This is serious? I need answers.

Discussion in 'ESET NOD32 Antivirus' started by Deenka, Feb 1, 2010.

Thread Status:
Not open for further replies.
  1. Deenka

    Deenka Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    21
    Me came across this article by which this Randy Abrams recommends Sandboxie and DefenseWall.

    http://www.eset.com/threat-center/blog/2010/01/29/anti-extortion-101


    My question is why should I buy third party products, if I'm paying for you protect me?

    He also says about system updates and other things that is nothing new, but the recommendation from other programs to a minimum makes me suspicious.

    My logic is if the user sees that other programs are protecting read better because he will need the ESET? And I do not see the ESET doing anything to make products but complete.
     
  2. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    sandboxie is free. if your running as admin the only thing stopping unrestricted access to your computer is your antivirus. If your running in a virtulized environment, only the virtulized environment can get infected.

    Relying against all the malware in the world is impossible with any single scanner, whoever told you esset or any antivirus will 'protect you' in a bulletproof fashion was lying. Having multiple security measures in place and having layers of security is always recommended.
     
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    because no AV product will protect you 100% and he does mention "..As an added measure of defense.."
    those added measures on their own don't protect as an AV does.
     
  4. Deenka

    Deenka Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    21
    I totally understand about not being "100%" but these tools should be included in the package.

    Kaspersky has HIPS, Norton 2010 has several new tools, until Avast now has a sandbox and ESET has only heuristic and database.

    I like the ESET but if these tools are a necessity today because then they themselves do not offer me this with the antivirus? this is the point.
     
  5. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    As has already been suggested, you need to employ a layered defense, and even that is sometimes not going to offer the level of protection needed.

    A virtualized browsing environment (Sandboxie) is what I have chosen lately, but I also have MBAM, Keyscrambler, WinPatrol, and a full and up to date set of images in case the very worst happens, or if I'm just not sure....
     
  6. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    Based on my own experience, I agree with the author of the article.

    Two years ago I had Nod32 only and got nailed by a zero day exploit. Although it's conjecture, my hunch is I would have gotten infected regardless which AV I had at that time. Since then I've been running Nod32 + Sandboxie. They make a good combination and they've kept my system clean.

    Insofar as virtualization goes, another program to consider running alongside one's AV is Returnil.
     
  7. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    Perfectly fair and valid point.
     
  8. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    But they are not a necessity, no more than is running an AV or a firewall. All are only necessary in direct proportion to behaviour on the net. More risky actions require better protection. Matter of odds
     
  9. Deenka

    Deenka Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    21
    It's necessary yes, why the other antivirus companies include these tools in your package? just to make it heavy? obviously they are targeting the protection of users, at and what is doing the eset by its users?

    I keep me informed about what will happen in this industry and I know very well who a database and heuristic already become somewhat outdated, we are in February and eset neither has released version 4.2 called "minor update" and after seeing the company indicating other programs I think I have the right to question and "eset you whatever you do to improve the protection of their customers?

    I'm not here in order to speak ill of eset, because I use their product and not want to switch of company, but also do not want to have to be installing a lot of junk to feel a little safer, if lack of commitment continue, the change will be inevitably.
     
  10. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    Deenka plz answer to this question.
    Why are you using Eset?
     
  11. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    Really? 26 euros, am I wrong? And Tzuk is absolutely right here- there is no such a thing as a free launch.
     
  12. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    its free but after 30 days u have to see reminders.
     
  13. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
  14. Ghostaroo

    Ghostaroo Eset Staff

    Joined:
    Aug 9, 2005
    Posts:
    5
    Location:
    Seatle
    Hi There, this is Randy Abrams and I wrote the article you are discussing.

    > My question is why should I buy third party products, if I'm paying for you
    > protect me?

    The fact is that no matter what antivirus product you are using, you are not paying the antivirus company to protect you. What you are paying for is a tool to help you protect yourself, and in the case of ESET and some other security companies, for support if you run into trouble.

    Do you ask why you must install a lock on your door if you are paying the police to protect you? Of course not. Malicious software is the work of criminals and ESET provides tools to help you protect yourself, but no antivirus product can protect you from everything. So in order to manage your risk it becomes prudent to use additional technologies to ensure a safer experience. Even with the other technologies education and good judgment are essential ingredients as well. Just because your car has brakes and crumple zones it doesn't mean that you can drive wrecklessly and expect your car to protect you.

    HIPS (Host Intrusion Protection Service) is a broadly used term. That a product, such as Kaspersky, claims to have it doesn't mean it is the same as a product whose specific purpose is HIPS. It isn't like an ingredient list where if it says "peanuts" you know a specific ingredient. Take a look at what SandboxIE and Defense Wall actually do and then compare that to what otheer products that claim to have HIPS, including ESET Smart Security do. The approaches are quite different. In the case of most AV products the HIPS is a set of protective technologies that are certainly not as comprehensive as what SandBoxIE or Defense Wall do. On the flip side, Niether SandBoxIE nor Defense Wall are designed to tell you that the program you are about to run is known to be malicious. Different products, different approaches.

    > I do not see the ESET doing anything to make products but complete.

    The products are complete for what they are designed for, but no AV product or suite is a complete security solution.

