Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version)

Discussion in 'NOD32 version 1 Forum' started by sylvia edwards, Jan 10, 2003.

Thread Status:
Not open for further replies.
  1. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Hello,

    Yes but not up to date : seraching for *this* variant of Yaha

    Summary


    0 results found.
    No results to display.

    PLEASE NOTE: We're currently trying to integrate vendors' virus encyclopedias into VGrep. You'll notice that some vendors' results are clickable. Clicking on the links will take you to the search results on that vendor's website - whether anything useful is found there is largely dependent on the vendor - if you have any feedback, please email pete.sergeant@virusbtn.com.


    Search Again

    But better than nothing ;)

    Cheers,
     
  2. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    >Obviously your feel the need to rant; so be it. As has been posted over here many times before: using a Beta version is bound to come accross possible problems, and - as posted over here as well - should wisely be done on a test system. It has been your choice and yours alone to test drive the Beta on your main system. You can hardly blame Eset for that.

    With all due respect Paul, you have it all wrong. This glaring problem has nothing to do with the fact that i was using the beta version at the time it occured. It has been confirmed that the problem exists also in the release version. I suggest you read the thread in the beta forum here and read the thread at DSLR for confirmation. So, for you to blame me because I was unwise in beta testing on my only computer is a red herring. The very same disaster would have occured even if I had been using the release version.

    It is now quite clear that NOD is NOT very user friendly. Further, I do not think there is anything in the difficult to understand manual, for the release version, about this. I have read that manual several times and I recall nothing regarding the fact that NOD does not actually delete an infected email when commanded to do so, but rather puts it in the deleted items folder where the user must then manually delete it. Nor is there any warning anywhere, that I can recall reading, that would tell me that if I commanded the release version, of the on demand scanner, or the beta version to delete one infected email that was in the sent folder that NOD would delete the entire folder! This does not happen with NAV or McAfee. They have the capability to delete one email. NOD release and NOD beta do not. Yet this glaring "deficiency" is never pointed out anywhere that I can recall to the user. Perhaps some users with lots of experience over many, many years with computers figure this out on their own...one NOD user at DSLR has said this was true for him. I, however, have only been using a computer for three and one-half years and I have been madly learning as fast as I can, but I am in the age group of persons who generally never even attempt to acquire a computer as they find them so intimidating. I think, under the circurmstances, I've learned alot and become a fairly knowledgeable user. Still, I'm average and NOD is not designed for the average user. Yet, I get the distinct feeling that Eset wants now to appeal to a much wider audience. As sig has pointed out, both here and at DSLR, this is not going to be easy unless Eset decides to make NOD much more user friendly and also until this forum stops blaming the user for NOD's shortcomings.

    I am not to blame here. I really don't understand the penchant here, even with you as supposedly the neutral admin, to be so ready to blame the user and to refuse to admit that NOD release (much less the beta) could possibly have any serious flaws.
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Mele,

    As for "user friendlines: I've asked sig to post his comments/suggestions over on the "Bug Thread".

    As far as I can see, in this particular case it isn't flaw. That said: of course NOD32 can have flaws - as all software can. In case anyone is convinced this is the case: that's what these forums (amongst others) are here for. Thus anyone using NOD32 is invited to post. As ever, Eset will try to reproduce the flaw on their labs, and will act if necessary.


    regards.

    paul

    paul
     
  4. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Hi Mele,

    as I already wrote I know NOD32 has many good parameters but it is not perfect in all areas (manuals, virus descriptions etc...). We are aware of this (not ignoring the customers) and working on it together with the new Beta version. Especially the preparation of the new version release is very time consuming. Please try to understand that although we are working hard on it - it can't be all ready at once - please have a little patience.

    When you write about NOD - it is OK when you write about the negatives – that’s a signal for us - what we need to improve - but please don't forget to write also the important good parameters - detection, speed etc... - and don't overstate the negatives that don't seem to be such important.

    Thanks and I hope we can be friends :)

    Have a nice time

    jan
     
  5. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    With all due respect, Jan, the negatives are important too if you're marketing to the average home user. And that's what people focus on when choosing a new AV or deciding whether to dump the one they have. Speed is great, yes. And detection is vitally important of course. (Although some other AV's appear to do better as far as trojans are concerned.)

