The Good :
- Very Light on system responsiveness
- Good detection rate and prevention ability (HIPS)
- Very well designed user interface
- Lot of useful features
- Many options/tweaks for advanced users
- Built-in system for submitting suspicious files
- Rapid release of new signatures.
- Very good for gamers
ESET Smart Security
- Advanced Firewall With Intrusion Detection System & Packet Inspector
- Advanced Anti-Spam
- Anti-Theft module for laptops
- Parental Control
The Bad :
- High RAM usage
- HIPS must be trained, if not very talkative.
- "Live" in stallation time is higher compared to v5
- HIPS is set by default on "Automatic Mode" , means almost no protection from HIPS, it must be tweaked.
ESET NOD32 v6
[code]ESET NOD32 Antivirus and Smart Security 6 represents a new approach to truly integrated computer security. The most recent version of the ThreatSense® scanning engine utilizes speed and precision to keep your computer safe. The result is an intelligent system that is constantly on alert for attacks and malicious software that might endanger your computer.
ESET is a complete security solution that combines maximum protection and a minimal system footprint. Our advanced technologies use artificial intelligence to prevent infiltration by viruses, spyware, trojan horses, worms, adware, rootkits, and other threats without hindering system performance or disrupting your computer.[/code]
Today i will review ESET NOD32/Smart Security, i was using it during the whole beta and found it very effective and easy to use, the final version was released few days ago, so i feel the need to review it.
ESET is well known for its lightness on the system, you barely feel it when doing other tasks; grace of this, it becomes the favorite Antivirus for power users and gamers.
Now Let's go for a tour:
1- The Main Window
After downloading and installing it via either the "Live Installer" or "Offline Installer" you arrive to the main UI.
What i really like on ESET products is the very well designed interface, no fancy effects, designs and buttons. When you click somewhere, you got what you want directly.
Below is the main window and the options of the tray icon:
It shows you the classic tabs and functions:
- Home – Provides information about the protection status of ESET NOD32 Antivirus.
- Computer scan – This option allows you to configure and launch a Smart scan or Custom scan.
- Update – Displays information about virus signature database updates.
- Setup – Select this option to adjust your security level for Computer, Web and email.
- Tools – Provides access to Log files, Protection statistics, Watch activity, Running processes, Scheduler, Quarantine, ESET SysInspector and ESET SysRescue.
- Help and support – Provides access to help files, the ESET Knowledgebase, the ESET website and links to open a Customer Care support request.
NOD32 possesses many modules that protect you from "zero-day" malwares and other threats, including:
Antivirus and antispyware protection: It guards your system against malicious attacks by controlling file, email and Internet communication. If a threat with malicious code is detected, the Antivirus module can eliminate it by first blocking it, and then cleaning, deleting or moving it to quarantine. Aside of malwares, those objects are also monitored:
-Potentially unwanted applications (PUAs): not necessarily intended to be malicious, but may negatively affect the performance of your system
-Potentially unsafe applications: refers to legitimate commercial software that has the potential to be misused for malicious purposes. (keygens, cracks, keyloggers, remote control apps, etc...)
-Potentially suspicious applications: mostly programs compressed with packers to evade detection.
It is a sophisticated system that provide detection of dangerous programs such as rootkits, which are able to hide themselves from the operating system. This means it is not possible to detect them using ordinary testing techniques.
NOD32 possesses an effective real-time module, that controls all antivirus-related events in the system. All files are scanned for malicious code at the moment they are opened, created or run on your computer.
Real-time file system protection checks all types of media and is triggered by various system events such as accessing a file. Using ThreatSense technology detection methods
ThreatSense is technology consists of many complex threat detection methods. This technology is proactive, which means it also provides protection during the early spread of a new threat. It uses a combination of several methods (code analysis, code emulation, generic signatures, virus signatures) which work in concert to significantly enhance system security. The scanning engine is capable of controlling several data streams simultaneously, maximizing the efficiency and detection rate. ThreatSense technology also successfully eliminates rootkits.
The ThreatSense technology setup options allow you to specify several scan parameters:
- File types and extensions that are to be scanned,
- The combination of various detection methods,
- Levels of cleaning, etc.
HIPS (Host Intrusion Prevention System)
The HIPS protects your system from malware and unwanted activity attempting to negatively affect your computer. HIPS monitors running processes, files and registry keys. HIPS is separate from Real-time file system protection; it monitors only processes running within the operating system.
it has 4 modes:
- Automatic mode with rules – Operations are enabled, except pre-defined rules that protect your system.
