[Review] ESET Nod32 / Smart Security v6 Final

Status
Not open for further replies.
D

Deleted member 178

Thread author
ESET NOD32 / Eset Smart Security v6

Homepage



Introduction

Code:
ESET NOD32 Antivirus and Smart Security 6 represents a new approach to truly integrated computer security. The most recent version of the ThreatSense® scanning engine utilizes speed and precision to keep your computer safe. The result is an intelligent system that is constantly on alert for attacks and malicious software that might endanger your computer.

ESET is a complete security solution that combines maximum protection and a minimal system footprint. Our advanced technologies use artificial intelligence to prevent infiltration by viruses, spyware, trojan horses, worms, adware, rootkits, and other threats without hindering system performance or disrupting your computer.

Today i will review ESET NOD32/Smart Security, i was using it during the whole beta and found it very effective and easy to use, the final version was released few days ago, so i feel the need to review it.

ESET is well known for its lightness on the system, you barely feel it when doing other tasks; grace of this, it becomes the favorite Antivirus for power users and gamers.

Now Let's go for a tour:


1- The Main Window
After downloading and installing it via either the "Live Installer" or "Offline Installer" you arrive to the main UI.

What i really like on ESET products is the very well designed interface, no fancy effects, designs and buttons. When you click somewhere, you got what you want directly.

Below is the main window and the options of the tray icon:

fN2zJ.jpg


There the different modules available

dXQZP2a.jpg


It shows you the classic tabs and functions:

- Home – Provides information about the protection status of ESET NOD32 Antivirus.
- Computer scan – This option allows you to configure and launch a Smart scan or Custom scan.
- Update – Displays information about virus signature database updates.
- Setup – Select this option to adjust your security level for Computer, Web and email.
- Tools – Provides access to Log files, Protection statistics, Watch activity, Running processes, Scheduler, Quarantine, ESET SysInspector and ESET SysRescue.
- Help and support – Provides access to help files, the ESET Knowledgebase, the ESET website and links to open a Customer Care support request.


2- Protection

NOD32 possesses many modules that protect you from "zero-day" malwares and other threats, including:

Antivirus and antispyware protection: It guards your system against malicious attacks by controlling file, email and Internet communication. If a threat with malicious code is detected, the Antivirus module can eliminate it by first blocking it, and then cleaning, deleting or moving it to quarantine. Aside of malwares, those objects are also monitored:

-Potentially unwanted applications (PUAs): not necessarily intended to be malicious, but may negatively affect the performance of your system
-Potentially unsafe applications: refers to legitimate commercial software that has the potential to be misused for malicious purposes. (keygens, cracks, keyloggers, remote control apps, etc...)
-Potentially suspicious applications: mostly programs compressed with packers to evade detection.

Anti-Stealth technology
It is a sophisticated system that provide detection of dangerous programs such as rootkits, which are able to hide themselves from the operating system. This means it is not possible to detect them using ordinary testing techniques.


Real-Time protection

NOD32 possesses an effective real-time module, that controls all antivirus-related events in the system. All files are scanned for malicious code at the moment they are opened, created or run on your computer.
Real-time file system protection checks all types of media and is triggered by various system events such as accessing a file. Using ThreatSense technology detection methods

Code:
ThreatSense Engine
    
ThreatSense is technology consists of many complex threat detection methods. This technology is proactive, which means it also provides protection during the early spread of a new threat. It uses a combination of several methods (code analysis, code emulation, generic signatures, virus signatures) which work in concert to significantly enhance system security. The scanning engine is capable of controlling several data streams simultaneously, maximizing the efficiency and detection rate. ThreatSense technology also successfully eliminates rootkits.

The ThreatSense technology setup options allow you to specify several scan parameters:

- File types and extensions that are to be scanned, 
- The combination of various detection methods, 
- Levels of cleaning, etc.

HIPS (Host Intrusion Prevention System)

The HIPS protects your system from malware and unwanted activity attempting to negatively affect your computer. HIPS monitors running processes, files and registry keys. HIPS is separate from Real-time file system protection; it monitors only processes running within the operating system.

it has 4 modes:

- Automatic mode with rules – Operations are enabled, except pre-defined rules that protect your system.
- Interactive mode – User will be prompted to confirm operations. The most "annoying" mode because you have to answers many popups, a good knowledge of how works your system is required.
- Policy-based mode – Operations not defined by a rule can be blocked.
- Learning mode – Operations are enabled and a rule is created after each operation. this one is useful to train your HIPS if you are sure that your system is clean, it must be disabled after some days.