    But frankly, given the competition, if users find another AV more self-evident and clear in it's presentation (ie, user friendly and intuitive when first used) with clear documentation and fairly decent detection, many will go with (or remain with) that AV rather than one that appears quirky and inelegant in design functionality and has not top of the line documentation.

    I can see where Eset wouldn't regard the delete infected email process as a flaw. It works as designed. But some might suggest that the design is poor or not the best possible for the user. Is it self-evidently clear to the user how it works? Does the scanner indicate that the infected email is being sent to the deleted item box and must be deleted manually? A simple notice would do that. And how would the user clearly know that if a system scan is run, deleting the infected email while still in the deleted items folder deletes the entire mail box? Could the email and resident scanner be designed more clearly? Or preferably just better so that "delete" means "it is gone from your email client and will trouble you no more?"

    This may be regarded as "not so important" and a minor nit, but functionally it isn't to the user who finds his mail box cleared of all its contents as a result of the lack of simple explicit clarity in the program itself. That is a design issue, IMO.

    As Paul suggested, I posted a comment in the Beta bug thread in the hopes that this sort of thing can be addressed in the new version. But frankly I don't use the current POP3 scanner due to its design. On W98 what functionality it offered wasn't worth the extra use of resources, which were significant. (And it left a port open to the internet which I found a big minus. I even had to futz around with the firewall I occasionally ran to just close the port.) I'm on XP now and still don't use the email scanner.
     
  6. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Hey sig,

    OK, the ease of use is also very important for you (that's why also for us to adapt it) - it has been already discussed here that e.g. the infected e-mail messages handling need to be improved to make it more intuitive. We know also about the other things I mentioned in my previous post - manuals....... - being reworked here.

    I hope you know what the patience brings :)

    Best wishes

    jan
     
  7. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    LOL, no I'm not speaking personally. I'm just saying that in the home user market ease of use can be the critical decision point in the choice of an AV. :)
     
  8. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Give me a break :) I ment it like home users generally too - but I should have written it like that :D

    Cheers,

    jan
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Sig
    Well said :D

    Cheers
     
  10. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Please don't take this suggestion the wrong way: I'm not implying NOD should emulate NAV. But an alternative to deletion is to quarantine the infected email, which also keeps it isolated from the email client message store. That would also avoid the problem of an infected email being placed back into the regular message store -- in this case it was being placed back into the Trash folder.

    And placing the infected email in quarantine gives the user further options: to delete it from quarantine; or in special cases to restore it temporarily, forex to examine the headers to determine its origin before deleting it permanently; etc. Just a thought. :eek:
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Randy_Bell
    Excellent suggestion :D
     
  12. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    I think enough is enough. I have NO idea why the NOD guys have not explained how the beta operates and I DO feel sorry for the individual that deleted all her sent items, but let's please be *precise* about what actually happened. I am not defending OR pointing fingers, merely being logical.

    I sent myself a virus with IMON disabled so it would be left in the sent folder. I then did a sys scan with AMON. AMON popped up a warning:

    AMON has detected (name of virus) in object Sent Items.dbx (it gave the full path to the email, including who from, who to and name of virus again)
    The popup stated AMON could not clean this object and the ONLY option was to leave.

    I clicked leave and under that popup was another popup stating essentially the same thing -- AMON can not clean this object. The only option was to "Leave".

    So, twice it gave the full path C:\*\My Docs\*\Sent Items.dbx\email info (named virus)

    Under that was the THIRD popup stating:

    AMON has found (name of virus) in (path) Sent Items.dbx

    The options then were: Leave, Quarantine, or DELETE

    Please notice it has already said TWO times the *only* thing it can do with the EMAIL itself is to LEAVE it. It has now come up to the file "Sent Items.dbx", which is the ENTIRE sent items file. Now, let's guess exactly what happens if YOU tell it to delete that file.

    Let's get real, people. No, that is not the best way to handle the situation for an inexperienced user and should be changed. BUT -- NOD32 did not delete the entire sent items.dbx file until the user TOLD it to do so after being told TWICE the only thing NOD could do with the email itself was to leave it for manual deletion.

