Version 4 on WinXP:

Until now I was using NOD32 version 2.7 and was very happy with it. Now I gave version 3 a trial and was very frustrated. EKERN.EXE seems to work as a proxy on WinXP, which compromises my firewall (Comodo). I found several statements in the internet concerning this problem, but it is still not clear to me, if ESET will solve the problem in version 4:

Thus my questions are:
1) Will ESET really solve the problem?
2) If not, how long will ESET support version 2.7? (I would switch back, if the support is long enough)

It would be a pity, if we will be forced to change the AV software. We were very happy with NOD32 v 2.7.

 

The only thing that will kill 2.7 is age. They aren't currently updating it (the program, signatures aren't version biased) so in a way support is already over. But at some point in time new viruses are going to be made that v2.7 is just too old to handle, which in reality is already happening. That's pretty much what is going to kill it, as right now, ESET don't have any reason to pull 2.7 off the website, and it isn't exactly "extra work".

 

Windows Vista has brought a new way of filtering the communication protocols. If you don't want to have a particular application's traffic redirected through ekrn where it's scanned for malware, you can put a red cross next to it in the browser list. If you use Windows Vista and install v4, the traffic won't be redirected whatsoever.

 

I'm in the same boat as you are. I'm just hoping that ESET will come through on the final release as promised. Until then, I'm sticking with 2.7.

 

Thank you for the replies. I didn't know that the check boxes in the browser list have three states: checked, unchecked AND crossed. The possibility to 'cross off' applications really helps a little bit. But what happens with new programs (and potential malware)? These programs are added to the browser list by NOD32. Thereafter, the traffic is routed through the ekern proxy and the program is granted access to the web... Outgoing traffic is tunneled through the firewall. I doubt, that this is a good solution. It should be possible to chain security programs.
A temporary solution would be to display some notification before a program is added to the browser list.

No, no, I do not intend to switch to Vista. I understand that ESET must look ahead and that the preference of the company is to improve their applications for the new systems (e.g. Win7). But please do not forget all the many users, which are still using WinXP. They can not wait for a solution, until a stable version of Win7 is out.

 

When you say "tunneled", it appears that you are suggesting that your firewall security could be breached, but that shouldn't be the case. Any good firewall such as Comodo that has a HIPS component will detect a new application trying to access the Internet and display an alert requesting permission before allowing the connection to take place.

It's true that once you given permission, all web traffic routed via the proxy will then be shown by the firewall's traffic monitor as originating from the local proxy, as the firewall's packet filter can't see behind the proxy to identify the source application. From a security point of view this shouldn't matter as you are already protected by the HIPS. It does result in some loss of control though, as it is not possible to create separate firewall rules for individual applications routed via the proxy. As has already been stated though you still have the option to exclude individual applications from proxy filtering if this concerns you.

Unfortunately, due to Microsoft's decision not to back-port Windows Filtering Platform technology to Windows XP, this new method of filtering used in NOD32 Version 4 will only be available to Vista users. For Windows XP users, NOD32 will continue to use a local proxy for filtering. This is outside of ESET's control as it was Microsoft's decision to only make WFP available on Vista.

 

I have the exact some problem with the NOD32 v3 proxy issue effecting privacy features in the ZAP (ZoneAlarm Pro) v7.x and ZAP v8.x firewall. The only way that I can utilize the ZAP privacy features without running into problems is by using NOD32 v2.7x.

One of the main reasons I use ZAP is because it is quick and easy to set up specific site by site restrictions for web based privacy such as cookies, pop-ups, ads, mobile code (java, java script, active-x, etc.). I know many of these features can be enabled and disabled in the browser itself but it is convenient to have system control over these in the firewall. When I use NOD32 v3 with those ZAP privacy features enabled it causes problems accessing many web sites. Even though I prefer the v3 UI v2.7x is my best alternative for now.

All of the 10+ machines I currently use or support for business use Windows XP Pro SP3. I don't see this changing for at least the next four years. Most of these systems were custom built machines designed run 24/7 and last well beyond eight years with simple maintenance and the first HD replacements (using image from the old drive to transfer or an XP and program re-install with data transfer) scheduled after five years and the cooling fan and power supply replacements after eight years.

I will use XP SP3, SP4 etc. until it is no longer supported at all by MS which is supposedly 2014 or later. I don't know if NOD32 v2.7x will be supported that long but I will consider switching to v4, changing to another FW, using a security suite or possibly another AV if I feel it is necessary. Besides being light on resources and an effective AV my other main concern with NOD32 AV v4 will be how well it integrates with the other security programs I want to use. I will do my testing with the latest ZAP or other firewalls and various anti-malware applications and hopefully I will be able to find a trouble free combination I like for the future. It would make my future decisions about continuing to renew many two year subscriptions much easier if some of the proxy compatibility issues in NOD32 v3 were fixed in v4 for users who plan to continue using Windows XP.