 |
|
|
#4 - ESET NOD32 5
Briefing
We have recommended previous versions of NOD32 to both our home and business clients for years with excellent results. After 3 years with no major upgrades, ESET has released sleek new versions of NOD32 Antivirus and the Smart Security suite, which aim to compete with recent advancements in technology from other companies such as Webroot and Symantec.
ESET is a highly successful security software company headquartered in Bratislava, Slovakia with branch offices around the world. Their antivirus product, NOD32, has been protecting Windows systems since 1998 and is sold in over 180 countries.
Ease of Use
ESET NOD32 5 offers to install in any of 20 languages. It then presents a screen with checkboxes which ask for permission to participate in the ESET Live Grid Network, a new cloud-based collective intelligence system built on ESET’s ThreatSense.net technology from the previous version of NOD32. The other checkbox is a relic from previous versions as well, asking to enable detection of Potentially Unwanted Applications. As in previous versions, our recommendation to you is definitely to enable this, and our recommendation to ESET is to eliminate this step and enable both of these options automatically.
Installation was fairly slow compared to the speedy installations of competitive products such as Norton Antivirus 2012 but completed in a reasonable amount of time on our test systems.
The interface is basically the same as in version 4, which is a complement as we’ve always appreciated its combination of simplicity and advanced configuration options. The home screen shows protection status for the computer, and protection status for web and email. There is also a section of Frequently Used tools, which has Run Smart Scan and Statistics tools under it.
The Computer Scan screen has tools for running a Smart Scan or Custom Scan, and for advanced scan configuration options. The Tools page gives access to log files, statistics, file system activity, scheduled tasks, quarantine, and ESET’s system snapshot tool called SysInspector. From this page you can also submit a file to ESET for analysis, and create a Rescue CD. The Rescue CD wizard oddly requires you to download and install the Windows Automated Installation Kit, which seems an unnecessary burden.
The Update tab is straightforward, containing information about updates, product activation & licensing, and version installed. In the Setup tab you can enable or disable Real-Time Protection, HIPS (Host Intrusion Prevention System), Gamer Mode, Web Protection and Email Protection. Lastly, there is a Help and Support page with many support options including basic help files, Internet Knowledgebase, and Customer Care.
The advanced setup tree has been redesigned as well. Those looking to configure minute details of the antivirus engine, the interface, and the behavior of ESET’s web and email protection will find all the relevant settings there. The ThreatSense engine retains separate settings for real-time antivirus protection, document protection, startup scans, web, and email protection, so it is highly configurable.
Speed
We have found ESET to run very fast on all systems. Even older Pentium 4 systems can run NOD32 without perceptible impact on performance. Email and downloaded files are scanned quickly and efficiently. Full system scans have speeded up from previous versions. Startup is exceptionally quick and does not slow down boot times. NOD32 used about 70mb of system memory on startup on an average Windows 7 system, which is a bit high, but this seems to have little effect on system speed.
Effectiveness
ESET has always ranked high in testing from independent laboratories, working against large databases of known viruses. We tested ESET NOD32 5 in our real-world malware scenarios. These tests duplicate the ways in which most users will actually get a virus, by clicking on a link to a malicious website that will attempt to infect the computer.
Our testing showed NOD32’s advanced heuristics to be more susceptible to browser exploits that we would like to see. We worked on an unpatched Windows7 machine to thoroughly test ESET’s ability to thwart exploits on its own, but sites running the Black Hole Exploit Kit and Zeus v2 were able to execute with no intervention from NOD32. These are zero-day exploits, meaning the specific variant should be unknown to antivirus engines, therefore a program must either block these URLs as quickly as possible, or the advanced heuristics has to catch everything.
NOD32 did block most malicious pages from loading. All sites that have been around for 24 hours or more were successfully blocked, indicating that the ESET LiveGrid technology is doing its job, sharing information about dangerous websites among the 100 million+ ESET users.
A large part of the problem is that a core aspect of ESET’s protection, the Host Intrusion Prevention System, is bordering on useless. This system is supposed to prevent malicious programs from altering the system, which is exactly what you would want. Unfortunately, the default HIPS mode is Automatic with Rules, which allows everything unless you have a rule against it. Since ESET does not provide the program with any rules, it just allows everything, rendering the entire system completely worthless unless you change into another mode.
HIPS Interactive mode is a powerful protection which can absolutely prevent any malware from ever executing on your machine, but it puts 100% of the decisions into your hands, resulting in a bewildering profusion of dialog popups asking for permission to do anything. Since there are no built-in rules, HIPS questions native Windows actions exactly the same way as a piece of potential malware, and it would be very difficult for the average user to tell from the information provided what should be allowed and what should not be.
We’d like to see ESET implement a default whitelist which would contain rules for basic Windows functionality and known safe applications. There are also Policy-Based and Learning modes available for the HIPS engine but neither of these provide an out-of-box comprehensive protection.
NOD32 performed well in more traditional testing situations. Detection and removal rates were very high against our database of malware. Performance in malware removal was about average. In a couple of situations, infections from trojans which were missed by NOD32 required the use of a third-party tool to clean the system. We recommend using a high-quality malware-specific application like Malwarebytes Pro alongside NOD32 for best results.
Price/Value
NOD32 5
$39.99 1 PC 1 Year
$59.99 3 PC 1 Year
$89.99 3 PC 2 Years
Smart Security
$59.99 1 PC 1 Year
$79.99 3 PC 1 Year
$199.99 3 PC 2 Years
Smart Security adds antispam technology, an intelligent firewall, and, new to version 5, parental controls, which can restrict access to websites by category or URL. Since Windows Firewall is insufficient to protect your system from spyware and viruses, we recommend Smart Security for the best protection.
Support
ESET offers multiple support options for their products.
Comprehensive knowledge base featuring helpful YouTube videos
Extensive online documentation
Extremely helpful user forum
Customer care through an online form.
We would like to see ESET add a live chat option and also provide phone support for a more complete support portfolio.
Conclusion
NOD32 is easy to use, highly configurable, and runs very fast. Virus definition updates are frequent and automatic. Performance against virus databases is excellent. However, our testing found that NOD32 allowed infection from some websites using either browser exploits or downloaded trojans, and at times needed help from other programs to remove these infections. With its built-in intelligent firewall, Smart Security may be the better option for comprehensive Internet security from ESET.
