Why not include advanced heuristics option in NOD32's on demand scanner GUI?

Discussion in 'NOD32 version 2 Forum' started by sig, Sep 30, 2003.

Thread Status:
Not open for further replies.
  1. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    This is something I've wondered about for some time and recent discussions have reawakened my interest in the subject.

    Now before anyone wants to accuse me of wanting to "add bloat" to NOD32, considering that the advanced heuristics feature is already a part of the program I don't see how that would be the case. Unless there is something technologically restrictive that I may be unaware of that would make access to running advanced heuristics from within the NOD GUI problematic.

    As I asked elsewhere (if not also here) when I first learned of using AH via the command line while version 2 was in beta, how would a user be aware of this functionality and how to use it? Unless I'm missing something by a mile, a search of NOD 2's help file turns up nothing in regards to advanced heuristics. AH is not listed among the command line parameters. And the manual available on the USA site is for version 1.

    And while this forum is helpful, I'd wager that a substantial percentage of NOD users is unaware that this forum even exists. For example, the USA site contains no mention of the support forum (whereas the Aussie site actually links to it). A check of some other NOD sites revealed that they similarly lack any mention of or a link to the forum.

    It's rather difficult for a user to use a feature---or even ask about it---if there is no documentation (that I can find anyway) letting the user know that it even exists.

    Needless to say, the documentation could use some improvement in this regard.

    At any rate, my main question is why not have the option to run NOD with advanced heuristics made more readily accessible to the user within the GUI of the program itself? Would there be a problem with such a feature? Is the use of a "switch" instead necessary? If so, why?

    Clearly for users there would be an advantage to have AH available to be utilized within the GUI of NOD's on demand scanner. First, it would be evident that the feature actually exists. Second, it would be far more convenient to use if there were a box in the GUI that could be checked or unchecked just as there is with IMON.

    So are there any plans to include access to this option within the program's GUI? What would be the reasons for not doing so? Advanced heuristics seems to be a considerable improvement but if it isn't used because users aren't aware that it exists and it is not readily accessible within the GUI, that really undercuts the effectiveness of having this powerful feature in the program.

    Another point: as others have noted, it similarly would be a significant improvement if Paolo's shell extension (allowing one to use AH from within the explorer context menu) or something like it were actually a part of the program. The shell extension is not readily available at all NOD websites and not all users are aware that this extremely useful add on exists.

    Lastly, is the performance degradation to the PC's system so great if AMON had AH available as an option only that it would be too great for users to tolerate? I'm wondering since I think I read that KAV has features available in its resident monitor that warn that performance would be impacted if utilized but nonetheless the features are there should the user wish to try them.

    I ask this since speed is of course desirable, but so is the quality of protection and if the difference in performance with an enabled AH option in AMON is that of either NAV or KAV, then that still would be a feasible option. If it instead turns PC performance to the consistency of molasses and virtually unusable, well that's quite different.
     
  2. SaracenBlade

    SaracenBlade Guest

    For a while I thought NOD32 was an Australian program. The site is so much better, with links to Paolo's cleaners, this forum, and more info.

    Paolo's AH shell patch is a great tool. I got a shell remover from this forum a while back too, and now my sister's NOD has ONLY the AH shell. It only takes nanoseconds longer to scan. It should be included in NOD32 IMO.
     
  3. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Try the full system scan on server with bunch of milions of files. First with /AH and the without it. Compare time necessary for such a scan to see true impact on performance.
    AH in on demand brings not that much additional security as in IMON/EMON.
    For a good reason AH is not default option.
     
  4. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    No, that doesn't compute. ;)

    If it were an option not the default setting, and I did not suggest making it the default, then people could a) know AH exists whereas now how would they know, based on the currently available documentation, b) choose whether to use that option or not (and again if the option is chosen the program could have brief blurb noting that scan time would be increased if that option is chosen, and c) choose as many do now whether to scan all files or just executables or certain directories or whatever.

    The point is to let the user easily choose according to their specific needs or wants. And not limiting the user's ability to even have that choice due to the design of the GUI. So where's the problem in allowing people to readily choose within the GUI to use a feature the program already has?

    Currently one can choose in Amon whether to scan all files or only those executables in a list which one can add to if one wishes. But since it takes longer and has a bit more system impact when set to scan all files, should ESET then remove that as an option in AMON?

    As for additional security, as you can see from users' comments here, not all users use email scanners and not all malware comes in email. Users do things differently, not according to some theoretical standard practice that an AV developer might base their program design upon.

    Given the recent performance of AH in regards to Swen that shows the potential effectiveness of AH, having it more readily accessible outside of the email scanner can indeed provide additional security, if people choose to use it. Therefore, why not design the GUI in a manner that allows the user readily available options for him/her to make their own decisions?
     
  5. Whyme2

    Whyme2 Guest

    The real reason they wont add it to the GUI, is AH is so unreliable, pretty much unless, Yes it may detect a worm, or virus, but it also would report one's whole pc as infect due to the enormous false positives.

    One only hears talk of AH, when AH guessing a worm or viruses correctly, no mention the thousand of times AH is wrong.

    To put AH in the GUI, would be the end of AH, people would get so bored of it's unreliability, they would Demand Nod trash it, So It is hidden, so Nod can claim it detected a new worm or virus again when AH guesses right.

    New viruses are released everyday, but we only hear of AH catching one or two, not all of them. Why not post a daily detection of AH? LOL Cause AH would be proven to be useless.

    Sid, if you just call every new file you see a Trojan, guess what? even you will get one right now and then even without AH.
     
  6. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Thanks for your usual informed and insightful opinion. /s

    This is the NOD support forum and I pose the question to ESET because I would like an answer from someone knowledgeable about the development of the product who could either add this to to their wish list or explain why not.

