NOD32 isn't what it used to be. Dissapointed.

Discussion in 'ESET Smart Security' started by dissapointed99, Feb 22, 2010.

Thread Status:
Not open for further replies.
  1. dissapointed99

    dissapointed99 Registered Member

    Joined:
    Feb 21, 2010
    Posts:
    1
    First of all sorry for my bad English.
    I remember using this AV since version 2 some years ago. It was light, fast and detected threats that other AVs didn't so I recommended to everyone I could through forums and such.
    I'm an advanced user, I use a router perfectly configured with NAT (all ports filtered, ping telnet etc disabled etc), then everything that can connect to the internet is poperly proxied by Eset's Smart Security and browsers are in active mode, everything with it's settings at his maximum even at cost of performance. My XP Sp3 was finely tunned by me disabling all unnecesary services and things like msn netmeeting and other security holes were all fixed making it light fast and secure. I used Firefox with NoScript and Adblock, a nice password policy etc. Also I have common sense so that makes me avoid almost all threats so I've only been infected two times, one when I was just given my first computer (no AV) and then another one some years ago but this does't count since I was sharing my pc with my brother and he was the one who got infected (using Kaspersky at that time).

    A week ago or so I dowloaded a file zipped, even though it's supposed to be analized while it dowloads, then after it has been copied to the HD and then when I'm going to use it I still manually scanned it (all settings on) and it was ok.
    Ok no worries then, I've followed a lot of steps only a paranoid user would do so I'm really sure this file is ok (Why do I pay for a license of an antivirus then? I mean what's the point of having one if you can not trust it? I know already what you're going to say about this, but please think carefully about this statement a couple of seconds and you'll see things from another point of view). Ok I extracted it, opened it and then disaster, I see the gui of Eset's Smart Security and Skype crashing and the PC rebooting. Owned. I think about disconnecting the router since I already knew what was happening. When I start I go to the process manager and see something I never saw before (yeah, I even know all the process I'm running) It was called "winupgro.exe" or "winupgro" (Bagle) and I went to the firewall of SS and saw that process opening a lot of connections so I killed it but now I couldn't trust the pc. Skype folder was somewhat transformed in an iconless .exe :S

    I did a full and complete scan with the latest databases and to my dissapointment it found nothing. Yeah I mean nothing but I knew I was infected lol. I uploaded the file to Virustotal.com that day and almost all the AVs detected the threat, except for Eset's of course. It was detected even by AVs I didn't like before and that really make food for thought, then I used the panda online scanner and quickly detected threats so I didn't even finish it, rebooted and started using Ubuntu since I have it in another partition as backup and now I'm learning Linux lol

    Some days ago I installed Avast in Linux and mounted the XP partition and scanned and cleaned it but I still can't trust that partition so it'll make me burn my data and then format it, losing precious time.
    By searching for this virus on the internet I find people with exactly the same one as me from pages that dates months ago last year, for example this one who had probably the same virus as me, though I've not suffered all those things since I terminated the threat quickly the same is reported from experience of various users around the Internet.. December last year:
    https://www.wilderssecurity.com/showthread.php?t=261656
    In that link they say different encriptions of themida should be detected by heuristics. False.

    So this is my case. An advanced user infected by a virus of MONTHS ago while using Eset's Smart Security :rolleyes:

    I don't even know why did I submitted the file to be inspected by them since I'm not gonna use more this AV (hope others get infected too and make them think about this), so it's time to look for a replacement loosing even more time since bloated cookie cleaners are common nowadays. How convenient...

    Another thing I didn't like from this AV was something I read time ago in some blogs. It seems Eset is blocking warez websites (even though they're just forums which doesn't host anything, I mean block rapidshare then dammit :thumbd:) And let me say they said admins of those websites had a strict upload virus=ban policy with his users so yeah, the threat was warez itself. They're also blocking harmless websites with no virus/trojans whatsoever but an ultradangerous 1-and-only page with text. But since that text are Nod's serials that must be really dangerous. Yeah o_O The police of the Internet and morality? No sorry, I don't pay you to block harmless websites, I pay you to block virus in case you've forgotten and you can't even do it well. It seems you have gotten pretty conceited but you have to remember who put you where you are. And that "who" are users who recommended your products to the people when asked what AV to use.
    But it's alright. Time puts things where they belong and maybe one year maybe two you'll see others taking the place you're in now.

