Future Changes to Nod32

I would like to see an improved user interface where you can choose between two modes. One extremely basic an duser friendly, and one advanced like the current GUI, but with a bit more "styled" interface. Maybe use XP buttons and the likes. Generally make another "theme" for NOD32 which is a bit more soft in the edges.

 

Hi everyone,

My private system is not connected to the net, so I decided to confine myself to the on demand scanner, and therefore kicked both nod32krn.exe and nod32kui.exe out of my autostarts. That leads to sugestion #1: Something like a command line switch that lets nod32kui open the control center window by default.

Second, I'm really unhappy with the scanners /quit -switch. What about making it a bit smarter - autoclosing the scanner only if nothing has been found, but leaving it open when destiny strikes ?

Finally, the closing statement within the scanners report window. In my opinion, the end of the scanning process is not made very clear. Moreover, you have to take a really close look to find out if things turned out good or bad. The only difference is one single number. An unmistakable indicator during the whole scanning process would improve the whole thing ... like a spinning symbol, with a percentaged countdown inside (instead of the progress bar), finally replaced by a green or red sign, depending on the result...

 

When NOD32 detects a threat, I'd like to see a link to more information about the specific threat. Currently I have to visit competitor Web sites to learn about them. This isn't just a vanity request. There are clients that will get the same threat multiple times. Just having NOD32 prevent infection is nice. But having info to prevent further contact with the threat would be better.

Also, as already mentioned, an "ignore next time" button would be great. For those with fears of unintentional clicks on this button, what about a list of ignored threats that could be right-clicked and "un-ignored"?

 

my experiences with 'average' users leads me to believe that this would be selected as a matter of course for many users - resulting in important threats being 'ignored' - I vote that this would be a bad idea, on the basis that it would lead to many infections being ignored, rather than dealt with properly.

hth

Greg

 

agreed.
but I do like his other idea of providing some additional background info on what the threat level is and what the effects of that particular threat are, e.g.

"this virus infects your hard disk boot sector and potentially wipes out all your data"

would be nice to know vs. something like

"this virus occasionally blanks your screen and says `you've been zapped`

which would be much more benign......

 

If you know about a robot that would work 24 hours a day, 7 days a week and 365 days a year, please tell him we will be glad to employ him. His task will be to analyse each of about 200 000 threats (well, no one knows the exact number). Maybe he could manage it after hundreds of years, but if he speeded up his working frequency, he could make it a bit sooner )

 

Marcos, let me start by saying that I truly respect your opinon and knowledge and thank you for being extremely helpful in my previous difficulties with NOD and getting me straightened out.

However I think your answer to this suggestion is a bit sarcastic and un needed, you make it sound as though it would be an impossible task to put virus/malware descriptions in the Eset Encyclopedia. The previous poster was merely making a suggestion that would dramatically improve Eset's public image as this is far from the first time I have heard people mention that they use NOD as their AV and yet they have to go Symantec or Kaspersky's or Panda's or Trend's or whatever other AV website to get particular info on a threat they dealt with. Even I, personally have suggested to friends and coworkers that they should use NOD, but to get virus info from Kaspersky's site or Symantec's site and these people than responded that they will just use KAV or NAV instead as it gives the impression that NOD is an inferior product.

The entire purpose of this thread is for customers that like/care about and use NOD to make suggestions to improve it. Hell, even the readme that comes with NOD suggests that we as customers are free to make suggestions to improve NOD as every piece of software is a work in progress it states and that the company appreciates and values your customer's input. Please take that in to account before answering, and try not to reply with sarcasm.

 

I'm sorry if you took it as sarcasm. I merely wanted to say that it's impossible to analyse every threat in the world. As you might have noticed, we've recently started adding more and more descriptions of in-the-wild threats thanks to Mike and his devotion in analysing samples. He has found a lot of misleading and false information in descriptions provided by other AV vendors. You should know that a careful analysis is not a matter of a couple of minutes, it may take up to a couple of hours/days (depending on the complexity of the particular sample) for a skilled analyst to make a comprehensive description.

 

Yes I know it takes time and yes the detection should definitely come before the write up, and I know Eset is working extremely hard to continually improve NOD, this last 6-8 months or so you guys have really kicked some butt and made drastic improvements, I just took it as sarcastic because I have personaly seen Eset "take the hit" so to speak for this and not gain customers that you should have, so I can just imagine that it influences other people as well. So improving the online encyclopedia would also improve the companys image to outsiders that are not familiar with NOD's abilities and quallity. Keep up the good work.

If I could also make a suggestion;

Have IMON flag files it scans as already scanned so AMON doesn't rescan it as it goes into the browser cache on the HDD.