Below is shown a picture of the pop-up alert made by the HIPS

bqLtp.jpg

Network (ESS only)

This in in Fact the Firewall of ESS, similarly to the HIPS, it has different modes:

- Automatic mode – The default mode. This mode is suitable for users who prefer easy and convenient use of the firewall with no need to define rules. Automatic mode allows all outbound traffic for the given system and blocks all new connections initiated from the network side.

- Automatic mode with exceptions (user-defined rules) – In addition to automatic mode, you can also add custom, user-defined rules.

- Interactive mode – Allows you to build a custom configuration for your Personal firewall. When a communication is detected and no existing rules apply to that communication, a dialog window reporting an unknown connection will be displayed. The dialog window gives the option of allowing or denying the communication, and the decision to allow or deny can be remembered as a new rule for the Personal firewall. If you choose to create a new rule at this time, all future connections of this type will be allowed or blocked according to the rule.

- Policy-based mode – Blocks all connections which are not defined by a specific rule that allows them. This mode allows advanced users to define rules that permit only desired and secure connections. All other unspecified connections will be blocked by the Personal firewall.

- Learning mode – Automatically creates and saves rules; this mode is suitable for initial configuration of the Personal firewall. No user interaction is required, because ESET Smart Security saves rules according to predefined parameters. Learning mode is not secure, and should only be used until all rules for required communications have been created.

The firewall also has an IDS module:

Code:
The IDS (Intrusion Detection System) and advanced options section allows you to configure advanced filtering options to detect several types of attacks that can be carried out against your computer.

Note: In some cases you will not receive a threat notification about blocked communications. You can view the Personal firewall log to see all blocked incoming and outgoing communication attempts under Tools > Log files (from the Log drop-down menu select Personal firewall).

NBEeM2Z.jpg


Anti-Spam (ESS only)

Like many Security Suites , ESS has an anti-spam module based on predefined trusted addresses (whitelist) and spam addresses (blacklist). All addresses from your contact list are automatically added to the whitelist, as well as all other addresses you mark as safe.

koKh6NR.jpg

Code:
Unsolicited email, called "spam", ranks among the greatest problems of electronic communication. Spam represents up to 80 percent of all email communication. Antispam protection serves to protect against this problem. Combining several email security principles, the Antispam module provides superior filtering to keep your inbox clean.

The primary method used to detect spam is the scanning of email message properties. Received messages are scanned for basic Antispam criteria (message definitions, statistical heuristics, recognizing algorithms and other unique methods) and the resulting index value determines whether a message is spam or not.

ESS Anti-Spam module will give a "score point" to every incoming messages that will be recorded in the Antispam Log.


Parental Control (ESS only)

The Parental control module allows you to configure parental control settings, which provide you automated tools to help protect your kids and set restrictions for using devices and services. The goal is to prevent children and young adults from accessing pages with inappropriate or harmful content.

Code:
Parental control lets you block webpages that may contain potentially offensive material. In addition, parents can prohibit access to more than 40 pre-defined website categories and over 140 subcategories.

qYiZcn1.jpg


Anti-Theft (ESS only)

The Anti-theft feature allows you to track the location of your stolen computer, take a screenshot of the screen and secretly take a picture of the thief via your webcam; then all those infos will be sent to your webpage in your ESET account.

BjMLHz0.jpg


Manual scanner

by clicking on "Computer Scan in the main window, you will access the various scans available in NOD32.

Fwmdi.jpg

- Smart Scan: Smart scan allows you to quickly launch a computer scan and clean infected files without need of your intervention. The advantage of Smart scan is it is easy to operate and does not require detailed scanning configuration. Smart scan checks all files on local drives and automatically cleans or deletes detected infiltrations. The cleaning level is automatically set to the default value.
- Custom scan: Custom scan lets you specify scanning parameters such as scan targets and scanning methods. The advantage of Custom scan is the ability to configure the parameters in detail.
- Removable media scan: Similar to Smart scan, it quickly launch a scan of removable media (such as CD/DVD/USB) that are currently connected to the computer. This may be useful when you connect a USB flash drive to a computer and wish to scan its content for malware and other potential threats.

