Completing protection

Discussion in 'NOD32 version 2 Forum' started by IcePanther, Jun 1, 2006.

Thread Status:
Not open for further replies.
  1. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi,

    Sorry for posting this here, if it is not the right thread, but I felt like since there are the most Nod users here it would be good to know their opinion. Feel free (moderators) to move it if needed.

    My license comes to its end, and I seriously took time to test KIS to, but it caused errors on disk continuously, causig checkdisk to start and fix things, effectively preventing me from defragmenting, and being an annoyance in general.

    So I think i'll be renewing with Nod32, but before I do so, I have a little question to you here : I'll use Nod+Outpost, both latest versions, as resident protection, and AdAware+SpybotSD+SpywareBlaster as an on-demand (i.e. weekly scan) protection.
    But, a component I think is important is Rootkit detection / HIPS (host intrusion prevention system). So my question is indeed simple : what would be in your opinion the best hips out there (mainly based on detection/functionality but also on usage of system resources since i'll run this on my laptop) ?
    Same for rootkit detection ?

    Thanks in advance,

    Ice.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I run Online Armor alongside NOD32 without any issues, I am also testing First Defence ISR in Frozen mode, very impressed with the concept, all run alongside NOD32 without issue.

    Hope this helps...

    Cheers :D
     
    Last edited: Jun 1, 2006
  3. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Thanks Blackspear for the quick reply, i'll give Online Armor a look (and if i see it's interesting, a try) to see what adavntages it has and if it doesn't have much impact (prevX was WAY too heavy on my system)

    Thanks again :)

    Ice
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My pleasure, I haven't seen any noticeable impact using OA, or it wouldn't be on my system either ;) :D

    Cheers :D
     
  5. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    For Rootkit detection I strongly recommend this free tool:

    http://www.gmer.net/index.php

    It has also many other options which you can find useful. (screens are in Polish, but they are from old version - new version is totally in English).
     
  6. tristantzara

    tristantzara Registered Member

    Joined:
    Mar 21, 2006
    Posts:
    78
    Hi,

    I'm using Appdefend and Regdefend from Ghostsecurity. Really nice stuff, no problems with nod etc... highly recommended.
    I also tried Process Guard with no problems either.


    best regards,

    tt
     
  7. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Hi all,

    I had tried Ghost security and wasn't reaaly convinced, I'll take a look at the Gmer tool.

    I installed Onine Armor, and it seems to run well except for two problems : It randomly resizes my start-up menu (o_O) and also slowed down my POP eMail reception (Edit : and web also, although less) like hell. Except from that, it seems a good product with interesting features, blocked two injectors (flagged as keyloggers, and perfectly legit -mouse/touchpad drivers).
    Did you had such a problem Blackspear ? Maybe Nod and OA are interferring on the POP)/Web) scan ?

    Edit : After a quick peak at OA forums, seems that is a known problem and will be resolved in next build. (speed problem)
     
    Last edited: Jun 1, 2006
  8. ASpace

    ASpace Guest


    With NOD32 and suitable firewall you are protected :D

    http://www.eset.com/products/compare.php
    http://www.eset.com/products/compare-NOD32-vs-competition.php
    http://www.eset.com/products/windows.php
    http://www.eset.com/threat-center/index.php


    Special look :

    http://www.eset.com/products/compare_heuristic_detection.php
    https://www.wilderssecurity.com/showpost.php?p=760705&postcount=35


    ;)
     
  9. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Lol

    That would be great
    For now OA hasn't detected anything but cookies, if it keeps like this i'll uninstall it, because i'm most likely not to encounter threats since I don't chance surfing habits more and don't go to "nasty" websites :D
     
  10. ASpace

    ASpace Guest


    Absolutely true
     
  11. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Uninstalled OA, because it kept messing with my Start Menu, and it was becoming pretty annoying (changing sizes, double icons, whatever...). However, I'll continue to test it from time to time (on a second machine, though) because the concept is good, especially the part about removiing all files/registry keys an application has created. I think this is promising software, but ths bug (messing with system and more than one time) is a "showstopper" for me.

    Side-note : I find it quite amusing a security software injects itself into processes, thus acting like a malware (OA being detected injecting by Ouptost)
     
  12. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    NOD32 does detect rootkits using both traditional signatures to detect specific rootkits as well as heuristics which allow it to detect previously unseen rootkits.

    Regards,

    Aryeh Goretsky
     
  13. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    It is not so amusing security software injects itself into processes. Gmer injects its gmer.dll into almost each and every process (if set by user to do so) and it is not detected by Outpost. It is one of the way to "watch" process behaviour.

    I personally replaced Outpost with Gmer tool (I am behind a NAT and router), because it allows me to monitor 'outgoing TCP/IP connections' and many other system functions:

    - processes creating
    - drivers loading
    - libraries loading
    - file functions
    - registry entries

    Gmer tool has also many other unique options which I hope will be documented soon.

    What I like Gmer for is:

    - It is totally free
    - You don't even notice its presence (very low footprint)
    - Plenty of options and features
    - Can be used to detect and remove nasties
    - Allows you to log many system events to let you know what is going on on your system.
    - Author of this tool is opened to any comments and suggestions to improve Gmer functionality

    Things to be improved in Gmer:

    - User-friendly configuration
    - Documentation
     
    Last edited: Jun 1, 2006
  14. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Yep, I understand that, but it's kind of a paradox...

