NOD updates

Discussion in 'NOD32 version 2 Forum' started by Stem, Apr 23, 2006.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    cerBer as Marcos stated numerous times paid users have higher priority then trial ones. I guess you have a trial version.
    My commercial version works fine since Friday. ;)
    Unacceptable is what you don't want to accept. Nobody is perfect, but ESET was fast in fixing the issue.
     
  2. cerBer

    cerBer Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    81
    I have many different versions at work, at home and on my client's computers, but this is certainly not a question of priorities, but of program logic.
    If you have lower priority, it should be said so, not that your program is up-to-date.
    It would probably not be a problem for anyone, if admitted by Eset and fixed in the way it is 'fixed' now - by perfectly working servers, which is actually not a fix, because servers can go wrong any moment again.

    But if it is not recognized by Eset, it is a huge security problem. So sad that it is so difficult to realize that.
    Possibility is one serious argument in security business, and more serious your attitude to that, more professional you are.
     
  3. DarkStar251

    DarkStar251 Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    4
    The point some people seem to be missing is that its not about the fact that some people, wether trial or commercial, cant get the updates instantly.

    Thats not a positive thing but a fully excusable symptom of NOD32s rapid growth, it doesnt cause me any issues whatsoever.

    The problem is the software saying your copy is up to date when it is not, as a few people here keep saying and getting replies of 'oh well trail versions are lower priority'.

    Its not about trial versions getting lower priority, its about ANY version saying it is up to date when it is not.

    The reason I came across this is that I had installed NOD32 (yes, trial) on my parents computer as they had just gotten internet access. It was only by sheer coincidence that I noticed the deinitions were 6 days old yesterday despite it being connected non-stop those entire 6 days.

    The program hadnt been able to update itself, but it hadnt alerted anyone to the fact that it was having server issues (due to the servers being overloaded etc) or anything, and when I clicked the update button the first 10 times or so it would say it was updated.

    This is my issue, someone who didnt have NOD32 elsewhere and didnt KNOW that message was incorrect may have simply assumed it had been a quiet 6 days for virus writers and left it. I knew enough to spam the update button some more till it fixed :p

    All that is required is some sort of alert that the program hasnt been able to update, rather than hiding it in the log, and a change in the 'your version is up to date' message.

    For example, if I recieved such a message on a computer I was using I would know that there was a *small* risk of infection and would be less likely to run an untrusted program, depending on the AV system to notify me of a virus beforehand, and I would know I could trust on demand scanning of files I had just downloaded.

    All users here are asking is to be kept informed, not for 'trial users to have the same priority as commercial' or some other unreasonable demand.
     
    Last edited: Jul 30, 2006
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Agreed, as far as I know the issue is being addressed. I will see if someone from Eset would care to comment further.

    Blackspear.
     
  5. DarkStar251

    DarkStar251 Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    4
    Well then from my point of view thats all I wanted to know and I'm more than happy with that response :)
     
  6. cerBer

    cerBer Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    81
    Great! Thanx!

    Then, the only question is, why did it take 6 pages of everything, to accept this? I think, it was clearly enough explained in the first post.

    Ok, I have tried it again(10 minutes ago). On the completely fresh Windows installation (XP SP2 with all updates). After installling NOD32(trial version, that is what I usually do on client's computers, as I am not a reseller) with all default settings, first manual update says your version is up to date (1.1680 20060727). After 5 or 6 retries, it updates itself successfully to version (1.1684 20060729). There is only one log - about successful update!!!
    Is this not enough of evidence? Why would it not be reproducable in Eset office(unless they do such trials on update server itself :D)?

    But the most magnificent thing is how Eset decided to fight the problem!!!
    Now NOD updates to 1.1684 (yesterday's version), but on Eset page 1.1683 is listed as latest. Great job:p !
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My pleasure :blink:


    It hasn’t, there are 2 issues here, one is the “your system is up to date, no update is necessary”, the other issue is the load on the servers caused by a unusual very large update. The first, as far as I am aware is being addressed, the 2nd has been addressed and is being addressed for future proofing against the problem.


    I have asked for an Eset representative to respond here.


    I never worry about the update version on their website, and so long as you are at the same version or ahead, there isn’t an issue, someone is simply having the weekend off, in a day or so they’ll update the website.

    Cheers :D
     
  8. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    When one has NOD32's update settings on <Choose automatically>, does this mean that new servers they add will be added to the local list within NOD32, or that NOD32 will simply choose from servers that were present in the (static) list that was there when it was installed?

