ESET get your act together

Dear ESET,

The problems with EAV in these past days have caused us to seriously begin thinking about switching to another vendor AV. We are a reseller with over 500 client licenses so this will surely be a daunting task, but it seems we're almost out of other options. The September problems have already seriously reduced our trust in the EAV products. Quite honestly, from the 2.7 version things are only going downhill. I like the 3.0 and 4.0 new GUI, but EAV itself has become slow and bloated. It requires tweaks to get things started (startup scan by default causes machines to be unusable 10-15 min after boot), it slows down computer usage considerably.
And it misses things...it has become practice to use another solution after the infection to clean-up after EAV has reported no more problems. It also happens that before the infection, EAV will detect the threat, but let it install anyways, requiring substantial effort from the IT department afterwards to clean the infection later. Outlook plugin is a joke - it will crash Outlook more often than detect anything...
But having perfectly functional machines (and servers!) going down/or loosing network connectivity because of EAV hiccups is unacceptable. And it seems that several days from the initial reports, there is still no real solution...

We have already communicated these problems to our local ESET representative and have stated several times that we would like to see improvements or we will find another solution. We don't care about the awards ESET has received or how well it scores in the tests (as it is often showed on ESET presentations), we need a functional product or we're better off without it since it's only costing our customer's money and our time fixing things after it.

 

Cant argue your pain. My question is, I see these issues and they are all in version 4 which has been out for quite awhile. How are they planning a version 5 when they havent fixed the issues in 4. Oh well, hopefully they have.

 

the trouble certainly speaks for its own and imperfection should not be an excuse/defense for lagging improvement. however reading in other vendors forums there seems to be general plague for most the AV vendors and thence begs the question whether the perfect solution is out there.

the question though is whether the responsibility is to be offloaded to the AV vendors solely or if not also those deciding to stay with outdated OS, applications and browsers forever, lagging the deployment of patches and not investing in the training of users (incl. awareness of social engineering), should at least be considered as being part of the trouble.

nonetheless improvements in certain areas of NOD would be highly appreciated.

 

They released v4 when issues were not resolved with v3. It won't be a big deal for them to do the same with v5.

 

NOD32 is certainly not perfect, but corporate computer security should be a multi layered approach and not dependent on one program. Such as a SPI firewall with AV, AS, content filtering, spam filter, etc. in addition to software AV/AS running on the computer.

The viruses I see slipping by NOD32 are usually the vundo type viruses which exploit outdated flash, java and adobe reader/acrobat. Keeping those programs updated or removed should be part of your security maintenance plan. New variants are released constantly which make it difficult for any AV provider to stay on top of.

I manage over 200 computers running Outlook 2003 or 2007 and have not experienced any issues which you mention.

I agree the startup scan is annoying but not as noticeable on newer faster computers. Older computers such as single core systems can be a real problem. It's already been mentioned you can modify or lower the priority to reduce the problem.

The September debacle certainly gave me cause to consider alternatives. In that regard still undecided and have 6 months before I need to decide.

NOD32 isn't perfect and I'm no fanboy by any means, but with our multi layered approach it manages to do fairly well.

 

As for startup scans, these should not take more than 1-2 minutes but it all depends on how many files are registered in the system or currently loaded. If your startup scans take much longer just let me know and we can troubleshoot it further. On my nettop with a 1 GHz Atom CPU, the startup scan takes about 15-20 seconds.

Regarding detection, I'd say ESET responds to new threats very quickly. Detection is not only added for current variants but a lot of future variants are covered as well thanks to advanced heuristics and generic detection which has been proven on the data gathered via ThreatSense.Net. It's a matter of fact that no security solution detects 100% of all threats which will never be possible without getting extreme number of false positives. If you come across a suspicious file, I'd strongly suggest submitting it to the ESET's lab per the instructions here. If the file(s) actually turns out to be malware, detection will be added quickly.

 

To be fair to Eset most companies go this way. Good software gets more popular so the company adds new features increasing bloat and adding more bugs.
Result slower computers missed virus's and more crashes. Frustrated users then move to a another company until that goes the same way.
Look at Norton's which if the reviews are right has only recently got a product back to being half decent.
Pctools great spyware doctor fast efficient redesigned into a large bloated mess that crashes computers and misses infections.
Two new comers are Malwarebytes antimalware which is very good and Microsoft security essentials. I suspect they'll become a bloated mess as well in a few years time.
Can Eset avoid the bloat and bug problem at the moment it doesn't look like it.

 

I disagree about avoiding the bloat - 3.0 was not a great step in the right direction from 2.7 in my own personal opinion, but 4.0 was much better than 3.0 and 4.2 is even better still.

One bad step and a few steps in the right direction do not indicate a downward slide to me...

 

Hi,

Although, I definitively don't agree with all the statements expressed by the OP, I do have to say that he's not completely wrong when he alleges that sometimes NOD32 v4.2.67.10 [or else] does only alert you about a threat it detected by white balloon message on your system tray but it fails miserably when it has to remove it.

That is not the norm, but it happens every now and then.

Detection doesn't equal removal. I can be at my home and see three thugs through one of the windows approaching with the intention to burglarize it. I then could tell my wife and kids and shout that thugs are breaking into my home but if I just scream and sit down but I don't do anything to stop them I just detected them. The same analogy for AVs.

Again, although I haven't seen this quite often, it happens from time to time. I have proof to back up my statements because I test NOD32 on VMWare against 0-day threats gathered at MDL et al.


Best regards,



Carlos

 

The only thing i could see that needed improvement when I used it is that scheduled on demand scans could be a lot faster.

 

You may want to change the priority level when you're setting sheduled task.

 

What good is an AV product that only detects but does not block/remove the threat?

Anyway EAV seems to have been performing fine since the Jan (and Sep before!) troubles. Hopefully it will stay that way!
I hope it is clear that I was simply trying to bring some concerns to attention. After all, a good and functional product is in everybody's best interest, right?

 

Yup,it could be useless if an AV only detects but does not block/remove the threats.

Right.Just for clarification.Does EAV works for you currently?Sorry my English is not good enough to understand at your previous post.