NOD32 has the worst track record ever

Discussion in 'NOD32 version 2 Forum' started by jaseinatl, Apr 6, 2008.

Thread Status:
Not open for further replies.
  1. jaseinatl

    jaseinatl Registered Member

    Joined:
    Nov 3, 2007
    Posts:
    12
    I run several small networks in the Atlanta area. When I found NOD32, the version was 2.7 and it allowed great administrative options while professing to be the best antivirus software; capable of finding virii in the wild!

    I fell in love and purchased/installed it on all of my networks. Everything has been going along fine until recently.

    I have been infected with the most ridiculous and pathetic virus you could ever come across. This is while running NOD32 with the maximum protection settings.

    The virus is simple: It's a simple rootkit that rewrites your system time and somehow tells your BIOS to change it's date. The date in question is 12/31/99 (just seconds before the year 2000, I am guessing--real funny).

    The problem is that with a server that is running demo software while waiting for the licensed disks to show up in the mail, it invalidates the install and is irreversable. This virus locks down my network and requires a full install of the server and a lot of work on every workstation.

    NOD32 has not been able to detect it. NOD32 has not ever removed it. NOD32 does not even talk about the virus on their website (which every other virus software does). When I asked for help the first time it happened and I lost my server, they couldn't find my licensing information. I had to get the Office Admin (who had purchased the software) to look the information up and by the time I was able to identify my licensing information, it was too late. Not much help. The second and third times I requested help, I got the same run around and even though I faxed them my printed licenses once, they still couldn't find it.

    What's worse is that if you try to update the virus database (which is immediately marked out of date because of the date change), you are told that it is up to date. It checks the version number to determine if you have the latest version, but it checks the date last synced to determine if it's up to date. So I have this throbbing red NOD32 reminder of their gross incompetence infecting my system tray at all times.

    I am sure that my absolute disappointment in NOD32 is more the result of having not only loved the software blindly, but also of having promoted it wildly to anyone who asked coupled with the fact that it has repeatedly let me down and been unavailable to provide support. I am uninstalling NOD32 on all of my workstations on every network and I am contacting the Virus Bulletin that they so proudly claim "able to detect viruses in the wild".

    jase
     
  2. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    The support of ESET isn't really known to take care of the customers, sadly. Personally I find their product NOD32 quite capable of disinfecting the virues I come across on sketchy websites.

    Anyhow, it's sad to read about your experience. Let's hope ESET read this and improve their product in the future.
     
  3. goran_larsson

    goran_larsson Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    51
    Location:
    Stockholm, Sweden
    Lots of other stuff will fail to functions on systems with skewed clocks, stuff like windows update etc will you post or send a hate e-mail to them aswell ?

    /Göran
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    How did you fix the problem back in November, when you last posted about it, or, are you still fighting that exact same infection all this time?

    https://www.wilderssecurity.com/showthread.php?t=190097

    https://www.wilderssecurity.com/showthread.php?t=190096
     
  5. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,000
    Dear LWM,

    Nice digging up of older material. But isn't it true that it's a shame that Eset has done nothing (so it seems) to include a solution to this rootkit in their
    products?
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    It may well be that they did nothing, or, that the user did not follow up with Marcos as requested at that time. Or, that he has been fighting the exact problem since Nov. We really need more information here if we are to advise him, not just a statement that "NOD32 has the worst track record ever". Or, is there not a support question here?
     
  7. qpok

    qpok Registered Member

    Joined:
    Apr 3, 2008
    Posts:
    63
  8. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    There is nothing "we" can do to advise him. That power and responsibility rests solely with ESET, who made a promise of virus protection to him, and received his money for that promise.

    I don't think so. But truth be told, I think it's a lost cause posting support questions about undetected samples anymore. Every now and then a user gets the token response of "send samples to blah@blah.com and we'll look into it", but ESET's general attitude towards such issues is clear: deal with it, or take your money elsewhere.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    As an earlier poster mentioned, NOD32 is proven fairly good at disinfecting let's say some viruses, at least it's proven that much for me as a single workstation.

    But it's definitely no consolation for a network chain of PC's who seem to all been inhabited at once by what may very well be some new strain which is evaded detection and thus crippled the entire group.

    I would be equally at odds with it's chairman or lead sales rep and approach them in some fashion with expectation of compensation for loss, that is if it's included in the agreement, which i venture likely is not.

    ESET at the very least should show some responsibility for it's customers some way in light of even new undetected risks that have proven to evade their security completely, and in this case it seems, disabled an entire network no matter the count.

    Let us know what if any response you receive from them because difficult as it might be, there has to come a point where these AV's have got to do more than just rely on signature matching algorithms, and especially where concerns networked computer systems.
     
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    I'll agree with you completely if you qualify the statement just a bit. Eset unabashedly states that they don't just add undetected samples that people happen to find. Their position is clear on this and hasn't changed in all the years they've been here. It's their whole philosophy for what they consider real world threats versus collected samples. However, any time a person has posted that they have a live infection on their machine, Eset has always jumped on it, helped the person clean it and when it was over, that infection source is detected.
     
