NOD32 disappointed me :(

Always thought NOD32 was one of the very best scanners around, but I must say I got rather disappointed with it. First time I had a virus in years, by the way.

I got a file wich I didn't completely trust, so I scanned it with NOD32. No infections found. Stupid enough, I then decided to open it. NOD32 warned me that an infection was found. Deleted it and that was that.

Next day more warnings from NOD32, wich appeared to get rid of the autorun.agent.be virus, but my computer kept getting infected again and again. Rather noticeble because it messed up DNS-settings, and blocked several sites.
Eventually I had to resort to 'MalwareBytes' (never heard of it) to clean my pc. After that I performed a scan with Kaspersky free online scanner wich found two last traces in some tmp-files. Now my computer is clean again.

Disappointed because:
NOD32 could not warn me after I scanned, did not prevent the infection, did not prevent the infection from spreading to flash drives (my iPod in this case) ,could nog get rid of the virus, did not recognize the virus (other then one file) when performing a deep scan.
Had to resort to FREE tools to clean my PC.

(Yeah, I know, I should've never open the file if I didn't trust it. Guess having a virusscanner made me feel a little too safe.)

 

No AV detects 100% of all threats. Even installing another AV won't protect you perfectly and one day it will certainly let malware through, especially if you run risky file (e.g. cracks or install codecs) or visit dodgy sites. If an unknown piece of malware slips through, you can use ESET SysInspector to locate it and submit it to samples[at]eset.com, or simply email the log to customer care.

 

I kind of expected this kind of reply. My observation is that NOD32 did it's job more than poor. It failed where other products succeeded. Apperantly this is not a shortcoming of NOD32, but a logical result of my 'crack, install codec & dodgy site use' (don't know what an 'install codec' is, but I'm guessing it is something in the same category). Real chique for a company to respond with these kind of assumptions, ESET.

As a customer I wanted to let you know that this product disappointed me. I guess that's not the kind of feedback ESET wants to hear.
I know that no scanner can protect for the full 100%. But the orange icon in my systray informs me that my licence has almost expired and I will certainly think twice before buying a new one. Even more so because Avira is apperantly the best scanner on the market, nowadays...

 

Yes, until it misses a virus and then you switch again....

No-one accussed you of doing anything dodgy it was just a comment that some websites are riskier than others and your protection is liely to be more tested there than on other sites.

But you won't accept that NOD32 can't protect you 100%.... What exactly do you want?

 

Actually my friend had to reformat his pc last week because Avira missed a trojan, your better of using at least 2 realtime anti malwares, 1 av and 1 as or sumtin else

 

Actually i do understand all these customers, Eset overhyped its protection level way 2 much in the past, alot of ppl think nod32 n thats it superrobocopantivirus, same with avira now btw - winning tests in 1 thing n its got noting to do with protection.

 

I was referring to the, to my knowledge, most recent tests. And what a better time to switch than when your licence is about to expire?
Besides, I didn't start about switching. Marcos brought that up. Didn't mention it in my initial post.

What I want, is my complaint to be taken seriously. I made a valid point about a virusscanner failing in it's most primary tasks. Making assumptions about my dodgy behaviour is not an appropriate way of responding, in my opinion.

 

It is not necessarily making a direct assumption as to what you did, but using info from previous experiences.

I myself have cleaned hundreds of computers with viruses/spyware/adware/etc.. and I can honestly say, there were very few in the mix that got an infection "just because", even with an antivirus installed and updated.
So, going by my personal experience, if someone says "i opened a file I wasn't sure about and got infected", a huge chunk of the time it is because they got the file from an unsafe site.

As I said, this is not making a direct accusations that you did that, but statistically, that is a good assumption.

You will never be 100% protected with a single security application. Even with bare minimum use of the internet, you can get drive-by infections, browser exploits, etc... Which is it is recommended to use a layered approach. Keep NOD32 running in real-time, but keep a good antispyware, like SUPERAntispyware installed for on-demand cleaning, just to be sure.

The better approach to getting your situation taken seriously would to have come on here and ask for help getting the infection cleaned and removed, and let Eset know it was missed so that it can be researched as to why, instead of throwing a post on here about how disappointed you are in the product. The forum is a place for people to learn, share and get help with the related product, but your post didn't ask for help, it bashed the product directly.

If you found a virus that NOD didn't catch immediately, let them know about it and submit for analysis so that others can get the protection needed.

 

Just a small remark: a new worm was discovered 4 hours ago. At that time, it gave 0 hits in VT. However, it was actually detected by the mail/web scanners and thus the users were protected from the very first moment the worm appeared. Now all modules detect it by a generic signature and both Sophos and Symantec show detection at VT as well.

 

Really and you know that how ... because he told you I guess? Well done.

 

This seems to be NOD's standard response blah blah blah.