In addition in the v6, you have a "Regular full scan", it can regularly perform a full scan of your computer during idle time. The scan is optimized not to run when the computer is operating on battery power.
Regular full scans help detect inactive threats on the computer and improve ESET cloud information about known and unknown threats or files.

Below you can see how the scan progress is displayed:

kMZ8k.jpg

you can schedule the shutdown or reboot of the computer when the scan finishes.

Startup scan

The automatic startup file check will be performed on system startup or virus signature database update.

Removable media

NOD32 Antivirus provides automatic removable media (CD/DVD/USB/...) control. This module allows you to scan, block or adjust extended filters/permissions and select how the user can access and work with a given device.

YVeyC.jpg

Web & Email

the main vectors of attack, NOD32 knows that and protects you accordingly, it includes:

- Email client protection: By using a plug-in in, Email protection provides control of email communication received through the POP3 and IMAP protocols. NOD32 Antivirus provides control of all communications from the email client (POP3, MAPI, IMAP, HTTP). When examining incoming messages, the program uses all the advanced scanning methods provided by the ThreatSense scanning engine. This means that detection of malicious programs takes place even before being matched against the virus signature database. Scanning of POP3 and IMAP protocol communications is independent of the email client used.
- Web access protection: Web access protection works by monitoring communication between web browsers and remote servers, and complies with HTTP (Hypertext Transfer Protocol) and HTTPS (encrypted communication) rules.
- Protocol filtering : Antivirus protection for the application protocols which integrates all advanced malware scanning techniques. The control works automatically, regardless of the Internet browser or email client used.
- Anti-Phishing protection: Phishing a criminal activity that uses "Social Engineering" , means the manipulation of users in order to obtain confidential informations such as banking credentials, websites passwords, etc.... Some malicious websites are known to use this technique and so are blocked via this feature.



2- Update

The update tab, here is shown all relevant information you have to know about the updates.

MzF55.jpg

A new update feature is implemented in the v6 , it is called the "Rollback previous virus signature database", if you suspect that a virus signature database or product module update may be unstable or corrupt, you can roll back to the previous version and disable updates for a set period of time.

ifPzX.jpg
Some options allows you to use pre-release updates, clear the update cache, select what NOD32 will do when an update is available, etc...

Note: Your registration's credentials must be entered to get the updates.


3- Setup

There are the various sections for setting up NOD32, you can disable the modules from here:

zQdb6.jpg


And go deeper in tweaking by clicking "Advanced Setup":

mtxKT.jpg


4- Tools

In addition of the detection & Prevention modules, NOD32 includes several useful tools that help you to control your system effectively:

f2b6T.jpg

- Log files: Log files contain information about all important program events that have occurred and provide an overview of detected threats.

- Scheduler: Scheduler manages and launches scheduled tasks with predefined configuration and properties.

- Protection statistics: Shows a graph of statistical data related to ESET NOD32 Antivirus's protection modules.

- Watch activity: To see the current File system activity in graph form.

iBaCd.jpg

- Network Protection (ESS Only): Shows your active connections.

AVyRKxv.jpg



- ESET SysInspector:

ESET SysInspector is an application that thoroughly inspects your computer and gathers detailed information about system components such as installed drivers and applications, network connections or important registry entries and assesses the risk level of each component. This information can help determine the cause of suspicious system behavior that may be due to software or hardware incompatibility or malware infection.

SaZHm.jpg

- Running processes: Running processes displays the running programs or processes on your computer and keeps ESET immediately and continuously informed about new infiltrations. ESET NOD32 Antivirus provides detailed information on running processes to protect users with ESET Live Grid technology.

nlXXI.jpg

ESET Live Grid

ESET Live Grid (the next generation of ESET ThreatSense.Net) is an advanced warning system against emerging threats based on reputation. Utilizing real-time streaming of threat-related information from the cloud, ESET virus lab keeps defenses up to date for a constant level of protection. User can check the reputation of running processes and files directly from the program's interface or contextual menu with additional information available from ESET Live Grid. There are two options:

1. You can decide to not enable the ESET Live Grid. You will not lose any functionality in the software, and you will still receive the best protection that we offer.

