NOD32 Opinions ...

Yes, yes, yes... a thousand times, yes!

 

So is it true that quarantined files are not moved but copied? That doesn't sound too effective.

 

I believe the logic of this is one of caution. If a critical file is moved, and it's a false positive, recovery can be problematic. The copy operation allows verification of infection, and then clear action if warranted. Either approach has difficulty in some circumstances.

Blue

 

To everyone from Firefighter!

One big plus to NOD that it was able to detect Backdoor.BeastDoor.207. I wonder, why so many av:s are unable to detect that very common nasty when only by using Google, you can download that backdoor very easy!

It was more than two weeks ago when that nasty was published, but still so many av:s detected nothing.

Best regards,
Firefighter!

 

Mele - no I certainly did not try that - I don't tend to try those things myself.

I also do not want my NOD to start using extra resources in order to detect harmless files, or trojans. Indeed, I want my AV to detect viruses instead. I use TDS3 to detect trojans.

I prefer to use the proper tool for the job - I am not one to use a screwdriver in order drive a nail ;-)

 

Oh come on! That is a poor excuse I believe. NOD32 is the ONLY av that does this and it is a dangerous practice because the word QUARANTINE does not mean copy something! New users can be harmed because they assume, rightly, that quarantine means what the dictionary says it means and all AV vendors EXCEPT Eset agree on the meaning of quarantine in an AV. So, a new user who has come to NOD32 from another AV assumes that the infected file was MOVED to quarantine and ends up leaving the infected file in the original location. That is really super duper.

I don't see how copying the file to quarantine helps protect against problems with restoring it. You will be restoring a copied file. I'd rather restore the original that was moved. I have used many AV and all of them move the file to quarantine where you then safely can examine it and decide what to do with it. I have restored countless files and never once had a problem. I strongly believe your argument is a weak excuse from Eset because they just don't want to give us a proper quarantine. This is another example of how Eset just goes off and does very weird things that no other av vendor does. Some of the weird things are innocuous, although perhaps irritating, while others are potentially quite dangerous.

 

Not at all, I believe Blue has a very valid point, and one I had not considered before.

Totally agree, I have argued this point in the Nod32 forum quite considerably, this MUST be changed to something like, copy this file to allow further analysis.

After reading Blue’s post, I do NOT want one of my customers moving a system file anywhere. I want Eset to maintain the function of Quarantine, however as stated above it MUST be renamed, and this should be a priority…

It is Eset’s prerogative to do as they please, to do the same thing day in and day out without change, we would still all live in caves, I for one applaud Eset in their drive to improve their product through any means they choose to see fit…

Cheers

 

Rant in regards to intelligence removed. I am sorry, msanto, that some have carried your thread so far off topic. From here it will remain on topic. All Off-topic posts will be removed.

 

I am on a very old machine PII 233mhz and the only av that really run smooth without any hickups has been NOD32

I never got an virus although being on the Internet 24/7 and with loads of mail.

I believe you should run an AT - Boclean or trojanhunter - and a good firewall parallel but that's about it. The new beta with more advanced heuristics is a charm - so here I am totally happy with NOD32

PII 233mhz, 160 Ram, win2k

Ruben

PS: <snip> is back again - seems he looks for any thread on NOD where he can talk about KAV at the end - the guy working for them??

edited to remove individual reference - Detox

 

Nice to see Nod32 running smooth on such an old system.

With regards to <snip> it is she, not he...

Cheers

edited to remove individual reference - Detox

 

Well, I have BOClean already.


edited to remove individual reference from quote - Detox

 

IMO I'd hold off on buying NOD32 for a while. Just tried the latest beta which addresses some of the shortcomings of the current product. Still having the same issues as I encountered in the previous rev.

https://www.wilderssecurity.com/showthread.php?t=45226

 

msanto,

You might be interested in the following thread (as DSLReports) in which running NOD32 & BOClean together are discussed:
http://www.dslreports.com/forum/remark,11113909~mode=flat

To sum it up, those folks agree that the 2 programs work fine together.

If you decide to use NOD32 (or any other non-KAV engine AV) as your main RTM scanner, you can always use another scanner periodically to confirm you results or if you've had some kind of system event. Online scanners such as TrendMicro HouseCall are fairly well-known, but you may not know that the KAV engine and definitions can be found in eScan's AV toolkit (free tool):
www.mwti.net/antivirus/free_utilities...
It's like having the best of both worlds, in my opinion.

I'm running the NOD32 beta trial on a very old machine. It works great. I also run the eScan toolkit on occasion. It has not found anything that NOD32 missed as yet.

pollux