I love ESET as a Company! But I dislike this behavior very much!

Discussion in 'ESET NOD32 Antivirus' started by SweX, Feb 6, 2011.

Thread Status:
Not open for further replies.
  1. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Wow, I smell ESET snake oil :D

    So, now that ESET does this everyone is fine, but if someone like Comodo or Iobit does it, they should burn in their holes i guess?
    Hmmm what a strange world ;)
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Has anyone checked the PDF's linked to the blog with the feature comparison? They state for example that Avast has no smart scan or sample submission system, which is entirely false. And they also state Nod32 and ESS have HIPS, anyone saw a Eset HIPS prompt before? o_O
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,059
    Location:
    Texas
    https://www.wilderssecurity.com/showpost.php?p=1617067&postcount=14
     
  4. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
    Maybe the HIPS action of Eset NOD32 is also the feature when the orange pop-ups tells you that some Potential threat found and that some potentially unsafe application wants to access one of your program. ;)

    Anyway, there's a saying that "when the two elephants fight it is the ants that are greatly affected." :D
     
  5. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Hey,


    Today, in a threat's universe where we can hardly keep up pace with, ANY antivirus company who relies solely on virus-signatures to catch moving targets such as virus/trojans is doomed miserably to failure.

    Example: Today, I checked on MDL et al and found 32 threats that were NOT caught by NOD32 v4.2.71.2 with virus d/b 5851, upon downloading all the .exe files onto my VM. I, of course submitted all these trojans to ESET by e-mail. ESET's response will be to add all these threats to its virus database but...I know for sure the malware writers will re-pack and modify their same creations to provoke no being detected the next time. Thus, ESET will need to create more new signatures for these re-packaged threats increasing the overall number of virus-signatures already in place.

    That's why I've been suggesting a different approach by ESET on this growing problem. A good thing would be to include a sandbox, HIPS, and other technologies that would help improve the detection rate, specially for 0-Day threats. Virus-signatures alone will not cut it anymore.


    Regards,


    Carlos
     
  6. Matthijs5nl

    Matthijs5nl Guest

    Indeed HIPS is used in a lot of different ways, just like Cloud.

    If you enter the advanced options of ESET Smart Security, if you navigate to Personal firewall, you will see two menu items:
    1. IDS and advanced options;
    2. application modification changes.
    You could see that as HIPS-like features, ESET just doesn't pop-up. I think in the business version it is more visible.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Ok, thanks for the explanation about HIPS. I guess they mean the IDS in the comparison as the comparison between ESS and AIS says AIS has the network shield(which blocks network attacks and worms.) Strangely enough the NOD32 vs Avast Pro comparison states that Avast has no IDS while network shield is in all versions, even free.
     
  8. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
    actually hips and sandbox dont help improve the detection rate, u probably mean the overall protection..
     
  9. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812

    ESET products does NOT include HIPS , neither in Home nor in Business products . IDS is Intrusion Detection system part of any startdart firewall ! Home and Business products are completely the same with the difference that Business can work on servers. Application modification changes is just part of the firewall and is not a HIPS.

    HIPS is : Host-based Intrusion Prevention (HIPS): an installed software package which monitors a single host for suspicious activity by analysing events occurring within that host.

    ESET products does NOT do this
     
  10. 3GUSER

    3GUSER Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    812
    ESET are not even fast at additing detection . Have a look at Malwarebytes Corp. - they also rely on signatures , heuristics and IP blocking and detection is perfect , additing detection for new malware is lightening fast
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    Actually, not many firewalls include IDS anymore. A lot are just blocking inbound traffic and user control of outbound traffic + a real HIPS. Some suites include a IDS and there are some standalone firewalls that have IDS, but a lot don't have it.
     
  12. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
    But I'd like to see my Eset NOD32 as a purebred anti-virus program rather than for it as becoming a crossbreds of many things that others are already doing. My system was already loaded w/ those "other things" anyway.

    In my opinion, in order for the software product to excel it should concentrate it's job for what its purpose to be, and in this case to seek and destroy virus, worms, and malwares etc...and the like. Those other things llike HIPS, Sandboxing, Anti-Keyloggers, Firewalls, should be handled by other companies expert on those fields. :cool:

    But I understand also that in order to keep pace in the competition of the battle selling protection programs, anti-virus developers are in the look out for a more effective ways for attracting the attentions of consumers. That means, more whistles and rings and other flowery things in additions to the main job of the program. But sometimes it just makes their product more buggy, heavy and slow and even in conflict w/ other programs in our pc. :p
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    This is not about keeping pace with others, it's about providing as best protection as possible. You assume that the role of a security program is reactive, ie. destroy / remove malware that has made it to a computer. In my opinion, prevention is much better than reaction and every vendor of security software will add features that help prevent malware from entering the system. It is a matter of fact that removing malware is much more difficult than detecting it. It's sometimes even impossible if malware modifies files to such an extent that they cannot be recovered any more.
     
  14. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
    Absolutely terrible, I had no idea Eset was like this. Not to mention the first comment from Eset rep completely ignores the opening post.

    Don't bother arguing with my post, I've made up my mind and will not purchase a product from Eset.
    :thumbd: :thumbd:
     
  15. bradtech

    bradtech Registered Member

    Joined:
    Nov 16, 2009
    Posts:
    84
    Yeah for a while I was doing reviews, and posting on youtube. You find that it's luck of the draw day to day on what gets caught and what does not.. Along with who catches them. People need to get out of the state of mind that Antivirus alone is going to keep them safe.