    In other words, will existing (registered) users have to do anything to benefit from the new servers that are added, such as reinstall, or manually update the server list?

    Edit: Thanks for the answer, Blackspear. And for the totally needless reply notification, pykko.
     
    Last edited: Jul 31, 2006
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    They will magically appear in the servers list ;) :D

    Cheers :D
     
  10. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I knew there is something magic with NOD32. :D :D :eek:
     
  11. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    The error you see in your log is NOD32 failed to connect to a server...
    When that happens, it automatically moves on to the next.
    If it can't connect to any servers at all, you will not see the 'up-to-date' popup.

    Try this
    1: Disable your connection & hit the update button. No up-to-date popup here.
    2: Change server to something else than automatic, try u4, hit update. No up-to-date popup here either.

    There are several reasons why it said you're up to date (and I'm only guessing here)
    - The particular server that NOD32 connected to has not yet been updated with the latest defs.
    - All servers are too busy with the massive amounts of people trying to get the latest defs (so it puts you 'on hold' for an hour or two, not the end of the world btw) .
     
    Last edited: Jul 31, 2006
  12. cerBer

    cerBer Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    81
    I think it is enough proven, that up to date message can be displayed even if server IS updated.
    Still, reporting up to date status when it is not, is a bug. NO matter, server is busy or not.
    Really, getting update an hour later wouldn't be a problem, if you knew that you need to update and were not mislead by up to date message.
    Plus, if I preffer to update manually, would you suggest to click update button for one hour continuously, or just return to work after one or two hours to click it again?
    End of the world or not depends on if you will get infected or not during those few days you were thinking your NOD is up to date due to false message.

    Finally, trying to dissolve bug report thread with 'not the end of the world' posts is probably not a very good idea.
     
  13. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    I'm just gonna stop trying right here..
    It's obvious that your sole purpose in this thread is to bash NOD32 and I'll have none of that.
     
    Last edited: Jul 31, 2006
  14. cerBer

    cerBer Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    81
    Could you please be more specific?
    Are you saying that false up to date message is not a bug?
    Or, are you saying discussing bugs here is bashig?
    Or, you simply have something against me personally but you are afraid to say?
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Guys, please refrain from personal attacks. It's a matter of fact that for trial users to get updates on time we'll need to change the system for trial versions and minimize the number of those using cracked versions. Hopefully this won't take much time.
     
  16. Scott-Sutton

    Scott-Sutton Guest

    Greetings All,

    I was looking at the large update delivered to clients last week and noticed a number of exploit advisory protection signatures for Javascript and suchlike, along with Linux exploit protection signatures. Is this a trend that's growing in the shadows in realtion to Linux? I know it has a far lesser userbase than that of Windows but exactly when did Eset begin to notice the exploits? For what it's worth I certainly find it alarming that Linux is being targetted somewhat although many attackers choose Linux as their OS of choice to attack Windows Systems, I'd certainly be looking twice over my shoulder from now on, although in saying that, I do have an interest in Linux myself, although I spend the majority of my time using Windows. Even today there was a protection signature update for Linux in the 1.1685 signature. Are these exploits local and require root priviledges or are certain exploits remote?
    I'll admit that I had issues updating my system's protection last week but I can't see anything that would warrant an argument, Eset can only do so much to protect their customers and many are expecting more than can be given and thus becoming frustrated when they don't live up to "expectations". Please remember that the analysts working at Eset are highly skilled in their field and it takes a high degree of knowledge to be able to undertake a position in malware research - They're only human. :)

    Regards,

    Scott Sutton
     
  17. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,033
    Location:
    California
    Hello,

    There has been a great deal of discussion here about the base signature update released by ESET for NOD32, how the various versions of the client¹ software handle downloading of these updates, staging of the updates the the client, ESET's infrastructure for publishing and distributing updates to the client, anti-piracy issues and so forth and would like to try and address these issues as best as I can.

    As everyone is aware, when a base update comes up, the NOD32 client downloads a new set of signatures which is much larger than the typical signature update. I understand these currently average around forty to fifty times the size of a typical set of signatures and that in the past base updates averaging 100 times the size of a typical update have been released. That's kind of like having to switch from a 100Mb/s Fast Ethernet connection to 10Gb/s Gigabit Ethernet connection on demand.

    When an update like that occurs, the bandwidth required by ESET's update servers scales up proportionally and factors such as latency and jitter which lead to dropped packets and retransmittals which are a non-issue with small signature updates suddenly become critical and load-balancing the update servers to meet those demands goes from a routine process to a complex one.

