NOD32, Tested!

what you say about this link?

I've burned a CD with EICAR tests. Nobody, if I could say that, have protected the "poor" CD for the archived EICAR test. Was a spectaculous failure of AMON. The archives were taken from HDD, through the RAM, processed by Nero and put on the CD...AMON said nothing. Was the most quite AV that I've tested. So what to say somebody who execute an infected archive from M Y CD? Do you understand?? M Y CD!!
Me, who tell everybody what handicrafts is NOD32. If they could know....they would have put some stones in my mouth!

https://www.wilderssecurity.com/showthread.php?t=27154


Waiting for comments for the above link.

Emil

 

I agree with you completely. I'm on record stating that I will not renew my license if this isn't fixed in AMON. Every poster in the thread you linked to, except Anders, was making ridiculous excuses for AMON's behavior. I am getting very tired of seeing all these excuses. Those posters, including Paul, didn't even seem to understand what you and I and others are saying...I don't understand why they are so dense on this subject. I understand perfectly what you are saying.

I too would never want to give someone a CD I burned that had a virus on it. Paul or someone in that thread suggested the problem is easily solved by scanning the CD after you make it. Why would you do that? You don't know there is a virus on the CD as AMON never peeped so do you and Paul and all those posters in the thread routinely scan every CD you make after making? I don't and I don't think others do either. So it is very plausible that I would give the CD to someone not knowing there was a virus on it and they would either have no av, or outdated definitions, and get infected from MY CD! That is unacceptable.

Anders said the changes that we are looking for are coming but not in the next two months. If the changes aren't here by October then I will be looking for a new av.

 

I guess I have to agree with the sentiment that some sort of ability to recognize and remove viruses in compressed files is sorely needed. I realize, as others do, that this provides no inherent added protection to me , but that it provides pre-emptive protection for people that I may exchange files with who are poorly protected. From a marketing perspective, it really doesn't matter if I get infected or if the bloke that I passed a file to get hammered. If the problem originated from my end, whatever product I use for protection takes the blame and, for that reason, may get relegated to the scrap heap.

Naturally, scanning a CD after you've made it or uncompressing a zipped file to make sure that it's OK would work for most of us here - if we remembered to do it - but that's a detail that the consumer masses are unlikely to understand and I'm sure that they won't appreciate the nuances of the arguments that we've exchanged here. It's a feature that is needed if Eset wants to compete aggressively in the mass consumer market.

Just my thoughts - from a current and satisfied NOD32 (and KAV) user - mainly since I would NEVER pass an untested zipped file along to anyone simply because I don't want to waste anyone's time with a corrupted fileset, not because I'm testing for hidden viral infections.

Blue

 

I am one of the hurried user of PC-generaly and of NOD32-particullary. I'm not network admin. but just for hobby.
So I'm not inloved by this product so that to stay every day to admire its engine and its action (and its NUANCED and UNDOCUMENTED features-and even with this, AMON remain quite at copied archives).
Only I'm begin passioned for AVs because they (must) protect my PC. Meantime I would like to recommend the AVs that I use. In 4 years I had have 2 fabulous defeats (failures, to be clear). The NOD32 could be the 3rd, so I'm not disposed to make concession for this time. I talk about my cheek, my honour.
The security is not a matter for joking with the other peoples PCs. It's enough to make a mistake and peoples lose them trust in your service. Do you want to risk (finally even on my skin)? If so, I wouldn't like to be your client. The same rule for ESET.

Why you use KAV?
If I'll do so, security expenses only for AVs will be at least double for my network and clients. Only for AVs!
So what could be the reason to buy 2 programs that must make the same final thing? Or I'll buy one, or other. Apropos for marketing, using two AVs licencees is a waste of many things: money first, time, resources. So?

Waiting for comments


Emil

 

Emil,

I'm not sure what you are trying to say here, but I think we are basically in agreement and I hope you don't feel I was joking or making light of your comments or concerns. They are quite valid.

First and foremost, the AV is to protect the user who has purchased the product. NOD32 (and many other products) perform this task just fine. However, in the general marketplace, if NOD32 does not provide a facility to address the potential malware in compressed files, this will be a differentiating feature that can be used to advantage by competitors that do possess this function. The folks at Eset appear to have already demonstrated a sensitivity to marketplace dynamics by recognizing that having a pure AV, i.e. does not cover trojans, etc., places them at a competitive disadvantage to the consumer masses. They're addressing this by slowly expanding the no-AV coverage provided by NOD32.