    I think many AV companies understand that, and try to add other mechanisms to help the users. Like ESET letting you know if you have machines that are not patched up to date. Others have implemented sandboxing, disk snapshots, and others just notify you anytime something is attempting to make any changes to anything which can get annoying for ordinary users. Right now I like Secure filtered DNS, Patching, and a light weight AV. Turning up a Honeypots internally is nice to have for worm propagation, and isolation along with kiwi syslog box/Auditing to show failed logged on attempts. Anymore these zero day AV makers push out new exe for fake avs multiple times a day. Simply recompiling and changing the MD5/SHA1 then upload to a new domain or hacked legit site to host it off of.

    If you are fortunate enough to have enough stroke in your organization Limited User Accounts, and Software Restriction Policies help tremendously. LUA can mitigate damage to a local user profile vs an entire box or possible network infection. A good SRP won't let the exe even launch.

     
  16. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yeah. It seems that ESET has no interest in this, and they really don't care about it unfortunately! :(

    EDIT: I guess they did after all :)
     
    Last edited: Feb 8, 2011
  17. CarlB

    CarlB Former Eset Employee

    Joined:
    May 17, 2007
    Posts:
    37
    This is what was forwarded to us as the official response:

    First, we’d like to acknowledge a mistake on the comparative sheets in the false
    positive and proactive detection sections. This was an honest mistake and we
    appreciate that it was brought to our attention. ESET prides itself on the trust
    we’ve built with our customers and the public and we would never knowingly
    publish incorrect or misleading results

    Historically, there is no doubt that ESET has a great track record with 66 VB100
    awards. In AV Comparative retrospective tests, ESET has a clean record of scoring
    the highest (Advanced+) award.

    Looking at the data Avast! posted towards the end of their blog, ESET’s detection
    is higher than Avast!’s in Virus Bulletin tests. In AV Comparative tests of detection
    from August 2010, ESET’s score is 0.7% lower than Avast!’s, while ESET has 3 false
    positives less than Avast!. In the heuristics section, the numbers show ESET’s
    heuristic detection is better. When we look at the last AV Comparative report
    from November 2010, ESET has 56% and Avast! has 43%. When reviewing such
    tests, one can look at each category and find better or worse numbers for each
    product.

    Other vendors make their HIPS functionality modular so it appears to be similar to
    a behavior blocker. ESET has chosen a different approach and integrated our HIPS
    into the program's heuristics to let it decide the best action. Hence the typical
    behavior blocker list of rules is missing.
     
  18. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    pretty sure nobody here was referring to what product was better so ur justification with more stats isnt necessary. people were just unhappy about the misinformation that u are saying was a "mistake"
     
  19. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Thanks for the official response.
    And I agree about that I really didn't think, and I still don't think that you(ESET) did it knowingly. But I felt that I needed to let you know about your mistake.
    And I hope that it doesn't happen again either to ESET or any other vendor.
    It's small mistakes like those that can hurt the reputation of a company that's known for it's perfection.

    I personally had NO idea about the integrated HIPS like module into the Heur-engine. That is a good step I think. And many thanks for letting us know about it. But I still wonder why ESET doesn't mention it on the Website incase someone wonders if ESET has a HIPS they won't know about the integrated parts?

    Thanks.
     
  20. The PIT

    The PIT Registered Member

    Joined:
    Sep 4, 2008
    Posts:
    185
    I don't take notice of any marketing and not much notice of comparative sites.
    The job I do involves cleaning students pc's up after they watched the latest free movies on the net.
    The actual real world performance of the virus checkers is pretty poor. Fully updated sitting there disabled by malware. Or even worse sat there with the infection running and they don't notice. Strangely I don't see many laptops with eset installed which I think is due mainly to students not hearing about the product.
    At the moment I would recommend Microsoft security or Eset although Eset is getting more buggy as time goes on which makes it difficult to recommend.
    It's a shame programs like malwarebytes and combofix can remove infections fairly easily that the big boys can't.
     
  21. nodyforever

    nodyforever Registered Member

    Joined:
    Oct 30, 2007
    Posts:
    549
    Location:
    PT / Lisbon
    Thank you ESET. :D
     
  22. stratoc

    stratoc Guest

    I take all these things with a pinch of salt. I have a subscription to eset, each year I get my reminder stating only anti virus to never have missed an in the wild virus? I was infected twice by 'in the wild rogueware' but I just guessed this was different. Most of the performance etc brags on their home page havn't been updated since v2.7 which is kinda misleading.
    I like a no nonsense low over head av, but if eset posted recent independent reviews, maybe nobody would buy it?
     
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    That's what people should always do - take test results with a pinch (or better heap) of salt. What matters is not how a particular AV scores in certain tests but how it performs and protects a particular user's computer. When referring to tests, only those carried out by prestigious testers should be taken more seriously. I can tell that it's really a tough work to do a cleanup of testers' bed sets; instead of weeks spent on selecting non-functional / irrelevant samples the vendor could spend the precious time by concentrating on real threats.

    It is a matter of fact that no security solution itself provides 100% protection against threats; every AV misses less or more threats no matter what protection mechanisms it uses (be it heuristics or other kind of HIPS mechanisms, each is dependent on updates). In order to achieve as best protection as possible, the user themselves must also take additional measures, such as using non-admin accounts / UAC for daily work, safe surfing (ie. avoid visiting sites with a potentially dangerous content, using a Noscript plug-in, sandbox, etc.), keeping the OS and security software up to date, using non-trivial passwords in a network, installing a router with NAT as wel as a properly configured firewall, etc.

    The statement "Since its first submission for testing in May 1998, ESET NOD32 is the only tested product that has never missed a single In the Wild virus" is true. For more information about ITW, read http://www.virusbtn.com/resources/wildlists/index.xml or http://www.wildlist.org.
     
    Last edited: Feb 10, 2011
  24. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia
    Tests can show which of these work better, but they’re all far from perfect.The truth is, it doesn’t really matter which is better. The bad guys will scoot around any of them.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.