    I have used NOD32 for over a year through many viruses and have never had a problem because I took the time to understand how the app works. Is NOD not as good as, say, NAV at handling email viruses. No, it's just different. Should it be changed to protect the mouse-clicker that tells it to delete his/her entire mail file, even though it TELLS them what it is going to do? Yes.

    Jeez! :D :D

    Phil
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Sure Phil, but you and most on this forum are NOT the norm, the average user that comes into my shop has NO idea where their data is, let alone what to do when an infected mail arrives. And forget learning to use a program, they just want it (virus protection) to do its thing and sit in the background silently doing so :D

    I try to educate those coming into my shop, but there are extreamly few who actually want to know, and this is ONLY after having a problem, and usually it is only AFTER they have been infected or all data has been lost. At this point their attention is focused for a split second on not having the problem happen again... but it is only a split second, I reckon a 2yr old has more focus :D

    One customer lost his data TWICE through leaving important files on the desktop (instead of having shortcuts), it is only now that he is interested in reliable backup software. This person is university educated, highly intelligent, but when it comes to where his data is stored and backed up, it used to go into "Mystery Land".

    Cheers :D
     
  14. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    You're giving your customers a BETA ? ? ? ? ?
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Nope, NOT at all Rod. This is not the beta forum, we were talking about deleting, and the fact that we have to manually delete, not as you would expect happens when you tell Nod to delete, that it just transfers it into the deleted items folder.

    Cheers :D
     
  16. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    > Nope, NOT at all Rod. This is not the beta forum, we were talking about deleting, and the fact that we have to manually delete, not as you would expect happens when you tell Nod to delete, that it just transfers it into the deleted items folder.

    Ah ... I misunderstood where you were coming from. (There has been so much "It's not just the beta ... the current version of NOD32 deletes your whole mailbox too" expert testimony flying around lately that I'm almost believing it myself.)

    Just as a matter of interest ... what happens when you highlight a message in the Outlook Express Inbox and delete it ? :) :) :)
     
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Sure, I understand what you are getting at re deleting, but a virus infected email is a little more important than a general email that you might accidently have deleted and want to restore.

    I can't think of any reason whatsoever that you might want to restore an infected email (not for the average user anyway) :D

    Cheers :D
     
  18. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    I hope you noticed I said it *should* be changed. ;)

    It's a matter of conditioning and popularity. Let's turn the tables and say that NAV was the one to put an infected email in the deleted items folder. Because of their marketing, NAV is the most popular and most used AV and everybody would be programmed to empty that folder. Now, along comes "normal user" and decides to use NOD because he has discovered it is a *better* AV, but it auto-deletes the infected email. Imagine the posts!

    "Where did NOD put that email. I can't delete it if I can't find it."

    "How can I be so sure NOD *really* deleted that virus. I would rather do it myself because that's what I have always done."

    "They told me NOD doesn't really delete, it just removes the first character so the virus is still there. I would rather use my SuperDuperDriveEnemaWipeAnd Scrape program."

    I just got a little tired of reading "NOD deleted all my mail and killed my cat". No, the user deleted the mail and the neighbor's dog handled the cat I feel better now.. :rolleyes: :D

    Yes, it does need to be changed.

    </rant>
    Phil
     
  19. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Damn, you got a great version of Nod ;) Where can I get that versiono_O I have a lot of cats that Nod could erradicate :D

    I just think if Nod is making the statement "Do you want to delete", then it should be just that, gone, fullstop, never to be seen again :D

    Cheers :D
     
  20. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    > I can't think of any reason whatsoever that you might want to restore an infected email (not for the average user anyway)

    Nor can I ... but the fact is that OE doesn't delete emails at all until you actively tell it to do so ... it moves deleted emails to Deleted Items, then merely hides them from view when you "delete" them from that "folder" (BAAAAD NAME!!!) rather than immediately physically deleting them from your hard drive, because Deleted Items, like all other OE "folders", isn't a folder at all ... it's a file ... and there's always some risk involved when fiddling with a file.

