What happend ESET?

Discussion in 'NOD32 version 2 Forum' started by sir_carew, Jun 15, 2004.

Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    Many users on this forum know that I'm a fan of NOD32 ;)
    But I'm angry again with ESET for the following reasons:

    1) First, I sent about 50 samples undettected by NOD to ESET and ESET added only about 10. I consider this time very slow including if the sample isn't ITW.

    2) I've a "agreement" with ESET viruses analyzers. Because I send a lot of sample, they only reply me: Packed X confirmed, Thank you. I'm agree however many times I sent a sample for example on tuesday and they confirm my e-mail recently the friday so I can' send more sample until I know that ESET has received that.

    2) I know that ESET share samples, but it's a little!.
    For example, Symantec was the only in receive Rugrat sample and Symantec sent this sample to other companies like KL, Network Associates, etc because those have agreements. Why NOD not?
    Recently, KAV was the only in receive first mobile phone virus and share it with Symantec, etc and not ESET because ESET hasn't agreement with most AV companies.
    Many times, ESET add malware that are spreading more slow than others AV because ESET doesn't have such agreement with others AV. How about Korgo?, Netsup...?

    3) ESET doesn't find viruses in Internet. Many viruses that I sent to ESET were downloaded from VX sites. If I sent the sample, they add detection very slow. I sent the link directly to ESET labs and they doesn't try to find malware undettected by NOD. This site contain yet more sample undettected by NOD. I need to collect those, however they can't do that.

    Well, it's all. Sorry for critic, but we need that ESET fix some important details like those.
    Sorry, but without heuristic, NOD is a bad AV.
    I'm very very happy in send viruses to ESET, if they add sample more quickly or they confirm all my mail, I'll be happy searching and searching hardly samples to ESET, however if they doesn't reply me or add samples too slow, I feel frustrated.
    Thanks.
     
  2. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I have been wondering why Eset doesn't seem to have agreements to share with other av vendors. Eset seems slow to add signatures often and seems to rely too heavily on the heuristics IMO. I think there should be more of a balance between the two types of detection.
     
  3. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I'm agree with Mele20. I like a AV that rely most on heuristic than signatures however it's not a excuse to don't change with others AV.

     
  4. embower

    embower Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    46
    I similar to you have viewpoint
     

    Attached Files:

  5. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    I also have sent them trojans that were not found by NOD32, and found by trendmicro.
     
  6. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    Well, I like NOD and ESET. I don't want to transform this thread in a big critic to NOD. Please try to put suggestions. I hope that ESET will take my thread as a positive manner.
     
  7. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    I'm from India and trust me NOD32 is alien here. but when i tried it i instantly fell in love with it. its more a superb software than an AV. its fast and its stable. the ITW detection couldn't be better and so is the heuristics. the configurability is great and though i don't care much about the interface still i found it nice and soothing. the only thing that forces me to look at KAV is the database which is huge and very frequently updated. when i say database i also mean the heuristic module and the unpacking support.

    so if this difference is eliminated between NOD32 and KAV, NOD32 will certainly give KAV a run for its money since when it comes to resource usage, heuristics and stability NOD32 is certainly superior. trust me a LOT can be gained by ESET if they take this matter seriously. if NOD32 gets a database-lift it'll attract the KAV customers too. they just have to -

    1. expand the database ( not difficult with all those samples being submitted ).

    2. daily update.

    3. KAV-like support for unpacking.
     
  8. bowhuntr

    bowhuntr Registered Member

    Joined:
    Feb 23, 2002
    Posts:
    30
    I don't know how much more updates a person could want. There are almost daily updates now, depending on what viruses crop up in the wild.
     
  9. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    i'm haven't used NOD32 for a while so if the update frequency matches with Kaspersky then consider only two TO-DOs.
     
  10. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    As a relatively new NOD32 user, I really hate to come across threads like this. :mad: Did I make a bad decision buying this software? I seem to remember a similar post like this one from Mr Carew not long ago. Am I reading this correctly that Mr Carew is working hard to gather these virus samples, sending them to Eset, and Eset is either ignoring him or failing to incorporate them into their database? I would sure like to hear Eset's side of this story, because this does not sound good. :(
     
  11. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    yeah well the last update is 14th june, 3 days ago. so either they are busy doing something else or no new virus threats.
     
