Monday, October 21, 2013


This week, ESET rolled out the stable build for NOD32 Antivirus, one of the two flagship consumer products in their portfolio.

Newly introduced are Exploit Blocker and Advanced Memory Scanner, two fresh technologies designed to work in tandem to protect the system against intelligent malware attempting to infect the computer.

Both of them are enabled by default and available under the HIPS (Host-based Intrusion Prevention System) settings in the advanced configuration menu of the suite.

 NOD32 Antivirus from ESET is available for Ksh 2000 / Ksh 1500, but it can be tried free of charge for a period of 30 days with all features enabled.

Installing the application has been improved in this revision as users go through fewer steps to complete it. Among them are giving the consent to contribute to ESET Live Grid and enabling the detection of potentially unwanted applications (PUPs).

Live Grid is ESET’s information pool gathered from users around the world and it represents an important factor in carrying out faster scans. It relies on file reputation and prevalence in the community, helping the product make the right call against emerging threats.

After installation, the product needs to be activated, with a trial license or a purchased one. In both cases, registering with a valid email address is necessary.

When all these steps are complete, NOD32 Antivirus starts the initial scan. In our case, this took about half an hour to finish, which is a hefty wait time if you consider that other solutions required less than half to do the job; subsequent verifications took roughly the same to complete.

Review image Review image Review image Review image

The package raised the flag for one legitimate Internet cache file, labeling it as a phishing risk, and immediately sent it to quarantine.

On the up side, the impact on the system was within acceptable values, requiring about 45% of the CPU and around 90MB of RAM to do its job.

Long time users of the product transitioning to this new release will still feel at home since the interface underwent only minor changes for a more updated look.

The main panel (Home) shows if all layers of protection are in effect and makes available easy access to the most frequently used actions.

It also shows if the operating system is up to date, offering the possibility to review the updates that need to be installed.

NOD32 Antivirus provides three types of scans that can be initiated by the user. Smart Scan is an automatic process that checks all files on local drives without having to make any configuration. Upon finding a threat, it immediately cleans or deletes it.

The Custom Scan allows users to define the areas they want to be scoured, and it is extremely flexible in options as far as parameters and scanning methods are concerned. Special scan configurations can be saved into a profile for later use.

Checking removable media is the third type of scan available and it becomes active only when such a device is plugged into the computer.

Review image Review image Review image Review image

The suite also performs an automatic quick check of the files that run at system startup. This is triggered when turning on the computer, as well as after updating the virus signatures, which generally happens on an hourly basis.

Our malware detection and elimination tests were conducted using a database with 1,414 samples, the same employed for evaluating avast! Free Antivirus 2014, Webroot SecureAnywhere Antivirus and Emsisoft Anti-Malware.

The product scored quite well, with a 93.8% detection and elimination rate. However, an additional 19 threats were caught on execution, which raises the value to 95.1%, although we could not launch all of them.

The “Tools” section in the program has not changed compared to the previous stable version, and provides the necessary additional utilities to help identify malware running on the system as well as access to quarantined items and protection statistics.

SysRescue component is also on the list; its purpose is to create a bootable media equipped with the ESET security solution that can be used for scanning infected computers.

The task of making such media is pretty difficult even for the average user, because additional utilities (Windows Automated Installation Kit (Windows AIK) or Windows Assessment and Deployment Kit (Windows ADK) need to be readily available.

Review image Review image Review image Review image

Useful for novices is the “Running processes” component, which lists all executable files currently active and assigns a risk level pulled from the Live Grid community.

ESET SysInspector is another advanced application; it can take a snapshot of the drivers and applications, network connections or important registry entries on the system, which can be thoroughly analyzed in order to determine the cause for suspicious system activity. You can create multiple snapshots and compare the logs for differences.

On the list of NOD32’s menus, there is a new entry called “Training,” currently available for users in select areas (US, Canadian and Caribbean residents). The company’s goal with it is to educate users about safe Internet practices with important tips.

The advanced configuration panel in ESET NOD32 Antivirus is quite complex and allows granular control over all aspects of the suite, from how scans are performed, impact on system, setting up the real-time protection components to swing into action or exclusions, to notifications about system updates or fending off malware attempting infection via web and email.

It is truly an area for seasoned users that need to fine tune various components for the application to better suit their needs.

Review image Review image Review image Review image

As far as web protection is concerned, the package can restrict access to specific pages and domains based on user-defined lists (check URL address management under Web access protection).

Furthermore, NOD32 features anti-phishing protection, which kicks in automatically when a risky page is loaded in any of the browsers installed on the system.

During our tests, the results were quite impressive and showed that the product is a welcomed complement for the anti-phishing provided by web browsers.

It showed its skills more often when using Internet Explorer, as the browser allowed 13 out of the 16 risky pages we used to load. Eight of them were picked by ESET’s solution while Microsoft’s web client caught three. The rest of five loaded with no problem.

Things were different with Google Chrome and Firefox, mainly because these browsers offered better security against this sort of threats. NOD32’s task was pretty easy since the pages were swiftly detected as risks and blocked, but it still managed to contribute to increased protection.

Review image Review image Review image Review image Review image

The Good

The default configuration is suitable for the average and even for novice users. The impact on system resources is minimum, even on lower-specced systems. Automatic scans are run in the background when the malware signatures are updated.

It showed strong protection against phishing, and comes with strengthened security against more elaborate forms of malware. There are plenty of utilities that can be used for pinpointing the reasons for suspicious system behavior or activity.

The Bad

The flag was raised for some false positives. Less advanced users would have a pretty hard time configuring some modules of the application.

Some layers of protection available in similar suites, such as sandboxing, are unavailable. Enabling some components requires computer restart.

The Truth

The guys over at Einsteinova 24, Bratislava, managed to improve ESET NOD32 Antivirus and strengthen the protection it provides. The product retains the classic configuration suitable for advanced users, but the front-end and the default configuration works great for the less seasoned, too.

What's your say?


Post a Comment


Twitter Delicious Facebook Linkedin Stumbleupon Favorites More