Why not include advanced heuristics option in NOD32's on demand scanner GUI?

This is something I've wondered about for some time and recent discussions have reawakened my interest in the subject.

Now before anyone wants to accuse me of wanting to "add bloat" to NOD32, considering that the advanced heuristics feature is already a part of the program I don't see how that would be the case. Unless there is something technologically restrictive that I may be unaware of that would make access to running advanced heuristics from within the NOD GUI problematic.

As I asked elsewhere (if not also here) when I first learned of using AH via the command line while version 2 was in beta, how would a user be aware of this functionality and how to use it? Unless I'm missing something by a mile, a search of NOD 2's help file turns up nothing in regards to advanced heuristics. AH is not listed among the command line parameters. And the manual available on the USA site is for version 1.

And while this forum is helpful, I'd wager that a substantial percentage of NOD users is unaware that this forum even exists. For example, the USA site contains no mention of the support forum (whereas the Aussie site actually links to it). A check of some other NOD sites revealed that they similarly lack any mention of or a link to the forum.

It's rather difficult for a user to use a feature---or even ask about it---if there is no documentation (that I can find anyway) letting the user know that it even exists.

Needless to say, the documentation could use some improvement in this regard.

At any rate, my main question is why not have the option to run NOD with advanced heuristics made more readily accessible to the user within the GUI of the program itself? Would there be a problem with such a feature? Is the use of a "switch" instead necessary? If so, why?

Clearly for users there would be an advantage to have AH available to be utilized within the GUI of NOD's on demand scanner. First, it would be evident that the feature actually exists. Second, it would be far more convenient to use if there were a box in the GUI that could be checked or unchecked just as there is with IMON.

So are there any plans to include access to this option within the program's GUI? What would be the reasons for not doing so? Advanced heuristics seems to be a considerable improvement but if it isn't used because users aren't aware that it exists and it is not readily accessible within the GUI, that really undercuts the effectiveness of having this powerful feature in the program.

Another point: as others have noted, it similarly would be a significant improvement if Paolo's shell extension (allowing one to use AH from within the explorer context menu) or something like it were actually a part of the program. The shell extension is not readily available at all NOD websites and not all users are aware that this extremely useful add on exists.

Lastly, is the performance degradation to the PC's system so great if AMON had AH available as an option only that it would be too great for users to tolerate? I'm wondering since I think I read that KAV has features available in its resident monitor that warn that performance would be impacted if utilized but nonetheless the features are there should the user wish to try them.

I ask this since speed is of course desirable, but so is the quality of protection and if the difference in performance with an enabled AH option in AMON is that of either NAV or KAV, then that still would be a feasible option. If it instead turns PC performance to the consistency of molasses and virtually unusable, well that's quite different.

 

For a while I thought NOD32 was an Australian program. The site is so much better, with links to Paolo's cleaners, this forum, and more info.

Paolo's AH shell patch is a great tool. I got a shell remover from this forum a while back too, and now my sister's NOD has ONLY the AH shell. It only takes nanoseconds longer to scan. It should be included in NOD32 IMO.

 

Try the full system scan on server with bunch of milions of files. First with /AH and the without it. Compare time necessary for such a scan to see true impact on performance.
AH in on demand brings not that much additional security as in IMON/EMON.
For a good reason AH is not default option.

 

No, that doesn't compute.

If it were an option not the default setting, and I did not suggest making it the default, then people could a) know AH exists whereas now how would they know, based on the currently available documentation, b) choose whether to use that option or not (and again if the option is chosen the program could have brief blurb noting that scan time would be increased if that option is chosen, and c) choose as many do now whether to scan all files or just executables or certain directories or whatever.

The point is to let the user easily choose according to their specific needs or wants. And not limiting the user's ability to even have that choice due to the design of the GUI. So where's the problem in allowing people to readily choose within the GUI to use a feature the program already has?

Currently one can choose in Amon whether to scan all files or only those executables in a list which one can add to if one wishes. But since it takes longer and has a bit more system impact when set to scan all files, should ESET then remove that as an option in AMON?

As for additional security, as you can see from users' comments here, not all users use email scanners and not all malware comes in email. Users do things differently, not according to some theoretical standard practice that an AV developer might base their program design upon.

