Sick and tired of ESET letting things through

My two cents for what its worth:

These types of trojan-like softwares, rogue AV and such are becoming one of the most common problems all of us have to deal with.

I think there is alot of different opinions on whether these things actually qualify as virus, as they are more like really annoying trojan's...traditionally, I believe, ESET as well as other AV companies have shied away from bothering with detection of these apps, as they do not consider them "dangerous" virii...

The point is: we need an AV that DOES make an effort to detect and block these types of software. The first AV company that really shows they can reduce (yes, yes, we know no one will ever be perfect! don't bother posting this AGAIN!) the amount that can get through will get ALOT of business in the near future. Rogue AV and this type of annoying/scamming trojan software MUST become a priority of AV companies, as simple as that.

To anyone saying, "educate your users"; "why do you let them do that?"... these are non-points, only made by people who are possibly quite intelligent, but in the end ignorant of human behaviour. People will ALWAYS fall for these things, and no amount of effort on the part of sysadmins can change that...

Marcos, please take my words at least into consideration, and stop defending. You don't need to defend, it is understandable that NOD does not detect these things now, but how about throwing us a bone and telling us you *may* consider it a priority in the future?

 

The thing is...many other AV products are doing very well against these rogues.

av-comparatives.org....check out the "Dynamics 2009" test.
In my opinion..that test is the best test AV-C has put out. It's very "real world", less "lab". And it focused on current types of web based threats...which is...what we're talking about here.

Top of the list...Symantec, Kaspersky, Avira, Microsoft, Avast, G-Data....the list keeps going...and you didn't see Eset yet. Yup..it's down the list a couple of more.

Microsoft...hey..a free one in 3rd place? Wow!

Many years ago, when "ad/spyware" started to become a rising threat...I, as an SMB consultant..got tired of the traditional AV products failing to do well against them. Back when I mostly sold/installed Symantec Corporate Edition (had been since version 5)...and this was in the version 8 days.

Looking around at the different brands, and trying many...I decided on Eset. Back then it was version 2.5..and I became a reseller. Back then, Eset was well known for being a light product, as well as being superior in the rising threats of adware/spyware, etc.

It's been frustrating lately..actually for the past couple of years..so see these threats slip past Eset time and time and time again. Now...I've been an Eset reseller for a long time now..and I have a looooooot of clients networks on EAVB. And I see more and more infections of these rogues. Many I've gotten the removal/cleaning process memorized. Yup..me..a human, I have it so memorized after seeing it so many times over months and months and months..yet an AV product can't push defs a day or several days later? I..a person...know exact what it will put..and where it will put..and what directories it will make..and registry entries.....my little human brain can memorize it..but teams of antivirus engineers can't get defs for it?

And to add insult to injury, I can reach for trusty old MalwareBytes to clean up a rig..and download the latest defs..and watch it go to town cleaning it up.

I'd bet my house that antivirus companies are offering the knowledgeable team of software engineers at MalwareBytes a hefty salary to come over and work for them.

Time for a team to wake up and smell the coffee....seriously. I'm tired of hearing "But..but...//sniff//....no AV is perfect, no AV detects 100%"

Yeah...but at least there are a few..clearly...that somehow manage to consistently get "most". Refer to AV-C Dynamics 2009 test again to refresh your minds. Because to me honest...in my experience in dealing with these all_the_time...I agree with much of the results of that 2009 Dynamics test...I frequently wield MSE and AntiVir in my arsenal of cleaning up what Eset misses.

 

does Eset need to improve the detection, of course it does but will it ever be 100%? Will any other AV be able to detect it 100% ? I live in hope but until then protect yourself and your users using good security practices and keep submitting (complain at the same time but submit) the new samples to Eset and anybody else you think will benefit.

 

Very true that's what most of us do on a daily basis and to the benefit of all ESET users!

TH

 

if that true and not just a marketing gag than NOD is one of the worst software claiming protection...

http://www.prevx.com/avgraph/12/Eset.html

 

I don't know how the number of users of a product influences the results, but I can't imagine Trend being better than so many others.

 

Well..the thing is, we get to see the "real time results dozens of times per day in front of our own eyes". I'm surprised...oh yeah, I'm surprised at which brand fell hard..."ahem"...and amusingly, that others continue to prove themselves day in and day out..out here in the trenches..in the real world...seen by the eyes of the people who live and breath this stuff every single day doing what they do for a living.

"The proof is in the pudding". Not simply opinions of armchair captains that do nothing but read opinions of forums.

And I see this loss of confidence in the product repeated by some others here...who are also those IT people who are working out in the trenches every single day...cleaning many PCs per day. These voices of the actual people doing the work out there in the field..those are the voices that should hold more weight. Not just those who close there eyes and voice excuses like "Well..no AV protects 100%". Yeah, we all know that. But when you see a brand miss the same common rogue variants day in and day out and day in and day out and day in and day out.... And you get to see the same other brands and tools able to clean these same rogue variants day in and day out and day in and day out and so on and so forth... Repeat this process month after month after month....the numbers add up.

