Version 3 lets Total Security installed

Discussion in 'ESET NOD32 Antivirus' started by enduser999, Aug 13, 2009.

Thread Status:
Not open for further replies.
  1. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Had to go out to a client who was using NOD 32 version 3 Business Edition. One of their computers was infected with a malware called "Total Security" which the person appears to have been able to install in the Program Files directory. The malware appeared to be able to close down NOD32 v3 GUI in systray.

    Was able to clean it via safe mode and another antimalware package. Then upgraded NOD32 to current version 4 and password protected NOD32. Made sure their firefox was up to date and removed IE from their desktops.


    Question is shouldnt NOD32 version 3 prevented this application to be installed?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Total Security is a rogue AV. The authors of rogue AVs test their creations for detection by specific or all antivirus programs and adjust the code until it's undetected before they release it. If your client uses an administrator account for other tasks than installing software they can get infected. One may suggest that this is when a behavioral blocker comes into play but... There's still the question whether the user is savy enough and would be able to distinguish if the actions being carried out are triggered by legit or malicious software and make the right decision whether to allow or deny them.
     
  3. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Ok, nice answer but, how come a product that is not an A/V such as Malwarebytes v. 1.40 managed to get rid of “Windows Security Suite” from my sister's laptop in a heartbeat and NOD32 v.4.0.437 which happens to have malware definitions [along with virus defs.] couldn't?

    I don't get it.

    Regards,

    Carlos
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Are you sure that MB would:
    1, protect you against 100% of all rogue AVs in real-time, ie. before infection takes place?
    2, protect you against all other types of malware, including file infecting viruses or less common malware as ESET does?
     
  5. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    I'm not denying the fact ESET NOD32 4.0.437 is an exellent A/V. In fact, I have 2 licenses runnig at home and I had another one which I gave away to my sister thus effectively replacing the A/V solution placed on her laptop by the IT personnel at her college.

    The thing is I feel thrilled of thinking how can it be possible that some product which happens not to be a full fledged A/V can effectively remove a piece of malware [actually, NOT a virus, not spyware but just a ROGUE A/V] and the A/V solution I have put my trust into can not?

    NOD32 v.4 was even DISABLED from running on the task manager so I had to boot on safe mode to remove this piece of nasty !!

    My gripe is not that NOD32 v.4 is not an excellent A/V but that I've been seeing how NOD32 falls victim of just ROGUE adware like this.
    Don't you think this kind of problems will undermine the trust some people have on this A/V?

    Thank you

    Carlos
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As I see the statistics from VirusTotal I can tell you that rogue AVs are very often detected by 1-2 AVs at maximum. So would that mean that you'll have to cease trusting all AVs? : ) As I wrote, people should use common sense and not do daily tasks in administrator accounts in order to mitigate the chance of getting infected. As long as malware authors test and adjust their creations before they release them, you shouldn't expect that AVs will detect 100% of new variants. Of course, every AV vendor does their best to cover all threats, but there's no solution that would protect you completely. What I'd suggest besides using user accounts for daily tasks is using sandboxing or virtualization for browsing and other less important tasks.
     
  7. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    In fairness to Eset I would say malware abc or virus xyz is not a NOD32 problem. Its is actually a Windows Security problem. To me, if you do not have the money to buy a Mac, well then move on to Linux and experience peace of mind for once. To find out more try Kubuntu or Linux Mint.
     
  8. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    In all fairness business clients who use Windows server apps that are custom written can not move to Ubuntu nor Macs.
     
  9. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Your life could be easier at work if you'd move to an ubuntu server.

    http://www.ubuntu.com/products/WhatIsUbuntu/serveredition.
     
  10. bradtech

    bradtech Guest

    I have NOD32 on 1500 clients right now, and growing.. These really are the only variants that get passed NOD32 I see... But the trick is that they run just like an ordinary program... I keep hearing about Malware bytes but every variant that got past NOD32 were almost zero day. One of them was 0/41 on Virus Total.. The others were 1/41 or 3/41 at most.. NOD32's bread and butter is in the thumb drive worm arena, and actual real trojan virus detection, not so much Rogue AV programs.. Then again, the Rogue AV stuff does not really get very far, and does not try to replicated over a network. Each and every time Malware bytes never detected any of these, only thing that I have that could detect them was Spyware Doctor with Anti Virus or PrevX. Even then it wasn't 100%.. These are just programs that compliment NOD32, not take it's place..
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I wouldn't agree with this statement, just have a look at the updates and count the number of Kryptik samples which are often used to detect rogue AVs. There are about 20 such variants emerging on a daily basis that are detected only by ESET and one more AV at maximum. However, if you submit a new variant that is missed by ESET you may find that it's either detected by none of the AVs or that 1-2 others detect it. Since todays malware is mainly about business and rogue AVs, we could say that they are dealt with highest priority. The problem with rogue AVs is that they test their creations and adjust the code to make it undetected and release it then plus they release new variants shortly after each other. There's always someone one step ahead - either an AV vendor or the author of a rogue AV.
     
  12. Manu7204

    Manu7204 Registered Member

    Joined:
    Jan 15, 2008
    Posts:
    46

    in all fairness if the usage percentages for microsoft platform and linux platform would be reversed, then linux platform would be swarming with malware and microsoft would be a safe heaven.

    nevertheless, trolls like you would exist and would give the same advices... aka switch platform. :thumbd:
     
  13. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Indeed, it's pretty naive to think that a program that basically installs and runs what is essentially a little movie is a Windows security problem, I find it quite comical people with such a low IQ exist. Then again, it's fun to bash Microsoft for uneducated reasons, am I right..?
     
  14. tanstaafl

    tanstaafl Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    207
    Ummm... Marcos, you answered a question he did not ask...

    He asked why NOD32 couldn't REMOVE IT AFTER THE FACT, not why it couldn't prevent it from installing.

    I think its a good question.

    How can malwarebytes consistently AND EFFECTIVELY remove this rogue av crap, while NOD32 cannot?
     
  15. ASpace

    ASpace Guest

    The answer on duty is that MBAM is a ^small^ program dedicated to spyware/rogue software detection and removal and hackers are not so interested in testing their creations against MBAM . However , ESET company and its products are all-in-solutions that can detect and remove much more threats (in numbers and types). Another answer on duty is that they can show you numerous examples where nothing but NOD32 has detected a threat.

    Truth is different , however - they have a stupid policy - something they call "priorities" and their product needs innovative technologies to combat modern threats .

    It must be the AV vendor . Hopefully one day (soon) you'll understand that
     
    Last edited by a moderator: Aug 26, 2009
  16. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Folks, this is neither the thread nor the support forum to be debating nor discussing off topic issues such as operating systems. Please do take them to a more appropriate forum or they will be dealt with accordingly
     
Thread Status:
Not open for further replies.