2. You can configure the ESET Live Grid to submit anonymous information about new threats and where the new threatening code is contained. This file can be sent to ESET for detailed analysis. Studying these threats will help ESET update its threat detection capabilities.

ESET Live Grid will collect information about your computer related to newly-detected threats. This information may include a sample or copy of the file in which the threat appeared, the path to that file, the filename, the date and time, the process by which the threat appeared on your computer and information about your computer‘s operating system.

- Submission of files for analysis: The file submission tool that enables you to send a file to ESET for analysis. If the file turns out to be a malicious application, its detection will be added to one of the upcoming updates.

- ESET Social Media Scanner:Newly introduced, if allowed, it will install an application in your Facebook account scanning for malicious links in your feeds (and your friends' ones)

Ryldm.jpg

It can also do a online scan of your computer and shows a map of worldwide threats detected via ESET Live Grid.

n4Elb.jpg


Final Note

As you can see NOD32 is a very potent and efficient Antivirus, its lightness combined with impressive features makes it a top-notch solution for the beginner or advanced user.
I rate it 4/5.



thanks for reading :D
 

NSG001

Level 16
Verified
Nov 21, 2011
2,192
RE: [Review] ESET Nod32 v6 Final

Thanks for great review!
Not used this product for around 10 years, Nod 2.0 if i remember.
Willing to maybe give this another shot one day but happy with EMSI for the moment :)
 
D

Deleted member 178

Thread author
RE: [Review] ESET Nod32 v6 Final

i am using both :D
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
RE: [Review] ESET Nod32 v6 Final

Quality review, I'm tempted to install ESET. :p

Would you consider the lack of Anti-Theft in the Antivirus version a Pro or Con? And why?

PS: Anti-Theft is available in ESET Smart Security 6.
 
D

Deleted member 178

Thread author
RE: [Review] ESET Nod32 v6 Final

Earth said:
Quality review, I'm tempted to install ESET. :p

thanks :)

Would you consider the lack of Anti-Theft in the Antivirus version a Pro or Con? And why?

PS: Anti-Theft is available in ESET Smart Security 6.

ESET anti-theft is more a gadget feature even if it works well , i tried it during the beta; so to me, i like the fact they keep it only in Smart Security (with the additionnal features like antispam, etc...) ^^
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
RE: [Review] ESET Nod32 v6 Final

Awesome review once again!!!! I think you really nailed the pros & cons of this new version.I would like to see them offer a free version someday.I think it would benefit them as well as users looking for a good free solution.
 
D

Deleted member 178

Thread author
RE: [Review] ESET Nod32 v6 Final

exterminator20 said:
Awesome review once again!!!! I think you really nailed the pros & cons of this new version.I would like to see them offer a free version someday.I think it would benefit them as well as users looking for a good free solution.

thanks, especially me since i just observed than my license will perish in 15 days :lol:
 

Overkill

Level 31
Verified
Honorary Member
Feb 15, 2012
2,128
RE: [Review] ESET Nod32 v6 Final

Awesome review, very thorough!
 

maaster

Level 1
Aug 5, 2012
200
RE: [Review] ESET Nod32 v6 Final

Very well-detailed review:goodpost:

regarding about the disadvantages mentioned in your review:

1)Paid:
Although it can be made free,I appreciate the makers of ESET for not making a free product with false promises like Bitdefender's free AV.

2)High RAM usage:
I think this varies from system to system and it depends on configurations..For example,in my windows 7 system (4GB RAM) it runs with about 100MB RAM and with my XP system(512 MB RAM) it runs with 60MB RAM.

3)HIPS:
They have improved HIPS from the previous version in the sense that they included some more options in the interactive mode of HIPS .
Could you please explain what these things signify in the HIPS window?

bqLtp.jpg


1)create a rule valid for only this application
2)create a rule valid only for operation
3)create a rule valid only for target

I tried myself but I was bit confused...

I want you to find out what these three things do?
And is there any possibility of minimizing alerts in interactive mode?
say for example if google chrome pops up a alert in HIPS,all the activities made by chrome must be allowed without any alerts by creating a rule...

