Losing the Faith?

Discussion in 'ESET NOD32 Antivirus' started by RobOK, Oct 22, 2008.

Thread Status:
Not open for further replies.
  1. RobOK

    RobOK Registered Member

    Joined:
    Jul 30, 2008
    Posts:
    18
    I run a consulting business and have deployed ESET 2 and now 3 to all laptops. We get our email through a commercial Exchange hosting company. Over four years, no one has ever had a virus caught by ESET. I'm pretty sure we have not had a virus as there have been no symptoms. Maybe there is some malware that slipped by, but if so it is not apparent.

    Anti-ad software used to be so popular, and now seems less so. Is anti-virus getting passe?

    I guess I am wondering why I am paying in time, resources and lower computer performance? Are we just lucky or is our email provider catching the viruses before they get to us?

    What is the common experience with most ESET users, is it catching many viruses, like multiple a month or even year?


    Or am i just supposed to think of this like an insurance policy and just keep paying in case one day something happens?

    I don't like the ESET architecture in v3 as compared to 2, it seems to eat up more resources and I do not have the knowledge or expertise to know if it is "better" or not.

    Our machines are all windows, mix of XP SP2 and Vista. Internet through a variety of sources, predominantly Verizon FIOS and Verizon data cards.

    Any thoughts, encouragement, or similar thinking is appreciated. I'm a newbie in this forum.

    Rob.
     
  2. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Rob: More than likely, the commercial company you're contracting with has some kind of AV or filtering in place. (Perhaps you can elaborate on this.) If I am correct, then this would go a ways in explaining why you haven't seen much in the way of malware.

    But no matter what you're exact circumstances are, there are still plenty of bad things going around. And the focus of the newer stuff is more related to theft. Theft of a user's ID, credit card info, passwords and so on. So if NOD32 catches only one of these, IMO it's worth it.

    As to lower performance with NOD32, boy I just haven't seen it... be it version 2 or 3. It's true that v 3 uses more RAM, but CPU-wise, it still seems pretty dormant. At least with what I've seen at home and at the office. The only time I ever see anything slower is at the end of a large file download. But this is due to NOD32's active HTTP scanner doing it's real-time thing. And this can be disabled if the user wants to do so.

    Looks-wise, version 2 versus 3, I was used to 2 and now find 3 ok too. Getting the most out of 3 does require one to go through a bit of a learning experience. But once you've kind of figured things out, 3 has a lot of power under the hood.

    I guess what I'm saying is that yes, I think NOD32 is worth it. And my hope it will only get better...
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Not really, but the diversity in optional approaches have increased over the years. Suitability of these alternate approaches really varies according to the user IMHO.

    Personally, it's year to multiyear timeframe in my case.

    Doesn't that describe the function of just about any protective or security measure?

    It's decent low cost/low maintenance protection. In a business setting I'd say it (or something equivalent) is basic asset protection due diligence where I'm using asset in a very general sense.

    Blue
     
  4. RobOK

    RobOK Registered Member

    Joined:
    Jul 30, 2008
    Posts:
    18
    @HAN - thanks for the note, the performance issue i have is Memory, not CPU. I don't get a high CPU usage, but after using Outlook 2007 and Firefox 3 with lots of tabs, ekrn.exe will be at 120K - 150K. I get slow downs in Outlook and sometimes get disk thrashing. To be fair, I have not done rigorous testing to say it is ekrn.exe, but the memory usage is really high when those situations happen. I have searched on this forum a lot for high memory usage, but no one else seems to report it.

    @Blue - yes, I very much look at this as an asset protection issue. But I also have cost/benefit decisions too. I can't at this point hire full time IT support, so I have to pick and choose. Backup, email, office applications, shared file space etc. all require my attention. I have loaded ESET across the board, but I just don't know if it is needed.

    I'm not about to uninstall it, but just thinking through the issue for future cost decisions as the company grows. Like I said, we have had zero hits across the company over four years. (Of course at some point a new employee may have different behavior and use different [personal] email accounts that are less protected).

    Thanks,
    Rob.
     
  5. xEnvious

    xEnvious Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    15
    Sometimes I have that feeling, too. When I'm just browsing around I hear about people getting all these different kinds of viruses and malware, but I haven't seem to "catch" any or no symptoms of my computer acting weird appeared yet.

    So I'm always thinking if it's my good safety habits or the AV just doesn't catch anything. But I always go for the former :)
     
  6. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I wouldn't surf the net without an AV. That said, I have gotten computers that had virtually no protection and not been updated and were almost clean. In my experience 90% of the problems is the surfing habits.
     
  7. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Exploits are becoming far more refined as well as moving up the OSI stack in the last 5 years. Instead of blasting themselves across the network and causing your logs to fill with countless alerts, they are relying on social engineering and tricking the end-user in to doing the work and installing malware which is why things like the HTTP filter and advance heuristics in v3 are so important to have. 5 years ago viruses were a trophy to see who could be on the news and wreak the most havoc; Today they are driven by a profit motive and the most profitable thing to do is stay hidden and steal information for identity theft. So while you may no longer see the same volume of crap hitting the filters, the things that are trying to get in are far more malicious and could completely broadside you financially which isn't worth risking unless you are for some reason running a machine with absolute no personal information and wipe on a regular basis.

