Pretty Upset, Eset

[curious george]

Well, I'm not one to ~ Snipped as per TOS ~ and complain, but, this time I have to.

I've recommended Nod32 (2.7) all the way up the current version as long as I've been fixing computers - its been a while.

Recently, I've been noticing that some of these customers have been complaining about those annoying rouge antivirus stuff, and eset not being able to perform the task of catching (preventing) or even removing the virus at times.

Please, let me restate that I really do enjoy this antivirus, heck, I have it on my computer too, but, it seems that Eset is slowly loosing its place.

I've had this occur about 5 times this week, and quite honestly, that is way too many, especially for an antivirus that I condone with my life.

Eset developers, you've made an amazing antivirus, you've had me from the get-go, but please, ramp up the development for little ol' me. At least signature wise.

Anyways, aside from the annoying, long listed complains, I'd like to say thanks. Thanks for still being a top contender.


If there is anything I can do to help, please, let me know. Its been a while since I've been on wilders, I gotta dust off the cob webs.

-curious george

[The Hammer]

Most of the major vendors are having problems with the rogue AV stuff and not just Eset. So everybody needs to improve.

[Marcos]

Unlike many other AVs, ESET's detection of rogue software is much more resistant to modifications which means that after adding a detection, it can cover new variants for quite a long time while many other AVs don't detect them already. Another thing is that ESET (probably like many other vendors) searches for undetected rogue AVs proactively and adds detection immediately to minimize the gap between new variants are released and the point when a detection is added.

There is no security software with 100% detection of malware with no or low number of false positives. Especially rogue sw is modified (re-packed) very frequently and I dare to say it slips through all security software. Even if a particular AV detects a particular variant of rogue sw, it will 99,99% miss another variant.

[gnikja]

NOD32 failed to catch or clean XP Anti-Virus 2012. When I asked for my money back I was told it was too late. I renewed in November and now its December. Instead they directed me to a web site for someone else's virus scanner which after detecting the virus requires me to purchase their software before it would clean the computer. I'm just sorry I renewed for two years on three computers. I feel like a fool for recommending ESET to relatives and work. Buyer beware.

[ronjor]

This post still applies. http://www.wilderssecurity.com/showp...2&postcount=19

The problem with most of the rogues I have cleaned up, is all of them were unwittingly 'installed' by the users, I imagine that's a tricky one to fight. I suppose though, if the operating system is up to date you could say this is true about most malware!

[zfactor]

sadly there is NO AV OUT that prevents all rouges and fake av's anyone that tells you otherwise is flat out lying. i also do removal for clients and see every av out that comes in with rouges from time to time

[GreenWhite]

I agree with the eset reply on this. The user is as much responsible of what he does while the av is a tool to help protect.

That said, eset has been about average in comparison tests (av-comparatives) in recent years. So should we be surprised if there're misses and pass throughs ? I don't think so. Even symantec does this.

[The Hammer]

Quote:

Originally Posted by gnikja

NOD32 failed to catch or clean XP Anti-Virus 2012. When I asked for my money back I was told it was too late. I renewed in November and now its December. Instead they directed me to a web site for someone else's virus scanner which after detecting the virus requires me to purchase their software before it would clean the computer. I'm just sorry I renewed for two years on three computers. I feel like a fool for recommending ESET to relatives and work. Buyer beware.

I never ever buy more than a one year licence for anybodys software for a few reasons. However if you work on your reading comprehension and take note of the posts in this thread you'll feel less like a fool going forward.

[Dark Shadow]

Not to beat a dead horse but I will say it again,Many rogues may not contain malicious content but just a fake program that people may fall victim to purchase it to remove thousands of virus that really dont exsist.Unless it detected as a PUP or PUA its pretty hard for any vendor to keep these rogues off.Its best to educate people to to deal with these rogues,some immediate mistakes that people make is to close a rogue popup by cancel or X out the program on the rogues it self and probably will install itself anyways.Only use the X in the upper right browser window or better yet use the Control,Alt,Delete.