Unless I am misunderstanding the AV-comparatives (I think) tests, NOD scores 50some percent. Kasperskey and Avira score 71percent. Reach your own conclusion.

 

Yeah with a mass amount of False Positives. Making NOD32 the only advanced+ winner of that month. When I run an AV I want protection, I don't want self-annihilation.

Well done Sherlock, you're trying to say hes friend isn't trustworthy? What kind of friends do you have?

 

Here is fact I will say about all antivirus scanners they all miss things.They all have there short comings.When you have a file in questions and believe its safe and your AV of choice doesn't catch it then are disapointed with your AV, these things happen to all of them.I have recently tested a rogue with Nod32 Beta 4 and it was detected.I uploaded two Executable files to Virustotal and Nod32 was the only one to detect both Exe files and Avira detected one of the two.Now where talking about what 36 or so scanners.Hence Nod32 was the clear winner followed by Avira but Avira stilled missed one of them.When I summitted the files at a latter a few more scanners had the detection added to its DB such as kaspersky and I believe it was F-secure.The next Time the tables can be reversed may be kaspersky will be the first and the others will follow.

 

Which they all do once or twice and you admitted yourself you know no AV is 100%, but then you expect NOD32 to be 100%. Can you not see the problem there?

If you find something that gets though, help everyone by submitting it so ESET can include it. It helps no one by having a rant.

Try reading the comments again without the chip on your shoulder. They were not directed at you nor where they an accusation of your behaviour. Just a comment about how easy it is to find new viruses that any AV might miss.

 

10 X

 

Avira may detect more but has a high False positive rate.. Kaspersky is a good product, and the new Norton shows promise.. That being said I prefer NOD32 because I have had less problems with it over time, and more success overall.

Have I been let down by it? Yes I have.. Kaspersky let me down a lot to with it's scanning speed, system resource utilization, and other factors. I do think Kaserpsky has an excellent removal, and detect rate but i wouldnt' want to leave it on my machine.

You will have best results if you do use malware specific software in conjunction with NOD32. I have my BEST luck with having Spyware Doctor but it is hefty on system resources 100 MB footprint.. It finds stuff Malware Bytes, Windows Defender, NOD32, Adaware, and S&D miss.. This is just from my personal experience.

Something you might be very interested in is the System Inspector that ESET has put out... If you have some decent computer knowledge, or would like to spend the time learning on it you can go in, and find things that may be running that NOD32 may not be catching...

I honestly like this approach ESET is doing by providing this tool.. Especially as a Systems Administrator for an environment with 2000+ users.

 

Interesting article.
Draw your own conclusions I guess.
http://mtc.sri.com/live_data/av_rankings/

 

Why are they using Version 2?

 

This analysis has already been shown to be suspect:
https://www.wilderssecurity.com/showthread.php?t=228460

 

Luckily they provide MD5 of undetected files so any AV company with huge collections can find out how big portion of the files is corrupt and non-functional.

I'll quote point 2 from their website:
"Our intention is to evaluate how the antivirus tools are performing against the latest malware on the Internet, at least from the narrow vantage point of our honeynet."

That means the samples are from honeypots. Everyone familiar with how honeypots work knows that honeypots contain a huge percentage of corrupt samples.

Thanks to providing the MD5 of the files, we were able to exclude corrupted files. With the on-demand scanner, 98.9% of the functional samples were detected. With a more paranoid heuristics in the web/email scanners, we detected 99.6% of the samples.

BTW, isn't it interesting that the list of MD5 of missed samples contains entries with "36 of 36" detection?

 

You have to run a layered protection. A good AV running sandboxed on line with a good AS or 2 will watch your back.

 

That test didn't even rank in false positives.

 

Honestly personally with an option of AH and prior warning of increased FP (as in AVIRA HIGH HEURISTIC SETTING), I would take more FP over missed detection. Especially with current infections being so invasing and damaging that a missed detection can mean, total system take over, leading to system being used as a bot, leading to passing your ISP GB monthly cap, leading to suspension of service and false RIAA letters (if acting as a torrent node), or the missed infection being of the new RAT flavour that listen on and transmitt only relevant data to the host (encrypted sessions...username and passwords for any encrypted session...aka banks, credit card, company time sheet, personal websites, corporate websites with internal info and internal access etc).
So yeah in the large picture a FP is better then missed, since FP you can always send in and get it removed in the next update, missed you won't even know you are infected (in many cases) and have no sample to submit, since how can you submit things that you don't know even exist?

Finally the fact that you can choose the level of heuristic and if you want the AH on or OFF will be enough of a choice to allow major system admins the flexibility of more FP+better detection=more headaches or less FP+less detection=more compatiblity and less headaches.

Just my 2 cents..I take more FP over missed strain any day.

 

FP on a critical system file is just as devastating. It can potentially lead to having to reformat a PC.

 

Exactly, probably the same reason why some other companies are leaving these tests