NOD32 Vulnerabilities

Source: http://www.frsirt.com/english/advisories/2007/1911

NOW THE BIG QUESTION: WHERE LOCALIZATED .39 VERSIONS?

Non-English and Non-Slovak NOD32 users can be exposed? Why?

 

Contact your localize NOD32 distributor, they can tell you the time table. Translation from English to a localize version is not done by ESET.

 

Why not just use the english version then? I fail to see the problem.

 

You're kidding, aren't you ?

 

Why aren't there still no located version 2.70.39 ? With difficulty conceivable, that such this two kinds of exploids only exits in English or slovakisch speaking areas.

Also on the part of the Distributors there's absolutely no information to the customers about an 2.70.37 or 2.70.39.

 

Does anyone how how I can tell what version a remote machine is running? I will not be able to update all of the computers that I manage from 2.70.32 to .39 at once, so it would be nice to know which version a PC is running.

Thanks,
-John

 

Obviously you understand English just fine, so why not use the English version until a localized version is released or just use it for good? You don't see me complaining about a lack of Danish versions ...

And no, I wasn't kidding.

 

He does have a point. He could have expressed it a tad bit more politely, but it is an option, for those that are worried about it(the exploit) and can understand English , it is a temporary solution.

 

Temporary is better than not having a fix at all!

Cheers,

TH

 

You are right naturally. The tone makes the music. But you understood me very well, despite my bad English. There are two fixed important points only in the English and slovak versions,that cannot not be. After so many days it is known.

This is absolutely inaccetable against full paying customers.

 

And there are a lot of User which do not understand english enough, like me.

 

I agree, of course. Especially now that the exploit is publicly known, Eset should expedite a fix for all versions of it's product. At the least, they should have delayed public notification of the exploit until all language versions were patched. Unfortunately they did not do it that way and left their users with the options of using an exploitable version or learning english rather quickly. This is but one of the reasons I stopped using their products, the lack of concern for their customers, sometimes they just don't get it.

 

Thats the point. Surely, i could uninstall my german version and install the actual english version. But, tell me why ? Only for that reason, that i was safed against this two exploids ?

I'm paying the same money as the other users. So i've the right getting the newest and actually version in my language. Because, if i install, for example, the english version, and there are some problems about any intern programm messages because of malware etc. i do not understand what i have to do in this situation, because i do not understand what the programm message mean.

If they fix only some " minor" things, it was not so urgent release all versions at the same time, but actually in this case, the left their customers staying naked into rain.

So i'm near by looking after an alternative, too. This, after using NOD for a very long time.

Look at the Post from Marcos of May the 7'th as he said,
" The German distributor only needs to announce it first. "

Today's the 24 of May and nothing happens.

 

No, no, no. They got the latest installers 2.70.39 for testing the day before yesterday and upgrade to 2.70.39 hasn't been tested yet either. IMHO, I don't think 2 days of testing is too long for a distributor.

 

Actually still more badly. Particularly since the finished English and slovakische version already came out on 18 May.

ESET US and ESET SK announced and push out both versions. First 2.70.37 and on May 18'th 2.70.39. All OTHER version were quietly on 2.70.32.

The original, fixed software comes from ESET, right ? ESET US and SK offer new versions already, all different are still tested ? I do not understand, because, here doesn't have to be translated nevertheless still additionally?

So, what is the difference between an finished English/slovakian Version and for example the German version?

I mean, what has to be tested by the germans on a finished version, which is delivered already to English and slovakischen customers ?

 

Hi,

we are using NOD32 2.5 in the enterprise version on about 75 PCs. The installed version is in german. As mentioned in another Thread there is still no autoupdate to 2.7. If i understand it right the vulnerabilities are in ALL previous versions.
Temporaly switching to the english version is not an option on 75Pcs.

So as far as i can say, it is not very good to sleep in mind that there are 75pcs with a security hole and a working exploit in the wild.
I expect from ESET (and it's distributors) to push out the new files asap.
A company which works in the security business, has to react fast in such cases, for my opinion.

Greetings JD

 

You can contact your local distributor, there will be a special mirror with update files for all localized versions v. 2.70.39 available shortly.

 

A joke, or? http://www.eset.com/support/news.php

Again no German version announced? And again are others faster. As every time in the past. Incomprehensibly

 

Looks like those local distributors are faster or have more resources then the others..

Btw: The Registered User Downloads Page has not been updated. The links shows .32 for france but the download is .39

 

Hi everybody

I use the English version.

As you see from this one, pasted from the information the program offer:



********
NOD32 antivirus system information
Virus signature database version: 2288 (20070524)
Dated: giovedì 24 maggio 2007
Virus signature database build: 9908

Information on other scanner support parts
Advanced heuristics module version: 1.059 (20070517)
Advanced heuristics module build: 1153
Internet filter version: 1.001 (20031104)
Internet filter build: 1012
Archive support module version: 1.052 (20070115)
Archive support module build version: 1179

Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version: 2.70.32
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version: 2.70.32
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version: 2.70.32

Operating system information
Platform: Microsoft Windows XP
Version: 5.1.2600 Service Pack 2
Version of common control components: 5.82.2900
RAM: 1023 MB
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz (3192 MHz)
******************

the signature update but the program is still the old .32 version.

Why it doesn't update?

 

Maybe, but every year or everytime a new installer-Version comes out the same procedere ? Btw. to change this, it is the problem of the distributor, no of their customers. And since i use NOD, it was allways the same.

 

@jdo2000

I've got aprox. 400 german clients and no answer from datsec...

But i think they try there best... after all, they answer on mails, not like support from eset.com (no answer for 5 month).

waiting on a quick release of the german PCU

Regards

 

All emails are logged and replied to in the USA when the appropriate form is completed.

Cheers

 

It's at least frustratin. Eset provides a new version/update and then the costumer has to wait.

But the problem about a localize version of a AV is not related to Eset only.

 

May be, but in the meantime I do not believe in that however no more.

Because, as I already said, since years the same egg dance. And, beautifully that at least they react to emails. But I expect however at any time, and without inquire, the newest version, for which I had paid.