    I shudder to think how many millions of emails would have been lost since 1995 had Microsoft not chosen to take the cautious (ie: safe) approach by providing a maintainance utility ("compact") to handle the actual removal of "tagged for deletion" emails from the Deleted Items file. (You can do this manually if you want to ... simply delete "Deleted Items.dbx", and it will be automatically replaced with an empty copy next time you start OE.)

    =====

    > I just think if Nod is making the statement "Do you want to delete", then it should be just that, gone, fullstop, never to be seen again

    Microsoft doesn't do that.

    Who am I to argue with Bill Gates ?

    :) :)
     
  21. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    > I just got a little tired of reading "NOD deleted all my mail and killed my cat".

    ROFL

    A while back both Norton and McAfee introduced bugs which deleted 100% of your email.

    Now it's NO32's turn to be The Bad Guy. :)
     
  22. Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    This is getting a little insane... :eek: :eek: :eek:

    NOD32 was generally regarded as an experienced computer users AV. At least that's what I percieved it as when I first heard of it. A piece of software like that means that one has to read the documentation throughly, and then learn it well. Although I never had Mele20's dilemna, I just delete infected emails upon sight. I don't care what they look like (although once when I saw an infected email I was able to see who sent it).. and then on the other hand, I think Mele20 said she had somewhere on the neighborhood of 2000 emails saved! That's a hard pill to swallow...
    NOD32 will never be able to punch through the consumer market the way they are going. I tried to explain and demonstrate to the IT in our office organization about NOD32, and she just shook her head in 10 minutes, giving me the impression everyone else will find it hard to use..
    There are 60 people just in our office alone, out of 170 offices in 4 states. McAfee seems to the the prevalant program they use, because the IT dept recommends to the workers what software the agents should use for their home office - personal use. They recommend either NAV, McAfee, or Panda, with McAfee being their #1 choice.. The IT was very negative about NOD32, I think the nod website turned her off more than anything. She likes the McAfee website because of all the percieved info it has. Please don't blame me or get mad at me, fellow forum users. I was trying hard to get her to consider NOD32.. When I told her about VB's scores, she rolled her eyes and said "so what?".. I guess the need isn't there yet, because people who use NAV or McAfee, they either don't care about viruses, or don't even know.. One woman had klez on her computer and ran it with klez for a couple of days, then took it to a technician where she paid $160 to clean Klez out. She still doesn't know what klez is. I was only able to get 5 people to purchase NOD. The beta version looks nice, but if it has all the same problems it has now after public release, I'm afraid I too may have to jump ship. The beta IMON continually crashed and closed Outlook Express when infected email (klez) was coming in...
    I've got the patience to wait and see..
     
  23. Phil

    Phil Registered Member

    Joined:
    Oct 24, 2002
    Posts:
    248
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Yeah, I guess so. :rolleyes:

    In both of those cases, however, it *was* the AV doing the deletion. NOD should not be absolved of all fault in this instance, but it certainly didn't do it all by its little self. :D

    Phil
     
  24. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    Sure Phil, I think Nod is better than sliced bread :D I'd just like to see it made as "Idiot Proof" as possible, with the options to tweek if you want :D

    Cheers :D
     
  25. rodzilla

    rodzilla Registered Member

    Joined:
    Jun 15, 2002
    Posts:
    653
    Location:
    australia
    Re:Win32/Yaha.k@mm not detected by current updared copy of nod32 (PCUser version

    > In both of those cases, however, it *was* the AV doing the deletion.

    Yep.

    > NOD should not be absolved of all fault in this instance, but it certainly didn't do it all by its little self.

    I'm not making excuses for NOD32. It would never affect me, but it's something which must be looked at.

    Mele was the first person in the world to learn the behavior of this "feature", and as far as I know, is still the only person in the world to whom this has happened who wasn't deliberately trying to duplicate it. It's too bad she had to find out the hard way.

    I would never have found it ... it required a series of actions which I would never have taken ... in fact, after reading several "the current version also deletes .dbx files" posts, after many years of using NOD32, I had to re-install it to check this out. (The current version doesn't delete .dbx files ... or, if it does, it won't do it for me. Maybe I'm doing something wrong.) :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.