NOD32 has the worst track record ever

I run several small networks in the Atlanta area. When I found NOD32, the version was 2.7 and it allowed great administrative options while professing to be the best antivirus software; capable of finding virii in the wild!

I fell in love and purchased/installed it on all of my networks. Everything has been going along fine until recently.

I have been infected with the most ridiculous and pathetic virus you could ever come across. This is while running NOD32 with the maximum protection settings.

The virus is simple: It's a simple rootkit that rewrites your system time and somehow tells your BIOS to change it's date. The date in question is 12/31/99 (just seconds before the year 2000, I am guessing--real funny).

The problem is that with a server that is running demo software while waiting for the licensed disks to show up in the mail, it invalidates the install and is irreversable. This virus locks down my network and requires a full install of the server and a lot of work on every workstation.

NOD32 has not been able to detect it. NOD32 has not ever removed it. NOD32 does not even talk about the virus on their website (which every other virus software does). When I asked for help the first time it happened and I lost my server, they couldn't find my licensing information. I had to get the Office Admin (who had purchased the software) to look the information up and by the time I was able to identify my licensing information, it was too late. Not much help. The second and third times I requested help, I got the same run around and even though I faxed them my printed licenses once, they still couldn't find it.

What's worse is that if you try to update the virus database (which is immediately marked out of date because of the date change), you are told that it is up to date. It checks the version number to determine if you have the latest version, but it checks the date last synced to determine if it's up to date. So I have this throbbing red NOD32 reminder of their gross incompetence infecting my system tray at all times.

I am sure that my absolute disappointment in NOD32 is more the result of having not only loved the software blindly, but also of having promoted it wildly to anyone who asked coupled with the fact that it has repeatedly let me down and been unavailable to provide support. I am uninstalling NOD32 on all of my workstations on every network and I am contacting the Virus Bulletin that they so proudly claim "able to detect viruses in the wild".

jase

 

The support of ESET isn't really known to take care of the customers, sadly. Personally I find their product NOD32 quite capable of disinfecting the virues I come across on sketchy websites.

Anyhow, it's sad to read about your experience. Let's hope ESET read this and improve their product in the future.

 

Lots of other stuff will fail to functions on systems with skewed clocks, stuff like windows update etc will you post or send a hate e-mail to them aswell ?

/Göran

 

Dear LWM,

Nice digging up of older material. But isn't it true that it's a shame that Eset has done nothing (so it seems) to include a solution to this rootkit in their
products?

 

I am little baffled (or worried) with the ever-decreasing signature detection rate of NOD32. http://virusinfo.info/index.php?page=testseng that record isn't too convincing :|

 

There is nothing "we" can do to advise him. That power and responsibility rests solely with ESET, who made a promise of virus protection to him, and received his money for that promise.

I don't think so. But truth be told, I think it's a lost cause posting support questions about undetected samples anymore. Every now and then a user gets the token response of "send samples to blah@blah.com and we'll look into it", but ESET's general attitude towards such issues is clear: deal with it, or take your money elsewhere.

 

As an earlier poster mentioned, NOD32 is proven fairly good at disinfecting let's say some viruses, at least it's proven that much for me as a single workstation.

But it's definitely no consolation for a network chain of PC's who seem to all been inhabited at once by what may very well be some new strain which is evaded detection and thus crippled the entire group.

I would be equally at odds with it's chairman or lead sales rep and approach them in some fashion with expectation of compensation for loss, that is if it's included in the agreement, which i venture likely is not.

ESET at the very least should show some responsibility for it's customers some way in light of even new undetected risks that have proven to evade their security completely, and in this case it seems, disabled an entire network no matter the count.

Let us know what if any response you receive from them because difficult as it might be, there has to come a point where these AV's have got to do more than just rely on signature matching algorithms, and especially where concerns networked computer systems.

 

They're welcome to their position, of course - they're a company, and they have a philosophy to follow. Unfortunately, it is due to this position that people need to contact their support for help when their machines get infected thanks to ESET's excellent philosophy. It's almost as if people who buy NOD32 are buying a service to clean up their computers when it becomes infected, rather than a product which prevents those infections in the first place. Only when a user gets hit by a trojan and perhaps have their bank details and other confidential data stolen does ESET consider that trojan to be a real-world threat.

