Why IMON when AMON is on?

Discussion in 'NOD32 version 2 Forum' started by SecMonk, Oct 24, 2007.

Thread Status:
Not open for further replies.
  1. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    Hello,

    I don't understand one thing. What's the point of the Internet monitoring (IMON) if I have real time scanning (AMON) turned on? Does the IMON module watch out for non-file threats? Such as buffer overflows? Because if it watches only files, then AMON should suffice, right?
     
  2. rolarocka

    rolarocka Guest

    yeah one thing i also dont understand is, lets say i select scan all files in both IMON and AMON. now if i am using a browser the files are scanned twice?
     
  3. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    Yes, that's what I was wondering too. Is NOD32 smart and does it avoid such double scanning?
     
  4. ASpace

    ASpace Guest

    IMON's main function is to scan emails (POP3 traffic) and second job is to monitor HTTP traffic . It can scan and clean or delete threats on the fly before they have been written on the hard disk . This can keep your mail bases clean , for example , or it can protect you from browser exploits (e.g. the ANI exploit , IMON can protect one's machine from it because if the data has reached the browser it will be late for AMON to react).
     
  5. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    But how do you know if you're just a user? I didn't see anything about it in the manual. Or are you one of the ESET developers?
     
  6. ASpace

    ASpace Guest

    Sorry , but I can't understand what you mean . Try asking differently

    No , I am not an ESET developer or employee
     
  7. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    It monitors the traffic as it comes in on the port level...before it's written to the hard drive. Think of it as having protection a layer outside of your computer.

    If someone was aiming a gun at you..and took a shot....would you rather....
    *Just have an armored vest?
    *or...have a force field surrounding you..as well as an armored vest.

    Utimately yes...AMON would defend you as a last stand..but it's nice to have added protection of IMON 1x layer outside of your hard disk...checking TCP/IP traffic..before it comes into your hard drive.
     
  8. ASpace

    ASpace Guest

    Exactly . Very well said , YeOldeStonecat :thumb:
     
  9. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    All of those things are what I would intuitively guess or expected too. BUT, what I need is confirmation from an official source. Either from the official manual or ESET developer. What you wrote are nothing but speculations about how it MIGHT or SHOULD work. But I ask: does it really work that way? Are there redundant double checks AMON+IMON? Etc. I don't need to read further speculations from other USERS.
     
  10. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    This isn't speculation....providing additional layers of protection on various protocols such as web (80) and e-mail (25 and 110) has been going on for quite a few years with many different antivirus products. It's nothing new..and many other brands of AV products have been doing it too. I've been a network consultant working on servers, including e-mail servers, for years...this has been around.
     
  11. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    http://www.eset.com/joomla/index.php?option=com_kb&page=articles&articleid=86


    http://www.eset.com/joomla/index.php?option=com_kb&page=articles&articleid=87

    Is this sufficient?


     
  12. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    No. That's what I already read. There is no word on double checks. As for HTTP, it states only the following:
    "2. Examining HTTP traffic
    IMON examines HTTP traffic for threats.
    "

    That's it.

    I think it's clear we need more technical details. It's a closed source product so detailed technical documentation is a must. Give us a list of types of exploits that IMON protects against. Give us details on how it works technically. Does it patch the browser in RAM? What does it do? Help us make an informed decision (it's also good for marketing to have such materials publicly available). Thank you.
     
  13. dannyboy

    dannyboy Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    113
    Location:
    UK
    you asked a question and the answer has been provided with crystal clarity, several times over. Those answers are not speculation, they are facts. Isn't that enough?
     
  14. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    I'm not sure if you read what I wrote at all... The people who gave the answers are only users. As this is closed source and there is no technical documentation mere users CANNOT know what it does and how it does it. They can only speculate. I need reliable information from OFFICIAL sources. I paid for support and this is an official support forum. I expect an official answer. Spare me your patronizing and ignorance please.
     
  15. noons

    noons Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    115
    Your question was answered by many respectable users and if you didnt want an answer fromt them why did you come to a forum?:rolleyes: Its not rocket science scanning at the memory and network layer has been implemented in most antivirus software. Some people just like things being scanned at the network level rather then waiting for it to be cached or loaded into memory.
     
  16. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    This wouldn't be beneficial to marketing materials..it's nothing new, it's nothing that gives NOD32 an edge over the competition.

    It's like a BMW car advertisement saying "Runs of 4 wheels"....when most other cars do too...yippee..such a claim doesn't give it an edge over Saab or Volvo.

    A lot of us here are much more than just "users". Do you lose sleep if you can't get Bill Gates on the phone to ask him if Microsoft Windows is actually a desktop operating system?
     
  17. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    Ok, I'm going to say it for the last time. If you are just a USER, you CANNOT know more than I do, because this product is closed source, and there is no technical documentation (I've read the docs). Therefore, if you are only a user, please do NOT respond to this thread. I don't want your speculations or patronizing.

    I posted to this forum because it is an official support forum and I paid for support and for this product. Therefore, I am entitled to expect an answer from ESET. How many times do I have to repeat it? Are you all idiots?

    I am still waiting for the answer FOR EXAMPLE to the question whether there are any double checks, which you mere users CANNOT know.
     
  18. noons

    noons Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    115
    What does closed vs open source have anything to do with your question? I advise then if you dont trust us is to contact support by email and wait a week to get the exact same response we gave you. :rolleyes:
     
  19. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224

    SecMonk, relax, you asked a question in a forum and several people have answered your question, there is no need or reason to start name calling. This is a FORUM, a gathering of people/users of a product trying to help each other with problems arising from using the software/product. Sometimes you get answers in a forum faster than you would directly from Tech Support. If you do not like the answers you get here, feel free to email Eset directly. It may take a bit of time as Eset's main office is headquartered in San Diego, which like much of the rest of Southern California is in flames at the moment, they will respond when they can as they also have offices in other countries as well.
     
  20. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Very true indeed but this Official ESET Support Forum is hosted on the Wilders Security Forums whereby members that wish to post are required to abide by our Terms Of Service before joining. In the first sentence of our TOS is what I'll ask that you re-read before posting again Please.
    I hope to "say this for the last time", keep your name calling for forums other than Wilders Please or I will have to bring your thread to a close.

    As others have said....members pose questions on our forums and other members respond. This is no different than other sites. However We do not nor will not tolerate some of the attitude exhibited in this thread.

    Let's attempt to continue this thread and try to keep it on an even keel without the added verbage Please....(patronizing, ignorance, idiots....etc). If that is not agreeable, We can simply close this thread and then suggest that you direct your question in an e-mail to Eset.

    Thanks for consideration to the above,
    Bubba
     
Thread Status:
Not open for further replies.