    Coupled with with these types of network delivery issues are client-side with the performance, reliability and quality of the network connection, time outs from hosts' network interfaces or the client application, and so forth.

    In other words, providing enough bandwidth is merely part of the process. Ensuring the updates get delivered reliably over the connection is another.

    Base updates are planned out in advance and scheduled to ensure they can be delivered in a proper fashion to the client. This time, though, we had some unexpected troubles:

    The demand on the servers from clients requesting updates was greater than calculated and the number of unsuccessful downloads was also slightly higher², as well. And further confusing things was that people were seeing a message in the client UI saying they had the latest signature update when a newer one was available.

    As a result, for several days some people had problems downloading updates. The number of problems, though, has decreased to about where things were before the base signature update was released.

    Now that you have an idea of what the problems were and the effects they had, I'd like to talk a little about some of the steps ESET is taking to ameliorate the problem with distributing future base signature updates.

    First off, we're adding more servers in new locations. This should help balance the traffic across the network of update servers and ensure that as the number of clients increases the number of servers increases to match the demand better. While this seems like a fairly self-evident process, it's not a decision that is made lightly. If you're going to anti-virus update servers, they have to be very reliable and very available. You have to take every practical step you can to minimize downtime, ensure the files they are host are updated correctly and pretty much ensure any part or cable can fail (or lose power) and the servers will continue operating. They also have to be protected against attackers.

    The other side of this is to look at what sorts of changes, if any, need to be made on the client side to ensure delivery. Better handling of errors and unexpected conditions, ensuring that signature updates are received completely and correctly, even over low-bandwidth, high-latency error-prone connections and even changes to the UI like more informative status messages need to be investigated.

    I know these seem like fairly mechanical processes of throwing time, money and bigger/faster equipment at a project like this and, in a sense, that's exactly what some of this is going to involve. However, there's a fair amount of work which which needs to involve investigating and testing of new hardware and software and networking equipment, testing load balancing and server clustering and so forth. Microsoft's BITS is an interesting protocol, for example, however it is not something which applies to Linux or Novell NetWare. And there are some quite legitimate concerns about the security of peer-to-peer update mechanisms for anti-virus software.

    This message is a little longer than I had originally planned on writing, but these are neither simple or easy issues to address. I hope I have made it clear, though, that these are issues ESET is working to resolve.

    ESET wants all of its customers to have not just satisfactory but great experiences with its products and services and this is one area where the company is going to try very hard make that happen. Please remember, though, that these kinds of improvements do not occur overnight but over time and occur gradually in small steps.

    Thank you for your patience and your understanding.

    Regards,

    Aryeh Goretsky


    ¹I know most of you think of NOD32 and other anti-virus software as a utility program--you may even run the Enterprise Edition and have some sort of n-tier distribution model set up at work--but for purposes of this discussion, it's better to think of NOD32 as a client-server app, with your copies of NOD32 as the clients and ESET's update servers as the servers.

    ²This was somewhat puzzling until you consider that the greater the size of the file, the higher the likelihood of encountering errors in data transmission.
     
  18. PigBrother

    PigBrother Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    9
    Location:
    Bucharest, Romania
    Maybe my idea sounds stupid, but...
    I've never seen or heard about such feature in an antivirus product, but it's always a place for "the first time". Do you ever consider bittorrent as a way to distribute updates? Your server will act as a tracker (with authentification, of course) and another server will distribute the updates for a few hours then will shutdown itself to conserve bandwidth leaving the clients to take care of the distribution.
     
  19. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    I'm just gonna vote NO on that one :)
     
  20. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    No, I do not think it sounds stupid. It is certainly one way to address the issue of update server capacity. However, there are other problems that could arise, such as making sure that the update files are actually trustworthy, and also making sure that they do not fall into the wrong hands. Aryeh Goretsky touched upon this when he said,
    If nothing else, it does show that people have considered the idea of Bittorrent (or something like it), but have decided against it for various reasons.
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Thank you Aryeh for taking the time to write such a detailed reply, it is appreciated.

    Cheers :D
     
  22. PigBrother

    PigBrother Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    9
    Location:
    Bucharest, Romania
    alglove, thank, I'm a moronic blind guy, I didn't seen the BITS reference :)
     
  23. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    Hello!

    What is wrong again with ESET update servers? I can't update NOD32.
    I'm have valid license.
     

    Attached Files:

  24. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,174
    Location:
    Denmark
    Nothing, 1.1691 is the current version, nothing new has been released yet..
    So you are up-to-date :)
     
  25. basti

    basti Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    48
    Now it's 1.1692 ;)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.