[curious george]

I know nothing is a 100%, and I'm sure, at one point or another, the antivirus on at least ONE client was turned off, but I feel like Eset having its ridiculously good heuristics should be able to fend off these little boogers. Imagine having to explain sandboxie or Defensewall( which is slightly easier) to people who are not versed in the language of security. It would seem a nightmare to them, when their Itunes does not install or what not.

[Marcos]

Quote:

Originally Posted by curious george

I feel like Eset having its ridiculously good heuristics should be able to fend off these little boogers.

Heuristics can hinder malware authors in creating new variants but it cannot stop them in modifying the software code to such an extent that it becomes undetected. If heuristics was 100% efficient in distinguishing malicious files from legit files we wouldn't need to release any updates at all. However, as you know every AV vendor releases updates on a regular basis (often several times a day) to cover new undetected variants of malware.

[piranha]

Quote:

Originally Posted by stratoc

The problem with most of the rogues I have cleaned up, is all of them were unwittingly 'installed' by the users, I imagine that's a tricky one to fight. I suppose though, if the operating system is up to date you could say this is true about most malware!

users are the FIRST protection or the biggest weak link of the security !!!

Quote:

Originally Posted by GreenWhite

I agree with the eset reply on this. The user is as much responsible of what he does while the av is a tool to help protect.

That said, eset has been about average in comparison tests (av-comparatives) in recent years. So should we be surprised if there're misses and pass throughs ? I don't think so. Even symantec does this.

FALSE !!!

Since august 2004, Eset got more Adv+ certifications than any others AV in ALL av-comp org tests, even more than Kaspersky, that is in fact much MORE than average !!

(for this thread I include only on-demand, retrospective/proactive and real world comparatives tests)

Eset : 25 Adv+, 8 Adv

Kaspersky : 24 Adv+, 6 Adv, 3 Std

Symantec : 14 Adv+, 12 Adv, 5 Std, 2 not tested

[Escalader]

I have Nod32 V5 64 bit.

Just wanted to remind the thread that many here at Wilder's (me included) use a layered defense concept to deal with security.

When I use the wording "layered" others may wish to use different words, I mean we don't put all our protection on the backs of only 1 vendor. Unwise IMHO.


So I use OP Pro FW (a 2 way FW) with HIPS on (behind a router) and Nod32 V5 (with their HIPS feature disabled).

As well I use the block list in OP and the mvps latest host file

the HOSTS File - Frequently Asked Questions
http://winhelp2002.mvps.org/hostsfaq.htm

Backing this up I use KeyScrambler and RoboForm.

Weekly I run SAS Professional.

Backup images of data daily, program partition weekly.


There is site somewhere I have forgotten listing rouge AV software does anybody remember that or am I having a seniors moment again?

[GreenWhite]

Quote:

Originally Posted by piranha

users are the FIRST protection or the biggest weak link of the security !!!



FALSE !!!

Since august 2004, Eset got more Adv+ certifications than any others AV in ALL av-comp org tests, even more than Kaspersky, that is in fact much MORE than average !!

(for this thread I include only on-demand, retrospective/proactive and real world comparatives tests)

Eset : 25 Adv+, 8 Adv

Kaspersky : 24 Adv+, 6 Adv, 3 Std

Symantec : 14 Adv+, 12 Adv, 5 Std, 2 not tested

False ? eset detection test performance retrospective and on demand results;

2009 4th, 10th, 4th, 9th
2010 7th, 7th, 7th, 9th,
2011 2nd, 10th, 4th (missed one too lazy, its the holidays)


4th means 4th best, 7 means 7th best and so on ... out of 12 to 15 av companies. Its certainly not the best, only average.


Look, I pointed out the reason behind the misses, if the BEST still let malwares pass through, its not surprising if eset let them through as well OR undetected.

Its impossible for 100% detection.

I agree with eset here.

[piranha]

Quote:

Originally Posted by GreenWhite

False ? eset detection test performance retrospective and on demand results;

2009 4th, 10th, 4th, 9th
2010 7th, 7th, 7th, 9th,
2011 2nd, 10th, 4th (missed one too lazy, its the holidays)


4th means 4th best, 7 means 7th best and so on ... out of 12 to 15 av companies. Its certainly not the best, only average.


