Most important feature to add

Discussion in 'ESET NOD32 v3 Beta Forum' started by sir_carew, Jul 24, 2004.

?

Most important feature to add to Beta??

  1. Protection for NOD processes

    31.4%
  2. Separated settings to IMON parts. POP3, HTTP...

    31.4%
  3. A exclude option in NOD32 Scanner

    14.3%
  4. Snooze option to AMON (Disable AMON for a limited period)

    5.7%
  5. Change defaul setting in installation of AMON. NOT enabled by default under NT!!!!!

    17.1%
Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Why is the most feature to add to the beta version?
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I choose the AMON installation as a suggestion that can be considered.
    It's very dangerous. Many friend who has choose to evaluate NOD, has choose Next, next and next and AMON disabled due to default settings. It's a reality that most users doesn't read setup's and doesn't select others settings than the default. AMON is the first line of defense against virus. If ESET do this to avoid conflict with others AV, why not setup check if in this system exist other AV and warn the user of this and not to choose amon disabled as default option.
    Regards.
     
  3. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    I also chose for AMON settings on installation.
     
  4. Mack Jones

    Mack Jones Registered Member

    Joined:
    Jul 9, 2003
    Posts:
    174
    Location:
    France
    I've chosen the memory process protection. ;)
    Remember Opaserv... :'(
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The process protection is already encorporated - try to stop or kill nod32krn and you'll see.
     
  6. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi Marcos!,
    You've reason, nod32krn.exe can't be terminated from Task manager in my 2k pro machine under a Administrator account. Great news, however I've somes ideas to implement to NOD regarding processes protection:
    - Why NOD doesn't log in its event log that for example aplicattion called gift.exe has tried to kill nod32krn.exe process? so We can know which aplicattions is trying yo kill NOD.
    - I know that protect nod32kui.exe process isn't necessary, because it's the GUI. but nod32.exe is also important, because it's the process that scan the disks and many malware try to kill process like that. Marcos, what do you think about those suggestions? I wish that those will be implemented in next beta :D



     
  7. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    Enable AMON by default. :D
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Excellent Idea :D

    Cheers :D
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The best idea is to make the installer not to allow the user to click through all the options, but force him to select / leave unselected the automatic AMON startup option.

    It's a quite big technical problem to make separate settings for the POP3 and HTTP scanner - we'll move the scanner setup onto the advanced tab.
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    At present it is too easy to click "next" and go straight past "install resident protection to start automatically".

    Why not default it to be installed, and if you want to turn it off, then you have the choice to go to the Control Centre and disable it; after you have installed the entire program. It makes no sense to install half a program by default, it is just annoying to the consumer...

    Microsoft SP2 will treat everything as hostile, setting everything to its maximum by default (according to the local MS rep), and this is how it should be with any form of protection. If you want less protection, then it is your choice to lower it, and the risk is all yours...

    Cheers :D
     
  11. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    Most definitely still need to be able to NOT have AMON enabled if user so choses I think. No clue why anyone would want the best AV as on demand only, but some will choose to do that. :)
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Blackspear, it's so simply because you might not be able to get to that option after reboot unless you restarted Windows in safe mode.
     
  13. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    My thoughts exactly. Some AV will cause just that scenerio I have found out personally.
    :D
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,734
    Location:
    Texas
    sir_carew

    Have you tested any trojans with NOD?
     
  15. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    No, I tested 2 things:
    - Task manager normal: nodkrn.exe can't be terminated.
    - Task manager with DiamondCS: nod32krn.exe can't be terminated
    - Process Kill Demo built in Process Guard paid 2.0: nod32krn.exe can be killed, however nod32 restart its service again when it's killed.

    All above tests were realised in Windows 2000 Professional SP4 under a Administrator account.

     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,734
    Location:
    Texas
    Thanks Sir_Carew

    The reason I ask, is I have been reading here and there that NOD is catching more trojans than some of the trojan programs. Have you heard this?
     
  17. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    Yes, is true. I collect malware and NOD pick up most of RAT (Remote Trojan Access) without Signatures using AH. I think that NOD is one of the best detecting RAT.

     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Sir Carew, hopefully you'll submit them to samples@eset.com so that we can add detection :-]
     
  19. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello Marcos,
    I submit about 3 samples per day. ;)

     
  20. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It still makes no sense to me, you are not going to find out if you have a conflict with AMON unless you install it and reboot your PC, so why not install it in the first place as a default setting?

    In the extreme unlikely event that you are unable to have AMON running, then yes, you may have to go into safe mode and uninstall AMON. Not a single one of my customers has ever had this problem. I myself have never encountered it.

    I have been asked on a reinstall, "do I need this?" (install resident protection to start automatically), there should be no question, a customer should not need to query this, it should just install, and like I said, if you want to lower your protection then it is at your risk in doing so...

    Cheers :D
     
  21. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    Process protection is my choice. I have had NOD 32 wiped as recently as two days ago. I got some trojans on my machine and NOD32 popped up a box but I think some got thru because a few minutes later when I rebooted and tried to open NOD to do a scan I got a message 'file not found'. Then I clicked on the icon in the systray and it opened but would you believe it was completely BLANK!! No writing , no name just an empty NOD interface with green around the edges. Other programs were intact but NOD was just completely destroyed. Took me 2 days to get online. Just taking a break now. Might give the beta a go because this one is taking a beating.

    This has happened to me about 3-4 times with NOD and using Process guard makes my PC unstable so I keep away from it now until they iron out a few bugs. Having NOD broken into and destroyed was just the beginning. Afterwards my system became corrupted and my hard drive unuseable. So there are things out there that attack NOD and they are getting better at it everyday.

    Dave
     
Thread Status:
Not open for further replies.