  11. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    They're welcome to their position, of course - they're a company, and they have a philosophy to follow. Unfortunately, it is due to this position that people need to contact their support for help when their machines get infected thanks to ESET's excellent philosophy. It's almost as if people who buy NOD32 are buying a service to clean up their computers when it becomes infected, rather than a product which prevents those infections in the first place. Only when a user gets hit by a trojan and perhaps have their bank details and other confidential data stolen does ESET consider that trojan to be a real-world threat.

    But like I said, I guess they're welcome to their position. o_O
     
  12. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    I don't know that they are dramatically different in that part of it then any other AV company. There is always the first person infected by something new or undetected, which ultimately leads to a submission that gets added and then the rest of that products customers are protected.
     
  13. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The dramatically different part is ESET's usual attitude of "uhm, yeah, whatever :rolleyes:" in response to new samples. At least, they're the only vendor I know of with that attitude and flaunt it in such a in-your-face manner. And of course, we know what happens next. I daresay the OP is a fine example.
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's been stated numerous times in various forums that no AV is perfect and what one detects the other may miss and vice-versa. If you come across an undetected suspicious file, send it in a rar/zip archive protected with the password "infected" to samples[at]eset.com. The visitors of this forum can also include a url to the appropriate post for easier identification.
     
  15. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Marcos,

    During my period of using NOD32 I've run into four separate instances where I'd have been infected were it not for other measures taken (Group Policy + SRP + NTFS access permissions). I've submitted those samples via the right-click menu. Detection has yet to be added till this day, and I imagine that those real-world samples are left free to infect other NOD32 users, who will then get to hear the typical spiel from ESET support. :thumbd:

    No antivirus product is perfect, but the fact remains that different vendors go to varying lengths to ensure that their customers remain safe from infection. And when a vendor unabashedly drags its feet in adding detection signatures, the typical excuse suddenly sounds a lot more hollow than usual.
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Suspicious files must be submitted by email to samples[at]eset.com. There are hundreds of already detected, corrupted, or apparently clean files submitted via the internal submission system so your samples might get lost if you submit them that way.
     
  17. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Well, I hope the internal submission system isn't built in there for the sole purpose of being ignored.

    I don't get one or two files every week or so. It's more like around ten per day. And since I'm not an ESET employee who gets paid for doing it, nor do I enjoy logging into my email account ten times a day, I use the quick and easy right-click method.

    At any rate, I personally think I've done as much as I should. It's up to ESET's prerogative whether to take it up from there.
     
  18. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    A bit off-topic, but how do you get 10 infected files a day? Or do you go 'hunting' for them? :D
     
  19. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I go hunting.
     
  20. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    it seems of little value to have the internal submission if anything sent via it has little or no chance of being evaluated compared to the manual system.
     
  21. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    I hope an Eset employee will take a special interest in this problem & fix his system. It is of no value to rehash the problems with Eset in the past all anyone can do is move forward.
     
  22. Ed_H

    Ed_H Registered Member

    Joined:
    Nov 10, 2004
    Posts:
    662
    Location:
    Chicago, IL
    Threads like this one are very troubling. I recently trialed NOD32 v3 and it ran very light with no issues. However, searching this forum I found quite a few NOD32 users who had been infected or had support issues or both. There are so many good AV alternatives these days that it just seemed best to try something else. I know NOD32 has many loyal supporters and does well in many AV tests, but poor customer support is a show stopper in my book.
     
  23. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Some aspects of this thread are puzzling to me. For example, as noted in links provided above, in November of 2007 the original poster stated that:
    and the thread dies over the course of about 24 hours. The second thread mentioned by LowWaterMark was contemporaneous, with similar information, and a similar conclusion. Fast forward five full months and the basic problem description is extremely similar to the original issue down to the clock reset.

    On the face of it, this sounds like either an ongoing 5 month old issue or a repeat occurrence. If it's the latter, it would seem as though there is a structural network security and/or OS configuration issue that would seem to be at least addressable via clean installs and locked down LUA's on all user machines (if required). That's just one way to tackle it, there are others. If it's the former, I can't imagine the lack of thread activity here in the intervening period to tell you the truth.

    As someone who did offer a bit of advice in the original threads, I would have hoped that the original discussion was not ended prior to an actual resolution of the problem. Any exit from those threads was not due to a lack of support from the community. As I noted at the outset, I must admit that the evolution of the entire situation is rather puzzling to me.

    Blue
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I am a firm believer in evaluating all the testing sites and reports before rendering my thoughts on a product. And the one thing I do know is Eset is not a unacheiver. If you say it has the worst track record, then submit proof from a unbias testing site. I have yet to find a test that supports your claim. Really gets under my skin, threads like this.:mad:

    Eset is one of the best AVs on the market. You may want to look at your end for the issues.
     
  25. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    ESET ranks along the upper-tier product, but truth be told, it's completely undeserving of the accolades that it and its users heaps itself with. There's really nothing to distinguish it from its serious competitors, and it's just an also-ran when placed alongside them.

    Worst track record... no, far from it. I'd rather call it "overhyped" instead.
     
Thread Status:
Not open for further replies.