NOD32 needs some improvement.

Discussion in 'NOD32 version 2 Forum' started by Kobra, May 22, 2004.

Thread Status:
Not open for further replies.
  1. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    I've used NOD32 for a few months, and i've recommended it to thousands and thousands of people - but lately its started to fall out of favor with me. Heres why...

    For one, i'm kinda miffed that AH isn't included as a GUI option, and is only available via right-click shell extension. Is there a reason for this? I'm thinking its because it might cause more false alarms and would be a bit more difficult when dealing with Virusbulletin tests? Either way, not having AH all the time, really bugs me, as NOD32 has already missed a few trojans. Also, I recently read about NOD32 botching the rebase tests.

    http://home.arcor.de/scheinsicherheit/rebasing.htm

    d) NOD32 Version 2.009

    Advanced Heuristics default configuration: 0 out of 11
    Advanced Heuristics enabled: 10 out of 11 (as unknown NewHeur_PE virus)
    TheefLE 1.11 was not detected.

    Thats pretty shocking, and tells me theres zero rebase protection in NOD32 unless you scan with the /AH option.

    So now, what about AMON? Amon seems weak as well, with no AH action going on. Also, I want a more "Real Time" Amon, that scans things immediately, without having to unpack and run stuff. Many argue that this doesn't matter, but for me, i'd rather stop something before it gets to the door, then push something out thats already gotten in the door! For example, the Eicar tests, NOD32 essentially fails the first two, because it doesn't recognize the Eicar.com file thats been renamed Eicar.txt.. LAME! Basically to bypass NOD32, all anyone has to do is rename a trojan to a text file, and push it into a process or something from there? AMON just seems weak. Also, I noticed many AV's, (AVK, KAV and BitDefender) have realtime file processing.. Essentially capturing nasties just by entering the same directory they are in! To me, this seems IDEAL... Why doesn't NOD32 implement something like this?

    Imon is another weak point. No HTTP scanning, no script scanning, no activex scanning. Heck, even the email aspect is a bit lacking with only inbound protection, and it misses a majority of the Eicar email test emails.

    Trojans... Another area NOD32 is sorely lacking, it even forced me to buy a backup Trojan program to block some of the older nasties. NOD32 seems oblivious to a large portion of the older trojan nasties

    Anyway, i'll stop here for now, but heres a list of things I think they need to prioritize for NOD32.

    1) Advanced Heuristics - all the time - in all the modules.
    2) HTTP Scanning w/Scripts+ActiveX+more
    3) Improved IMON w/bi-directional scanning and heuristics.
    4) Better definitions w/older trojans + some malicious adware/spyware.
    5) Realtime Scanning including archives using heuristics.

    Thats about it, I don't want push it, even though registry protection build in, should be a part of ALL AV products as options - like it is in BitDefender.

    I'm finding most of the better products out there, seem to overall be in the 98-100% mark in most catagories for ITW, so what really sets a product apart, is how extensive its definitions are, how fast those definitions get updated, and how good its heuristics are. NOD32 in my opinion, is failing on a couple of those area. The rest, are features, scanning, interface, and other things really, because lets face it, theres not a TON of performance difference in finding the pests between all the major AV's out there.

    Comments?
     
  2. norky

    norky Registered Member

    Joined:
    May 1, 2004
    Posts:
    172
    Location:
    Lithia, FL
    IMON will scan http in the next beta
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I don't know if I agree with you that Nod is falling behind the eight-ball, however the improvements that you want to see are good, and hopefully in time will be implemented.

    Good post...

    Cheers :D
     
  4. stevenestrada

    stevenestrada Registered Member

    Joined:
    Apr 13, 2004
    Posts:
    43
    >> what really sets a product apart, is how extensive its definitions are, how fast those definitions get updated, and how good its heuristics are. NOD32 in my opinion, is failing on a couple of those area. <<

    Software is a pain. Can't even make an exclusion list for demand scans..

    Tech support fails miserably. Switch to NOD32 three months ago. imon.dll crashes mail client. Tech support answered by sending some utilities, I mailed back the reports, then nothing. Mailed a month later asking for status - nothing.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have to agree with you there, apparently Mele20 on the following thread https://www.wilderssecurity.com/showthread.php?p=181123#post181123 received several replies and quite rapidly just recently, followed up with a survey email on how did they do, so maybe this is on the improve, something needs to be done and quickly BEFORE they (Eset) aggravate too many of their clients...

    Tech support here in Australia is great through Rod, I have had occasion to use support@eset.com without a response whatsoever...

    Cheers :D
     
  6. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    NOD32 support is dodgy really! I've had times where they responded fast, and I got good answers.

    I've had other times, where I never, ever, heard back from them.

    So honestly, I don't know what to make of it. KAV support is pretty fast, but even then, some of their answers are rather strange. =) I emailed them asking why the on-the-fly scanning was removed from KAV5, and they emailed back saying "What makes you think that?".. I emailed back showing how its missing, and finally got a reply saying "Yes, it is, but most people don't notice it missing.." WTF?!?