I hope you understood what I meant;)
 
P

Plexx

Thread author
RE: [Review] ESET Nod32 v6 Final

maaster said:
2)High RAM usage:
I think this varies from system to system and it depends on configurations..For example,in my windows 7 system (4GB RAM) it runs with about 100MB RAM and with my XP system(512 MB RAM) it runs with 60MB RAM.

V5's RAM usage was far less than V6, in specific the ESET UI process.
NALDk.png

This is on a x64 W7 Ultimate.

On XP SP3 xi6 is running slightly less but still high compared to V5.

maaster said:
3)HIPS:
They have improved HIPS from the previous version in the sense that they included some more options in the interactive mode of HIPS .
Could you please explain what these things signify in the HIPS window?

bqLtp.jpg


1)create a rule valid for only this application
2)create a rule valid only for operation
3)create a rule valid only for target

I tried myself but I was bit confused...

I want you to find out what these three things do?
And is there any possibility of minimizing alerts in interactive mode?
say for example if google chrome pops up a alert in HIPS,all the activities made by chrome must be allowed without any alerts by creating a rule...

I hope you understood what I meant;)

Option 1, 2 and 3 should remain as default. What they did was they incorporated V5's Edit Rules options (in a way) to the pop ups.

All 3 options are tied up to the following screenshots when you modify a rule. Note for the purpose of this example, I simply created a rule with default settings.

NR7Dj.png

gTraJ.png

lKhNM.png

S17IS.png

y8Cnl.png

****

@Umbra: there are 2 con's, one directly compared to V5, while the other is across the board.

Compared to V5: Installation time of EAV has increased nearly 70% (using offline installer).

Across the board:

HIPS by default are enabled. Good, except mode is Automatic and only rule is the following. This means it will not offer any protection. An existing issue that has been since the release of V5 when they incorporated HIPS. Automatic mode will not protect anyone from anything (in terms of HIPS functionality). Reason being Automatic mode is set to Follow rules, if not, Allow.

oScYi.jpg

Regardless of their Improvements over HIPS, it is still not configured to work out of the box. That on top of the lack of explanation for advanced modes on HIPS and its RULES, as well as their Knowledge based has not yet been updated to reflect V6 changes.

That being said, although I am and always been an ESET user, I will switch back to ESET once a build has been released with some improvements on the mentioned areas (although I highly doubt).

As for my personal opinion, due to its HIPS issue and lack of explanation within the system and knowledge base (again in terms of the HIPS module), it sets it at 4 out of 5.
 
P

Plexx

Thread author
RE: [Review] ESET Nod32 v6 Final

Overkill said:
Mine is low

Ld5mx.png

Been monitoring on my other system. keeps fluctuating during the day.

Their HIPS still pretty much the same, untouched. Suppose that was due to not being fully operational during testing versions on some systems etc.

Not to say V6 doesn't have improvements, because it does. However such improvements can be considered and actually deployed in a patch instead of an "overhaul" or "optimization" to justify a new version.


Not to mention since its release there are already issues reported.

Unfortunately, knowing ESET way of applying patches, it is going to take quite some time.
 
D

Deleted member 178

Thread author
RE: [Review] ESET Nod32 v6 Final

Updated to be a Nod32/ESS review
 
D

Deleted member 178

Thread author
MrExplorer said:
One more CON: Removal capabilities are not good.

That is subjective, the samples i tested with it were all removed; so i really think it depend the malware. If it was systematic, sure i will add this cons.
 

MrExplorer

Level 28
Verified
Nov 15, 2012
1,765
What Norton having bad Removal Capabilities.

Pros: Very Good Web-Protection
2. Social Media Protection is also too good.

& 1 Question. How is the Prevention of ESET Smart Security v6
 
D

Deleted member 178

Thread author
Very good as far as i tested it, via its several modules & HIPS.
 

MrExplorer

Level 28
Verified
Nov 15, 2012
1,765
Ok,The Prevention of ESET is good. Can't add thee pros as because you also would have tested them. Don't you think Web-Protection & Social Media Protection is good..
 
D

Deleted member 178

Thread author
Social media is correct, the web-protection is effective enough to me.
 

cptredsox

Level 1
Verified
Nov 4, 2012
81
i really like ESS but especially for new users there should be a whitelist for the HIPS, that would be a relief :) in combination with the learning mode.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top