But like I said, I guess they're welcome to their position.

 

The dramatically different part is ESET's usual attitude of "uhm, yeah, whatever " in response to new samples. At least, they're the only vendor I know of with that attitude and flaunt it in such a in-your-face manner. And of course, we know what happens next. I daresay the OP is a fine example.

 

It's been stated numerous times in various forums that no AV is perfect and what one detects the other may miss and vice-versa. If you come across an undetected suspicious file, send it in a rar/zip archive protected with the password "infected" to samples[at]eset.com. The visitors of this forum can also include a url to the appropriate post for easier identification.

 

Marcos,

During my period of using NOD32 I've run into four separate instances where I'd have been infected were it not for other measures taken (Group Policy + SRP + NTFS access permissions). I've submitted those samples via the right-click menu. Detection has yet to be added till this day, and I imagine that those real-world samples are left free to infect other NOD32 users, who will then get to hear the typical spiel from ESET support.

No antivirus product is perfect, but the fact remains that different vendors go to varying lengths to ensure that their customers remain safe from infection. And when a vendor unabashedly drags its feet in adding detection signatures, the typical excuse suddenly sounds a lot more hollow than usual.

 

Suspicious files must be submitted by email to samples[at]eset.com. There are hundreds of already detected, corrupted, or apparently clean files submitted via the internal submission system so your samples might get lost if you submit them that way.

 

Well, I hope the internal submission system isn't built in there for the sole purpose of being ignored.

I don't get one or two files every week or so. It's more like around ten per day. And since I'm not an ESET employee who gets paid for doing it, nor do I enjoy logging into my email account ten times a day, I use the quick and easy right-click method.

At any rate, I personally think I've done as much as I should. It's up to ESET's prerogative whether to take it up from there.

 

A bit off-topic, but how do you get 10 infected files a day? Or do you go 'hunting' for them?

 

I go hunting.

 

it seems of little value to have the internal submission if anything sent via it has little or no chance of being evaluated compared to the manual system.

 

I hope an Eset employee will take a special interest in this problem & fix his system. It is of no value to rehash the problems with Eset in the past all anyone can do is move forward.

 

Threads like this one are very troubling. I recently trialed NOD32 v3 and it ran very light with no issues. However, searching this forum I found quite a few NOD32 users who had been infected or had support issues or both. There are so many good AV alternatives these days that it just seemed best to try something else. I know NOD32 has many loyal supporters and does well in many AV tests, but poor customer support is a show stopper in my book.

 

Some aspects of this thread are puzzling to me. For example, as noted in links provided above, in November of 2007 the original poster stated that:

and the thread dies over the course of about 24 hours. The second thread mentioned by LowWaterMark was contemporaneous, with similar information, and a similar conclusion. Fast forward five full months and the basic problem description is extremely similar to the original issue down to the clock reset.

On the face of it, this sounds like either an ongoing 5 month old issue or a repeat occurrence. If it's the latter, it would seem as though there is a structural network security and/or OS configuration issue that would seem to be at least addressable via clean installs and locked down LUA's on all user machines (if required). That's just one way to tackle it, there are others. If it's the former, I can't imagine the lack of thread activity here in the intervening period to tell you the truth.

As someone who did offer a bit of advice in the original threads, I would have hoped that the original discussion was not ended prior to an actual resolution of the problem. Any exit from those threads was not due to a lack of support from the community. As I noted at the outset, I must admit that the evolution of the entire situation is rather puzzling to me.

Blue

 

I am a firm believer in evaluating all the testing sites and reports before rendering my thoughts on a product. And the one thing I do know is Eset is not a unacheiver. If you say it has the worst track record, then submit proof from a unbias testing site. I have yet to find a test that supports your claim. Really gets under my skin, threads like this.

Eset is one of the best AVs on the market. You may want to look at your end for the issues.

 

ESET ranks along the upper-tier product, but truth be told, it's completely undeserving of the accolades that it and its users heaps itself with. There's really nothing to distinguish it from its serious competitors, and it's just an also-ran when placed alongside them.

Worst track record... no, far from it. I'd rather call it "overhyped" instead.