 

There won't be any improvements to IMON as it will no longer be present in NOD32 3.0. Anyway, that wouldn't be a good idea as IMON might flag some file as clean (when set to higher compatibility mode) though it would actually contain malicious code that would be subsequently picked up by AMON.

 

AHH, didn't think of the compatibility/efficiency settings impact. That's why you get the big bucks.

IMON going away altogether, will a similar http type scan replace it, I mean will files still be scanned during download? Or are you going back to pre-IMON days and wait until the HDD write?

 

The overall protection will be improved a lot, let it be a surprise

 

Do post a screenshot when can

 

Yup. It's all a question of priorities! You can waste a lot of time with writing descriptions for 2 or 3 infections or you can put some priorities on it.
There is ALWAYS the option that you can contact the support (Marcos) via regular email or via PM here in the forum if you're infected and you would like to have more information on it. Then it works basicly like this:

He'll see if he can help you with "normal" support activities (Marcos also has good knowledge about wellknown malware) and if this doesn't workout for some reason (maybe because nobody else detects this file or he's unsure about it) he forwards this to me via email. Or he just throws the USB stick to me because we're sitting around 2 Meters away from each other and i'm trying to catch it then with my coffee cup, i became already used to this

You get then VERY FAST (usually within a hour for import things) a reply from me. First a very brief overview, later a detailed report. So that there is no help with unknown malware infection is not true.

Take a look in this thread: https://www.wilderssecurity.com/showthread.php?t=92300

A few users were infected with a worm - at this time we didn't detect it, but it had priority, because if it's posted here and several people are infected then you should react there fast. The result is an outstanding time till this worm was detected (instandly update released) and a generic detection to prevent such types of worms in further. Meaning not only added to detection to statisfy THESE INFECTED USERS, means also added some generic detection to prevent also other users from maybe similar worm variants! Thats what i call service! And to complete the disaster - i wrote within 3 hours a description for it - faster was not possible because there were during this time a few other worms to analyse.

Now take a look at ESET's Description here:
http://www.eset.com/msgs/vbnay.htm

and take a look at the description from another vendor:
http://www.sophos.com/virusinfo/analyses/w32floppyd.html

and tell me please which one you like more

As i said earlier - if there's a infection problem we're always there for you guys, you just need to ask for help - that's it.

8^) H.B.

 

Cheers H.B. and Marcos, and thank you both

 

We can see a lot of problems with killed internet connection after installing NOD32. Almost everytime WinsockFix tool is required to solve this problem. I think if it is possible, NOD32 3.0 should contain this utility and run it automatically before installing NOD32...

 

agreed - if possible!

 

Perhaps Eset could develop/market a smaller enterprise type version for the booming home network business and market a 3-5 license SOHO version with an admin ultilty that makes administration easier...ie a remote admin console that would be a slightly simplified version of the current one. Most users of home networks are somewhat computer literate but no where near as literate as they should be. Eset should lead the pack and provide a solution for such users or at least lower the current 5 license restiction on the enterprise version and keep pricing comparable as well.

 

i believe in the IMON module of nod32, there is an option to repair the lsp chain. perhaps it can be improved upon (or maybe it can also repair the winsock) and like u said run before nod32 is installed.

 

Well, I would like to see in the next version an script checker and an option to skip some big archibe while scanning and a registry monitor.

And of course some improvements in backdoors detection.

 

Maybe add a statistics/sent files log. It's very annoying that it fills up the event log in no time.

 

I "features" i definately NOT want to see is increase in resources usage.

I think memory rise it is just about ok. Averge 20Mb. ( For low memory user this will shrink to 6 - 8 Mb depending on your free memory avalible. )

But i would like some improvement in less CPU usage. Or to be more precise....... less Spike in usage graph happening.........

I dont know it this is possible though. Since NOD is already very good at it.

 

And how about a mac version?

 

Hello All,

I recently purchased and have installed NOD32 on 64 PCs/servers. For the most part the install and config went well. However I would request some improvements to the RAC (reomte admin console). I found the configuration editor useful, however after applying different configurations to different machines, the console should display which configuration is applied to a particular machine. Yes I realize that since I applied the config I should know what it is, but I don't remember what I had for lunch yesterday much less what config I applied to an given pc 2 weeks ago!

I would be nice if the console had a column for the last scan date like it does for last event etc.

I have been watching the forum for a few weeks now and am pleased to find an active and helpful group. My experience so far with NOD has been great and I have had no regrets saying goodbye to SAV9/10.

Thanks, Gerry

 

My mail client (Forte Agent) is not supported by EMON, but IMON has picked up all that tries to get through. Since I do not wish to change the mail client, will the lack of IMON leave me vulnerable to email infections?