I need some clarification (nav vs. kav)
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: I need some clarification (nav vs. kav)

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Posts
    113

    I need some clarification (nav vs. kav)

    My dad is mr. legal and hates to pirate software, and he doesn't want to spend "a lot extra" on kaspersky, because he buys licenses for all of our pcs (4). He thinks that norton ( ) is sufficient in protecting our computers/network from virii. I'm behind an NAT router and do regular av/windows updates. He told me to get some proof that kav is THAT much better than nav. I want to show him that nav is next to worthless, and takes little to no effort to get anything past it. I'd appreciate if you people could enlighten him a bit
    (I'm going to print this and show it to him, he told me to find info from "real people" because reviews aren't "accurate".)

    FYI: I'm using nav2k2 now and we're going to upgrade soon (hopefully kav)

  2. #2
    Junior Member
    Join Date
    Sep 2003
    Posts
    1
    Question for you.
    How do you perform you updates? Manually?

    As for Norton's ability to protect your machine from Virii - It does the job, as long as you do yours.

    You mentioned that Nav is worthless... Can you site examples.

    Thanks.
    Am a newbie. Much too much to learn and too little time :-)

  3. #3
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Viper: Your are not exactly justified..... Thus - your dad is not wrong..... He may not be spot on.... but he isn't wrong....

    Each AV company has to get a copy of an actual virus, study it, determine it's characteristics, find a signature and publish it. Now, if Norton gets it 1 hour before Mcafee then they _should_ come up with the new definition sooner.... and they probably would.

    When it comes down to it it's a matter of what you prefer and in this case it seems like you prefer Kaspersky while your dad prefers Norton..... We could argue "Symantecs" all day, , but in the long run we will all be right about major AV systems....

    The "name" systems work.... On any given day any one will work better than any other.... it's a fact of life.....

    Rider: I like Norton/Symantec..... But I use 2 AV systems before mail is allowed into my network..... Belt and braces....yeah.... am I right using either AV system over another.... I don't really know..... They are all so close to being "right"
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    I'm talking in terms of PE encryption, scrambling, packing etc...just about any form of exe modification will render it undetected to norton, with the same activity not changing the kav signature at all. When a signature is added, it is added for the unmodified virus, it is the core of the av that determines its effectiveness. And kav is updated daily, while symantec updates usually (bi)weekly. For example, I take any "widely used" trojan, in this case, Optix pro. I use tElock to encrypt the PE headers, and scan it with norton, it will not pick it up. This is true for many main-line av's such as pc-cillin and some versions of mcafee, because all they do is check for the unmodified signatures. Now if you take this encrypted file, and scan it with kaspersky, it will get it, every time, unless you really know what you're doing, ex editing offsets or change the source sufficiently. I can upload the file if you people want to verify this for yourselves.

    And the one I'd get, kav personal pro, is $90 or something.

    Handy: I do all of my updates, av and windows manually, because auto always doesn't download 100% of whats available.

  6. #6
    Junior Member
    Join Date
    Sep 2003
    Posts
    22
    You can find comparisons between different products on the VirusBulletin site. They do a fair good job of independent testing and reviews. There are other sites as well such as the one run by Andreas Marx <http://www.av-test.org/index.php3?lang=en> is also very good and he works his tail off to keep the info up to date. He's always working on new ways to test A/V software. I also trust his reviews.
    Where\'s the ka-booom?
    There was supposed to be an earth-shattering ka-booom!

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi,

    All major AV products "work" to an extent, some are better than others in some areas, many are not so good with trojans, and particularly spyware and adware. This is because the last three do not contain malicious code per se.................it is what people do with the code afterwards that is the problem.

    My warning is that the more "sensitive" the AV is, the more likely it is to give you false positives.......then you start to ingnore it............then BANG!

    I am also sceptical of these "all in one box" solutions, as I have not seen enough independent evidence as to how effective they are.

    I would recommend that you search for the AnalogX site and check out their "free" products, particularly "script defender". Also mobiusware's site as they do something similar. These programs intercept attempts to run scripts from where they should not be run, so are more behavioural in their approach. Also try the DiamondCS.au site and look at some of their free tools, particularly the one that protects the Registry.

    You should also gey AdAware 6.0 from lavasoft and SpyBot search & Destroy. Finally, have a look at WinPatrol from BillP Studios.

    All these are complementary to a good AV. And remember that a lot of malware kills AV and Firewalls before it does its dirty deed. That is why you should consider complimentary secondary defences.

    EDIT: I forgot to mention that some AV apps use a "Berkley sandbox" system, so they will let the app run in a constrained environment and see if it tries anything "naughty" before killing it.

    Also, you may disguise the malware, but can you get it to run afterwards...........back to sensitivity. If the malware won't run, it isn't malware, so won't get reported? I guess that is down to the AV co's policy.

    Hope that this helps

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    Senior Member
    Join Date
    Jul 2003
    Posts
    113
    Well I can get pretty much any virus past norton, not just trojans. And I already use ad-aware, great program for everyone.

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi Viper,

    Please have a look at the other extra defences I suggested, no matter what AV you end up with. My question was rather stupid as to "but do they still work?" as you would put your system at risk............and the AV has already done its work by detecting the virus in the first place. I am sorry about that, I am used to having lab machines available to let one loose on to see what it does

    Once again, sorry for asking a question that you would have had no sensible way of poviding the answer to.

    Please have a look at e-safe from Aladdin industries............it is a rather interesting AV approach you might find?

    Good Luck
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,210
    And kav is updated daily, while symantec updates usually (bi)weekly.
    ...
    I do all of my updates, av and windows manually, because auto always doesn't download 100% of whats available
    If you download the Intelligent Updater files manually, you'd see that Norton updates their definitions almost daily...

    For example, I take any "widely used" trojan, in this case, Optix pro. I use tElock to encrypt the PE headers, and scan it with norton, it will not pick it up. This is true for many main-line av's such as pc-cillin and some versions of mcafee, because all they do is check for the unmodified signatures. Now if you take this encrypted file, and scan it with kaspersky, it will get it, every time, unless you really know what you're doing, ex editing offsets or change the source sufficiently.
    I agree with you there, but there's one thing which you forgot to do in your test. And that was to decrypt the file you encrypted. The second it is decrypted, NAV, or other main-stream antivirus program, will catch it, and either clean it or quarantine it. The reason NAV and other antiviral programs don't catch encrypted files is because they are harmless until they are decrypted.

    AJ

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •