nod32 anti-virus 64bit

[saugatak]

Whether NOD32 uses a lot of kernel resources is not the issue. The issue is:

1) whether NOD32 uses more kernel resources than other AV programs; and

2) whether using more kernel resources has a visible negative impact on performance.

I've tried Norton, Avast, AVG Anti-Virus and NOD32.

NOD32 is by far the fastest at going through a hard drive. Avast and NOD32 IMHO were tied in terms of detecting viruses and trojan horses. NOD32 and AVG were both very lightweight in terms of system resouces, although until now I never checked kernel usage. Norton was effective but visibly slowed system resources.

Based only on my own experiences on my system, NOD32 offered the best combination of speed and performance. But I could see how NOD32 might cause problems if you are running programs or doing other things on your system that required more kernel resources.

So for now I plan to stick to NOD32, but I do appreciate Cluberti offering his insights.

[Link21]

Based only on my own experiences on my system, NOD32 offered the best combination of speed and performance. But I could see how NOD32 might cause problems if you are running programs or doing other things on your system that required more kernel resources.

Such as what? Does NOD32 require more kernel resources than most other AV products? And when would other programs need more kernel resources? How can you tell how muhch kernel resources a program is using? Is tyhere a difference between using a lot of kernel resources as opposed to other resources?

[saugatak]

Link, all I can say is just check your TaskManager to see that use of NOD32 does cause a significant spike in paged kernel resources.

Is NOD32 kernel usage more than other AVs? I dunno.

I'm happy with NOD32, have had no problems with it and like it better than everything else I've ever tried so I don't plan to test.

Cluberti says that only Macafee had worse kernel usage. I've read a lot of Cluberti's posts and he's very knowledgable and has insights that I'd expect from someone working at M$, so I believe that at the time he tested, NOD32 was probably the 2nd worst offender in terms of kernel usage.

Things might have changed since then as the various AV makers have tweaked and reworked their programs.

[Link21]

Link, all I can say is just check your TaskManager to see that use of NOD32 does cause a significant spike in paged kernel resources.

Is NOD32 kernel usage more than other AVs? I dunno.

I'm happy with NOD32, have had no problems with it and like it better than everything else I've ever tried so I don't plan to test.

Cluberti says that only Macafee had worse kernel usage. I've read a lot of Cluberti's posts and he's very knowledgable and has insights that I'd expect from someone working at M$, so I believe that at the time he tested, NOD32 was probably the 2nd worst offender in terms of kernel usage.

Things might have changed since then as the various AV makers have tweaked and reworked their programs.

How do I check that in Task Manager? On the processes tab, which column do I need to select to be displayed in order to see the paged kernel resources?

BTW: I just displayed Page faults, and NOD32 shows 135813, far more than any other running process. The process that displays the second most page faults is explorer.exe which reads 50034. Is it bad to have that many page faults for one process?

[cluberti]

Depends on whether they're page faults in paging in operations, or paging out operations. Page Faults are not necessarily a bad thing, they happen any time a process tries to access a page in memory that has been moved or doesn't exist - the former is normal, the latter is bad .

[Link21]

Depends on whether they're page faults in paging in operations, or paging out operations. Page Faults are not necessarily a bad thing, they happen any time a process tries to access a page in memory that has been moved or doesn't exist - the former is normal, the latter is bad .

How do I check paged kernel resources for each process? And what should be the norm for paged kernel resources for background applications?

[cluberti]

How do I check paged kernel resources for each process? And what should be the norm for paged kernel resources for background applications?

Whoa - loaded question

As to checking kernel resources, use the "Process" object in perfmon, and select the paged pool counter on the left and the process(es) on the right. For "norm" paged resources, it depends on the application. Also, it can depend on how much RAM is in your machine, registry entries, etc - most systems with 2GB of RAM have ~350MB of pagedpool available at boot, but there's no "norm" for most applications. However, you'll see bigger pagedpool usage on file servers and machines doing large file operations (or lots of small file operations), due to the file system's file cache being stored in paged pool.

[BJMckay]

Wow, i didn't expect this thread to last this long and cause so much controversy, great to here other peoples opinions on anti-virus for winxp64, and the NOD32, avast, Mc afee, etc. And for the bean heads that work for MS, sit back and listen to what people want in SW, especially anti-virus.