    Overall, the best support from AV/AT people i've had has to be BOClean. Kevin usually responds in minutes, and at the very least, within a couple hours.

    Sporadic support from most AV/AT companies seems to be the rule, and thats pretty annoying to say the least. For AV's, KAV seems to have tops support, for ATs, i've had the best luck with BOClean. Although, I admit I haven't tried BitDefenders support yet.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Agreed, if Eset could get on top of this, it would send them further to the front, they may find as with other products, that word of mouth about good service (and good product) spreads very quickly, you can sometimes get away with a moderate product but have excellent service that over-compensates for the shortfall :D

    Cheers :D
     
  8. tazdevl

    tazdevl Registered Member

    Joined:
    May 17, 2004
    Posts:
    837
    Location:
    AZ, USA

    I've sent a couple emails in to Eset. No response. KAV has responded to my emails.

    Good post BTW, agreed.

    Slightly OT, Kobra, what do you mean OTF scanning has been removed from KAV 5.0? I'd be interested in hearing what they have to say if you investigate things further. You could try PM'ing Lisa from Kaspersky UK. She's on the forum occasionally.
     
  9. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    Well AVK and BitDefender have realtime scanning as you probably know. As you move about your hard drives, it checks *EVERY* file you run into in realtime, with no noticeable delay. (configurable of course)

    This is most noticable by downloading an Eicar test archive, drop it into a directly, then move around that directory. Just doing that, will set off AVK and BitDefender, but not NOD32 or KAV5 (KAV4.5 it does). You can open BitDefender, and watch the updates on what its scanning in realtime, and see that as you move around, its scanning EVERYTHING, even archives in realtime, without unpacking.

    Anyway, this has never been in NOD32, but it was in KAV4.5 and seems to have been removed from KAV5. When I inquired about this important feature missing from KAV5, they at first "Denied" it, or at least were evasive. Then in followup emails, they admitted that it was removed and most people wouldn't notice it missing?!??! In fact, heres his email reply after 3-4 emails going back in forth with their denials, and my evidence.. o_O

    Dear Sir/Madam,

    You are absolutely right - in the current version KAV5 Monitor does not check archives for viruses (you can find this information in Users guide). However it did in older versions as you've indicated.

    Sincerely yours,
    <censored>
    ____________________________________________
    Technical support /Kaspersky Lab Ltd
    10, Geroyev Panfilovtsev Str., 125363, Moscow, Russia
    Tel.: +7 095 797 87 07; Fax: +7 095 797 87 00;
    E-mail: support@kaspersky.com;
    http://www.kaspersky.com; http://www.viruslist.com Secure your cyberspace!
     
  10. Kobra

    Kobra Registered Member

    Joined:
    May 11, 2004
    Posts:
    129
    Back on topic, my last 2 emails to tech support have gone unanswered totally. NOD32 folk definately need a dedicated support system for email response in a timely manner.

    I didn't purchase AVK because the 3 emails I sent them, haven't been answered after week.. Now THAT is sad.

    Come on NOD folks! =)
     
  11. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    tazdevl,

    Please start a new thread in other anti-virus software forum so we can stay on track here.

    tECHNODROME
     
  12. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    The follow-up "survey" email I got was from the U.S. office of Eset:

    Hello,

    I would like to follow up on your tech support inquiry. Did you receive a
    response within a reasonable time frame? When you were contacted, were you
    able to achieve the results you wanted? If not, were your questions answered
    to your satisfaction? We understand that this is an extra step for you; if
    you would reply to this message letting us know what the turn out of your
    issue was, we can either devote more attention to solving the problem, or
    close your ticket to assist the next in the queue.


    Thank you for your time and patience,

    Your Eset Team

    I don't know if this is just being done in the U.S. or how long there has been a follow-up survey. (It has been a long while since I last sent an inquiry to Eset). It is certainly a step in the right direction. I might very well still have NAV if it weren't for the horrible tech support as the severe deterioration of support there coupled with the bloat in NAV 2003 is what got me looking elsewhere two years ago. I think software companies don't realize just how important competent, reasonably fast tech support is to most users and especially when it involves your most important piece of software outside of Windows itself.
     
  13. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Don't think anybody can disagree that eset support is a bit "hit and miss":-replies sometimes quick sometimes not at all!
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I merely would like to mention that quite many emails are bounced back to Eset. When submitting a technical support request, make sure the email address you specify is correct and working (the best would be to use an address which does not require an antispam authentication - with a rising number of inquiries this might pose a problem).
    In case we are unable to contact you by email, our US department does it best to contact you by phone (that's why we ask you for your tel. number in the form).
    If you don't get a timely response (within 24-48 hours), I recommend you urge it by dropping an email to support@nod32.com. As the last option, you can call the US office on (619) 437-7037. The good news is that the help desk system is going to be improved signifficantly some time soon so there should be no "lost" tickets any more.
     
    Last edited: May 23, 2004
Thread Status:
Not open for further replies.