    Just look how pathetic is Eset's NOD detection, and I don't care about other viruses because the only virus that matters is the one you have under your mouse arrow and this one is already detected by the rest of AVs and at least three months old. It's also funny to think entire enterprises are relying their security to an AV and after seeing this they think they are secure.
    And yeah Moderator, don't come here and try to say generic statements and such things because they will not do anything to my infected pc. You've failed. Period.

    By the way I give a chicken if you don't believe something/anything of what I've said. I know it's true and anything of what you say defending this AV will not make me change my opinion about getting infected after having analized (updated/all settings on) a file which contains a virus of three months ago which has already been reported that time long and is detected by the rest of AVs. Period.
    In case you ask why do I even post it, forums are a place to write down your thoughts and I can see other people have done it already so why can't I?
    Regards.
     
  2. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    Here is my thoughts, where was the file downloaded from.

    I would love to see a poll posted asking how people last got infected.

    I only run an A/V out of paranoia, I have never been infected since I started using a pc nearly 20 years ago.

    I have seen a pc get infected tho, it was a friend's pc, we installed the RTM of windows XP and the old RPC bug infected it as it was a direct connection to the internet, no NAT protection.

    The only hits I have in my nod32 log are the eicar test and a attachment in an email. If I didnt have the A/V installed I may well have got infected by that attachment tho although I probably would have opened it, I would probably not have ran any exe inside it.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    If you're referring to Bagle, ESET protects their users against EVERY NEW VARIANT of it. Bagle is always packed with the Themida protector to evade detection. Themida-packed files are detected as potentially unwanted applications so if the user chooses to detect PUA during installation or later in the program setup, every new variant of Bagle will be detected and blocked before it reaches the disk PROACTIVELY. What's more, standard signature detection for Bagle is added immediately as soon as a new variant is discovered. This enables ESET to detect them as normal threats instead of just as PUA.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    You are advanced user with common sense and you allow you machine to be infected/owned? Of course you blame your tools then
     
  5. Trollton

    Trollton Registered Member

    Joined:
    Jun 17, 2009
    Posts:
    29
    Location:
    Chesterfield UK
    You don't seem very advanced to me, I've used Eset for more years than I can remember & before that P-Prot, in 14 years of using IBM Clones I have only had one virus at large on my PC a worm called Benjamin. Why because I use the best AV & Anti-Malware but also that big thing between my ears. Tip: Not my nose.

    BTW I have a 50 Meg Bit connection, 5 PC's, & spend hours per day on the web. You are lacking common sense.
     
    Last edited: Feb 22, 2010
  6. Subgud

    Subgud Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    151
    Location:
    Norway
    I can in a way understand the starter of this thread! I have been infected with XP antivirus 2010 on my laptop using ESS 4. ESS didnt do anything to prevent it. I removed it easily with malwarebytes. But I do understand that rouges are very hard to block no matter what kind of AV you use.

    I dont agree that ESET 4 is a poor program or less effective then v2. I really like ESS 4 and I am still using it.
     
  7. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    i think it can be said with certainty that Version 4 is very much better than Version 2, detection wise and feature wise, not to mention a GUI that will appeal the masses and not just those interested in and with some knowledge of malware and security.

    the rogue AVs are a huge problem and are discussed at length in this and many other forums, and for every one (or more) person who has one slip by their AV there is one (or more) that have been saved by their AV.

    I was one who, although not saved because I knew what I was facing, found my AV (NOD32 V4) the last rogue AV I came across.
     
  8. kmr1685

    kmr1685 Registered Member

    Joined:
    Aug 22, 2009
    Posts:
    62
    every PC user has hiccups now and then. and every AV or AM or Antiwhatever has there hiccups sometime. as a matter of fact having clean PC means it never connected to internet or PC never switched on ;) (belive me i have one lappy purchased in 2002 and the os is winxp home edition and still clean no infection, no nothing i am still enjoying that clean pc, not switching on that PC i say ;) ) ;P
     
  9. Holden4th

    Holden4th Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    69
    ...and this is recommended in Blackspear's settings thread
     
  10. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,131
    to the original poster , sorry for your problems & yes ESET use to catch a lot of malware & it still does. However that said, things have chged on the internet & IMHO ESET while still good has not kept up...biggest mistake was going to the internet security theme of things, getting firewalls to work in all variations of windows takes a lot of work & people. Mean while no one is watching the malware as well as they use to & things an detection rates have dropped and people are not happy. I hope that eventually ESET will get back on the ball & catch up mean while they make what seems to be valid excuses or reasons you get infected & have never really just admitted that yes they dropped the ball, they will improve it's just a matter of time...FWIW I have a license for ESET & no not using it at present, it's not to the topic of what I use that is important..bottom line ESET needs to do it better & soon...just my 2 cents...
     
