely useless.

I might add that some definitions of "zoo" malware are misleading. I
think Symantec says that zoo viruses are found in the laboratory, or
something like that, giving the impression that they aren't in
circulation. But there have been cases where malware that never made
it to the official ITW list were out there causing heavy damage. And I
find malware being dumped on newsgroups all the time which aren't on
the ITW list. Plus, anyone can download thousands of zoo malwares from
various internet sites. And I've helped users nailed by malware not on
the ITW lists. So IMO too much is made of ITW tests. And the use of
pass/fail criteria is infantile and very misleading.

(Time now for flames from the NOD32 worshipppers. Aren't religious
wars wonderful? )


Art
http://www.epix.net/~artnpeg

 

[Rick]

except that i've seen that table ages ago (well, long enough ago that i
don't remember exactly how long ago it was) and it was perfectly fine
then too...

<<shrug>> What can I say? I looked at it this morning and it was a mess.
Looked at it again this evening when I saw your earlier post and it looked
fine. Same browser, same system, the only difference being the time of day.

 

[xmp]

I might add that some definitions of "zoo" malware are misleading. I
think Symantec says that zoo viruses are found in the laboratory, or
something like that, giving the impression that they aren't in
circulation. But there have been cases where malware that never made
it to the official ITW list were out there causing heavy damage. And I
find malware being dumped on newsgroups all the time which aren't on
the ITW list. Plus, anyone can download thousands of zoo malwares from
various internet sites. And I've helped users nailed by malware not on
the ITW lists. So IMO too much is made of ITW tests. And the use of
pass/fail criteria is infantile and very misleading.

Hexed or source-modified trojans are popular. Always have been.

michael