[cluberti]

Yeah - and if we release antivirus software, watch a good portion of the world accuse Microsoft of monopolistic practices. It's a no-win situation, although issues like these are why I'm glad the world will ultimately move to 64bit computing in the next 10 years or so.

Apparently Windows Defender will have a subscription antivirus package, so I guess ultimately we are going to get into the antivirus and antispyware markets "officially" when that comes out of beta. For those of us who are employed by MS... duck.

Edited February 3, 2006 by cluberti

[BJMckay]

Yeah - and if we release antivirus software, watch a good portion of the world accuse Microsoft of monopolistic practices. It's a no-win situation, although issues like these are why I'm glad the world will ultimately move to 64bit computing in the next 10 years or so.

Apparently Windows Defender will have a subscription antivirus package, so I guess ultimately we are going to get into the antivirus and antispyware markets "officially" when that comes out of beta. For those of us who are employed by MS... duck.

Heres what i think(sitting back watching quietly), this goes against all i believe in but, if MS design a A/V then there will be no-one else to blame if it doesn't work. For a A/V to work with and in an OS, it must incorporate some of the OS architecture, so as to be compatable, and consume less physical mem and less kernal mem, it must also contain a firewall that is intelligent, and adjusts to surfing habits, ie trusted sites etc.

If MS want to regain trust and confidence of its customers, it must offer this free, and updates should be free as well.

MS have made alot of $ from there customers over the years, example, you buy OS, but you need word processor, so you have to buy MSoffice, this should be apart of the package, which is what ppl have been saying for sometime now, monopoly yes, greedy yes, smart no. Linux is looking better all the time.

Edited February 18, 2006 by BJMckay

[Mr Snrub]

For a A/V to work with and in an OS, it must incorporate some of the OS architecture, so as to be compatable, and consume less physical mem and less kernal mem, it must also contain a firewall that is intelligent, and adjusts to surfing habits, ie trusted sites etc.

"Incorporate some of the OS architecture" is going a bit far - anyone that understands how device and filter drivers work can make a firewall or AV product (and at the same time realise there is always a way to circumvent it if a user with administrative privileges launches a malicious process).

Consumption of memory is not as critical as having efficient and stable code - people get a bit hung up on trying to reduce the memory footprint of processes when it can have little or no effect in system performance.

Any "intelligent" software will eventually make a mistake in a decision it makes, changing the users' perception of it being a fantastic feature to a liability - I for one would not want a program to determine for itself what is safe and unsafe, especially regarding trusted sites/zones.

If MS want to regain trust and confidence of its customers, it must offer this free, and updates should be free as well.

MS have made alot of $ from there customers over the years, example, you buy OS, but you need word processor, so you have to buy MSoffice, this should be apart of the package, which is what ppl have been saying for sometime now, monopoly yes, greedy yes, smart no.

This is what kicked off the anti-trust case against Microsoft - the alleged "bundling" of software that is not essential to the OS which puts vendors of similar products at a disadvantage.

(Only after proving IE provides key rendering services to the OS did it get left incorporated in Windows - the EU forced Microsoft to produce a version of Windows without Media Player so people had the choice to not have it - though I know of noone who opted for this choice.)

AV (with free updates), a fully-featured personal firewall and a word processing package bundled with Windows can never happen due to legal & business practice issues.

Hence why Microsoft can make separate products and sell them so as to not have an unfair advantage over the vendors of competing products.

Even incentives are frowned upon - e.g. "Buy Product X and get Product Y for $1!", so you can't argue that MS Office should be cheaper for people buying Windows at the same time - it's not allowed by law.

[Angelico_Payne]

Yeah - and if we release antivirus software, watch a good portion of the world accuse Microsoft of monopolistic practices. It's a no-win situation, although issues like these are why I'm glad the world will ultimately move to 64bit computing in the next 10 years or so.

Apparently Windows Defender will have a subscription antivirus package, so I guess ultimately we are going to get into the antivirus and antispyware markets "officially" when that comes out of beta. For those of us who are employed by MS... duck.