- Interactive mode – User will be prompted to confirm operations. The most "annoying" mode because you have to answers many popups, a good knowledge of how works your system is required.
- Policy-based mode – Operations not defined by a rule can be blocked.
- Learning mode – Operations are enabled and a rule is created after each operation. this one is useful to train your HIPS if you are sure that your system is clean, it must be disabled after some days.
Below is shown a picture of the pop-up alert made by the HIPS
Network (ESS only)
This in in fact the Firewall of ESS, similarly to the HIPS, it has different modes:
- Automatic mode – The default mode. This mode is suitable for users who prefer easy and convenient use of the firewall with no need to define rules. Automatic mode allows all outbound traffic for the given system and blocks all new connections initiated from the network side.
- Automatic mode with exceptions (user-defined rules) – In addition to automatic mode, you can also add custom, user-defined rules.
-Interactive mode – Allows you to build a custom configuration for your Personal firewall. When a communication is detected and no existing rules apply to that communication, a dialog window reporting an unknown connection will be displayed. The dialog window gives the option of allowing or denying the communication, and the decision to allow or deny can be remembered as a new rule for the Personal firewall. If you choose to create a new rule at this time, all future connections of this type will be allowed or blocked according to the rule.
- Policy-based mode – Blocks all connections which are not defined by a specific rule that allows them. This mode allows advanced users to define rules that permit only desired and secure connections. All other unspecified connections will be blocked by the Personal firewall.
- Learning mode – Automatically creates and saves rules; this mode is suitable for initial configuration of the Personal firewall. No user interaction is required, because ESET Smart Security saves rules according to predefined parameters. Learning mode is not secure, and should only be used until all rules for required communications have been created.
The firewall also has an IDS module:
The IDS (Intrusion Detection System) and advanced options section allows you to configure advanced filtering options to detect several types of attacks that can be carried out against your computer.
Note: In some cases you will not receive a threat notification about blocked communications. You can view the Personal firewall log to see all blocked incoming and outgoing communication attempts under Tools > Log files (from the Log drop-down menu select Personal firewall).
Anti-Spam (ESS only)
Like many Security Suites , ESS has an anti-spam module based on predefined trusted addresses (whitelist) and spam addresses (blacklist). All addresses from your contact list are automatically added to the whitelist, as well as all other addresses you mark as safe.
Unsolicited email, called "spam", ranks among the greatest problems of electronic communication. Spam represents up to 80 percent of all email communication. Antispam protection serves to protect against this problem. Combining several email security principles, the Antispam module provides superior filtering to keep your inbox clean.
The primary method used to detect spam is the scanning of email message properties. Received messages are scanned for basic Antispam criteria (message definitions, statistical heuristics, recognizing algorithms and other unique methods) and the resulting index value determines whether a message is spam or not.
ESS Anti-Spam module will give a "score point" to every incoming messages that will be recorded in the Antispam Log.
Parental Control (ESS only)
The Parental control module allows you to configure parental control settings, which provide you automated tools to help protect your kids and set restrictions for using devices and services. The goal is to prevent children and young adults from accessing pages with inappropriate or harmful content.
Parental control lets you block webpages that may contain potentially offensive material. In addition, parents can prohibit access to more than 40 pre-defined website categories and over 140 subcategories
Anti-Theft (ESS Only)
The Anti-theft feature allows you to track the location of your stolen computer, take a screenshot of the screen and secretly take a picture of the thief via your webcam; then all those infos will be sent to your webpage in your ESET account.
by clicking on "Computer Scan in the main window, you will access the various scans available in NOD32.
- Smart Scan: Smart scan allows you to quickly launch a computer scan and clean infected files without need of your intervention. The advantage of Smart scan is it is easy to operate and does not require detailed scanning configuration. Smart scan checks all files on local drives and automatically cleans or deletes detected infiltrations. The cleaning level is automatically set to the default value.
- Custom scan: Custom scan lets you specify scanning parameters such as scan targets and scanning methods. The advantage of Custom scan is the ability to configure the parameters in detail.
- Removable media scan: Similar to Smart scan, it quickly launch a scan of removable media (such as CD/DVD/USB) that are currently connected to the computer. This may be useful when you connect a USB flash drive to a computer and wish to scan its content for malware and other potential threats.
In addition in the v6, you have a "Regular full scan", it can regularly perform a full scan of your computer during idle time. The scan is optimized not to run when the computer is operating on battery power.
Regular full scans help detect inactive threats on the computer and improve ESET cloud information about known and unknown threats or files.
