Eset - PC Pro review

Still impressively lightweight, but this new version adds uninspiring features without improving malware detection.

http://www.pcpro.co.uk/reviews/software/250062/eset-smart-security-4

there was also a review in a 2011 recent pc pro magazine of eset but it got beaten by other security progs.

 

and what we have been saying for ages:

Unfortunately, Smart Security 4 shares one less-prestigious characteristic with its earlier incarnation. Its performance in our simple malware detection test wasn't shameful, but it failed to keep up with its rivals, indentifying only 90% of threats in this month's test. It overlooked an Ardamax dropper and a generic Krap.G Trojan that were caught by all its competitors.

For that reason, we're held back from recommending Eset's offering as a general-purpose security suite. But if a light footprint or an impeccable firewall are more important to you than comprehensive malware detection, it's a fine choice; and while the new features in version 4 are hardly thrilling, they certainly do no harm.

 

Review is dated 24th March 2009, and for ESS( not NOD32), is this relevant?

 

1, simple malware detection test
If 2 samples were undetected and represented 10% out of all tested samples, the test set must have consisted of 20 samples out of which 18 (90%) were detected by ESET.
Needless to say this is a very small test set to make any conclusions given that dozens of thousands of new threats emerge on a daily basis.
What I'm missing is a description of the methodology used which is a necessity when one wants to make unbiased conclusions.
Were the samples tested for functionality, ie. all samples were saved to the disk and executed, without the malware being detected and blocked? Did the malware actually perform any malicious action? What was the source of the samples? Couldn't it be that they were re-packed samples or samples used only in laboratories with no or little occurrence among users?

2, As for Ardamax, I've seen tons of Ardamax dropper variants that were detected by ESET perfectly. Generally, when speaking about droppers it is much more important to detect dropped malicious files than the droppers themselves that can be created using various methods to evade detection. In the end, it is the dropped malicious files themselves that pose a risk and should be blocked. There was no mention of whether ESET detected and blocked all actually dangerous payload. Again, we don't know if they executed the dropper and whether it actually worked and dropped certain files.

3, Krap.G
I've searched for this detection of all other vendors and found a few which are really crap as the name says. It's a sort of packer detection which, in principle, can be triggered on legit or non-functional corrupted files. Again, we have no clue if they were actually able to execute the sample and if it actually did something malicious.

Here I would emphasize that ESET uses code analysis carried out by advanced heuristics. That said, there's a tiny chance it would detect corrupted or otherwise non-functional files. I've run into a lot of cases when alleged malware was detected by > 35-40 AV vendors at VirusTotal but in the end the sample turned out to be non-functional and because of this it was not detected by ESET.

 

No it's not relevant at all

 

Why post a review from more than 2 years ago?