Heres what i think(sitting back watching quietly), this goes against all i believe in but, if MS design a A/V then there will be no-one else to blame if it doesn't work. For a A/V to work with and in an OS, it must incorporate some of the OS architecture, so as to be compatable, and consume less physical mem and less kernal mem, it must also contain a firewall that is intelligent, and adjusts to surfing habits, ie trusted sites etc.

If MS want to regain trust and confidence of its customers, it must offer this free, and updates should be free as well.

MS have made alot of $ from there customers over the years, example, you buy OS, but you need word processor, so you have to buy MSoffice, this should be apart of the package, which is what ppl have been saying for sometime now, monopoly yes, greedy yes, smart no. Linux is looking better all the time.

If they do that they will be trialed again for breach of antitrust directives and legislation.

I know that's stupid, when in some other buisness, someone makes the hole package- e.g. holiday agencies, its not breach, but when microsoft whats to make a complete software package, its hell breaking lose . Don't misunderstand me, I'm not pro Microsoft, acctually I think, they are one of the worse software making companies in history - but in buisness, product doesn't count for success, marketing and sales do. So if anyone wants to use Windows(WMplayer,IE, OE,notepad,paint,image viewer,scan wizard,...)+Office+Antispyware(Defender)+Firewall+Antivirus+..... --- that's the choice they took, nobody forced it on them... so I say MS go foward!!!

Yes... NOD32 is good if you config it properly...

but to be fair, I downloaded Avast and AVG, and will test them out extensively on my comp and my freinds (always full of viruses )

[BJMckay]

Ok, points proven, but how many of you can say your machines are virus and spyware free?, i bet none of you. There are always something hidden(may not be causing any problems) in system32 or explorer, that your A/V couldn't find, here's a perfect example, i had nod32, not trial ver, but purchased it, i ran it everyday, upgraded, and it missed 3 trojans, 2 keyloggers, 4 malware. 1 of the trojans was mydoom.b@mm, i have since changed my A/V, and all is good, for now.

What im trying to say is that , MS are going to create a A/V, and while that may seem evil and just another ploy by their marketing department to force a monopolistic SW on us, some good may come from this, like this, imagine a A/V that detects ALL viruses and spyware, 100%, it would be asking alot, i know, and there are some of you out there who dont thinks thats achievable. I guess we will have to wait and see

[Mr Snrub]

What im trying to say is that , MS are going to create a A/V, and while that may seem evil and just another ploy by their marketing department to force a monopolistic SW on us, some good may come from this, like this, imagine a A/V that detects ALL viruses and spyware, 100%, it would be asking alot, i know, and there are some of you out there who dont thinks thats achievable. I guess we will have to wait and see

It isn't achievable, reliable virus detection has to work off signatures - known patterns of strings that occur in sequences within a file.

This makes it a reactive process: the virus has to appear, be noticed, have a signature developed and available for download, then the users download the updates - this is the window where the virus is out in the wild and potentially dangerous.

There are "heuristic" ways of scanning files to see what "might" be a virus, but these often don't even successfully spot variants of existing viruses so I don't rate those highly.

There's no "silver bullet" for malware - the method of deployment, infection and function is down to the whim of the guy that programmed it, as well as the target for their malicious code.

A common argument is that the more competition that exists in a market, the higher the quality of the products as the companies have to outshine one another - this has been thrown around aimed at Microsoft as people perceive monopolistic practises, but it has to swing both ways.

I do agree with you that the quality of the offering from Microsoft is likely to be better than 3rd party ones (in terms of UI and engine) as their programmers have a lot more experience with kernel mode programming, writing for multiple platforms, making code efficient and interacting with the OS in supported ways.

The AV vendors have years of experience specifically with virus detection and signatures, so may have a head start in that area - however with technologies like BITS, Microsoft may have an update process that is more lean, efficient and has less of an impact.

[Angelico_Payne]

As I said, configuration is 9/10 of program usability...

NOD32 can be set to deep scan- advanced heuristic...

By setting this, I cought a number of trojans, which were reported as unknown version of known viruses... so I uploaded them to Eset lab for further analisys...

...yes, Don't expect perfection and 100% efficiency of any program... cause it will never happen, instead try to find advantages and disadvantages in a program and make the best of it.