Look, I pointed out the reason behind the misses, if the BEST still let malwares pass through, its not surprising if eset let them through as well OR undetected.

Its impossible for 100% detection.

I agree with eset here.

First, for av-comparatives.org, products having the same certifications are considered to be equivalent. But.... Eset got many more Adv+ certifications than many others products from long time ago, this is a proof of quality, year after year, for detection and less FP.

Second, the better AV product in detection is not always the better over all because it needs also to have no or only few false positive. By exemple, in nov 2011 retrospective test, Kaspersky got 59% and Eset only 56% but... Kaspersky had more than 15 FP (46!!) and Eset between 4 to 15 (only 6). G-DATA was the better with 62% but with 15 FP. That is why Eset had an higher level certification (Adv+) than Kaspersky (Adv only) because of its high rate of FP.

Third, detection is important but also ease of use, scan speed, cleaning, the price, etc.....

So, IMO, Eset is not average but one of the best and may be THE best.

[GreenWhite]

Quote:

Originally Posted by piranha

Second, the better AV product in detection is not always the better over all because it needs also to have no or only few false positive. By exemple, in nov 2011 retrospective test, Kaspersky got 59% and Eset only 56% but... Kaspersky had more than 15 FP (46!!) and Eset between 4 to 15 (only 6). G-DATA was the better with 62% but with 15 FP. That is why Eset had an higher level certification (Adv+) than Kaspersky (Adv only) because of its high rate of FP.


So, IMO, Eset is not average but one of the best and may be THE best.

Look, I know you are proud of your av ( ours in fact ) I'm using one as well. So we are on the same boat, alright?

I was merely making a point and was surprised by people complaining about slip throughs and misses.

I am a long time user of eset, I know how it performs, its weaknesses and strengths. I don't want to spoil your fun, eset near best, or best ? okay .... to each his own.

If you want to lump everything into justifying your argument about false positives and so on, fine.

Here's a little bit of info, do you know eset is grouped in the "worst" or "standard" for malware removal ? Not even advanced or advanced+

Go check it out here; http://www.av-comparatives.org/en/co.../removal-tests

So guys, if you encounter a problem why eset fails to remove your virus or malwares, you know the reason. Coming here and complaining is of no use. You'll get the same response.

Let me be clear, I still use eset despite all these and taking into considerations and everything including those bugs. I think I'm fairly patient.

[webyourbusiness]

I cleared up this malware 3 days ago - the problem was user clicking a fake window and ALLOWING the malware on - couple that with the fact that the customer had v3.0 and their updates had expired 119 days previously - yes, a perfect storm and even had they been up-to-date with definitions - or even running 5.0, they ALLOWED the malware on... they clicked it - they were faked out and they gave permission albeit unwittingly, to allow the malware on... sorry, but you can't stop people doing this, and you're NEVER going to get 100% of the malware.. thats why we have new definitions and major releases... get over it.

[piranha]

GreenWhite

proud of Eset.... more happy to know that Eset exist because NOD32 is a very good product but I dont close my eyes on reality. And objectively, av-comp tests results for Eset are very good.

thanks to remember me this removal test, i follow regularly av-comp tests, but this one are very rare.

2009 : first removal test, Eset had Adv certification
2010 : no removal test
2011 : second removal test, Eset had Std certification

I think this is the first and only Standard certification for Eset since av-comp started to give certifications for all their av tests in 2004. And Eset is one of rare product, and may be the only one...., that never had Std certification. The very good and world known Kaspersky antivirus already got 3 Std. So please dont be so hard against Eset. All others tests results were more than standard, and I repeat it, Eset got more Adv+ certification than any other AV. In spite of this one an only bad result I still trust Eset NOD32 AV.

Hope, this bad result will push Eset to improve cleaning capabality of Eset AV. Because I want more, we all want more than standard result for our AV.