  11. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Eset has, and still does catch a lot of malware. Its issue then, and now is cleaning it. Fix that and no issues.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    This statement is completely wrong:
    1, the number of developers dealing with the program code has multiplied several times compared to 2-3 years ago.
    2, the number of virus analysts has multiplied approx. 50 times than several years ago and is continually growing
    3, new detection techniques have been incorporated, allowing ESET to detect tons of new malware proactively. As a result, we often see ESET to be the only one or one of a few AVs to detect zero-day threats. The fact that a particular piece of malware was not detected on your machine doesn't make ESET worse in global. Quite the contrary, we observe that, compared to other AV programs, it takes quite a lot time for malware authors to adjust their code to make it undetected by ESET. ESET programs are quite resistant against malware code modifications.
     
  13. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,131
    both comments mine & yours are opinions & as such no one can call the other one wrong. But IMO people are not happy with ESET & the direction it has taken...just an opinion. I'm a customer a fact & I'm not happy with it-fact, so find fault with that...
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Users who are not happy with their software usually change it but eventually end up with the former one when the new software turns out to fail more often. It is the right of the user to choose whatever software suits them best.
     
  15. m0unds

    m0unds Guest

    i have always been a staunch advocate of eset and NOD32. their support is always great, their products are extremely polished and detect a vast number of threats with nary a false positive. that being said, my only gripe WRT eset/NOD32/ESS is that they don't offer more affordable licensing for home users with multiple machines :)

    i can also say that a client of mine wanted to switch avira and i ended up redeploying eset products within a few months purely because FPs and bugs. the grass isn't always greener on the other side.
     
  16. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,131

    all true which is why I'm here just trying to tell ESET of a long time customer is not happy with the current trend...I will try the newest version when it comes out thanks...
     
  17. almerchant

    almerchant Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    1
    Happened to me too
    I havent found a better solution
    Need to install Malaware bytes besides.
    Al
     
  18. Deenka

    Deenka Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    23
    I was in love with this company so much that I recommended to the head of the office I work and he bought for all computers, he felt confidence but ultimately the number of malware like bankers has frequently appeared here and is causing me a loss confidence because the ESS is not detecting nothing, I did a test with the kaspersky and this garbage found only 1 of every banker I have saved in addition to leave your computer extremely slow.

    then finally I tried Norton 2010 and it detected 8 of 10 bankers who have here and the other 2 were detected as suspicious and automatically sent to Symantec, I found it very interesting and i bought a license and in the next few days will he be in office too for all computers because security is up my responsibility.

    you will wonder why you do not send all malwares to ESET? yes I got tired of sending to the ESET both in ESS and by email and they never responded and also is not detected and I have discussions here with Randy Abrams from ESET and he gave me a negative impression of the future of this product, summarizing this situation will continue for a long time ....
     
  19. Ghostaroo

    Ghostaroo Eset Staff

    Joined:
    Aug 9, 2005
    Posts:
    5
    Location:
    Seatle
    Hi Deenka, I am not sure what I said that gave you a negative impression of the future of ESET products. In the discussion we had I was talking about all antivirus products not being able to detect everything. Regardless of what sales or marketing tells you, you do not pay an antivirus company to protect you, you pay them to give you a tool to help protect yourself. It doesn't matter if it is ESET, Symantec, McAfee, Kaspersky, or another company. Antivirus is going to miss things. The bad guys often test against all solutions before they release a new threat. That is also why I stress defense in depth and recommend the use of additional security products such as SandboxIE or Defense Wall. This is not a situation that is specific to any single antivirus product.

    Best regards,

    Randy Abrams
    Director of Technical Education
    ESET LLC
     
  20. Phenom

    Phenom Registered Member

    Joined:
    Sep 23, 2008
    Posts:
    61
    Location:
    United States
    I think it will get better and I'm sure NOD32 will improve. Not every AV catch everything, so I would run Prevx, DefenseWall, Sandboxie, etc, also use SpywareBlaster.
     
  21. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    guys I think the OP is a troll.

    He didnt say anything about where this file came from and why he ran it.
     
  22. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    Lol, people love the chance to poke away at Eset. You can poke, but Eset has been on a steady incline of marked improvement for about a year now. Their detection capibility may be currently, one of the best out there. No, I wont give them their cake and candy to, because cleaning, as some call it, is the cake in this. Not really cleaning but just being able to disable something like a fake AV so that Eset doesnt continue to pop up saying it is cleaning it. Once this is done, Eset will be poke free.;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.