    It is a misconception that you are paying any antivirus company to protect you. What you are paying for is a tool that can help you to protect yourself, and in some cases for service as well.

    I hope this helps clear things up a bit.

    Randy Abrams
    Director of Technical Education
    ESET LLC

    For general security questions you can email me at askeset@eset.com, but I do not handle product support.
     
  15. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    Welcome to the forum Randy. Its clear that a lot of people find Nod32 worth paying for with its low footprint, good detection, and low FP's. A 'run safe' mode like Kaspersky has to sandbox programs would be a very much appreciated feature though and would definitely boost sales.
     
  16. Deenka

    Deenka Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    21
    Thanks for the reply Randy, now I see that I can not expect anything beyond what is already proposed today.
     
  17. Ghostaroo

    Ghostaroo Eset Staff

    Joined:
    Aug 9, 2005
    Posts:
    5
    Location:
    Seatle
    Hi Deenka,

    For many years AV marketing really did a great disservice by trying to lead people to believe that AV software could protect them from everything. From 1993 to 2005 I worked at Microsoft and for 7 of those years I was responsible for making sure MS did not release infected software. I saw the claims from various companies and I knew better, which made my job pretty scary. Early on, for most users AV could protect them from almost all of the viruses, but as the problem grew in scope it became impossible to approach 100%.

    Captianron,

    It is a very difficult balancing act. Adding features adds overhead. When we came out with ESET Smart Security, we heard from many users that they were not switching from NOD32 because they wanted a fast light scanner that did what it was supposed to do and no more from their AV product. I'm sure the right people at ESET have read your comment and I am sure they are well aware of the features that our competition have. I don't know if the sandbox will become part of an ESET offering or not though.

    Best regards,

    Randy
     
  18. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    thx for posting again Randy, I do see the issue with balancing features and overhead with simplicity and performance. My best guess would be those who purchase the security suite favor features, and those who purchase just the AV prefer just a pure AV as simple and light as possible with great detection and really low false positives.
     
  19. Deenka

    Deenka Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    21
    I do not so no expert on the subject but I read a lot and maybe you can answer me if the severity of type of malware that was recently discovered by ESET called of Zimuse could be stopped by a HIPS, if the answer is yes, I think increase in consumption would be relevant if compared to the damage caused by malware such, and I think that could be offered as an option, as you're doing with the "advanced heuristics" where the notification that appears when you select this function that will affect system performance, has users who prefer the simplicity that is good for home users, but where i work is necessary a for greater attention whenever I encounter malware of type Banker, and most of them are not detected by ESET Smart Security and the computers are not infected because I monitor everyone in the office so I think that new technologies are very welcome.


    I understand about the situation today, but is not grounds to accommodate, for example "the world is ending so I'll sit and wait for a miracle" understand? it seems you are giving up the war.
     
    Last edited: Feb 3, 2010
  20. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Does this mean that those of us using x64 flavors of Windows are out of luck? These recommended products aren't available, and/or do not offer reasonable protection to x64 systems :(
     
  21. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
  22. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Tzuk himself has said that the x64 version of Sandboxie allows programs within the sandbox to communicate with services outside of the sandbox.

    The x64 version does not provide the security that the x86 version does, even with dropped rights. And it never will thanks to Patch Guard.
     
  23. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    True. But tzuk also states "It should be noted, however, that even with this disadvantage [Kernel Patch Protection], the 64-bit edition of Sandboxie is still an adequate front line of defense against most types of malicious software. Additionally, in order to compensate for this disadvantage, the 64-bit edition of Sandboxie enables the Drop Rights setting by default."

    So I'm not sure your statement "These recommended products aren't available, and/or do not offer reasonable protection to x64 systems" is entirely accurate.

    One could surmise that the SBIE 64-bit edition does offer reasonable protection.
     
  24. Carbonyl

    Carbonyl Registered Member

    Joined:
    May 19, 2009
    Posts:
    256
    Perhaps, but there is plenty of malware out there that doesn't require elevated privileges to do nasty stuff. There are keyloggers and the sort that don't need administrator access to be able to perform their nasty work.

    I suppose that some level of protection is afforded by SandBoxie 64, I'll agree to that. The question to my mind is whether it's worth the hassle of the conflicts it causes, particularly in light of the limited protection afforded compared to x86 flavors.
     
  25. Ghostaroo

    Ghostaroo Eset Staff

    Joined:
    Aug 9, 2005
    Posts:
    5
    Location:
    Seatle
    I haven't tested, but I would expect that it is possible that sandoxing the program would prevent the effects of Zimuse, which is really not as serious as many other threats if you back up your data. The caveat is that most sandboxing solutions allow a user to choose to allow the program access where is should not be given access. For people who downloaded Zimuse as an "IQ test", it is doubtful that they would have chosen to run the program in a sandbox if it wasn't forced for them. With DefenseWall a person needs to know when to allow system access (trust) and when not to in order to use the HIPS effectively.

    It really isn't at all up to me to decide what features go into ESET products and what features do not. I don't have that responsibility in the company.

    Best regards,

    Randy Abrams
    Director of Technical Education
    ESET LLC
     
Thread Status:
Not open for further replies.