    I'm waiting to see if an ESET rep will respond here for public informational purposes or if I need to email others to receive a response from the company itself or a knowledgeable associate.
     
  7. Whyme2

    Whyme2 Guest

    You are welcome, don't hold your breathe while you wait, you might want to go ahead and get that e-mail ready.

    Nod wont answer your question here, cause if they did, they would just tell you to read my post, LOL.
     
  8. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    I'm not in a particular hurry since it's also an exercise. It's always interesting to see how long it takes, and who, rises to the bait, so to speak.
     
  9. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    :D :D
     
  10. Whyme2

    Whyme2 Guest

    True, One should always test their support, you never know when you really need.

    As we can see support is slow, :D :D

    And you are a paying customer, I guess a nonpaying customer would never get support.

    But yes we shall wait, and see how slow support really is.
     
  11. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    I understand the Australian site provides most excellent and timely support. Perhaps you're familiar with that affiliate.

    But prior to chatting up the Aussies I thought I'd see what washes up on this sandy shore.
     
  12. Whyme2

    Whyme2 Guest

    I agree with you, that you chose the right site to test support, people are referred here for support, you can now tell them first hand how long you as a paying customer had to wait to get an answer to a question.
     
  13. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Yes, as well as winning a bet for who else would post and how long it would take.

    BTW, too many commas, too often.
     
  14. whyme2

    whyme2 Guest

    Glad you won, to bad still no support, commas, are my trade mark, I like them, don't, you,? lol, lol.
     
  15. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Whyme,

    Nice try, strecthing support out of context ;). Have a look at these Eset Forums; it's plain for all to see support is been provided 99% of times, and NOD32 users are satisfied as well.

    Although "wish lists" are useful indeed, every sound company will set priorities - as is the case here.

    Another nice try - and wrong once more: merely a suggestive assumption. Contrary to many other companies, "even" trial users are supported.

    For one reason or another, you obviously have some beef with Eset. I for one would advize to back up unfounded presumptions. The NOD32 Forums prove you wrong ;)

    regards.

    paul
     
  16. Whyme2

    Whyme2 Guest

    They will neither prove me right or wrong, this is about support, how long it takes for a paying customer to get support, (1 simple question answered).

    This question doesn't take a rocket scientist to figure out, The support staff doesn't need any further information about the question.

    They simply need to answer it, wouldn't take more than 2 minutes, it's just about support how good it is, how long it takes to get it, and does it answer the questions asked.
     
  17. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Whyme,

    Funny; you've quoted just a part from my answer ;). As stated before: you are doing your upmost to stretch the entire support to this "wish list" item. Once more I refer to these Eset Forums, and support provided 99% of times. And may I remind you "wish lists" are helpful, but providing support in case of real difficulties are quite a different story, and in fact real support? ;). Nice try once more.

    Grin...keep on trying to stretch support quality to a wish list, aren't you? Real issues have been - and are handled over on these support forums as stated before. I recommend some reading over here ;)

    regards.

    paul
     
  18. Whyme2

    Whyme2 Guest

    So, this question wont be answered, no support will be giving, Only certain support question can be asked.

    So this is not a real support forum, just more or less an automated responder, if you ask a question, that is in the auto data base, an answer would be given.

    Do you have a list of the support question to ask? this would really help out, people wouldn't waste time asking a question not in the data base. :D :D
     
  19. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Every NOD32 user who comes to these forums will have to decide for themselves whether good and timely support is being provided here overall. Opinions will vary on this because various threads will certainly be handled in different ways and in different time frames.

    Just some background statisitics: There are currently 847 threads containing 6624 posts across the three NOD32 forum sections here. If you were to sample 2% of those threads randomly, you'd probably be able to get a feel for average response times and overall satisfaction levels from those who asked the questions in the past.
     
  20. SaracenBlade

    SaracenBlade Guest

    Whyme2 is VERY familiar with the Australian NOD32. Rodzilla has kicked his butt several times under his main alias "Vampirefo". :)

    As far as comparing DH and AH scanning times, I hadn't tested this until today. Like Mele20, I scan everything I download using Paolo's shell before I run it.

    Using the command line /AH to scan 15018 files including run-time packers took 137 seconds. The DH scan took 121 seconds. I think I can live with this major slow-down. :)
     
  21. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    That isn't correct. Not showing false positives on my drive using AH.

    http://webpages.charter.net/gunn1943/nodah.jpg
     
  22. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Can you suply more details supproting your opinion (e.g. some false possitives produced by AH)?
     
  23. SaracenBlade

    SaracenBlade Guest

    Stan999, you beat me to it. I forgot to say "No false positives in my /AH scan." :) (You have more files anyway so yours is a better test.)

    All this "NOD produces a LOT of false positives" stuff is a bucket of doggie-doo anyway, and the smell can be traced back to one rabid NOD32 hater.

    I studied the VirusBulletin site carefully in the last week.

    1. They test for false positives.
    2. NOD32 heuristics are "On" by default.
    3. In 5 years, NOD produced ONLY ONE false positive.

    If that's "a LOT", I can live with it.
     
  24. Whyme2

    Whyme2 Guest



    Sure, but they would be pointless, this is a Nod site, and the results wouldn't be believed anyway, still waiting for support to answer this simple question.

    Even the above users, has proved, there isn't much slow down, so the lie about adding AH to the GUI, slowing down scans can't be a factor now.
     
  25. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Toney,

    It's of no use trying to cause havoc once more over on this board - it isn't going to work. Better call it a day ;)

    regards.

    paul
     
Thread Status:
Not open for further replies.