I've used NOD32 for a few months, and i've recommended it to thousands and thousands of people - but lately its started to fall out of favor with me. Heres why... For one, i'm kinda miffed that AH isn't included as a GUI option, and is only available via right-click shell extension. Is there a reason for this? I'm thinking its because it might cause more false alarms and would be a bit more difficult when dealing with Virusbulletin tests? Either way, not having AH all the time, really bugs me, as NOD32 has already missed a few trojans. Also, I recently read about NOD32 botching the rebase tests. http://home.arcor.de/scheinsicherheit/rebasing.htm d) NOD32 Version 2.009 Advanced Heuristics default configuration: 0 out of 11 Advanced Heuristics enabled: 10 out of 11 (as unknown NewHeur_PE virus) TheefLE 1.11 was not detected. Thats pretty shocking, and tells me theres zero rebase protection in NOD32 unless you scan with the /AH option. So now, what about AMON? Amon seems weak as well, with no AH action going on. Also, I want a more "Real Time" Amon, that scans things immediately, without having to unpack and run stuff. Many argue that this doesn't matter, but for me, i'd rather stop something before it gets to the door, then push something out thats already gotten in the door! For example, the Eicar tests, NOD32 essentially fails the first two, because it doesn't recognize the Eicar.com file thats been renamed Eicar.txt.. LAME! Basically to bypass NOD32, all anyone has to do is rename a trojan to a text file, and push it into a process or something from there? AMON just seems weak. Also, I noticed many AV's, (AVK, KAV and BitDefender) have realtime file processing.. Essentially capturing nasties just by entering the same directory they are in! To me, this seems IDEAL... Why doesn't NOD32 implement something like this? Imon is another weak point. No HTTP scanning, no script scanning, no activex scanning. Heck, even the email aspect is a bit lacking with only inbound protection, and it misses a majority of the Eicar email test emails. Trojans... Another area NOD32 is sorely lacking, it even forced me to buy a backup Trojan program to block some of the older nasties. NOD32 seems oblivious to a large portion of the older trojan nasties Anyway, i'll stop here for now, but heres a list of things I think they need to prioritize for NOD32. 1) Advanced Heuristics - all the time - in all the modules. 2) HTTP Scanning w/Scripts+ActiveX+more 3) Improved IMON w/bi-directional scanning and heuristics. 4) Better definitions w/older trojans + some malicious adware/spyware. 5) Realtime Scanning including archives using heuristics. Thats about it, I don't want push it, even though registry protection build in, should be a part of ALL AV products as options - like it is in BitDefender. I'm finding most of the better products out there, seem to overall be in the 98-100% mark in most catagories for ITW, so what really sets a product apart, is how extensive its definitions are, how fast those definitions get updated, and how good its heuristics are. NOD32 in my opinion, is failing on a couple of those area. The rest, are features, scanning, interface, and other things really, because lets face it, theres not a TON of performance difference in finding the pests between all the major AV's out there. Comments?