 

point taken, still trust that NOD should not let those through, like this one too https://www.wilderssecurity.com/showthread.php?t=270436 or this one https://www.wilderssecurity.com/showthread.php?t=269737 or ...

Do not have comparatives about user numbers, just noticed that Trend for instance is more popular in corporate environments than NOD

 

YeOlde told you something , remember ? You repeat it ...AGAIN .. as an ESET spokesperson.

 

And it's really sad seeing "ronjor" a mod here, always jumping to the defense of Eset everytime something negative is said about Nod.

 

better blame it on the stupid (l)user than admitting something of the product is going terribly wrong and finding ways to get back on track. unfortunately Eset is with that well in line with other vendors

 

http://forum.kaspersky.com/index.php?showforum=19

http://community.norton.com/t5/Norton-Internet-Security-Norton/bd-p/nis_feedback

2 of the big ones solid AV, combating and missing malware on occasions. It doesn't matter what AV you and you and you are using if that is the only defence. It will and it does fail and the only people who benefit are malware writers and paymasters. This thread will not be amiss at any other support board because the detection will always be lacking and some other app will always find something the first one did not. And yet in majority of cases it is just hearsay and no hard evidence of what was missed. When there is hard evidence then it is promptly included in detection. And then all evens out and that is the nature of the trench warfare

 

difference to NOD? well, they miss on occasions whilst NOD is protecting only occasionally

 

Ok prove it. Show Eset how wrong they are

 

http://www.prevx.com/avgraph/12/Eset.html

http://www.pcworld.com/reviews/product/413777/review/smart_security_4.html

defending wrongdoing does not help Eset, at the moment it is going down the drain

 

Please avoid referring to Prevx statistics which are ridicular. As they state on their website:

Without knowing the total number of users having particular products installed these numbers do not tell nothing.

Even if we knew how many users use the mentioned products, the samples would need to be verified and made sure that:
1, they are not false positives
2, they actually run and perform some kind of malicious activity

Detto Pc World - they don't seem to adhere to AMTSO principles as the samples they tested weren't verified by the AV vendors.

 

right, now a new escape route - just dismiss facts and call them ridiculous... ...wake up and get NOD back on top, where it was with version 2.5!

whatever the user number Eset is not defending against the threats mentioned, as this thread shows and various others too.

well, if the samples would be verified than there would be not much sense to test against 0 days threats, which the products compared with had to cope with too, perhaps also disapproving of the testing method, and still Eset scored worst.

 

there is nothing wishful thinking, or you prefer 'Sick and tired of ESET letting things through'?

right, so by trying to elevate a wakeup call I am on a different agenda? how does your constant defending of a lopsided product helps to improve the user security?

 

To quote once again an earlier post:

That's about it, and I don't see this thread going anywhere. With uneducated users, totally inadequate security in place and risky environment, no AV will save you and if you think the opposite, you'd better find another job where you won't deal w/ computer security.

 

Do not reckon that this thread was ever about sanctuary and being saved by an AV, but about a product which scores worst compared to be on top a while back. As long as NOD is stuck with traditional measures it will stay that way.

I concur though, that this thread is going nowhere as long as a blind eye is turned on the issue and the failing blamed on the stupid (l)user.

Of course reading various posts here quite a number of such users seem to be fairly comfortable about it, whilst other chosen not to be.

but thanks, I may look up another job with no internet connection

 

ESET is actually far beyond v. 2.5, v3/v4 use advanced detection techniques and have much better detection ratio than v2. Generic signatures as well as advanced heuristics and other techniques (self-defense, anti-stealth) used by v3/v4 have evolved through the years.

It's as simple as it gets - collect samples, make the test and send undetected samples to the vendors involved for verification. If they claim some of the samples to be corrupt or even perfectly clean, remove them from the statistics. This is exactly what qualified testers do; the problem is it takes vendors too much time (weeks) to clean the test sets a bit at least. ESET seldom flags corrupt samples and there are actually many of them included in test sets which may skew the results to certain extent.

Of course, static tests using on-demand scanners don't take into account other protection techniques, such as url blocking, advanced proactive detections used by other scanners, behavior blockers, etc.

 

A note to all:

• Let's step away from language that, in the eye of this uninvolved observer, is starting to creep over the line into personal attack up thread. If that continues, the thread is done.
• If you come with technical specifics, have at it. Just make sure you know the complete story and are equipped with facts and numbers, not idle gossip or second/third hand impressions.
• It's a simple reality that any user can readily defeat almost any protection if they choose to on their personal PC. This is a universal truism. Security products protect, but they don't immunize a user against absolutely all eventualities in a fluid environment. At any point in time, some products are better than others against specific items. The converse can be true against a different set of challenges at the same time. That's a basic reality of a dynamic situation. In many respects, it's the definition of this particular dynamic situation

Blue