Given the recent performance of AH in regards to Swen that shows the potential effectiveness of AH, having it more readily accessible outside of the email scanner can indeed provide additional security, if people choose to use it. Therefore, why not design the GUI in a manner that allows the user readily available options for him/her to make their own decisions?

 

The real reason they wont add it to the GUI, is AH is so unreliable, pretty much unless, Yes it may detect a worm, or virus, but it also would report one's whole pc as infect due to the enormous false positives.

One only hears talk of AH, when AH guessing a worm or viruses correctly, no mention the thousand of times AH is wrong.

To put AH in the GUI, would be the end of AH, people would get so bored of it's unreliability, they would Demand Nod trash it, So It is hidden, so Nod can claim it detected a new worm or virus again when AH guesses right.

New viruses are released everyday, but we only hear of AH catching one or two, not all of them. Why not post a daily detection of AH? LOL Cause AH would be proven to be useless.

Sid, if you just call every new file you see a Trojan, guess what? even you will get one right now and then even without AH.

 

Thanks for your usual informed and insightful opinion. /s

This is the NOD support forum and I pose the question to ESET because I would like an answer from someone knowledgeable about the development of the product who could either add this to to their wish list or explain why not.

I'm waiting to see if an ESET rep will respond here for public informational purposes or if I need to email others to receive a response from the company itself or a knowledgeable associate.

 

You are welcome, don't hold your breathe while you wait, you might want to go ahead and get that e-mail ready.

Nod wont answer your question here, cause if they did, they would just tell you to read my post, LOL.

 

I'm not in a particular hurry since it's also an exercise. It's always interesting to see how long it takes, and who, rises to the bait, so to speak.

 

True, One should always test their support, you never know when you really need.

As we can see support is slow,

And you are a paying customer, I guess a nonpaying customer would never get support.

But yes we shall wait, and see how slow support really is.

 

I understand the Australian site provides most excellent and timely support. Perhaps you're familiar with that affiliate.

But prior to chatting up the Aussies I thought I'd see what washes up on this sandy shore.

 

I agree with you, that you chose the right site to test support, people are referred here for support, you can now tell them first hand how long you as a paying customer had to wait to get an answer to a question.

 

Yes, as well as winning a bet for who else would post and how long it would take.

BTW, too many commas, too often.

 

Glad you won, to bad still no support, commas, are my trade mark, I like them, don't, you,? lol, lol.

 

They will neither prove me right or wrong, this is about support, how long it takes for a paying customer to get support, (1 simple question answered).

This question doesn't take a rocket scientist to figure out, The support staff doesn't need any further information about the question.

They simply need to answer it, wouldn't take more than 2 minutes, it's just about support how good it is, how long it takes to get it, and does it answer the questions asked.

 

So, this question wont be answered, no support will be giving, Only certain support question can be asked.

So this is not a real support forum, just more or less an automated responder, if you ask a question, that is in the auto data base, an answer would be given.

Do you have a list of the support question to ask? this would really help out, people wouldn't waste time asking a question not in the data base.

 

Whyme2 is VERY familiar with the Australian NOD32. Rodzilla has kicked his butt several times under his main alias "Vampirefo".

As far as comparing DH and AH scanning times, I hadn't tested this until today. Like Mele20, I scan everything I download using Paolo's shell before I run it.

Using the command line /AH to scan 15018 files including run-time packers took 137 seconds. The DH scan took 121 seconds. I think I can live with this major slow-down.

 

That isn't correct. Not showing false positives on my drive using AH.

http://webpages.charter.net/gunn1943/nodah.jpg

 

Can you suply more details supproting your opinion (e.g. some false possitives produced by AH)?

 

Stan999, you beat me to it. I forgot to say "No false positives in my /AH scan." (You have more files anyway so yours is a better test.)

All this "NOD produces a LOT of false positives" stuff is a bucket of doggie-doo anyway, and the smell can be traced back to one rabid NOD32 hater.

I studied the VirusBulletin site carefully in the last week.

1. They test for false positives.
2. NOD32 heuristics are "On" by default.
3. In 5 years, NOD produced ONLY ONE false positive.

If that's "a LOT", I can live with it.

 

Sure, but they would be pointless, this is a Nod site, and the results wouldn't be believed anyway, still waiting for support to answer this simple question.

Even the above users, has proved, there isn't much slow down, so the lie about adding AH to the GUI, slowing down scans can't be a factor now.