    Running a Microsoft consumer OS without some kind of anti-virus protection is suicide, especially with XP/2000.
     
  8. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    439
    Only yesterday I was googling for an innocuous "free parental filter" and Nod saved me from getting a nasty PWS virus. It was a quick and painless catch for it, and its always encouraging for me to have it watching over my system. I think hits like that are rare, and most of us with safe surfing habits are relatively safe, but my example shows that you need insurance in place, and nod is my insurance online.
     
  9. xEnvious

    xEnvious Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    15
    Hey, rollers, I'm just curious. When NOD caught that PWS virus, did it occur while you were on the google page or after you clicked a link from the google search list?
     
  10. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    403
    Location:
    USA
    If user is smart using Firefox and knowing what software they are downloading you should not have a problem with infections.
     
  11. RobOK

    RobOK Registered Member

    Joined:
    Jul 30, 2008
    Posts:
    18
    Thanks for the note Smacky...

    How often does ESET v3 catch something for you? How many in the past 12 or 24 months?

    I am not going to remove ESET, but I am just trying to get a feel for what other people's experience is (i.e. do most people have ESET catching things or do most people have nothing caught like me).

    Thanks!
     
  12. RobOK

    RobOK Registered Member

    Joined:
    Jul 30, 2008
    Posts:
    18
    Thanks Oleg....

    What if i use Chrome? ;)
     
  13. Oleg

    Oleg Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    403
    Location:
    USA
    Than you are secure as well :)
     
  14. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: Losing the Faith? No, not at all.

    Then make sure your other security is up to scratch:
    http://reddevnews.com/news/print.aspx?editorialsid=10170

    This is over 5 months and across only 4 PC's. It used to be worse but one of the other PC's is no longer used as it was.

    Note the 'probably a variant of' detections.

    Cheers :)

    Screenshot - 24_10_2008 , 5_29_28 PM.png
     
    Last edited: Oct 24, 2008
  15. RobOK

    RobOK Registered Member

    Joined:
    Jul 30, 2008
    Posts:
    18
    @NOD32_user -- thanks for posting that, here is mine:

    nod32.jpg
     
  16. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    I only have complete statistics going back to August due to a RAS update wiping out the old data, but with our locked-down domain systems with people running user accounts I see about 5 systems a week blocking some nasty stuff in the HTTP filter or picking it up in IE cache. I'm sure I would see more if people had local admin rights to really mess things up. Our poster-child though is a terminal server that serves 80+ thin clients for light IE access.

    AV1.png

    AV2.png

    They're pretty much our worst-possible user group when it comes to the crap they get it to, but it serves as a reminder for what is waiting out there if you stumble in to the wrong site. We also have 40+ laptops that are running unmanaged installs that we will be attaching on to the management server in the next month and I am guessing the story is similar there, if not even worse as they are more geared toward personal use and users have local admin rights on XP.

    You may also want to consider enabling more of the advanced heuristics for the HTTP filter and unwanted application detection. The latter has picked up a few VB scripts that wouldn't have been detected otherwise or users trying to install remote access garbage that shouldn't be on our machines.
     
  17. RobOK

    RobOK Registered Member

    Joined:
    Jul 30, 2008
    Posts:
    18
    Thanks for the graph, very informative.

    I do have the heuristics turned on... well, I did for a long while, just recently i reset to Defaults. Sometimes I think ESET is using too much memory (130-150K), so i tried resetting but that has not mattered too much.
     
  18. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Re: Losing the Faith? No, not at all.

    Task Manager only gives some information. It's the Private Bytes that tell the real story.

    The following is for XP Pro SP3 with Chrome open 8 tabs, IE open 4 tabs, Outlook open & running 14 accounts & 5 RSS feeds, Dreamweaver open and all kinds of other stuff running in the background for about 1200MB out of 2048MB total used.

    Cheers :)

    New Picture.png
     
    Last edited: Oct 24, 2008
  19. rollers

    rollers Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    439
    Hi there.
    It was as soon as I clicked on the link of what I thought was an innocuous site and nod launched straight away. I have had this a few times over the years. Also, I get bored easily and sometimes just swap around on AV's. When I install a different brand to try they have never found anything for me that nod had missed. So overall I am happy and feel good with it. I guess with no AV ever being 100% perfect its always good to have a back up catcher such as a hips etc. I just use nod and Mamutu. I don't mind paying for two pieces of software that give me peace of mind together, tis a small price to pay to not having your bank account cleaned out.
    I hope that helps.
     
  20. Phenom

    Phenom Registered Member

    Joined:
    Sep 23, 2008
    Posts:
    61
    Location:
    United States
    LOL!!, norton showed alot for me xD
     
Thread Status:
Not open for further replies.