The inability to scan and address malware in compressed files is really no different than whether or not an AV program addresses other malware. I realize that it is technically different in the sense that trojans are active bits of malware. But from a product differentiation perspective, it is the same. In a simple tabulation of feature sets, the lack involving compressed files is a component that could appear as a gap in a comparison of various AV programs, especially if the majority of competing products offer the functionality.

There are a whole host of technical reasons why Eset should might not feel compelled to offer this feature. However, there are equally persausive business reasons why I view it as an absolute necessity. Hence, in the end we agree, it is a feature that Eset should impliment and you state the underlying dynamic quite well - it revolves around trust in the product within a group of people. I can hear the discussions now... "It's great that NOD32 protected you from this latest infestation, but why didn't you choose something that would have also protected me from that file you sent me? Don't you think that's important too?" It's in these local conversations that products live and die.

I use KAV as my primary AV/malware platform. Of the PC's I have, there are two for which I absolutely have to have guaranteed protection all the time. I could use an on-line scanner to cover any situation when KAV is unavailable or disabled or I could use one of the free AV programs out there. Rather than go with that route, I choose to have NOD32 available. I do use it as a regularly scheduled demand scanner during the wee overnight hours - and I use it instead of the less costly solutions.

Do KAV and NOD32 do exactly the same thing? Well, if they did wouldn't they perform identically on any and all AV tests? They don't. I'm interested in NOD32's heuristic approach. I think the jury is still out on whether this is the direction to follow. KAV is signature driven. So I view them as somewhat different approaches addressing the same problem. The heuristic approach is evolving and not yet mature. For this reason I choose not to rely solely on it and I very much appreciate KAV's comprehensive coverage.

Is it a waste of money? For myself and for my requirements, no more so than spending money on an AV in the first place and never suffering in infection. After all, if I never suffer an infection, some would maintain that I've wasted my money anyway. Of course, this is the whole business with insurance of any sort. You pick your level of comfort and develop an insurance or contingency plan consistent with that level of comfort. Taken from another view, any AV/malware solution is unneeded if you are willing to perform a daily disk image backup, be willing to lose a day or so of productivity, and be willing to expose others to malware that has temporarily infected your PC. I realize from your concern with respect to NOD32's functionality that you do not feel that way, I'm just carrying the argument to its logical extreme. Is it overkill? For most (virtually all?) people, yes. Would I recommend this approach to others? Generally not, but it works for me and the requirements that I am comfortable with.

Blue

 

OK Blue,

you feel comfortable with your configuration. Of course there is a logic thing: want more protection, pay more. I could risk my technical post advising my manager and constraining network administrator to buy 50 licencees for workstations and at least some thousand licencees for protecting e-mail accounts in Linux server. ALL playing on a single card! Let me know, from my side, is just for me? If I would buy two licencees for each station, they will say : "you spend a lot of money. Are you not able to buy one and good? Why we pay you?". Because on the market others sustain that they could scan and disinfect archives and a lot of another things, even they are not so performant. The boss know about other AV; the network adm said on my back that I'm crazy because is not a known product in real life, just in labs. I'm not. Only myself I know your product as I could in some weeks since I have it. It's protect me on IMON. It react enough well to some experiments, But I highlighted some bugs that could not be sold by ESET, with all respect! If ESET want to sell, so have to be a honour-word company. They must sustain me with the quality of product itself. Otherwise I'll risk my word, my honour and my bread. I have family and is very hard to live in my country. Sorry!

Let me know, ESET is feeling so good with their sales so they don't need anymore for (normally) pretencious clients like me, so concluding they don't need to hurry up with improvements?

OK. I'm not dependent. Very well could be KAV, isn't it? I've tested and it's good. And also they update their product in the licence meantime.

If somebody (from ESET) want to sell me something, AFTER EVERYTHING WILL BE "A LA CARTA", my hobby address is public or it's enough to send me private message.

Respectfuly,

Emil

 

Let me add three qualifiers with respect to my own systems.