  12. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    Yes. I work hard and ESET give me license, etc. things that I love. Indeed ESET thankful my help. The problem is that ESET add my viruses to their signatures very slow. I sent tons of samples last week and this week. NOD hasn't made a update detecting some of my viruses about 2 days!. I sent a package with 50 or more samples one week ago and it's doesn't detected yet!
    However I think that it's not the main problem. There are 2 main problems:

    -ESET doesn't share with other companies. Reason?, we don't know.

    -When ESET put attention in a item, the other is ignored. Examples: Many heuristic, less signatures. IMON less AMON, speed less configured (not packed scan, etc)

    Please don't misunderstandme. I'll keep helping ESET because NOD is a excellent project.
    ESET, please take my post as suggestions and not as a criticism.

     
  13. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    No, how about first mobile phone virus?
    I sent about 50 virus and aren't detected yet.

     
  14. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Well Mr Carew, I appreciate your efforts. :-* And hopefully some day I will reap the benefits of your hard work. In their defense, I have to (or at least would really like to) assume that one of the following is the case here:
    • The samples you sent in are of a type that are not a major threat, and that ESET is busy working on something that will give us (their subscribers) more value, or...
    • It takes a long time to develop antidotes to your samples, and they are working like busy bees to get the work done, or...
    • They have been on a group vacation, celebrating the good work they have done in the past on NOD32, or...
    • Your guess is a good as mine...
     
  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,873
    Location:
    New England
    There was a group of posts in this thread that involved remarks of both a personal and speculative nature, which were also off topic from the main point of this thread. They have been removed. Fortunately, they were easily separated, being isolated to the off-topic stream, so that the main topic remains virtually uneffected. Also, the timing was such that the main parties involved appeared to have seen each others posts, responded (at least one exchange each way), so we determined that that was enough.

    The topic of this thread is whether Eset is handling the submission of malware samples appropriately. Of course, the decision of what is actually appropriate will ultimately be Eset's, so we'll have to see where this goes.

    It can be an interesting topic, so let's stay properly focused on it.
     
  16. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Every submitted files has to be carefully examinated. The matter of fact it is labeled by another program as virus, trojan etc. does not mean anything. There have been occasions where more programs labeled file harmless in nature and it was FALSE ALARM.
    Imagine that one files takes 20 minutes... Multiple .... etc.
    And yes you can thing there are priorities assigned to files...
     
  17. embower

    embower Registered Member

    Joined:
    Dec 19, 2003
    Posts:
    46
    ESET add my viruses to their signatures very slow too :( :( :'(
     
  18. anton

    anton Eset Management

    Joined:
    Oct 25, 2002
    Posts:
    210
    Hi Guys,

    Eset appreciates (a lot) all and every sample/s sent to its labs (samples@eset.com). Every sample is logged and examined using various methods. Addition of a sample-signature into the database is made on a need-to basis. Extraction of a signature of a sample is an automated process and could be completed in no time. However, Eset does not want to take part in a 'maximum-size-of-the-database' race and prefers to keep the database clean, i.e. without 'meaningless' benign signatures.

    Some of the forum participants may recall the Rosenthal Utilities (RU) tests performed by CNET two years ago. All the 'simulated viruses' generated by the RU were benign (non-viral). 100% detection of the RU samples (achieved by some of the products) meant 100% False Alarm Rate. Detection of non-viral samples may lead to a couple of things: excellent results in some 'tests' combined with a false sense of security, a huge 'virus' signature database and 'dinosaur' update files.
    Exponential increase of the number of new malware samples may often lead to a 'path-of-least-resistance' approach: automatic addition of all sample signatures, regardless of their viral nature.

    Eset exchanges samples with several av vendors. Opposite statement is incorrect.

    Speed of update and reaction time is of essence. Eset is fully aware of that. Advanced Heuristics has been developed and implemented with that in mind. The only acceptable reaction time is equal to zero. NOD32 achieves that often, e.g. it detected the infamous Netsky.A and Bagle.A heuristically.

    Once again, I would like to thank you all: for both the samples and your patience :)

    anton
     
    Last edited: Jun 17, 2004
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Well said Anton, many thanks for keeping the forum informed :D

    Cheers :D
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Thanks Anton



    I'm bookmarking this thread because this will come up in the future. :)
     
  21. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hello,
    Recently ESET has added most of my viruses to their databases.
    Thanks, I'm again happy cooperating with ESET.
    The problem is solved so if you want Paul, you can close the thread.
    Thanks. :)
     
Thread Status:
Not open for further replies.