When will the security hole be fixed that allows a worm to disable NOD32?

Why are you so sure Notok is correct--are you affiliated with Eset? If not, don't you think that you might be jumping to conclusions, just a little? Why not wait for an official response from an Eset representative who is willing to mutter more than five words, and is willing to stick around long enough to answer a few follow up questions. As this is just turning into an arguing match, with people making broad statements they're unable to prove. And threads with arguing matches are quickly shut down by moderators, which may be exactly what Eset wants to happen.

 

You mean like all the statements you've been making?

Have you ever actually been a NOD32 user, or confirmed any of the things you're posting yourself? Or are you just reposting what other people have been saying and then making broad accusations to infere "cover-ups" and things like that?

 

No, I am not with ESET. I use three different AVs on my machines. All of them have their good and not so good attributes.

It seems that ESET has already replied to this thread.

I ran the same test on my NOD box that Notok did with the same results.

Do you use NOD and if so have you tried the same test with DCS?

 

You know this because you are the president of Trend Micro? If not the president, just what is your position at Trend Micro? Or do you work for Eset? Do you also want to sell me a bridge?

So what you're saying is that Notok is an official representative for Eset, and people should simply believe everything he says, even though he denies being affiliated with Eset? And I might also point out that he does not provide any web link for Eset that mentions a single word about NOD32 having kill protection that NO other firewall or AV program has. Hmm, mighty strange that Eset would keep such an incredible protection feature top secret, to the point that no one else knows about it but Notok.

If you really believe what you’re saying, why not just wait until someone from Eset is willing to post something in writing. As this is all just hearsay.

BTW, Notok stated that he used “DCS' Advanced Process Termination”, (whatever that is). Process Guard doesn’t kill anything from my limited knowledge of the program--it just keeps your programs from being killed.

 

Now this is wonderful. First you hold up the trend micro article as some kind of positive proof that NOD can be killed, but when people point out that programs and processes use specific names, and the one listed there is not the resident protection but the on-demand scanner, suddenly the trend micro writer probably made a mistake.

Here's a piece of wisdom for you. Reposting other people's statements and searching the web for something like a reference to a process name is in no way a replacement for actual knowledge of how things work. Posting such things as any type of conclusion is so far off base it defies description. I'm wondering what your agenda is in these rash of arguementative posts you've made these few days you've been a member here.

 

I think I have wasted enough time on you.

 

Above you wrote that the worm authors were smarter than DCS because they could kill an AV process, solely because you see one NOD module listed in a trend micro article, (again not the right module), and now you mention you don't know what this other DCS tool even is, so obviously you can't know what capabilities it has, or DCS' capabilities. (Try reading their website for info on it. I'm sure you can repost that info in some other thread later on.) Yes, DCS has more than one tool. APT is a powerful tool for killing off rogue processes to help in the cleaning process - like when a system gets infected by a power trojan or worm. Download it yourself and give it a try - then you'll know.

 

What three AV programs do you use that are compatible with each other? I can't even get two of them to work together.

Hmm, I must have stepped out for candy when they replied, and they must have deleted it before I got back. Oh… you mean that five word hit and run post from Marcos? And people should just accept that as the gospel, even though Eset has nothing on their web site promoting this amazing new feature that none of their competitors offer?

I’m not using NOD at this time, and the test results are meaningless to me since they’re tied directly to the skill/knowledge of the DSC programmers--as well as the number of hours they were willing to put into writing the program. And a highly skilled hacker may come along next week with a worm he spent ten times longer on, that could even kill Process Guard. (Send an email to DSC, and ask if they can guarantee PG can’t be killed by malware.) Again, it all depends on the skill of the hacker, and how much time he’s willing to put into it.

 

Sorry, I'm just one guy trying to hold off a gang of possible shills who are posting hearsay, until Eset is willing to step up and post some facts. Why don't we all just stop trying to force our opinions on each other and give Eset an opportunity to set the record straight. As well as explain why they're keeping this alleged amazing feature of their program top secret.

 

I don't use the 3 AVs on a single machine. I have three machines that each use a different AV. Each of the different AVs have their strong points over the other ones. I use NOD on a gaming machine for its low impact on performance while gaming but I also use BOClean with NOD.

I view the post by Marcos and some of the testing in this thread, that confirms his post, a good start on Eset's part of addressing this issue.

IMHO, if you don't try NOD and run some of the test first hand to see for yourself then your posts begin to have a credibility gap.

 

That 5 word response was from an official Eset representative. If you want a link to source an official statement from Eset saying that it can't be killed, I suggest the one at the top of this page labeled "1" and re-read the beginning of this thread.

The fact that Eset does not make this a major marketing point speaks nothing of the fact that NOD32 is able to protect itself, and does, even without any 3rd party software. You don't have to agree with their marketing strategy, that isn't the issue here.

I unbiasedly put your challenge to the test as someone that was interested in the truth behind the point you were trying to make. You wanted to know why NOD32 didn't have protection against termination at least equal to Process Guard, and it turned out that it does. You don't have to take my word for it, download both of them and try it yourself. If you want specifics then do what a real journalist would do; find out what method the worm you are speaking of uses to terminate AV products and see if that method is tested in APT. Since DCS is the only company providing a product like PG why not ask them some questions to get some insight? Then do some digging to find out what these tools are, how they work, and why the were made. Get some perspective on the matter. The fact that you dispute the honest, and easily testable, answer to your question leaves a lot of room for speculation and doubt regarding your motives. It may not be a professional test, but it is the most direct answer to your specific question. If you simply choose to defend your stance with illogical reasoning then you only show your absolute lack of sincerity.

Now you are arguing that even that isn't enough protection. Well I suggest that you read the link to the Steve Gibson interview posted earlier by Arcadia. 100% protection is absolutely unachievable and not something that Eset has any control over, read that article to see why. I would also suggest you do some research into how the security world works in general, along with the companies you are criticizing.

I don't care what product you are trying to discredit, you are only doing a major disservice to those that are actually trying to get a grip on securing their desktop by misrepresenting facts and doing everything you can to avoid, and distract from, the truth of the matter. You obviously have no interest in actually seeing any resolution to the issue you are speaking of, only to criticize one of the few companies that actually IS doing something about it. And the only thing you have to back up your argument is a list made by a competing product that even you question the accuracy of. As I suggested earlier, I wouldn't hold my breath waiting for a direct response from Eset if I were you. The answer has already been given, and you have proven yourself to be unreceptive to any answer that doesn't fit your agenda, and show a strong willingness to twist any facts until it does fit into that agenda. I wouldn't expect ANY company to entertain this type of baiting. IMO they are doing the right thing by not giving you fodder for this kind of treatment. Considering how little water your argument holds, your threat of taking the issue to a major news conglomorate isn't much of a threat, your credibility would simply be ground into oblivion.