1. They're not business PC's and I don't have the scaleability to place some hardware or server based solutions prior to the clients on the LAN. I'd focus on stopping malware on before it arrived at any client on the LAN as well as having LAN based tools to monitor any unusual activity within the LAN. I would not load each of the clients up with duplicate protection

2. What I do have to guard against is the visits from my nieces and nephews. They come over infrequently (the trip is ~ 400 miles, so it's not a frequent occasion - once or twice a year). They're teenagers. There's four of them. I have two teenagers of my own. In the down time when we're not seeing local sites, they will surf the net, IM their friends, and play on-line games. We've had discussions about safe surfing practices. Nevertheless, on one visit I decided to show my sister the basic security set-up that I had configured. The kids had been using the machines for ~ 3 hours. On a lark, I decided to try a quick Ad-aware scan, just to show her what to expect on their PC's. I had removed over a thousand of pieces of adware/malware/etc. on my last visit to their house, but she wasn't around to see what I did. This was my teaching opportunity. The kids understood the impact of these things on system performance and stability (their PC were close to unusable) - or so I thought.... Ad-aware turned up over 500 pieces of malware/tracking-ware/other-ware. The system had been cleaned earlier that day - so all of this developed in the 3 hours the kids were playing on the machine. Now, I have a couple of options - lock down the PC's on a visit or build a couple of extra layers of protection in. I went with the latter.

3. Finally, my wife teaches at a local school. She has been the carrier of the only major infections that I've suffered through. Again, I have an extra level of protection on her PC since she handles all the house finances on that PC (which is also where she does all of her work and is most likely to incur an infection).

Best regards,

Blue

 

OK Blue

I like your life, really! In your stories the PC security I've put on the second layer so in this morning I've read your kind message smiling and imagining how the innocent people could have this impact over the PCs and revers, how the PCs, especially infected few, could have impact over the personal life. I've learned a lot from your story and now I'm not angry anymore. Just I have to not be attached so much for a product or another. Au fond, I'm weaking up and go ahead. It's a business between me and ESET. I don't like anymore to criticize in public their product and business tendencies. If they want to do something better, ok. Not? Ok. It's their job.
Just have to admit that I've sacrificed some weeks, more than 12 hrs/day to study and experiment their product, coming home just in the night, having problems with family and I concluded that maybe I was wrong. It will not be the next time.

Hoping that my technical help cries will be heard on this forum.

Thanks too much, Blue, for your example!

Hot regards,

Emil

 

And not just my personal life either. Here's another story - from Monday of this week. Two laboratories which I direct (I'm a physical scientist during the day...) were hit by the Sasser worm. Both labs were basically up and down for one and a half days. Data acquisition and analysis runs were brought to a standstill. Towards the end of the first day I suspected, but wasn't sure, it was Sasser in one lab. I scanned one PC (Norton Corporate edition) - knowing definitions were a few days old - and the system came up clean. When I arrived home and did some additional research, I knew it was Sasser, although by that time our IT folks were on the way to fixing things. When I returned the next day, at least one PC (maybe more - not sure) had AVK installed temporarily to get it stabilized (I know it happened on this one PC since they inadvertently left the AVK real-time monitor installed - it's since been removed). Older versions of Norton Corporate (a mixture of versions 7 and 8 level) were installed on all these PC's. At this version level, I don't believe that worms and malware of that flavor are covered - or if they are, that aren't covered well. Due to internal server problems, virus definitions in some cases could have been a couple of weeks old - they were on my business laptop, but I pay attention to that and had that fixed over week ago. I'm not sure of the situation on all the lab PC's involved. Finally, some of the lab PC's effected were network resident "dedicated controllers" which have no monitor or keyboard attached since no person ever logs onto these PC's except for application program upgrades (they run Win 2000 as the OS).

In addition to the lost work time, the constant rebooting and communications time-outs resulted in a temperature control board on one instrument burning out - repair cost ~ $2500. We did the service ourselves to save the ~ $1,500 service charge, so the total bill could have easily been $4,000. Sasser might have been just a bandwidth consumer to a home PC and done no real damage, but that's not necessarily true in a business environment.

Best regards,

Blue

PS - I still don't know how my nieces and nephews loaded 500+ bits of malware on my PC in around 3 hours. I didn't think you could do that even if you wanted to. I stand corrected and recognize that, as a collector of malware, the champions of the family are in the next generation.