    After taking a look at it, yes, it seems to have many nice functions, but I think I'll be keeping Outpost, because I can also BLOCK outgoing connections (and also UDP ones)

    Indeed, the UI is pretty awful. Not per se because after all it shows information and allows actions, but it's well.... it needs polishing, i mean most of typical users will not run a program with so much information at once, no help, and little to no graphics.

    Another thing I dislike with Gmer is, its silent install in the system32 folder. Installing into system folders il also a malware-like behaviour, and I think security software shouldn't do this, OR, it should warn it will do so. Distributing Gmer as an installer or waring it installs in Windows' folder seems important to me.
    (I saw what it created using OA, if it wasn't installed I'd never know)
     
  15. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    I agree with all your comments on Gmer tool, but take into consideration it is developed by only one guy during his free time. He works hard on delivering new and better versions as well as on creating better interface and documentation. But it needs some time and effort. At the begining he developed this tool for himself, and after some time decided to make it public for free. This is the main reason of ugly GUI and lack of good documentation. As far as I know it is priority now for Gmer developer to make it user-friendly and to elaborate much better documentation. The tool is still under development and will become better and better with more improvements, options and functions. Any user can comment and give advices on the future Gmer development. Currently beside NOD32 and Gmer and some on-demand adware scanners I do not have any other protection application. Simply I do not have a need for any, and like to keep my system clean and light.

    But I think it is enough for NOD support forum to talk about other apps. Thanks for your interest in trying this tool.
     
  16. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Got this email back from GMER. Their response followed by my inquiring email. Quite an interesting response.

    Private email removed. - Ron

    > I don't understand. Is this product meant to replace
    > NOD32 (AV), Sygate Personal Firewall, ProcessGuard
    > Full & Trend Micro Anti-Spyware? Which are running
    > resident on my computer. Or is GeSWall meant to run
    > with these security programs? Your site doesn't
    > clearly state either position. Please clarify. Thanks.
     
    Last edited by a moderator: Jun 4, 2006
  17. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Well he did what you asked - stated and clarified thier position...wherever that is o_O
     
  18. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    Just my opinion. I use Gmer for some time and it serves me well.

    For sure Gmer is not meant to replace NOD32, or any Anti-Spyware application nor advanced firewall. It runs well with NOD32, and in the past with Outpost Pro. It can detect and stop processes, drivers, dll's or outgoing TCP/IP connections, but it will not worn you that you are downloading a virus. It can be used as a combination of Process Explorer, ProcessGuard, RegDefend, Rootkit Revealer (with manual rootkits deletion capabilities), simple TCP/IP outgoing only FW, it also supports AVs and other anti-malware software to run in a clean environment ('kill all' option). It can be also used by advanced users to find and delete nasties that your AV can not.

    The tool is under development and some future changes (i.e. simple inbound FW) are still to come. Some of the Gmer functions (rootkits detection) are simple and can bu used by non-advanced users, and some of them require a bit advanced knowlage. As I stated before in this thread, Gmer works on making this tool more user-friendly. Full documentation is not ready yet.
     
  19. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    If inbound protection is all you need then the following won't interest you much.
    Firewall Leak Tester independanlty tests and reviews firewalls for thier level of OUTBOUND protection -->HERE<--

    A firewall does not replace AV software, nor remove the need for AV software. They perform two different jobs.
     
  20. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    OK here's the response I got without name & email address.

    Private email contents removed. - Bubba

    So this is what I find interesting.

    "So, however AV is not required with GeSWall, there is nothing wrong in using AV as a supplementary to GeSWall."
     
    Last edited by a moderator: Jun 5, 2006
  21. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    That's the writers stated position and I find it interesting too. IMO GeSWall sounds like it may be a nice addition to AV and firewall as part of a layered defence.
    This is a general statement. NOD32 is capable of preventing many malicious files from running even before they attack and even if it has no previous knowledge of them.
     
  22. fred22

    fred22 Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    229
    about Gmer: i ticked all options after watching "gmer.avi"
    im using blackbox(shell replacer) btw..

    rebooted system and it hangs there..its showing 2 popups from gmer.exe something with explorer..im guessing the shell replacer > blackbox
    theres notime in accepting the popup cuse it dissapears to fast

    rebooted save mode
    unticked all option
    rebooted
    all fine

    nways looks like a good tool ;)
     
  23. pc-support

    pc-support Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    285
    Location:
    Edinburgh, UK
    You could try some HIPS software such as prevx1r (free for 1 year)

    http://free.prevx.com/

    I am using it more and more with my customers in conjunction with NOD and so far nothing has been able to get past that combination :cool:
     
  24. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    @fred22

    It will be fixed in the next version (as it can be an issue on some machines).
     
  25. Sch1sm

    Sch1sm Guest

    I only ever use Eset NOD32 Anti-Virus System with the hardened configuration settings provided by users on this forum. Infact i had my first alert from NOD32 Anti-Virus System lastnight via a pop-up which was detailed as containing a link to malicious content. Either way, apart from that, no issues. I'd also like to mention that NOD32 reported false positives within eEye Digital Security's Retina Scanner. I can't fault Eset NOD32 and i feel very confident using it. I'll be an Eset customer for many years to come. :)
     
Thread Status:
Not open for further replies.