Below you can see how the scan progress is displayed:
you can schedule the shutdown or reboot of the computer when the scan finishes.
The automatic startup file check will be performed on system startup or virus signature database update.
NOD32 Antivirus provides automatic removable media (CD/DVD/USB/...) control. This module allows you to scan, block or adjust extended filters/permissions and select how the user can access and work with a given device.
Web & Email
the main vectors of attack, NOD32 knows that and protects you accordingly, it includes:
- Email client protection: By using a plug-in in, Email protection provides control of email communication received through the POP3 and IMAP protocols. NOD32 Antivirus provides control of all communications from the email client (POP3, MAPI, IMAP, HTTP). When examining incoming messages, the program uses all the advanced scanning methods provided by the ThreatSense scanning engine. This means that detection of malicious programs takes place even before being matched against the virus signature database. Scanning of POP3 and IMAP protocol communications is independent of the email client used.
- Web access protection: Web access protection works by monitoring communication between web browsers and remote servers, and complies with HTTP (Hypertext Transfer Protocol) and HTTPS (encrypted communication) rules.
- Protocol filtering : Antivirus protection for the application protocols which integrates all advanced malware scanning techniques. The control works automatically, regardless of the Internet browser or email client used.
- Anti-Phishing protection: Phishing a criminal activity that uses "Social Engineering" , means the manipulation of users in order to obtain confidential informations such as banking credentials, websites passwords, etc.... Some malicious websites are known to use this technique and so are blocked via this feature.
The update tab, here is shown all relevant information you have to know about the updates.
A new update feature is implemented in the v6 , it is called the "Rollback previous virus signature database", if you suspect that a virus signature database or product module update may be unstable or corrupt, you can roll back to the previous version and disable updates for a set period of time.
Some options allows you to use pre-release updates, clear the update cache, select what NOD32 will do when an update is available, etc...
Note: Your registration's credentials must be entered to get the updates.
There are the various sections for setting up NOD32, you can disable the modules from here:
And go deeper in tweaking by clicking "Advanced Setup":
In addition of the detection & Prevention modules, NOD32 includes several useful tools that help you to control your system effectively:
- Log files: Log files contain information about all important program events that have occurred and provide an overview of detected threats.
- Scheduler: Scheduler manages and launches scheduled tasks with predefined configuration and properties.
- Protection statistics: Shows a graph of statistical data related to ESET NOD32 Antivirus's protection modules.
- Watch activity: To see the current File system activity in graph form.
- ESET SysInspector:
ESET SysInspector is an application that thoroughly inspects your computer and gathers detailed information about system components such as installed drivers and applications, network connections or important registry entries and assesses the risk level of each component. This information can help determine the cause of suspicious system behavior that may be due to software or hardware incompatibility or malware infection.
- Running processes: Running processes displays the running programs or processes on your computer and keeps ESET immediately and continuously informed about new infiltrations. ESET NOD32 Antivirus provides detailed information on running processes to protect users with ESET Live Grid technology.
ESET Live Grid
ESET Live Grid (the next generation of ESET ThreatSense.Net) is an advanced warning system against emerging threats based on reputation. Utilizing real-time streaming of threat-related information from the cloud, ESET virus lab keeps defenses up to date for a constant level of protection. User can check the reputation of running processes and files directly from the program's interface or contextual menu with additional information available from ESET Live Grid. There are two options:
1. You can decide to not enable the ESET Live Grid. You will not lose any functionality in the software, and you will still receive the best protection that we offer.
2. You can configure the ESET Live Grid to submit anonymous information about new threats and where the new threatening code is contained. This file can be sent to ESET for detailed analysis. Studying these threats will help ESET update its threat detection capabilities.
ESET Live Grid will collect information about your computer related to newly-detected threats. This information may include a sample or copy of the file in which the threat appeared, the path to that file, the filename, the date and time, the process by which the threat appeared on your computer and information about your computer‘s operating system.
- Submission of files for analysis: The file submission tool that enables you to send a file to ESET for analysis. If the file turns out to be a malicious application, its detection will be added to one of the upcoming updates.
- ESET Social Media Scanner:Newly introduced, if allowed, it will install an application in your Facebook account scanning for malicious links in your feeds (and your friends' ones)
It can also do a online scan of your computer and shows a map of worldwide threats detected via ESET Live Grid.
As you can see NOD32 is a very potent and efficient Antivirus, its lightness combined with impressive features makes it a top-notch solution for the beginner or advanced user.
I rate it 4/5.