Nod32 programmatically bans "Public" update servers?

Discussion in 'NOD32 version 2 Forum' started by mtp318101, Jun 17, 2007.

Thread Status:
Not open for further replies.
  1. mtp318101

    mtp318101 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    9
    Hey all...

    We use Nod32 at work and have been pretty happy with it. A few months back I set up a Nod32 update mirror for all our local and remote machines to use. We recently updated NOD32 system wide, and it will no longer allow updates from our mirror: "Server Connection Failure" it says. The few clients that we did not update (laptop users away from the office for example) can still use our mirror just fine.

    It's taken me a week or so to get the problem isolated. By all indications it appears that NOD32 "bans" public update servers internally. It was inadvertent, but I have reason to believe our update server was exposed to the web for a short period of time. This is the only thing I can think of.

    Anyone have any knowledge of this issue?
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi mtp318101, welcome to Wilders.

    Please check the following settings:

    NOD32 Control Centre
    Update
    Setup
    Server is set to its DEFAULT SETTING of "Choose Automatically".

    Click on Advanced and make sure LAN is set for Broadband ADSL/Cable or Dialup is set for Wireless Broadband, Dialup and Satellite connections.

    Check Proxy Server Setup> setup to make sure there isn't a tick in there (99.99% of people do not use a proxy).

    Check that LAN servers connection> Setup is set to System Account (default).

    Beyond this NOD32 will update unless a firewall is blocking the Internet connection for NOD32.

    Cheers :D
     
  3. mtp318101

    mtp318101 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    9
    Thanks for the welcome...

    Nope- all the settings are fine. I have pretty much confirmed that the folks at Eset are making sure that NOD32 CANNOT use certain update servers- specifically those that are public and don't require a password. The update module doesn't even establish a connection when using a "banned" server- it just generates an error.

    I guess they are doing this to keep ppl from stealing their program. Hacks and cracks are a dime a dozen for a popular program like NOD32, but the ability for Eset to control updates via a username / password combo is key to keeping ppl from stealing. Which is fine- but we are a bona-fide licensee & when I emailed them about this I got the brush off. :mad:

    I'll have to read through the license agreement, but does anyone know if there a prohibition on publicly posting NOD32 updates? If there isn't, and if they are making sure you can't update form servers they don't like (without telling you), then that just sucks.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    ESET do not have any "public update servers", all update servers are owned by ESET and require authorization for use.

    Cheers :D
     
  5. mtp318101

    mtp318101 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    9
    I'm aware of that- please re-read my first post. We are using our own mirrored update server which has been "banned" from by NOD32- most probably 'cause we had it open to the web. To my knowledge there is nothing that prevents us from doing this- but Eset obviously doesn't like it.

    I have never seen this sort of "unannounced" behavior in a program before.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Sorry, I missed that it was your own server available for your staff. No doubt if this is publicly available then ESET would not be impressed. ALL updates are meant to be available according to ESET's policy on updating, that being their update servers or through a LAN/WAN environment.

    Cheers :D
     
  7. mtp318101

    mtp318101 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    9
    thanks for your reply.

    The crux of the matter is: The new version of NOD32 specifically forbids using our SPECIFIC http server for updating- http://www.ourdomain.com/pub/nod32/updates/ This deny action is BUILT IN to NOD32 on an apparently ongoing basis.

    I can not find any clause in the software license that forbids us from using our own server for updating, nor a restriction on the re-distribution of update files (LAN, WAN, or otherwise). Failing such a clause I can't see how they can keep a legitimate licensee from updating how they want to.

    I was not aware that NOD32 bans SPECIFIC web addresses from being used as update servers. Neither NOD32, the instructions, the Eset knowledgebase, nor customer support @ Eset, confirm this behavior. I am VERY uncomfortable finding a "secret" feature directed right at us in a security product we pay for.
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you imagine every unscrupulous LAN/WAN license holder making available update servers for free, I certainly can.

    Cheers :D
     
  9. mtp318101

    mtp318101 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    9
    I respect your opinion- but I disagree about the supposed proprietary nature of NOD32 updates. I don't see how one can extrapolate that because Eset requires a password to update FROM THEIR SERVER, that a user is forbidden to update from wherever they please. NOD32 allows you to enter custom update servers at will, and the user documentation encourages the transfer of update files from one client to another in situations where a user does not have internet access.

    This whole thing just smacks of a crappy, ham-handed way of trying to prevent piracy- just like what Sony did with their audio CDs.
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    There is no comparison to adding in a rootkit.

    Blackspear.
     
  11. cerBer

    cerBer Registered Member

    Joined:
    Jul 29, 2006
    Posts:
    81
    Interesting, how could Eset know if such "free" servers are not specially set up to distribute invalid updates with purpose to prevent NOD from detecting viruses?

    I do not see anything in license agreement that would make one believe NOD will update from any pirate server, and would be very strange if it did.
     
  12. Megachip

    Megachip Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    243
    No problems updating from a "password free" server. did you check that your settings are correct?
     
  13. mtp318101

    mtp318101 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    9
    They can't- and if they want to make it impossible to use sites other that theirs I have no argument. But they don't make it impossible- you can enter any server you want & it says so right in the manual. The EE edition is designed to set up mirror servers, and Eset makes no limitation on how they are set up.

    The problem I have is Eset inserting code into NOD32 that makes updating from our serer impossible. Every other major anti-virus vendor freely distributes their database updates. Reading through the documentation for NOD32, it is apparent that Eset does too- they just don't want to acknowledge it & use unfair techniques to block it. The NOD32 update files issue has been festering for a long time- since 2005 according to archived posts.

    I wasn't comparing the methods, rather the no notification, no acknowledgment, and denial when asked part of it.
     
  14. mtp318101

    mtp318101 Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    9
    Yep settings are fine

    Finding password-free servers isn't that hard. A simple google search using names of update files will turn them up right and left. NOD32 will update from some of these sites and from some it wont. If you take the update files from a site that NOD32 refuses and then update locally, or upload the files to another URL, NOD32 will use them to update just fine.

    Obviously I do not recommend using some rando perhaps warez site for updating- but you see where I am going. Eset is programing NOD32 to reject update servers based on URL and we got caught up in their anti-piracy efforts. I don't begrudge them for wanting to keep their program for being pirated, but the way they banned our server and then refused to acknowledge it really wasted allot of my time.
     
Thread Status:
Not open for further replies.